]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - mm/slab.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
slab: use the lock on alien_cache, instead of the lock on array_cache
[mirror_ubuntu-artful-kernel.git] / mm / slab.c
CommitLineData
1da177e4
LT		 1/*
2 * linux/mm/slab.c
3 * Written by Mark Hemment, 1996/97.
4 * (markhe@nextd.demon.co.uk)
5 *
6 * kmem_cache_destroy() + some cleanup - 1999 Andrea Arcangeli
7 *
8 * Major cleanup, different bufctl logic, per-cpu arrays
9 * (c) 2000 Manfred Spraul
10 *
11 * Cleanup, make the head arrays unconditional, preparation for NUMA
12 * (c) 2002 Manfred Spraul
13 *
14 * An implementation of the Slab Allocator as described in outline in;
15 * UNIX Internals: The New Frontiers by Uresh Vahalia
16 * Pub: Prentice Hall ISBN 0-13-101908-2
17 * or with a little more detail in;
18 * The Slab Allocator: An Object-Caching Kernel Memory Allocator
19 * Jeff Bonwick (Sun Microsystems).
20 * Presented at: USENIX Summer 1994 Technical Conference
21 *
22 * The memory is organized in caches, one cache for each object type.
23 * (e.g. inode_cache, dentry_cache, buffer_head, vm_area_struct)
24 * Each cache consists out of many slabs (they are small (usually one
25 * page long) and always contiguous), and each slab contains multiple
26 * initialized objects.
27 *
28 * This means, that your constructor is used only for newly allocated
183ff22b 29 * slabs and you must pass objects with the same initializations to
1da177e4
LT		 30 * kmem_cache_free.
31 *
32 * Each cache can only support one memory type (GFP_DMA, GFP_HIGHMEM,
33 * normal). If you need a special memory type, then must create a new
34 * cache for that memory type.
35 *
36 * In order to reduce fragmentation, the slabs are sorted in 3 groups:
37 * full slabs with 0 free objects
38 * partial slabs
39 * empty slabs with no allocated objects
40 *
41 * If partial slabs exist, then new allocations come from these slabs,
42 * otherwise from empty slabs or new slabs are allocated.
43 *
44 * kmem_cache_destroy() CAN CRASH if you try to allocate from the cache
45 * during kmem_cache_destroy(). The caller must prevent concurrent allocs.
46 *
47 * Each cache has a short per-cpu head array, most allocs
48 * and frees go into that array, and if that array overflows, then 1/2
49 * of the entries in the array are given back into the global cache.
50 * The head array is strictly LIFO and should improve the cache hit rates.
51 * On SMP, it additionally reduces the spinlock operations.
52 *
a737b3e2 53 * The c_cpuarray may not be read with enabled local interrupts -
1da177e4
LT		 54 * it's changed with a smp_call_function().
55 *
56 * SMP synchronization:
57 * constructors and destructors are called without any locking.
343e0d7a 58 * Several members in struct kmem_cache and struct slab never change, they
1da177e4
LT		 59 * are accessed without any locking.
60 * The per-cpu arrays are never accessed from the wrong cpu, no locking,
61 * and local interrupts are disabled so slab code is preempt-safe.
62 * The non-constant members are protected with a per-cache irq spinlock.
63 *
64 * Many thanks to Mark Hemment, who wrote another per-cpu slab patch
65 * in 2000 - many ideas in the current implementation are derived from
66 * his patch.
67 *
68 * Further notes from the original documentation:
69 *
70 * 11 April '97. Started multi-threading - markhe
18004c5d 71 * The global cache-chain is protected by the mutex 'slab_mutex'.
1da177e4
LT		 72 * The sem is only needed when accessing/extending the cache-chain, which
73 * can never happen inside an interrupt (kmem_cache_create(),
74 * kmem_cache_shrink() and kmem_cache_reap()).
75 *
76 * At present, each engine can be growing a cache. This should be blocked.
77 *
e498be7d
CL		 78 * 15 March 2005. NUMA slab allocator.
79 * Shai Fultheim <shai@scalex86.org>.
80 * Shobhit Dayal <shobhit@calsoftinc.com>
81 * Alok N Kataria <alokk@calsoftinc.com>
82 * Christoph Lameter <christoph@lameter.com>
83 *
84 * Modified the slab allocator to be node aware on NUMA systems.
85 * Each node has its own list of partial, free and full slabs.
86 * All object allocations for a node occur from node specific slab lists.
1da177e4
LT		 87 */
88
1da177e4
LT		 89#include <linux/slab.h>
90#include <linux/mm.h>
c9cf5528 91#include <linux/poison.h>
1da177e4
LT		 92#include <linux/swap.h>
93#include <linux/cache.h>
94#include <linux/interrupt.h>
95#include <linux/init.h>
96#include <linux/compiler.h>
101a5001 97#include <linux/cpuset.h>
a0ec95a8 98#include <linux/proc_fs.h>
1da177e4
LT		 99#include <linux/seq_file.h>
100#include <linux/notifier.h>
101#include <linux/kallsyms.h>
102#include <linux/cpu.h>
103#include <linux/sysctl.h>
104#include <linux/module.h>
105#include <linux/rcupdate.h>
543537bd 106#include <linux/string.h>
138ae663 107#include <linux/uaccess.h>
e498be7d 108#include <linux/nodemask.h>
d5cff635 109#include <linux/kmemleak.h>
dc85da15 110#include <linux/mempolicy.h>
fc0abb14 111#include <linux/mutex.h>
8a8b6502 112#include <linux/fault-inject.h>
e7eebaf6 113#include <linux/rtmutex.h>
6a2d7a95 114#include <linux/reciprocal_div.h>
3ac7fe5a 115#include <linux/debugobjects.h>
c175eea4 116#include <linux/kmemcheck.h>
8f9f8d9e 117#include <linux/memory.h>
268bb0ce 118#include <linux/prefetch.h>
1da177e4 119
381760ea
MG		 120#include <net/sock.h>
121
1da177e4
LT		 122#include <asm/cacheflush.h>
123#include <asm/tlbflush.h>
124#include <asm/page.h>
125
4dee6b64
SR		 126#include <trace/events/kmem.h>
127
072bb0aa
MG		 128#include "internal.h"
129
b9ce5ef4
GC		 130#include "slab.h"
131
1da177e4 132/*
50953fe9 133 * DEBUG - 1 for kmem_cache_create() to honour; SLAB_RED_ZONE & SLAB_POISON.
1da177e4
LT		 134 * 0 for faster, smaller code (especially in the critical paths).
135 *
136 * STATS - 1 to collect stats for /proc/slabinfo.
137 * 0 for faster, smaller code (especially in the critical paths).
138 *
139 * FORCED_DEBUG - 1 enables SLAB_RED_ZONE and SLAB_POISON (if possible)
140 */
141
142#ifdef CONFIG_DEBUG_SLAB
143#define DEBUG 1
144#define STATS 1
145#define FORCED_DEBUG 1
146#else
147#define DEBUG 0
148#define STATS 0
149#define FORCED_DEBUG 0
150#endif
151
1da177e4
LT		 152/* Shouldn't this be in a header file somewhere? */
153#define BYTES_PER_WORD sizeof(void *)
87a927c7 154#define REDZONE_ALIGN max(BYTES_PER_WORD, __alignof__(unsigned long long))
1da177e4 155
1da177e4
LT		 156#ifndef ARCH_KMALLOC_FLAGS
157#define ARCH_KMALLOC_FLAGS SLAB_HWCACHE_ALIGN
158#endif
159
f315e3fa
JK		 160#define FREELIST_BYTE_INDEX (((PAGE_SIZE >> BITS_PER_BYTE) \
161 <= SLAB_OBJ_MIN_SIZE) ? 1 : 0)
162
163#if FREELIST_BYTE_INDEX
164typedef unsigned char freelist_idx_t;
165#else
166typedef unsigned short freelist_idx_t;
167#endif
168
30321c7b 169#define SLAB_OBJ_MAX_NUM ((1 << sizeof(freelist_idx_t) * BITS_PER_BYTE) - 1)
f315e3fa 170
072bb0aa
MG		 171/*
172 * true if a page was allocated from pfmemalloc reserves for network-based
173 * swap
174 */
175static bool pfmemalloc_active __read_mostly;
176
1da177e4
LT		 177/*
178 * struct array_cache
179 *
1da177e4
LT		 180 * Purpose:
181 * - LIFO ordering, to hand out cache-warm objects from _alloc
182 * - reduce the number of linked list operations
183 * - reduce spinlock operations
184 *
185 * The limit is stored in the per-cpu structure to reduce the data cache
186 * footprint.
187 *
188 */
189struct array_cache {
190 unsigned int avail;
191 unsigned int limit;
192 unsigned int batchcount;
193 unsigned int touched;
bda5b655 194 void *entry[]; /*
a737b3e2
AM		 195 * Must have this definition in here for the proper
196 * alignment of array_cache. Also simplifies accessing
197 * the entries.
072bb0aa
MG		 198 *
199 * Entries should not be directly dereferenced as
200 * entries belonging to slabs marked pfmemalloc will
201 * have the lower bits set SLAB_OBJ_PFMEMALLOC
a737b3e2 202 */
1da177e4
LT		 203};
204
c8522a3a
JK		 205struct alien_cache {
206 spinlock_t lock;
207 struct array_cache ac;
208};
209
072bb0aa
MG		 210#define SLAB_OBJ_PFMEMALLOC 1
211static inline bool is_obj_pfmemalloc(void *objp)
212{
213 return (unsigned long)objp & SLAB_OBJ_PFMEMALLOC;
214}
215
216static inline void set_obj_pfmemalloc(void **objp)
217{
218 *objp = (void *)((unsigned long)*objp | SLAB_OBJ_PFMEMALLOC);
219 return;
220}
221
222static inline void clear_obj_pfmemalloc(void **objp)
223{
224 *objp = (void *)((unsigned long)*objp & ~SLAB_OBJ_PFMEMALLOC);
225}
226
a737b3e2
AM		 227/*
228 * bootstrap: The caches do not work without cpuarrays anymore, but the
229 * cpuarrays are allocated from the generic caches...
1da177e4
LT		 230 */
231#define BOOT_CPUCACHE_ENTRIES 1
232struct arraycache_init {
233 struct array_cache cache;
b28a02de 234 void *entries[BOOT_CPUCACHE_ENTRIES];
1da177e4
LT		 235};
236
e498be7d
CL		 237/*
238 * Need this for bootstrapping a per node allocator.
239 */
556a169d 240#define NUM_INIT_LISTS (3 * MAX_NUMNODES)
ce8eb6c4 241static struct kmem_cache_node __initdata init_kmem_cache_node[NUM_INIT_LISTS];
e498be7d 242#define CACHE_CACHE 0
556a169d 243#define SIZE_AC MAX_NUMNODES
ce8eb6c4 244#define SIZE_NODE (2 * MAX_NUMNODES)
e498be7d 245
ed11d9eb 246static int drain_freelist(struct kmem_cache *cache,
ce8eb6c4 247 struct kmem_cache_node *n, int tofree);
ed11d9eb 248static void free_block(struct kmem_cache *cachep, void **objpp, int len,
97654dfa
JK		 249 int node, struct list_head *list);
250static void slabs_destroy(struct kmem_cache *cachep, struct list_head *list);
83b519e8 251static int enable_cpucache(struct kmem_cache *cachep, gfp_t gfp);
65f27f38 252static void cache_reap(struct work_struct *unused);
ed11d9eb 253
e0a42726
IM		 254static int slab_early_init = 1;
255
e3366016 256#define INDEX_AC kmalloc_index(sizeof(struct arraycache_init))
ce8eb6c4 257#define INDEX_NODE kmalloc_index(sizeof(struct kmem_cache_node))
1da177e4 258
ce8eb6c4 259static void kmem_cache_node_init(struct kmem_cache_node *parent)
e498be7d
CL		 260{
261 INIT_LIST_HEAD(&parent->slabs_full);
262 INIT_LIST_HEAD(&parent->slabs_partial);
263 INIT_LIST_HEAD(&parent->slabs_free);
264 parent->shared = NULL;
265 parent->alien = NULL;
2e1217cf 266 parent->colour_next = 0;
e498be7d
CL		 267 spin_lock_init(&parent->list_lock);
268 parent->free_objects = 0;
269 parent->free_touched = 0;
270}
271
a737b3e2
AM		 272#define MAKE_LIST(cachep, listp, slab, nodeid) \
273 do { \
274 INIT_LIST_HEAD(listp); \
18bf8541 275 list_splice(&get_node(cachep, nodeid)->slab, listp); \
e498be7d
CL		 276 } while (0)
277
a737b3e2
AM		 278#define MAKE_ALL_LISTS(cachep, ptr, nodeid) \
279 do { \
e498be7d
CL		 280 MAKE_LIST((cachep), (&(ptr)->slabs_full), slabs_full, nodeid); \
281 MAKE_LIST((cachep), (&(ptr)->slabs_partial), slabs_partial, nodeid); \
282 MAKE_LIST((cachep), (&(ptr)->slabs_free), slabs_free, nodeid); \
283 } while (0)
1da177e4 284
1da177e4
LT		 285#define CFLGS_OFF_SLAB (0x80000000UL)
286#define OFF_SLAB(x) ((x)->flags & CFLGS_OFF_SLAB)
287
288#define BATCHREFILL_LIMIT 16
a737b3e2
AM		 289/*
290 * Optimization question: fewer reaps means less probability for unnessary
291 * cpucache drain/refill cycles.
1da177e4 292 *
dc6f3f27 293 * OTOH the cpuarrays can contain lots of objects,
1da177e4
LT		 294 * which could lock up otherwise freeable slabs.
295 */
5f0985bb
JZ		 296#define REAPTIMEOUT_AC (2*HZ)
297#define REAPTIMEOUT_NODE (4*HZ)
1da177e4
LT		 298
299#if STATS
300#define STATS_INC_ACTIVE(x) ((x)->num_active++)
301#define STATS_DEC_ACTIVE(x) ((x)->num_active--)
302#define STATS_INC_ALLOCED(x) ((x)->num_allocations++)
303#define STATS_INC_GROWN(x) ((x)->grown++)
ed11d9eb 304#define STATS_ADD_REAPED(x,y) ((x)->reaped += (y))
a737b3e2
AM		 305#define STATS_SET_HIGH(x) \
306 do { \
307 if ((x)->num_active > (x)->high_mark) \
308 (x)->high_mark = (x)->num_active; \
309 } while (0)
1da177e4
LT		 310#define STATS_INC_ERR(x) ((x)->errors++)
311#define STATS_INC_NODEALLOCS(x) ((x)->node_allocs++)
e498be7d 312#define STATS_INC_NODEFREES(x) ((x)->node_frees++)
fb7faf33 313#define STATS_INC_ACOVERFLOW(x) ((x)->node_overflow++)
a737b3e2
AM		 314#define STATS_SET_FREEABLE(x, i) \
315 do { \
316 if ((x)->max_freeable < i) \
317 (x)->max_freeable = i; \
318 } while (0)
1da177e4
LT		 319#define STATS_INC_ALLOCHIT(x) atomic_inc(&(x)->allochit)
320#define STATS_INC_ALLOCMISS(x) atomic_inc(&(x)->allocmiss)
321#define STATS_INC_FREEHIT(x) atomic_inc(&(x)->freehit)
322#define STATS_INC_FREEMISS(x) atomic_inc(&(x)->freemiss)
323#else
324#define STATS_INC_ACTIVE(x) do { } while (0)
325#define STATS_DEC_ACTIVE(x) do { } while (0)
326#define STATS_INC_ALLOCED(x) do { } while (0)
327#define STATS_INC_GROWN(x) do { } while (0)
4e60c86b 328#define STATS_ADD_REAPED(x,y) do { (void)(y); } while (0)
1da177e4
LT		 329#define STATS_SET_HIGH(x) do { } while (0)
330#define STATS_INC_ERR(x) do { } while (0)
331#define STATS_INC_NODEALLOCS(x) do { } while (0)
e498be7d 332#define STATS_INC_NODEFREES(x) do { } while (0)
fb7faf33 333#define STATS_INC_ACOVERFLOW(x) do { } while (0)
a737b3e2 334#define STATS_SET_FREEABLE(x, i) do { } while (0)
1da177e4
LT		 335#define STATS_INC_ALLOCHIT(x) do { } while (0)
336#define STATS_INC_ALLOCMISS(x) do { } while (0)
337#define STATS_INC_FREEHIT(x) do { } while (0)
338#define STATS_INC_FREEMISS(x) do { } while (0)
339#endif
340
341#if DEBUG
1da177e4 342
a737b3e2
AM		 343/*
344 * memory layout of objects:
1da177e4 345 * 0 : objp
3dafccf2 346 * 0 .. cachep->obj_offset - BYTES_PER_WORD - 1: padding. This ensures that
1da177e4
LT		 347 * the end of an object is aligned with the end of the real
348 * allocation. Catches writes behind the end of the allocation.
3dafccf2 349 * cachep->obj_offset - BYTES_PER_WORD .. cachep->obj_offset - 1:
1da177e4 350 * redzone word.
3dafccf2 351 * cachep->obj_offset: The real object.
3b0efdfa
CL		 352 * cachep->size - 2* BYTES_PER_WORD: redzone word [BYTES_PER_WORD long]
353 * cachep->size - 1* BYTES_PER_WORD: last caller address
a737b3e2 354 * [BYTES_PER_WORD long]
1da177e4 355 */
343e0d7a 356static int obj_offset(struct kmem_cache *cachep)
1da177e4 357{
3dafccf2 358 return cachep->obj_offset;
1da177e4
LT		 359}
360
b46b8f19 361static unsigned long long *dbg_redzone1(struct kmem_cache *cachep, void *objp)
1da177e4
LT		 362{
363 BUG_ON(!(cachep->flags & SLAB_RED_ZONE));
b46b8f19
DW		 364 return (unsigned long long*) (objp + obj_offset(cachep) -
365 sizeof(unsigned long long));
1da177e4
LT		 366}
367
b46b8f19 368static unsigned long long *dbg_redzone2(struct kmem_cache *cachep, void *objp)
1da177e4
LT		 369{
370 BUG_ON(!(cachep->flags & SLAB_RED_ZONE));
371 if (cachep->flags & SLAB_STORE_USER)
3b0efdfa 372 return (unsigned long long *)(objp + cachep->size -
b46b8f19 373 sizeof(unsigned long long) -
87a927c7 374 REDZONE_ALIGN);
3b0efdfa 375 return (unsigned long long *) (objp + cachep->size -
b46b8f19 376 sizeof(unsigned long long));
1da177e4
LT		 377}
378
343e0d7a 379static void **dbg_userword(struct kmem_cache *cachep, void *objp)
1da177e4
LT		 380{
381 BUG_ON(!(cachep->flags & SLAB_STORE_USER));
3b0efdfa 382 return (void **)(objp + cachep->size - BYTES_PER_WORD);
1da177e4
LT		 383}
384
385#else
386
3dafccf2 387#define obj_offset(x) 0
b46b8f19
DW		 388#define dbg_redzone1(cachep, objp) ({BUG(); (unsigned long long *)NULL;})
389#define dbg_redzone2(cachep, objp) ({BUG(); (unsigned long long *)NULL;})
1da177e4
LT		 390#define dbg_userword(cachep, objp) ({BUG(); (void **)NULL;})
391
392#endif
393
03787301
JK		 394#define OBJECT_FREE (0)
395#define OBJECT_ACTIVE (1)
396
397#ifdef CONFIG_DEBUG_SLAB_LEAK
398
399static void set_obj_status(struct page *page, int idx, int val)
400{
401 int freelist_size;
402 char *status;
403 struct kmem_cache *cachep = page->slab_cache;
404
405 freelist_size = cachep->num * sizeof(freelist_idx_t);
406 status = (char *)page->freelist + freelist_size;
407 status[idx] = val;
408}
409
410static inline unsigned int get_obj_status(struct page *page, int idx)
411{
412 int freelist_size;
413 char *status;
414 struct kmem_cache *cachep = page->slab_cache;
415
416 freelist_size = cachep->num * sizeof(freelist_idx_t);
417 status = (char *)page->freelist + freelist_size;
418
419 return status[idx];
420}
421
422#else
423static inline void set_obj_status(struct page *page, int idx, int val) {}
424
425#endif
426
1da177e4 427/*
3df1cccd
DR		 428 * Do not go above this order unless 0 objects fit into the slab or
429 * overridden on the command line.
1da177e4 430 */
543585cc
DR		 431#define SLAB_MAX_ORDER_HI 1
432#define SLAB_MAX_ORDER_LO 0
433static int slab_max_order = SLAB_MAX_ORDER_LO;
3df1cccd 434static bool slab_max_order_set __initdata;
1da177e4 435
6ed5eb22
PE		 436static inline struct kmem_cache *virt_to_cache(const void *obj)
437{
b49af68f 438 struct page *page = virt_to_head_page(obj);
35026088 439 return page->slab_cache;
6ed5eb22
PE		 440}
441
8456a648 442static inline void *index_to_obj(struct kmem_cache *cache, struct page *page,
8fea4e96
PE		 443 unsigned int idx)
444{
8456a648 445 return page->s_mem + cache->size * idx;
8fea4e96
PE		 446}
447
6a2d7a95 448/*
3b0efdfa
CL		 449 * We want to avoid an expensive divide : (offset / cache->size)
450 * Using the fact that size is a constant for a particular cache,
451 * we can replace (offset / cache->size) by
6a2d7a95
ED		 452 * reciprocal_divide(offset, cache->reciprocal_buffer_size)
453 */
454static inline unsigned int obj_to_index(const struct kmem_cache *cache,
8456a648 455 const struct page *page, void *obj)
8fea4e96 456{
8456a648 457 u32 offset = (obj - page->s_mem);
6a2d7a95 458 return reciprocal_divide(offset, cache->reciprocal_buffer_size);
8fea4e96
PE		 459}
460
1da177e4 461static struct arraycache_init initarray_generic =
b28a02de 462 { {0, BOOT_CPUCACHE_ENTRIES, 1, 0} };
1da177e4
LT		 463
464/* internal cache of cache description objs */
9b030cb8 465static struct kmem_cache kmem_cache_boot = {
b28a02de
PE		 466 .batchcount = 1,
467 .limit = BOOT_CPUCACHE_ENTRIES,
468 .shared = 1,
3b0efdfa 469 .size = sizeof(struct kmem_cache),
b28a02de 470 .name = "kmem_cache",
1da177e4
LT		 471};
472
056c6241
RT		 473#define BAD_ALIEN_MAGIC 0x01020304ul
474
f1aaee53
AV		 475#ifdef CONFIG_LOCKDEP
476
477/*
478 * Slab sometimes uses the kmalloc slabs to store the slab headers
479 * for other slabs "off slab".
480 * The locking for this is tricky in that it nests within the locks
481 * of all other slabs in a few places; to deal with this special
482 * locking we put on-slab caches into a separate lock-class.
056c6241
RT		 483 *
484 * We set lock class for alien array caches which are up during init.
485 * The lock annotation will be lost if all cpus of a node goes down and
486 * then comes back up during hotplug
f1aaee53 487 */
056c6241
RT		 488static struct lock_class_key on_slab_l3_key;
489static struct lock_class_key on_slab_alc_key;
490
83835b3d
PZ		 491static struct lock_class_key debugobj_l3_key;
492static struct lock_class_key debugobj_alc_key;
493
494static void slab_set_lock_classes(struct kmem_cache *cachep,
495 struct lock_class_key *l3_key, struct lock_class_key *alc_key,
18bf8541 496 struct kmem_cache_node *n)
83835b3d 497{
c8522a3a 498 struct alien_cache **alc;
83835b3d
PZ		 499 int r;
500
ce8eb6c4
CL		 501 lockdep_set_class(&n->list_lock, l3_key);
502 alc = n->alien;
83835b3d
PZ		 503 /*
504 * FIXME: This check for BAD_ALIEN_MAGIC
505 * should go away when common slab code is taught to
506 * work even without alien caches.
507 * Currently, non NUMA code returns BAD_ALIEN_MAGIC
508 * for alloc_alien_cache,
509 */
510 if (!alc || (unsigned long)alc == BAD_ALIEN_MAGIC)
511 return;
512 for_each_node(r) {
513 if (alc[r])
49dfc304 514 lockdep_set_class(&(alc[r]->lock), alc_key);
83835b3d
PZ		 515 }
516}
517
18bf8541
CL		 518static void slab_set_debugobj_lock_classes_node(struct kmem_cache *cachep,
519 struct kmem_cache_node *n)
83835b3d 520{
18bf8541 521 slab_set_lock_classes(cachep, &debugobj_l3_key, &debugobj_alc_key, n);
83835b3d
PZ		 522}
523
524static void slab_set_debugobj_lock_classes(struct kmem_cache *cachep)
525{
526 int node;
18bf8541 527 struct kmem_cache_node *n;
83835b3d 528
18bf8541
CL		 529 for_each_kmem_cache_node(cachep, node, n)
530 slab_set_debugobj_lock_classes_node(cachep, n);
83835b3d
PZ		 531}
532
ce79ddc8 533static void init_node_lock_keys(int q)
f1aaee53 534{
e3366016 535 int i;
056c6241 536
97d06609 537 if (slab_state < UP)
ce79ddc8
PE		 538 return;
539
0f8f8094 540 for (i = 1; i <= KMALLOC_SHIFT_HIGH; i++) {
ce8eb6c4 541 struct kmem_cache_node *n;
e3366016
CL		 542 struct kmem_cache *cache = kmalloc_caches[i];
543
544 if (!cache)
545 continue;
ce79ddc8 546
18bf8541 547 n = get_node(cache, q);
ce8eb6c4 548 if (!n || OFF_SLAB(cache))
00afa758 549 continue;
83835b3d 550
e3366016 551 slab_set_lock_classes(cache, &on_slab_l3_key,
18bf8541 552 &on_slab_alc_key, n);
f1aaee53
AV		 553 }
554}
ce79ddc8 555
18bf8541
CL		 556static void on_slab_lock_classes_node(struct kmem_cache *cachep,
557 struct kmem_cache_node *n)
6ccfb5bc 558{
6ccfb5bc 559 slab_set_lock_classes(cachep, &on_slab_l3_key,
18bf8541 560 &on_slab_alc_key, n);
6ccfb5bc
GC		 561}
562
563static inline void on_slab_lock_classes(struct kmem_cache *cachep)
564{
565 int node;
18bf8541 566 struct kmem_cache_node *n;
6ccfb5bc
GC		 567
568 VM_BUG_ON(OFF_SLAB(cachep));
18bf8541
CL		 569 for_each_kmem_cache_node(cachep, node, n)
570 on_slab_lock_classes_node(cachep, n);
6ccfb5bc
GC		 571}
572
1536cb39 573static inline void __init init_lock_keys(void)
ce79ddc8
PE		 574{
575 int node;
576
577 for_each_node(node)
578 init_node_lock_keys(node);
579}
f1aaee53 580#else
1536cb39 581static void __init init_node_lock_keys(int q)
ce79ddc8
PE		 582{
583}
584
056c6241 585static inline void init_lock_keys(void)
f1aaee53
AV		 586{
587}
83835b3d 588
6ccfb5bc
GC		 589static inline void on_slab_lock_classes(struct kmem_cache *cachep)
590{
591}
592
18bf8541
CL		 593static inline void on_slab_lock_classes_node(struct kmem_cache *cachep,
594 struct kmem_cache_node *n)
6ccfb5bc
GC		 595{
596}
597
18bf8541
CL		 598static void slab_set_debugobj_lock_classes_node(struct kmem_cache *cachep,
599 struct kmem_cache_node *n)
83835b3d
PZ		 600{
601}
602
603static void slab_set_debugobj_lock_classes(struct kmem_cache *cachep)
604{
605}
f1aaee53
AV		 606#endif
607
1871e52c 608static DEFINE_PER_CPU(struct delayed_work, slab_reap_work);
1da177e4 609
343e0d7a 610static inline struct array_cache *cpu_cache_get(struct kmem_cache *cachep)
1da177e4
LT		 611{
612 return cachep->array[smp_processor_id()];
613}
614
03787301
JK		 615static size_t calculate_freelist_size(int nr_objs, size_t align)
616{
617 size_t freelist_size;
618
619 freelist_size = nr_objs * sizeof(freelist_idx_t);
620 if (IS_ENABLED(CONFIG_DEBUG_SLAB_LEAK))
621 freelist_size += nr_objs * sizeof(char);
622
623 if (align)
624 freelist_size = ALIGN(freelist_size, align);
625
626 return freelist_size;
627}
628
9cef2e2b
JK		 629static int calculate_nr_objs(size_t slab_size, size_t buffer_size,
630 size_t idx_size, size_t align)
1da177e4 631{
9cef2e2b 632 int nr_objs;
03787301 633 size_t remained_size;
9cef2e2b 634 size_t freelist_size;
03787301 635 int extra_space = 0;
9cef2e2b 636
03787301
JK		 637 if (IS_ENABLED(CONFIG_DEBUG_SLAB_LEAK))
638 extra_space = sizeof(char);
9cef2e2b
JK		 639 /*
640 * Ignore padding for the initial guess. The padding
641 * is at most @align-1 bytes, and @buffer_size is at
642 * least @align. In the worst case, this result will
643 * be one greater than the number of objects that fit
644 * into the memory allocation when taking the padding
645 * into account.
646 */
03787301 647 nr_objs = slab_size / (buffer_size + idx_size + extra_space);
9cef2e2b
JK		 648
649 /*
650 * This calculated number will be either the right
651 * amount, or one greater than what we want.
652 */
03787301
JK		 653 remained_size = slab_size - nr_objs * buffer_size;
654 freelist_size = calculate_freelist_size(nr_objs, align);
655 if (remained_size < freelist_size)
9cef2e2b
JK		 656 nr_objs--;
657
658 return nr_objs;
fbaccacf 659}
1da177e4 660
a737b3e2
AM		 661/*
662 * Calculate the number of objects and left-over bytes for a given buffer size.
663 */
fbaccacf
SR		 664static void cache_estimate(unsigned long gfporder, size_t buffer_size,
665 size_t align, int flags, size_t *left_over,
666 unsigned int *num)
667{
668 int nr_objs;
669 size_t mgmt_size;
670 size_t slab_size = PAGE_SIZE << gfporder;
1da177e4 671
fbaccacf
SR		 672 /*
673 * The slab management structure can be either off the slab or
674 * on it. For the latter case, the memory allocated for a
675 * slab is used for:
676 *
16025177 677 * - One unsigned int for each object
fbaccacf
SR		 678 * - Padding to respect alignment of @align
679 * - @buffer_size bytes for each object
680 *
681 * If the slab management structure is off the slab, then the
682 * alignment will already be calculated into the size. Because
683 * the slabs are all pages aligned, the objects will be at the
684 * correct alignment when allocated.
685 */
686 if (flags & CFLGS_OFF_SLAB) {
687 mgmt_size = 0;
688 nr_objs = slab_size / buffer_size;
689
fbaccacf 690 } else {
9cef2e2b 691 nr_objs = calculate_nr_objs(slab_size, buffer_size,
a41adfaa 692 sizeof(freelist_idx_t), align);
03787301 693 mgmt_size = calculate_freelist_size(nr_objs, align);
fbaccacf
SR		 694 }
695 *num = nr_objs;
696 *left_over = slab_size - nr_objs*buffer_size - mgmt_size;
1da177e4
LT		 697}
698
f28510d3 699#if DEBUG
d40cee24 700#define slab_error(cachep, msg) __slab_error(__func__, cachep, msg)
1da177e4 701
a737b3e2
AM		 702static void __slab_error(const char *function, struct kmem_cache *cachep,
703 char *msg)
1da177e4
LT		 704{
705 printk(KERN_ERR "slab error in %s(): cache `%s': %s\n",
b28a02de 706 function, cachep->name, msg);
1da177e4 707 dump_stack();
373d4d09 708 add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE);
1da177e4 709}
f28510d3 710#endif
1da177e4 711
3395ee05
PM		 712/*
713 * By default on NUMA we use alien caches to stage the freeing of
714 * objects allocated from other nodes. This causes massive memory
715 * inefficiencies when using fake NUMA setup to split memory into a
716 * large number of small nodes, so it can be disabled on the command
717 * line
718 */
719
720static int use_alien_caches __read_mostly = 1;
721static int __init noaliencache_setup(char *s)
722{
723 use_alien_caches = 0;
724 return 1;
725}
726__setup("noaliencache", noaliencache_setup);
727
3df1cccd
DR		 728static int __init slab_max_order_setup(char *str)
729{
730 get_option(&str, &slab_max_order);
731 slab_max_order = slab_max_order < 0 ? 0 :
732 min(slab_max_order, MAX_ORDER - 1);
733 slab_max_order_set = true;
734
735 return 1;
736}
737__setup("slab_max_order=", slab_max_order_setup);
738
8fce4d8e
CL		 739#ifdef CONFIG_NUMA
740/*
741 * Special reaping functions for NUMA systems called from cache_reap().
742 * These take care of doing round robin flushing of alien caches (containing
743 * objects freed on different nodes from which they were allocated) and the
744 * flushing of remote pcps by calling drain_node_pages.
745 */
1871e52c 746static DEFINE_PER_CPU(unsigned long, slab_reap_node);
8fce4d8e
CL		 747
748static void init_reap_node(int cpu)
749{
750 int node;
751
7d6e6d09 752 node = next_node(cpu_to_mem(cpu), node_online_map);
8fce4d8e 753 if (node == MAX_NUMNODES)
442295c9 754 node = first_node(node_online_map);
8fce4d8e 755
1871e52c 756 per_cpu(slab_reap_node, cpu) = node;
8fce4d8e
CL		 757}
758
759static void next_reap_node(void)
760{
909ea964 761 int node = __this_cpu_read(slab_reap_node);
8fce4d8e 762
8fce4d8e
CL		 763 node = next_node(node, node_online_map);
764 if (unlikely(node >= MAX_NUMNODES))
765 node = first_node(node_online_map);
909ea964 766 __this_cpu_write(slab_reap_node, node);
8fce4d8e
CL		 767}
768
769#else
770#define init_reap_node(cpu) do { } while (0)
771#define next_reap_node(void) do { } while (0)
772#endif
773
1da177e4
LT		 774/*
775 * Initiate the reap timer running on the target CPU. We run at around 1 to 2Hz
776 * via the workqueue/eventd.
777 * Add the CPU number into the expiration time to minimize the possibility of
778 * the CPUs getting into lockstep and contending for the global cache chain
779 * lock.
780 */
0db0628d 781static void start_cpu_timer(int cpu)
1da177e4 782{
1871e52c 783 struct delayed_work *reap_work = &per_cpu(slab_reap_work, cpu);
1da177e4
LT		 784
785 /*
786 * When this gets called from do_initcalls via cpucache_init(),
787 * init_workqueues() has already run, so keventd will be setup
788 * at that time.
789 */
52bad64d 790 if (keventd_up() && reap_work->work.func == NULL) {
8fce4d8e 791 init_reap_node(cpu);
203b42f7 792 INIT_DEFERRABLE_WORK(reap_work, cache_reap);
2b284214
AV		 793 schedule_delayed_work_on(cpu, reap_work,
794 __round_jiffies_relative(HZ, cpu));
1da177e4
LT		 795 }
796}
797
1fe00d50 798static void init_arraycache(struct array_cache *ac, int limit, int batch)
1da177e4 799{
d5cff635
CM		 800 /*
801 * The array_cache structures contain pointers to free object.
25985edc 802 * However, when such objects are allocated or transferred to another
d5cff635
CM		 803 * cache the pointers are not cleared and they could be counted as
804 * valid references during a kmemleak scan. Therefore, kmemleak must
805 * not scan such objects.
806 */
1fe00d50
JK		 807 kmemleak_no_scan(ac);
808 if (ac) {
809 ac->avail = 0;
810 ac->limit = limit;
811 ac->batchcount = batch;
812 ac->touched = 0;
1da177e4 813 }
1fe00d50
JK		 814}
815
816static struct array_cache *alloc_arraycache(int node, int entries,
817 int batchcount, gfp_t gfp)
818{
819 int memsize = sizeof(void *) * entries + sizeof(struct array_cache);
820 struct array_cache *ac = NULL;
821
822 ac = kmalloc_node(memsize, gfp, node);
823 init_arraycache(ac, entries, batchcount);
824 return ac;
1da177e4
LT		 825}
826
8456a648 827static inline bool is_slab_pfmemalloc(struct page *page)
072bb0aa 828{
072bb0aa
MG		 829 return PageSlabPfmemalloc(page);
830}
831
832/* Clears pfmemalloc_active if no slabs have pfmalloc set */
833static void recheck_pfmemalloc_active(struct kmem_cache *cachep,
834 struct array_cache *ac)
835{
18bf8541 836 struct kmem_cache_node *n = get_node(cachep, numa_mem_id());
8456a648 837 struct page *page;
072bb0aa
MG		 838 unsigned long flags;
839
840 if (!pfmemalloc_active)
841 return;
842
ce8eb6c4 843 spin_lock_irqsave(&n->list_lock, flags);
8456a648
JK		 844 list_for_each_entry(page, &n->slabs_full, lru)
845 if (is_slab_pfmemalloc(page))
072bb0aa
MG		 846 goto out;
847
8456a648
JK		 848 list_for_each_entry(page, &n->slabs_partial, lru)
849 if (is_slab_pfmemalloc(page))
072bb0aa
MG		 850 goto out;
851
8456a648
JK		 852 list_for_each_entry(page, &n->slabs_free, lru)
853 if (is_slab_pfmemalloc(page))
072bb0aa
MG		 854 goto out;
855
856 pfmemalloc_active = false;
857out:
ce8eb6c4 858 spin_unlock_irqrestore(&n->list_lock, flags);
072bb0aa
MG		 859}
860
381760ea 861static void *__ac_get_obj(struct kmem_cache *cachep, struct array_cache *ac,
072bb0aa
MG		 862 gfp_t flags, bool force_refill)
863{
864 int i;
865 void *objp = ac->entry[--ac->avail];
866
867 /* Ensure the caller is allowed to use objects from PFMEMALLOC slab */
868 if (unlikely(is_obj_pfmemalloc(objp))) {
ce8eb6c4 869 struct kmem_cache_node *n;
072bb0aa
MG		 870
871 if (gfp_pfmemalloc_allowed(flags)) {
872 clear_obj_pfmemalloc(&objp);
873 return objp;
874 }
875
876 /* The caller cannot use PFMEMALLOC objects, find another one */
d014dc2e 877 for (i = 0; i < ac->avail; i++) {
072bb0aa
MG		 878 /* If a !PFMEMALLOC object is found, swap them */
879 if (!is_obj_pfmemalloc(ac->entry[i])) {
880 objp = ac->entry[i];
881 ac->entry[i] = ac->entry[ac->avail];
882 ac->entry[ac->avail] = objp;
883 return objp;
884 }
885 }
886
887 /*
888 * If there are empty slabs on the slabs_free list and we are
889 * being forced to refill the cache, mark this one !pfmemalloc.
890 */
18bf8541 891 n = get_node(cachep, numa_mem_id());
ce8eb6c4 892 if (!list_empty(&n->slabs_free) && force_refill) {
8456a648 893 struct page *page = virt_to_head_page(objp);
7ecccf9d 894 ClearPageSlabPfmemalloc(page);
072bb0aa
MG		 895 clear_obj_pfmemalloc(&objp);
896 recheck_pfmemalloc_active(cachep, ac);
897 return objp;
898 }
899
900 /* No !PFMEMALLOC objects available */
901 ac->avail++;
902 objp = NULL;
903 }
904
905 return objp;
906}
907
381760ea
MG		 908static inline void *ac_get_obj(struct kmem_cache *cachep,
909 struct array_cache *ac, gfp_t flags, bool force_refill)
910{
911 void *objp;
912
913 if (unlikely(sk_memalloc_socks()))
914 objp = __ac_get_obj(cachep, ac, flags, force_refill);
915 else
916 objp = ac->entry[--ac->avail];
917
918 return objp;
919}
920
921static void *__ac_put_obj(struct kmem_cache *cachep, struct array_cache *ac,
072bb0aa
MG		 922 void *objp)
923{
924 if (unlikely(pfmemalloc_active)) {
925 /* Some pfmemalloc slabs exist, check if this is one */
30c29bea 926 struct page *page = virt_to_head_page(objp);
072bb0aa
MG		 927 if (PageSlabPfmemalloc(page))
928 set_obj_pfmemalloc(&objp);
929 }
930
381760ea
MG		 931 return objp;
932}
933
934static inline void ac_put_obj(struct kmem_cache *cachep, struct array_cache *ac,
935 void *objp)
936{
937 if (unlikely(sk_memalloc_socks()))
938 objp = __ac_put_obj(cachep, ac, objp);
939
072bb0aa
MG		 940 ac->entry[ac->avail++] = objp;
941}
942
3ded175a
CL		 943/*
944 * Transfer objects in one arraycache to another.
945 * Locking must be handled by the caller.
946 *
947 * Return the number of entries transferred.
948 */
949static int transfer_objects(struct array_cache *to,
950 struct array_cache *from, unsigned int max)
951{
952 /* Figure out how many entries to transfer */
732eacc0 953 int nr = min3(from->avail, max, to->limit - to->avail);
3ded175a
CL		 954
955 if (!nr)
956 return 0;
957
958 memcpy(to->entry + to->avail, from->entry + from->avail -nr,
959 sizeof(void *) *nr);
960
961 from->avail -= nr;
962 to->avail += nr;
3ded175a
CL		 963 return nr;
964}
965
765c4507
CL		 966#ifndef CONFIG_NUMA
967
968#define drain_alien_cache(cachep, alien) do { } while (0)
ce8eb6c4 969#define reap_alien(cachep, n) do { } while (0)
765c4507 970
c8522a3a
JK		 971static inline struct alien_cache **alloc_alien_cache(int node,
972 int limit, gfp_t gfp)
765c4507 973{
c8522a3a 974 return (struct alien_cache **)BAD_ALIEN_MAGIC;
765c4507
CL		 975}
976
c8522a3a 977static inline void free_alien_cache(struct alien_cache **ac_ptr)
765c4507
CL		 978{
979}
980
981static inline int cache_free_alien(struct kmem_cache *cachep, void *objp)
982{
983 return 0;
984}
985
986static inline void *alternate_node_alloc(struct kmem_cache *cachep,
987 gfp_t flags)
988{
989 return NULL;
990}
991
8b98c169 992static inline void *____cache_alloc_node(struct kmem_cache *cachep,
765c4507
CL		 993 gfp_t flags, int nodeid)
994{
995 return NULL;
996}
997
998#else /* CONFIG_NUMA */
999
8b98c169 1000static void *____cache_alloc_node(struct kmem_cache *, gfp_t, int);
c61afb18 1001static void *alternate_node_alloc(struct kmem_cache *, gfp_t);
dc85da15 1002
c8522a3a
JK		 1003static struct alien_cache *__alloc_alien_cache(int node, int entries,
1004 int batch, gfp_t gfp)
1005{
1006 int memsize = sizeof(void *) * entries + sizeof(struct alien_cache);
1007 struct alien_cache *alc = NULL;
1008
1009 alc = kmalloc_node(memsize, gfp, node);
1010 init_arraycache(&alc->ac, entries, batch);
49dfc304 1011 spin_lock_init(&alc->lock);
c8522a3a
JK		 1012 return alc;
1013}
1014
1015static struct alien_cache **alloc_alien_cache(int node, int limit, gfp_t gfp)
e498be7d 1016{
c8522a3a 1017 struct alien_cache **alc_ptr;
8ef82866 1018 int memsize = sizeof(void *) * nr_node_ids;
e498be7d
CL		 1019 int i;
1020
1021 if (limit > 1)
1022 limit = 12;
c8522a3a
JK		 1023 alc_ptr = kzalloc_node(memsize, gfp, node);
1024 if (!alc_ptr)
1025 return NULL;
1026
1027 for_each_node(i) {
1028 if (i == node || !node_online(i))
1029 continue;
1030 alc_ptr[i] = __alloc_alien_cache(node, limit, 0xbaadf00d, gfp);
1031 if (!alc_ptr[i]) {
1032 for (i--; i >= 0; i--)
1033 kfree(alc_ptr[i]);
1034 kfree(alc_ptr);
1035 return NULL;
e498be7d
CL		 1036 }
1037 }
c8522a3a 1038 return alc_ptr;
e498be7d
CL		 1039}
1040
c8522a3a 1041static void free_alien_cache(struct alien_cache **alc_ptr)
e498be7d
CL		 1042{
1043 int i;
1044
c8522a3a 1045 if (!alc_ptr)
e498be7d 1046 return;
e498be7d 1047 for_each_node(i)
c8522a3a
JK		 1048 kfree(alc_ptr[i]);
1049 kfree(alc_ptr);
e498be7d
CL		 1050}
1051
343e0d7a 1052static void __drain_alien_cache(struct kmem_cache *cachep,
5295a74c 1053 struct array_cache *ac, int node)
e498be7d 1054{
18bf8541 1055 struct kmem_cache_node *n = get_node(cachep, node);
97654dfa 1056 LIST_HEAD(list);
e498be7d
CL		 1057
1058 if (ac->avail) {
ce8eb6c4 1059 spin_lock(&n->list_lock);
e00946fe
CL		 1060 /*
1061 * Stuff objects into the remote nodes shared array first.
1062 * That way we could avoid the overhead of putting the objects
1063 * into the free lists and getting them back later.
1064 */
ce8eb6c4
CL		 1065 if (n->shared)
1066 transfer_objects(n->shared, ac, ac->limit);
e00946fe 1067
97654dfa 1068 free_block(cachep, ac->entry, ac->avail, node, &list);
e498be7d 1069 ac->avail = 0;
ce8eb6c4 1070 spin_unlock(&n->list_lock);
97654dfa 1071 slabs_destroy(cachep, &list);
e498be7d
CL		 1072 }
1073}
1074
8fce4d8e
CL		 1075/*
1076 * Called from cache_reap() to regularly drain alien caches round robin.
1077 */
ce8eb6c4 1078static void reap_alien(struct kmem_cache *cachep, struct kmem_cache_node *n)
8fce4d8e 1079{
909ea964 1080 int node = __this_cpu_read(slab_reap_node);
8fce4d8e 1081
ce8eb6c4 1082 if (n->alien) {
c8522a3a
JK		 1083 struct alien_cache *alc = n->alien[node];
1084 struct array_cache *ac;
1085
1086 if (alc) {
1087 ac = &alc->ac;
49dfc304 1088 if (ac->avail && spin_trylock_irq(&alc->lock)) {
c8522a3a 1089 __drain_alien_cache(cachep, ac, node);
49dfc304 1090 spin_unlock_irq(&alc->lock);
c8522a3a 1091 }
8fce4d8e
CL		 1092 }
1093 }
1094}
1095
a737b3e2 1096static void drain_alien_cache(struct kmem_cache *cachep,
c8522a3a 1097 struct alien_cache **alien)
e498be7d 1098{
b28a02de 1099 int i = 0;
c8522a3a 1100 struct alien_cache *alc;
e498be7d
CL		 1101 struct array_cache *ac;
1102 unsigned long flags;
1103
1104 for_each_online_node(i) {
c8522a3a
JK		 1105 alc = alien[i];
1106 if (alc) {
1107 ac = &alc->ac;
49dfc304 1108 spin_lock_irqsave(&alc->lock, flags);
e498be7d 1109 __drain_alien_cache(cachep, ac, i);
49dfc304 1110 spin_unlock_irqrestore(&alc->lock, flags);
e498be7d
CL		 1111 }
1112 }
1113}
729bd0b7 1114
873623df 1115static inline int cache_free_alien(struct kmem_cache *cachep, void *objp)
729bd0b7 1116{
1ea991b0 1117 int nodeid = page_to_nid(virt_to_page(objp));
ce8eb6c4 1118 struct kmem_cache_node *n;
c8522a3a
JK		 1119 struct alien_cache *alien = NULL;
1120 struct array_cache *ac;
1ca4cb24 1121 int node;
97654dfa 1122 LIST_HEAD(list);
1ca4cb24 1123
7d6e6d09 1124 node = numa_mem_id();
729bd0b7
PE		 1125
1126 /*
1127 * Make sure we are not freeing a object from another node to the array
1128 * cache on this cpu.
1129 */
1ea991b0 1130 if (likely(nodeid == node))
729bd0b7
PE		 1131 return 0;
1132
18bf8541 1133 n = get_node(cachep, node);
729bd0b7 1134 STATS_INC_NODEFREES(cachep);
ce8eb6c4
CL		 1135 if (n->alien && n->alien[nodeid]) {
1136 alien = n->alien[nodeid];
c8522a3a 1137 ac = &alien->ac;
49dfc304 1138 spin_lock(&alien->lock);
c8522a3a 1139 if (unlikely(ac->avail == ac->limit)) {
729bd0b7 1140 STATS_INC_ACOVERFLOW(cachep);
c8522a3a 1141 __drain_alien_cache(cachep, ac, nodeid);
729bd0b7 1142 }
c8522a3a 1143 ac_put_obj(cachep, ac, objp);
49dfc304 1144 spin_unlock(&alien->lock);
729bd0b7 1145 } else {
18bf8541
CL		 1146 n = get_node(cachep, nodeid);
1147 spin_lock(&n->list_lock);
97654dfa 1148 free_block(cachep, &objp, 1, nodeid, &list);
18bf8541 1149 spin_unlock(&n->list_lock);
97654dfa 1150 slabs_destroy(cachep, &list);
729bd0b7
PE		 1151 }
1152 return 1;
1153}
e498be7d
CL		 1154#endif
1155
8f9f8d9e 1156/*
6a67368c 1157 * Allocates and initializes node for a node on each slab cache, used for
ce8eb6c4 1158 * either memory or cpu hotplug. If memory is being hot-added, the kmem_cache_node
8f9f8d9e 1159 * will be allocated off-node since memory is not yet online for the new node.
6a67368c 1160 * When hotplugging memory or a cpu, existing node are not replaced if
8f9f8d9e
DR		 1161 * already in use.
1162 *
18004c5d 1163 * Must hold slab_mutex.
8f9f8d9e 1164 */
6a67368c 1165static int init_cache_node_node(int node)
8f9f8d9e
DR		 1166{
1167 struct kmem_cache *cachep;
ce8eb6c4 1168 struct kmem_cache_node *n;
6744f087 1169 const int memsize = sizeof(struct kmem_cache_node);
8f9f8d9e 1170
18004c5d 1171 list_for_each_entry(cachep, &slab_caches, list) {
8f9f8d9e 1172 /*
5f0985bb 1173 * Set up the kmem_cache_node for cpu before we can
8f9f8d9e
DR		 1174 * begin anything. Make sure some other cpu on this
1175 * node has not already allocated this
1176 */
18bf8541
CL		 1177 n = get_node(cachep, node);
1178 if (!n) {
ce8eb6c4
CL		 1179 n = kmalloc_node(memsize, GFP_KERNEL, node);
1180 if (!n)
8f9f8d9e 1181 return -ENOMEM;
ce8eb6c4 1182 kmem_cache_node_init(n);
5f0985bb
JZ		 1183 n->next_reap = jiffies + REAPTIMEOUT_NODE +
1184 ((unsigned long)cachep) % REAPTIMEOUT_NODE;
8f9f8d9e
DR		 1185
1186 /*
5f0985bb
JZ		 1187 * The kmem_cache_nodes don't come and go as CPUs
1188 * come and go. slab_mutex is sufficient
8f9f8d9e
DR		 1189 * protection here.
1190 */
ce8eb6c4 1191 cachep->node[node] = n;
8f9f8d9e
DR		 1192 }
1193
18bf8541
CL		 1194 spin_lock_irq(&n->list_lock);
1195 n->free_limit =
8f9f8d9e
DR		 1196 (1 + nr_cpus_node(node)) *
1197 cachep->batchcount + cachep->num;
18bf8541 1198 spin_unlock_irq(&n->list_lock);
8f9f8d9e
DR		 1199 }
1200 return 0;
1201}
1202
0fa8103b
WL		 1203static inline int slabs_tofree(struct kmem_cache *cachep,
1204 struct kmem_cache_node *n)
1205{
1206 return (n->free_objects + cachep->num - 1) / cachep->num;
1207}
1208
0db0628d 1209static void cpuup_canceled(long cpu)
fbf1e473
AM		 1210{
1211 struct kmem_cache *cachep;
ce8eb6c4 1212 struct kmem_cache_node *n = NULL;
7d6e6d09 1213 int node = cpu_to_mem(cpu);
a70f7302 1214 const struct cpumask *mask = cpumask_of_node(node);
fbf1e473 1215
18004c5d 1216 list_for_each_entry(cachep, &slab_caches, list) {
fbf1e473
AM		 1217 struct array_cache *nc;
1218 struct array_cache *shared;
c8522a3a 1219 struct alien_cache **alien;
97654dfa 1220 LIST_HEAD(list);
fbf1e473 1221
fbf1e473
AM		 1222 /* cpu is dead; no one can alloc from it. */
1223 nc = cachep->array[cpu];
1224 cachep->array[cpu] = NULL;
18bf8541 1225 n = get_node(cachep, node);
fbf1e473 1226
ce8eb6c4 1227 if (!n)
fbf1e473
AM		 1228 goto free_array_cache;
1229
ce8eb6c4 1230 spin_lock_irq(&n->list_lock);
fbf1e473 1231
ce8eb6c4
CL		 1232 /* Free limit for this kmem_cache_node */
1233 n->free_limit -= cachep->batchcount;
fbf1e473 1234 if (nc)
97654dfa 1235 free_block(cachep, nc->entry, nc->avail, node, &list);
fbf1e473 1236
58463c1f 1237 if (!cpumask_empty(mask)) {
ce8eb6c4 1238 spin_unlock_irq(&n->list_lock);
fbf1e473
AM		 1239 goto free_array_cache;
1240 }
1241
ce8eb6c4 1242 shared = n->shared;
fbf1e473
AM		 1243 if (shared) {
1244 free_block(cachep, shared->entry,
97654dfa 1245 shared->avail, node, &list);
ce8eb6c4 1246 n->shared = NULL;
fbf1e473
AM		 1247 }
1248
ce8eb6c4
CL		 1249 alien = n->alien;
1250 n->alien = NULL;
fbf1e473 1251
ce8eb6c4 1252 spin_unlock_irq(&n->list_lock);
fbf1e473
AM		 1253
1254 kfree(shared);
1255 if (alien) {
1256 drain_alien_cache(cachep, alien);
1257 free_alien_cache(alien);
1258 }
1259free_array_cache:
97654dfa 1260 slabs_destroy(cachep, &list);
fbf1e473
AM		 1261 kfree(nc);
1262 }
1263 /*
1264 * In the previous loop, all the objects were freed to
1265 * the respective cache's slabs, now we can go ahead and
1266 * shrink each nodelist to its limit.
1267 */
18004c5d 1268 list_for_each_entry(cachep, &slab_caches, list) {
18bf8541 1269 n = get_node(cachep, node);
ce8eb6c4 1270 if (!n)
fbf1e473 1271 continue;
0fa8103b 1272 drain_freelist(cachep, n, slabs_tofree(cachep, n));
fbf1e473
AM		 1273 }
1274}
1275
0db0628d 1276static int cpuup_prepare(long cpu)
1da177e4 1277{
343e0d7a 1278 struct kmem_cache *cachep;
ce8eb6c4 1279 struct kmem_cache_node *n = NULL;
7d6e6d09 1280 int node = cpu_to_mem(cpu);
8f9f8d9e 1281 int err;
1da177e4 1282
fbf1e473
AM		 1283 /*
1284 * We need to do this right in the beginning since
1285 * alloc_arraycache's are going to use this list.
1286 * kmalloc_node allows us to add the slab to the right
ce8eb6c4 1287 * kmem_cache_node and not this cpu's kmem_cache_node
fbf1e473 1288 */
6a67368c 1289 err = init_cache_node_node(node);
8f9f8d9e
DR		 1290 if (err < 0)
1291 goto bad;
fbf1e473
AM		 1292
1293 /*
1294 * Now we can go ahead with allocating the shared arrays and
1295 * array caches
1296 */
18004c5d 1297 list_for_each_entry(cachep, &slab_caches, list) {
fbf1e473
AM		 1298 struct array_cache *nc;
1299 struct array_cache *shared = NULL;
c8522a3a 1300 struct alien_cache **alien = NULL;
fbf1e473
AM		 1301
1302 nc = alloc_arraycache(node, cachep->limit,
83b519e8 1303 cachep->batchcount, GFP_KERNEL);
fbf1e473
AM		 1304 if (!nc)
1305 goto bad;
1306 if (cachep->shared) {
1307 shared = alloc_arraycache(node,
1308 cachep->shared * cachep->batchcount,
83b519e8 1309 0xbaadf00d, GFP_KERNEL);
12d00f6a
AM		 1310 if (!shared) {
1311 kfree(nc);
1da177e4 1312 goto bad;
12d00f6a 1313 }
fbf1e473
AM		 1314 }
1315 if (use_alien_caches) {
83b519e8 1316 alien = alloc_alien_cache(node, cachep->limit, GFP_KERNEL);
12d00f6a
AM		 1317 if (!alien) {
1318 kfree(shared);
1319 kfree(nc);
fbf1e473 1320 goto bad;
12d00f6a 1321 }
fbf1e473
AM		 1322 }
1323 cachep->array[cpu] = nc;
18bf8541 1324 n = get_node(cachep, node);
ce8eb6c4 1325 BUG_ON(!n);
fbf1e473 1326
ce8eb6c4
CL		 1327 spin_lock_irq(&n->list_lock);
1328 if (!n->shared) {
fbf1e473
AM		 1329 /*
1330 * We are serialised from CPU_DEAD or
1331 * CPU_UP_CANCELLED by the cpucontrol lock
1332 */
ce8eb6c4 1333 n->shared = shared;
fbf1e473
AM		 1334 shared = NULL;
1335 }
4484ebf1 1336#ifdef CONFIG_NUMA
ce8eb6c4
CL		 1337 if (!n->alien) {
1338 n->alien = alien;
fbf1e473 1339 alien = NULL;
1da177e4 1340 }
fbf1e473 1341#endif
ce8eb6c4 1342 spin_unlock_irq(&n->list_lock);
fbf1e473
AM		 1343 kfree(shared);
1344 free_alien_cache(alien);
83835b3d 1345 if (cachep->flags & SLAB_DEBUG_OBJECTS)
18bf8541 1346 slab_set_debugobj_lock_classes_node(cachep, n);
6ccfb5bc
GC		 1347 else if (!OFF_SLAB(cachep) &&
1348 !(cachep->flags & SLAB_DESTROY_BY_RCU))
18bf8541 1349 on_slab_lock_classes_node(cachep, n);
fbf1e473 1350 }
ce79ddc8
PE		 1351 init_node_lock_keys(node);
1352
fbf1e473
AM		 1353 return 0;
1354bad:
12d00f6a 1355 cpuup_canceled(cpu);
fbf1e473
AM		 1356 return -ENOMEM;
1357}
1358
0db0628d 1359static int cpuup_callback(struct notifier_block *nfb,
fbf1e473
AM		 1360 unsigned long action, void *hcpu)
1361{
1362 long cpu = (long)hcpu;
1363 int err = 0;
1364
1365 switch (action) {
fbf1e473
AM		 1366 case CPU_UP_PREPARE:
1367 case CPU_UP_PREPARE_FROZEN:
18004c5d 1368 mutex_lock(&slab_mutex);
fbf1e473 1369 err = cpuup_prepare(cpu);
18004c5d 1370 mutex_unlock(&slab_mutex);
1da177e4
LT		 1371 break;
1372 case CPU_ONLINE:
8bb78442 1373 case CPU_ONLINE_FROZEN:
1da177e4
LT		 1374 start_cpu_timer(cpu);
1375 break;
1376#ifdef CONFIG_HOTPLUG_CPU
5830c590 1377 case CPU_DOWN_PREPARE:
8bb78442 1378 case CPU_DOWN_PREPARE_FROZEN:
5830c590 1379 /*
18004c5d 1380 * Shutdown cache reaper. Note that the slab_mutex is
5830c590
CL		 1381 * held so that if cache_reap() is invoked it cannot do
1382 * anything expensive but will only modify reap_work
1383 * and reschedule the timer.
1384 */
afe2c511 1385 cancel_delayed_work_sync(&per_cpu(slab_reap_work, cpu));
5830c590 1386 /* Now the cache_reaper is guaranteed to be not running. */
1871e52c 1387 per_cpu(slab_reap_work, cpu).work.func = NULL;
5830c590
CL		 1388 break;
1389 case CPU_DOWN_FAILED:
8bb78442 1390 case CPU_DOWN_FAILED_FROZEN:
5830c590
CL		 1391 start_cpu_timer(cpu);
1392 break;
1da177e4 1393 case CPU_DEAD:
8bb78442 1394 case CPU_DEAD_FROZEN:
4484ebf1
RT		 1395 /*
1396 * Even if all the cpus of a node are down, we don't free the
ce8eb6c4 1397 * kmem_cache_node of any cache. This to avoid a race between
4484ebf1 1398 * cpu_down, and a kmalloc allocation from another cpu for
ce8eb6c4 1399 * memory from the node of the cpu going down. The node
4484ebf1
RT		 1400 * structure is usually allocated from kmem_cache_create() and
1401 * gets destroyed at kmem_cache_destroy().
1402 */
183ff22b 1403 /* fall through */
8f5be20b 1404#endif
1da177e4 1405 case CPU_UP_CANCELED:
8bb78442 1406 case CPU_UP_CANCELED_FROZEN:
18004c5d 1407 mutex_lock(&slab_mutex);
fbf1e473 1408 cpuup_canceled(cpu);
18004c5d 1409 mutex_unlock(&slab_mutex);
1da177e4 1410 break;
1da177e4 1411 }
eac40680 1412 return notifier_from_errno(err);
1da177e4
LT		 1413}
1414
0db0628d 1415static struct notifier_block cpucache_notifier = {
74b85f37
CS		 1416 &cpuup_callback, NULL, 0
1417};
1da177e4 1418
8f9f8d9e
DR		 1419#if defined(CONFIG_NUMA) && defined(CONFIG_MEMORY_HOTPLUG)
1420/*
1421 * Drains freelist for a node on each slab cache, used for memory hot-remove.
1422 * Returns -EBUSY if all objects cannot be drained so that the node is not
1423 * removed.
1424 *
18004c5d 1425 * Must hold slab_mutex.
8f9f8d9e 1426 */
6a67368c 1427static int __meminit drain_cache_node_node(int node)
8f9f8d9e
DR		 1428{
1429 struct kmem_cache *cachep;
1430 int ret = 0;
1431
18004c5d 1432 list_for_each_entry(cachep, &slab_caches, list) {
ce8eb6c4 1433 struct kmem_cache_node *n;
8f9f8d9e 1434
18bf8541 1435 n = get_node(cachep, node);
ce8eb6c4 1436 if (!n)
8f9f8d9e
DR		 1437 continue;
1438
0fa8103b 1439 drain_freelist(cachep, n, slabs_tofree(cachep, n));
8f9f8d9e 1440
ce8eb6c4
CL		 1441 if (!list_empty(&n->slabs_full) ||
1442 !list_empty(&n->slabs_partial)) {
8f9f8d9e
DR		 1443 ret = -EBUSY;
1444 break;
1445 }
1446 }
1447 return ret;
1448}
1449
1450static int __meminit slab_memory_callback(struct notifier_block *self,
1451 unsigned long action, void *arg)
1452{
1453 struct memory_notify *mnb = arg;
1454 int ret = 0;
1455 int nid;
1456
1457 nid = mnb->status_change_nid;
1458 if (nid < 0)
1459 goto out;
1460
1461 switch (action) {
1462 case MEM_GOING_ONLINE:
18004c5d 1463 mutex_lock(&slab_mutex);
6a67368c 1464 ret = init_cache_node_node(nid);
18004c5d 1465 mutex_unlock(&slab_mutex);
8f9f8d9e
DR		 1466 break;
1467 case MEM_GOING_OFFLINE:
18004c5d 1468 mutex_lock(&slab_mutex);
6a67368c 1469 ret = drain_cache_node_node(nid);
18004c5d 1470 mutex_unlock(&slab_mutex);
8f9f8d9e
DR		 1471 break;
1472 case MEM_ONLINE:
1473 case MEM_OFFLINE:
1474 case MEM_CANCEL_ONLINE:
1475 case MEM_CANCEL_OFFLINE:
1476 break;
1477 }
1478out:
5fda1bd5 1479 return notifier_from_errno(ret);
8f9f8d9e
DR		 1480}
1481#endif /* CONFIG_NUMA && CONFIG_MEMORY_HOTPLUG */
1482
e498be7d 1483/*
ce8eb6c4 1484 * swap the static kmem_cache_node with kmalloced memory
e498be7d 1485 */
6744f087 1486static void __init init_list(struct kmem_cache *cachep, struct kmem_cache_node *list,
8f9f8d9e 1487 int nodeid)
e498be7d 1488{
6744f087 1489 struct kmem_cache_node *ptr;
e498be7d 1490
6744f087 1491 ptr = kmalloc_node(sizeof(struct kmem_cache_node), GFP_NOWAIT, nodeid);
e498be7d
CL		 1492 BUG_ON(!ptr);
1493
6744f087 1494 memcpy(ptr, list, sizeof(struct kmem_cache_node));
2b2d5493
IM		 1495 /*
1496 * Do not assume that spinlocks can be initialized via memcpy:
1497 */
1498 spin_lock_init(&ptr->list_lock);
1499
e498be7d 1500 MAKE_ALL_LISTS(cachep, ptr, nodeid);
6a67368c 1501 cachep->node[nodeid] = ptr;
e498be7d
CL		 1502}
1503
556a169d 1504/*
ce8eb6c4
CL		 1505 * For setting up all the kmem_cache_node for cache whose buffer_size is same as
1506 * size of kmem_cache_node.
556a169d 1507 */
ce8eb6c4 1508static void __init set_up_node(struct kmem_cache *cachep, int index)
556a169d
PE		 1509{
1510 int node;
1511
1512 for_each_online_node(node) {
ce8eb6c4 1513 cachep->node[node] = &init_kmem_cache_node[index + node];
6a67368c 1514 cachep->node[node]->next_reap = jiffies +
5f0985bb
JZ		 1515 REAPTIMEOUT_NODE +
1516 ((unsigned long)cachep) % REAPTIMEOUT_NODE;
556a169d
PE		 1517 }
1518}
1519
3c583465
CL		 1520/*
1521 * The memory after the last cpu cache pointer is used for the
6a67368c 1522 * the node pointer.
3c583465 1523 */
6a67368c 1524static void setup_node_pointer(struct kmem_cache *cachep)
3c583465 1525{
6a67368c 1526 cachep->node = (struct kmem_cache_node **)&cachep->array[nr_cpu_ids];
3c583465
CL		 1527}
1528
a737b3e2
AM		 1529/*
1530 * Initialisation. Called after the page allocator have been initialised and
1531 * before smp_init().
1da177e4
LT		 1532 */
1533void __init kmem_cache_init(void)
1534{
e498be7d
CL		 1535 int i;
1536
68126702
JK		 1537 BUILD_BUG_ON(sizeof(((struct page *)NULL)->lru) <
1538 sizeof(struct rcu_head));
9b030cb8 1539 kmem_cache = &kmem_cache_boot;
6a67368c 1540 setup_node_pointer(kmem_cache);
9b030cb8 1541
b6e68bc1 1542 if (num_possible_nodes() == 1)
62918a03
SS		 1543 use_alien_caches = 0;
1544
3c583465 1545 for (i = 0; i < NUM_INIT_LISTS; i++)
ce8eb6c4 1546 kmem_cache_node_init(&init_kmem_cache_node[i]);
3c583465 1547
ce8eb6c4 1548 set_up_node(kmem_cache, CACHE_CACHE);
1da177e4
LT		 1549
1550 /*
1551 * Fragmentation resistance on low memory - only use bigger
3df1cccd
DR		 1552 * page orders on machines with more than 32MB of memory if
1553 * not overridden on the command line.
1da177e4 1554 */
3df1cccd 1555 if (!slab_max_order_set && totalram_pages > (32 << 20) >> PAGE_SHIFT)
543585cc 1556 slab_max_order = SLAB_MAX_ORDER_HI;
1da177e4 1557
1da177e4
LT		 1558 /* Bootstrap is tricky, because several objects are allocated
1559 * from caches that do not exist yet:
9b030cb8
CL		 1560 * 1) initialize the kmem_cache cache: it contains the struct
1561 * kmem_cache structures of all caches, except kmem_cache itself:
1562 * kmem_cache is statically allocated.
e498be7d 1563 * Initially an __init data area is used for the head array and the
ce8eb6c4 1564 * kmem_cache_node structures, it's replaced with a kmalloc allocated
e498be7d 1565 * array at the end of the bootstrap.
1da177e4 1566 * 2) Create the first kmalloc cache.
343e0d7a 1567 * The struct kmem_cache for the new cache is allocated normally.
e498be7d
CL		 1568 * An __init data area is used for the head array.
1569 * 3) Create the remaining kmalloc caches, with minimally sized
1570 * head arrays.
9b030cb8 1571 * 4) Replace the __init data head arrays for kmem_cache and the first
1da177e4 1572 * kmalloc cache with kmalloc allocated arrays.
ce8eb6c4 1573 * 5) Replace the __init data for kmem_cache_node for kmem_cache and
e498be7d
CL		 1574 * the other cache's with kmalloc allocated memory.
1575 * 6) Resize the head arrays of the kmalloc caches to their final sizes.
1da177e4
LT		 1576 */
1577
9b030cb8 1578 /* 1) create the kmem_cache */
1da177e4 1579
8da3430d 1580 /*
b56efcf0 1581 * struct kmem_cache size depends on nr_node_ids & nr_cpu_ids
8da3430d 1582 */
2f9baa9f
CL		 1583 create_boot_cache(kmem_cache, "kmem_cache",
1584 offsetof(struct kmem_cache, array[nr_cpu_ids]) +
6744f087 1585 nr_node_ids * sizeof(struct kmem_cache_node *),
2f9baa9f
CL		 1586 SLAB_HWCACHE_ALIGN);
1587 list_add(&kmem_cache->list, &slab_caches);
1da177e4
LT		 1588
1589 /* 2+3) create the kmalloc caches */
1da177e4 1590
a737b3e2
AM		 1591 /*
1592 * Initialize the caches that provide memory for the array cache and the
ce8eb6c4 1593 * kmem_cache_node structures first. Without this, further allocations will
a737b3e2 1594 * bug.
e498be7d
CL		 1595 */
1596
e3366016
CL		 1597 kmalloc_caches[INDEX_AC] = create_kmalloc_cache("kmalloc-ac",
1598 kmalloc_size(INDEX_AC), ARCH_KMALLOC_FLAGS);
45530c44 1599
ce8eb6c4
CL		 1600 if (INDEX_AC != INDEX_NODE)
1601 kmalloc_caches[INDEX_NODE] =
1602 create_kmalloc_cache("kmalloc-node",
1603 kmalloc_size(INDEX_NODE), ARCH_KMALLOC_FLAGS);
e498be7d 1604
e0a42726
IM		 1605 slab_early_init = 0;
1606
1da177e4
LT		 1607 /* 4) Replace the bootstrap head arrays */
1608 {
2b2d5493 1609 struct array_cache *ptr;
e498be7d 1610
83b519e8 1611 ptr = kmalloc(sizeof(struct arraycache_init), GFP_NOWAIT);
e498be7d 1612
9b030cb8 1613 memcpy(ptr, cpu_cache_get(kmem_cache),
b28a02de 1614 sizeof(struct arraycache_init));
2b2d5493 1615
9b030cb8 1616 kmem_cache->array[smp_processor_id()] = ptr;
e498be7d 1617
83b519e8 1618 ptr = kmalloc(sizeof(struct arraycache_init), GFP_NOWAIT);
e498be7d 1619
e3366016 1620 BUG_ON(cpu_cache_get(kmalloc_caches[INDEX_AC])
b28a02de 1621 != &initarray_generic.cache);
e3366016 1622 memcpy(ptr, cpu_cache_get(kmalloc_caches[INDEX_AC]),
b28a02de 1623 sizeof(struct arraycache_init));
2b2d5493 1624
e3366016 1625 kmalloc_caches[INDEX_AC]->array[smp_processor_id()] = ptr;
1da177e4 1626 }
ce8eb6c4 1627 /* 5) Replace the bootstrap kmem_cache_node */
e498be7d 1628 {
1ca4cb24
PE		 1629 int nid;
1630
9c09a95c 1631 for_each_online_node(nid) {
ce8eb6c4 1632 init_list(kmem_cache, &init_kmem_cache_node[CACHE_CACHE + nid], nid);
556a169d 1633
e3366016 1634 init_list(kmalloc_caches[INDEX_AC],
ce8eb6c4 1635 &init_kmem_cache_node[SIZE_AC + nid], nid);
e498be7d 1636
ce8eb6c4
CL		 1637 if (INDEX_AC != INDEX_NODE) {
1638 init_list(kmalloc_caches[INDEX_NODE],
1639 &init_kmem_cache_node[SIZE_NODE + nid], nid);
e498be7d
CL		 1640 }
1641 }
1642 }
1da177e4 1643
f97d5f63 1644 create_kmalloc_caches(ARCH_KMALLOC_FLAGS);
8429db5c
PE		 1645}
1646
1647void __init kmem_cache_init_late(void)
1648{
1649 struct kmem_cache *cachep;
1650
97d06609 1651 slab_state = UP;
52cef189 1652
8429db5c 1653 /* 6) resize the head arrays to their final sizes */
18004c5d
CL		 1654 mutex_lock(&slab_mutex);
1655 list_for_each_entry(cachep, &slab_caches, list)
8429db5c
PE		 1656 if (enable_cpucache(cachep, GFP_NOWAIT))
1657 BUG();
18004c5d 1658 mutex_unlock(&slab_mutex);
056c6241 1659
947ca185
MW		 1660 /* Annotate slab for lockdep -- annotate the malloc caches */
1661 init_lock_keys();
1662
97d06609
CL		 1663 /* Done! */
1664 slab_state = FULL;
1665
a737b3e2
AM		 1666 /*
1667 * Register a cpu startup notifier callback that initializes
1668 * cpu_cache_get for all new cpus
1da177e4
LT		 1669 */
1670 register_cpu_notifier(&cpucache_notifier);
1da177e4 1671
8f9f8d9e
DR		 1672#ifdef CONFIG_NUMA
1673 /*
1674 * Register a memory hotplug callback that initializes and frees
6a67368c 1675 * node.
8f9f8d9e
DR		 1676 */
1677 hotplug_memory_notifier(slab_memory_callback, SLAB_CALLBACK_PRI);
1678#endif
1679
a737b3e2
AM		 1680 /*
1681 * The reap timers are started later, with a module init call: That part
1682 * of the kernel is not yet operational.
1da177e4
LT		 1683 */
1684}
1685
1686static int __init cpucache_init(void)
1687{
1688 int cpu;
1689
a737b3e2
AM		 1690 /*
1691 * Register the timers that return unneeded pages to the page allocator
1da177e4 1692 */
e498be7d 1693 for_each_online_cpu(cpu)
a737b3e2 1694 start_cpu_timer(cpu);
a164f896
GC		 1695
1696 /* Done! */
97d06609 1697 slab_state = FULL;
1da177e4
LT		 1698 return 0;
1699}
1da177e4
LT		 1700__initcall(cpucache_init);
1701
8bdec192
RA		 1702static noinline void
1703slab_out_of_memory(struct kmem_cache *cachep, gfp_t gfpflags, int nodeid)
1704{
9a02d699 1705#if DEBUG
ce8eb6c4 1706 struct kmem_cache_node *n;
8456a648 1707 struct page *page;
8bdec192
RA		 1708 unsigned long flags;
1709 int node;
9a02d699
DR		 1710 static DEFINE_RATELIMIT_STATE(slab_oom_rs, DEFAULT_RATELIMIT_INTERVAL,
1711 DEFAULT_RATELIMIT_BURST);
1712
1713 if ((gfpflags & __GFP_NOWARN) || !__ratelimit(&slab_oom_rs))
1714 return;
8bdec192
RA		 1715
1716 printk(KERN_WARNING
1717 "SLAB: Unable to allocate memory on node %d (gfp=0x%x)\n",
1718 nodeid, gfpflags);
1719 printk(KERN_WARNING " cache: %s, object size: %d, order: %d\n",
3b0efdfa 1720 cachep->name, cachep->size, cachep->gfporder);
8bdec192 1721
18bf8541 1722 for_each_kmem_cache_node(cachep, node, n) {
8bdec192
RA		 1723 unsigned long active_objs = 0, num_objs = 0, free_objects = 0;
1724 unsigned long active_slabs = 0, num_slabs = 0;
1725
ce8eb6c4 1726 spin_lock_irqsave(&n->list_lock, flags);
8456a648 1727 list_for_each_entry(page, &n->slabs_full, lru) {
8bdec192
RA		 1728 active_objs += cachep->num;
1729 active_slabs++;
1730 }
8456a648
JK		 1731 list_for_each_entry(page, &n->slabs_partial, lru) {
1732 active_objs += page->active;
8bdec192
RA		 1733 active_slabs++;
1734 }
8456a648 1735 list_for_each_entry(page, &n->slabs_free, lru)
8bdec192
RA		 1736 num_slabs++;
1737
ce8eb6c4
CL		 1738 free_objects += n->free_objects;
1739 spin_unlock_irqrestore(&n->list_lock, flags);
8bdec192
RA		 1740
1741 num_slabs += active_slabs;
1742 num_objs = num_slabs * cachep->num;
1743 printk(KERN_WARNING
1744 " node %d: slabs: %ld/%ld, objs: %ld/%ld, free: %ld\n",
1745 node, active_slabs, num_slabs, active_objs, num_objs,
1746 free_objects);
1747 }
9a02d699 1748#endif
8bdec192
RA		 1749}
1750
1da177e4
LT		 1751/*
1752 * Interface to system's page allocator. No need to hold the cache-lock.
1753 *
1754 * If we requested dmaable memory, we will get it. Even if we
1755 * did not request dmaable memory, we might get it, but that
1756 * would be relatively rare and ignorable.
1757 */
0c3aa83e
JK		 1758static struct page *kmem_getpages(struct kmem_cache *cachep, gfp_t flags,
1759 int nodeid)
1da177e4
LT		 1760{
1761 struct page *page;
e1b6aa6f 1762 int nr_pages;
765c4507 1763
a618e89f 1764 flags |= cachep->allocflags;
e12ba74d
MG		 1765 if (cachep->flags & SLAB_RECLAIM_ACCOUNT)
1766 flags |= __GFP_RECLAIMABLE;
e1b6aa6f 1767
5dfb4175
VD		 1768 if (memcg_charge_slab(cachep, flags, cachep->gfporder))
1769 return NULL;
1770
517d0869 1771 page = alloc_pages_exact_node(nodeid, flags | __GFP_NOTRACK, cachep->gfporder);
8bdec192 1772 if (!page) {
5dfb4175 1773 memcg_uncharge_slab(cachep, cachep->gfporder);
9a02d699 1774 slab_out_of_memory(cachep, flags, nodeid);
1da177e4 1775 return NULL;
8bdec192 1776 }
1da177e4 1777
b37f1dd0 1778 /* Record if ALLOC_NO_WATERMARKS was set when allocating the slab */
072bb0aa
MG		 1779 if (unlikely(page->pfmemalloc))
1780 pfmemalloc_active = true;
1781
e1b6aa6f 1782 nr_pages = (1 << cachep->gfporder);
1da177e4 1783 if (cachep->flags & SLAB_RECLAIM_ACCOUNT)
972d1a7b
CL		 1784 add_zone_page_state(page_zone(page),
1785 NR_SLAB_RECLAIMABLE, nr_pages);
1786 else
1787 add_zone_page_state(page_zone(page),
1788 NR_SLAB_UNRECLAIMABLE, nr_pages);
a57a4988
JK		 1789 __SetPageSlab(page);
1790 if (page->pfmemalloc)
1791 SetPageSlabPfmemalloc(page);
072bb0aa 1792
b1eeab67
VN		 1793 if (kmemcheck_enabled && !(cachep->flags & SLAB_NOTRACK)) {
1794 kmemcheck_alloc_shadow(page, cachep->gfporder, flags, nodeid);
1795
1796 if (cachep->ctor)
1797 kmemcheck_mark_uninitialized_pages(page, nr_pages);
1798 else
1799 kmemcheck_mark_unallocated_pages(page, nr_pages);
1800 }
c175eea4 1801
0c3aa83e 1802 return page;
1da177e4
LT		 1803}
1804
1805/*
1806 * Interface to system's page release.
1807 */
0c3aa83e 1808static void kmem_freepages(struct kmem_cache *cachep, struct page *page)
1da177e4 1809{
a57a4988 1810 const unsigned long nr_freed = (1 << cachep->gfporder);
1da177e4 1811
b1eeab67 1812 kmemcheck_free_shadow(page, cachep->gfporder);
c175eea4 1813
972d1a7b
CL		 1814 if (cachep->flags & SLAB_RECLAIM_ACCOUNT)
1815 sub_zone_page_state(page_zone(page),
1816 NR_SLAB_RECLAIMABLE, nr_freed);
1817 else
1818 sub_zone_page_state(page_zone(page),
1819 NR_SLAB_UNRECLAIMABLE, nr_freed);
73293c2f 1820
a57a4988 1821 BUG_ON(!PageSlab(page));
73293c2f 1822 __ClearPageSlabPfmemalloc(page);
a57a4988 1823 __ClearPageSlab(page);
8456a648
JK		 1824 page_mapcount_reset(page);
1825 page->mapping = NULL;
1f458cbf 1826
1da177e4
LT		 1827 if (current->reclaim_state)
1828 current->reclaim_state->reclaimed_slab += nr_freed;
5dfb4175
VD		 1829 __free_pages(page, cachep->gfporder);
1830 memcg_uncharge_slab(cachep, cachep->gfporder);
1da177e4
LT		 1831}
1832
1833static void kmem_rcu_free(struct rcu_head *head)
1834{
68126702
JK		 1835 struct kmem_cache *cachep;
1836 struct page *page;
1da177e4 1837
68126702
JK		 1838 page = container_of(head, struct page, rcu_head);
1839 cachep = page->slab_cache;
1840
1841 kmem_freepages(cachep, page);
1da177e4
LT		 1842}
1843
1844#if DEBUG
1845
1846#ifdef CONFIG_DEBUG_PAGEALLOC
343e0d7a 1847static void store_stackinfo(struct kmem_cache *cachep, unsigned long *addr,
b28a02de 1848 unsigned long caller)
1da177e4 1849{
8c138bc0 1850 int size = cachep->object_size;
1da177e4 1851
3dafccf2 1852 addr = (unsigned long *)&((char *)addr)[obj_offset(cachep)];
1da177e4 1853
b28a02de 1854 if (size < 5 * sizeof(unsigned long))
1da177e4
LT		 1855 return;
1856
b28a02de
PE		 1857 *addr++ = 0x12345678;
1858 *addr++ = caller;
1859 *addr++ = smp_processor_id();
1860 size -= 3 * sizeof(unsigned long);
1da177e4
LT		 1861 {
1862 unsigned long *sptr = &caller;
1863 unsigned long svalue;
1864
1865 while (!kstack_end(sptr)) {
1866 svalue = *sptr++;
1867 if (kernel_text_address(svalue)) {
b28a02de 1868 *addr++ = svalue;
1da177e4
LT		 1869 size -= sizeof(unsigned long);
1870 if (size <= sizeof(unsigned long))
1871 break;
1872 }
1873 }
1874
1875 }
b28a02de 1876 *addr++ = 0x87654321;
1da177e4
LT		 1877}
1878#endif
1879
343e0d7a 1880static void poison_obj(struct kmem_cache *cachep, void *addr, unsigned char val)
1da177e4 1881{
8c138bc0 1882 int size = cachep->object_size;
3dafccf2 1883 addr = &((char *)addr)[obj_offset(cachep)];
1da177e4
LT		 1884
1885 memset(addr, val, size);
b28a02de 1886 *(unsigned char *)(addr + size - 1) = POISON_END;
1da177e4
LT		 1887}
1888
1889static void dump_line(char *data, int offset, int limit)
1890{
1891 int i;
aa83aa40
DJ		 1892 unsigned char error = 0;
1893 int bad_count = 0;
1894
fdde6abb 1895 printk(KERN_ERR "%03x: ", offset);
aa83aa40
DJ		 1896 for (i = 0; i < limit; i++) {
1897 if (data[offset + i] != POISON_FREE) {
1898 error = data[offset + i];
1899 bad_count++;
1900 }
aa83aa40 1901 }
fdde6abb
SAS		 1902 print_hex_dump(KERN_CONT, "", 0, 16, 1,
1903 &data[offset], limit, 1);
aa83aa40
DJ		 1904
1905 if (bad_count == 1) {
1906 error ^= POISON_FREE;
1907 if (!(error & (error - 1))) {
1908 printk(KERN_ERR "Single bit error detected. Probably "
1909 "bad RAM.\n");
1910#ifdef CONFIG_X86
1911 printk(KERN_ERR "Run memtest86+ or a similar memory "
1912 "test tool.\n");
1913#else
1914 printk(KERN_ERR "Run a memory test tool.\n");
1915#endif
1916 }
1917 }
1da177e4
LT		 1918}
1919#endif
1920
1921#if DEBUG
1922
343e0d7a 1923static void print_objinfo(struct kmem_cache *cachep, void *objp, int lines)
1da177e4
LT		 1924{
1925 int i, size;
1926 char *realobj;
1927
1928 if (cachep->flags & SLAB_RED_ZONE) {
b46b8f19 1929 printk(KERN_ERR "Redzone: 0x%llx/0x%llx.\n",
a737b3e2
AM		 1930 *dbg_redzone1(cachep, objp),
1931 *dbg_redzone2(cachep, objp));
1da177e4
LT		 1932 }
1933
1934 if (cachep->flags & SLAB_STORE_USER) {
071361d3
JP		 1935 printk(KERN_ERR "Last user: [<%p>](%pSR)\n",
1936 *dbg_userword(cachep, objp),
1937 *dbg_userword(cachep, objp));
1da177e4 1938 }
3dafccf2 1939 realobj = (char *)objp + obj_offset(cachep);
8c138bc0 1940 size = cachep->object_size;
b28a02de 1941 for (i = 0; i < size && lines; i += 16, lines--) {
1da177e4
LT		 1942 int limit;
1943 limit = 16;
b28a02de
PE		 1944 if (i + limit > size)
1945 limit = size - i;
1da177e4
LT		 1946 dump_line(realobj, i, limit);
1947 }
1948}
1949
343e0d7a 1950static void check_poison_obj(struct kmem_cache *cachep, void *objp)
1da177e4
LT		 1951{
1952 char *realobj;
1953 int size, i;
1954 int lines = 0;
1955
3dafccf2 1956 realobj = (char *)objp + obj_offset(cachep);
8c138bc0 1957 size = cachep->object_size;
1da177e4 1958
b28a02de 1959 for (i = 0; i < size; i++) {
1da177e4 1960 char exp = POISON_FREE;
b28a02de 1961 if (i == size - 1)
1da177e4
LT		 1962 exp = POISON_END;
1963 if (realobj[i] != exp) {
1964 int limit;
1965 /* Mismatch ! */
1966 /* Print header */
1967 if (lines == 0) {
b28a02de 1968 printk(KERN_ERR
face37f5
DJ		 1969 "Slab corruption (%s): %s start=%p, len=%d\n",
1970 print_tainted(), cachep->name, realobj, size);
1da177e4
LT		 1971 print_objinfo(cachep, objp, 0);
1972 }
1973 /* Hexdump the affected line */
b28a02de 1974 i = (i / 16) * 16;
1da177e4 1975 limit = 16;
b28a02de
PE		 1976 if (i + limit > size)
1977 limit = size - i;
1da177e4
LT		 1978 dump_line(realobj, i, limit);
1979 i += 16;
1980 lines++;
1981 /* Limit to 5 lines */
1982 if (lines > 5)
1983 break;
1984 }
1985 }
1986 if (lines != 0) {
1987 /* Print some data about the neighboring objects, if they
1988 * exist:
1989 */
8456a648 1990 struct page *page = virt_to_head_page(objp);
8fea4e96 1991 unsigned int objnr;
1da177e4 1992
8456a648 1993 objnr = obj_to_index(cachep, page, objp);
1da177e4 1994 if (objnr) {
8456a648 1995 objp = index_to_obj(cachep, page, objnr - 1);
3dafccf2 1996 realobj = (char *)objp + obj_offset(cachep);
1da177e4 1997 printk(KERN_ERR "Prev obj: start=%p, len=%d\n",
b28a02de 1998 realobj, size);
1da177e4
LT		 1999 print_objinfo(cachep, objp, 2);
2000 }
b28a02de 2001 if (objnr + 1 < cachep->num) {
8456a648 2002 objp = index_to_obj(cachep, page, objnr + 1);
3dafccf2 2003 realobj = (char *)objp + obj_offset(cachep);
1da177e4 2004 printk(KERN_ERR "Next obj: start=%p, len=%d\n",
b28a02de 2005 realobj, size);
1da177e4
LT		 2006 print_objinfo(cachep, objp, 2);
2007 }
2008 }
2009}
2010#endif
2011
12dd36fa 2012#if DEBUG
8456a648
JK		 2013static void slab_destroy_debugcheck(struct kmem_cache *cachep,
2014 struct page *page)
1da177e4 2015{
1da177e4
LT		 2016 int i;
2017 for (i = 0; i < cachep->num; i++) {
8456a648 2018 void *objp = index_to_obj(cachep, page, i);
1da177e4
LT		 2019
2020 if (cachep->flags & SLAB_POISON) {
2021#ifdef CONFIG_DEBUG_PAGEALLOC
3b0efdfa 2022 if (cachep->size % PAGE_SIZE == 0 &&
a737b3e2 2023 OFF_SLAB(cachep))
b28a02de 2024 kernel_map_pages(virt_to_page(objp),
3b0efdfa 2025 cachep->size / PAGE_SIZE, 1);
1da177e4
LT		 2026 else
2027 check_poison_obj(cachep, objp);
2028#else
2029 check_poison_obj(cachep, objp);
2030#endif
2031 }
2032 if (cachep->flags & SLAB_RED_ZONE) {
2033 if (*dbg_redzone1(cachep, objp) != RED_INACTIVE)
2034 slab_error(cachep, "start of a freed object "
b28a02de 2035 "was overwritten");
1da177e4
LT		 2036 if (*dbg_redzone2(cachep, objp) != RED_INACTIVE)
2037 slab_error(cachep, "end of a freed object "
b28a02de 2038 "was overwritten");
1da177e4 2039 }
1da177e4 2040 }
12dd36fa 2041}
1da177e4 2042#else
8456a648
JK		 2043static void slab_destroy_debugcheck(struct kmem_cache *cachep,
2044 struct page *page)
12dd36fa 2045{
12dd36fa 2046}
1da177e4
LT		 2047#endif
2048
911851e6
RD		 2049/**
2050 * slab_destroy - destroy and release all objects in a slab
2051 * @cachep: cache pointer being destroyed
cb8ee1a3 2052 * @page: page pointer being destroyed
911851e6 2053 *
12dd36fa 2054 * Destroy all the objs in a slab, and release the mem back to the system.
a737b3e2
AM		 2055 * Before calling the slab must have been unlinked from the cache. The
2056 * cache-lock is not held/needed.
12dd36fa 2057 */
8456a648 2058static void slab_destroy(struct kmem_cache *cachep, struct page *page)
12dd36fa 2059{
7e007355 2060 void *freelist;
12dd36fa 2061
8456a648
JK		 2062 freelist = page->freelist;
2063 slab_destroy_debugcheck(cachep, page);
1da177e4 2064 if (unlikely(cachep->flags & SLAB_DESTROY_BY_RCU)) {
68126702
JK		 2065 struct rcu_head *head;
2066
2067 /*
2068 * RCU free overloads the RCU head over the LRU.
2069 * slab_page has been overloeaded over the LRU,
2070 * however it is not used from now on so that
2071 * we can use it safely.
2072 */
2073 head = (void *)&page->rcu_head;
2074 call_rcu(head, kmem_rcu_free);
1da177e4 2075
1da177e4 2076 } else {
0c3aa83e 2077 kmem_freepages(cachep, page);
1da177e4 2078 }
68126702
JK		 2079
2080 /*
8456a648 2081 * From now on, we don't use freelist
68126702
JK		 2082 * although actual page can be freed in rcu context
2083 */
2084 if (OFF_SLAB(cachep))
8456a648 2085 kmem_cache_free(cachep->freelist_cache, freelist);
1da177e4
LT		 2086}
2087
97654dfa
JK		 2088static void slabs_destroy(struct kmem_cache *cachep, struct list_head *list)
2089{
2090 struct page *page, *n;
2091
2092 list_for_each_entry_safe(page, n, list, lru) {
2093 list_del(&page->lru);
2094 slab_destroy(cachep, page);
2095 }
2096}
2097
4d268eba 2098/**
a70773dd
RD		 2099 * calculate_slab_order - calculate size (page order) of slabs
2100 * @cachep: pointer to the cache that is being created
2101 * @size: size of objects to be created in this cache.
2102 * @align: required alignment for the objects.
2103 * @flags: slab allocation flags
2104 *
2105 * Also calculates the number of objects per slab.
4d268eba
PE		 2106 *
2107 * This could be made much more intelligent. For now, try to avoid using
2108 * high order pages for slabs. When the gfp() functions are more friendly
2109 * towards high-order requests, this should be changed.
2110 */
a737b3e2 2111static size_t calculate_slab_order(struct kmem_cache *cachep,
ee13d785 2112 size_t size, size_t align, unsigned long flags)
4d268eba 2113{
b1ab41c4 2114 unsigned long offslab_limit;
4d268eba 2115 size_t left_over = 0;
9888e6fa 2116 int gfporder;
4d268eba 2117
0aa817f0 2118 for (gfporder = 0; gfporder <= KMALLOC_MAX_ORDER; gfporder++) {
4d268eba
PE		 2119 unsigned int num;
2120 size_t remainder;
2121
9888e6fa 2122 cache_estimate(gfporder, size, align, flags, &remainder, &num);
4d268eba
PE		 2123 if (!num)
2124 continue;
9888e6fa 2125
f315e3fa
JK		 2126 /* Can't handle number of objects more than SLAB_OBJ_MAX_NUM */
2127 if (num > SLAB_OBJ_MAX_NUM)
2128 break;
2129
b1ab41c4 2130 if (flags & CFLGS_OFF_SLAB) {
03787301 2131 size_t freelist_size_per_obj = sizeof(freelist_idx_t);
b1ab41c4
IM		 2132 /*
2133 * Max number of objs-per-slab for caches which
2134 * use off-slab slabs. Needed to avoid a possible
2135 * looping condition in cache_grow().
2136 */
03787301
JK		 2137 if (IS_ENABLED(CONFIG_DEBUG_SLAB_LEAK))
2138 freelist_size_per_obj += sizeof(char);
8456a648 2139 offslab_limit = size;
03787301 2140 offslab_limit /= freelist_size_per_obj;
b1ab41c4
IM		 2141
2142 if (num > offslab_limit)
2143 break;
2144 }
4d268eba 2145
9888e6fa 2146 /* Found something acceptable - save it away */
4d268eba 2147 cachep->num = num;
9888e6fa 2148 cachep->gfporder = gfporder;
4d268eba
PE		 2149 left_over = remainder;
2150
f78bb8ad
LT		 2151 /*
2152 * A VFS-reclaimable slab tends to have most allocations
2153 * as GFP_NOFS and we really don't want to have to be allocating
2154 * higher-order pages when we are unable to shrink dcache.
2155 */
2156 if (flags & SLAB_RECLAIM_ACCOUNT)
2157 break;
2158
4d268eba
PE		 2159 /*
2160 * Large number of objects is good, but very large slabs are
2161 * currently bad for the gfp()s.
2162 */
543585cc 2163 if (gfporder >= slab_max_order)
4d268eba
PE		 2164 break;
2165
9888e6fa
LT		 2166 /*
2167 * Acceptable internal fragmentation?
2168 */
a737b3e2 2169 if (left_over * 8 <= (PAGE_SIZE << gfporder))
4d268eba
PE		 2170 break;
2171 }
2172 return left_over;
2173}
2174
83b519e8 2175static int __init_refok setup_cpu_cache(struct kmem_cache *cachep, gfp_t gfp)
f30cf7d1 2176{
97d06609 2177 if (slab_state >= FULL)
83b519e8 2178 return enable_cpucache(cachep, gfp);
2ed3a4ef 2179
97d06609 2180 if (slab_state == DOWN) {
f30cf7d1 2181 /*
2f9baa9f 2182 * Note: Creation of first cache (kmem_cache).
ce8eb6c4 2183 * The setup_node is taken care
2f9baa9f
CL		 2184 * of by the caller of __kmem_cache_create
2185 */
2186 cachep->array[smp_processor_id()] = &initarray_generic.cache;
2187 slab_state = PARTIAL;
2188 } else if (slab_state == PARTIAL) {
2189 /*
2190 * Note: the second kmem_cache_create must create the cache
f30cf7d1
PE		 2191 * that's used by kmalloc(24), otherwise the creation of
2192 * further caches will BUG().
2193 */
2194 cachep->array[smp_processor_id()] = &initarray_generic.cache;
2195
2196 /*
ce8eb6c4
CL		 2197 * If the cache that's used by kmalloc(sizeof(kmem_cache_node)) is
2198 * the second cache, then we need to set up all its node/,
f30cf7d1
PE		 2199 * otherwise the creation of further caches will BUG().
2200 */
ce8eb6c4
CL		 2201 set_up_node(cachep, SIZE_AC);
2202 if (INDEX_AC == INDEX_NODE)
2203 slab_state = PARTIAL_NODE;
f30cf7d1 2204 else
97d06609 2205 slab_state = PARTIAL_ARRAYCACHE;
f30cf7d1 2206 } else {
2f9baa9f 2207 /* Remaining boot caches */
f30cf7d1 2208 cachep->array[smp_processor_id()] =
83b519e8 2209 kmalloc(sizeof(struct arraycache_init), gfp);
f30cf7d1 2210
97d06609 2211 if (slab_state == PARTIAL_ARRAYCACHE) {
ce8eb6c4
CL		 2212 set_up_node(cachep, SIZE_NODE);
2213 slab_state = PARTIAL_NODE;
f30cf7d1
PE		 2214 } else {
2215 int node;
556a169d 2216 for_each_online_node(node) {
6a67368c 2217 cachep->node[node] =
6744f087 2218 kmalloc_node(sizeof(struct kmem_cache_node),
eb91f1d0 2219 gfp, node);
6a67368c 2220 BUG_ON(!cachep->node[node]);
ce8eb6c4 2221 kmem_cache_node_init(cachep->node[node]);
f30cf7d1
PE		 2222 }
2223 }
2224 }
6a67368c 2225 cachep->node[numa_mem_id()]->next_reap =
5f0985bb
JZ		 2226 jiffies + REAPTIMEOUT_NODE +
2227 ((unsigned long)cachep) % REAPTIMEOUT_NODE;
f30cf7d1
PE		 2228
2229 cpu_cache_get(cachep)->avail = 0;
2230 cpu_cache_get(cachep)->limit = BOOT_CPUCACHE_ENTRIES;
2231 cpu_cache_get(cachep)->batchcount = 1;
2232 cpu_cache_get(cachep)->touched = 0;
2233 cachep->batchcount = 1;
2234 cachep->limit = BOOT_CPUCACHE_ENTRIES;
2ed3a4ef 2235 return 0;
f30cf7d1
PE		 2236}
2237
1da177e4 2238/**
039363f3 2239 * __kmem_cache_create - Create a cache.
a755b76a 2240 * @cachep: cache management descriptor
1da177e4 2241 * @flags: SLAB flags
1da177e4
LT		 2242 *
2243 * Returns a ptr to the cache on success, NULL on failure.
2244 * Cannot be called within a int, but can be interrupted.
20c2df83 2245 * The @ctor is run when new pages are allocated by the cache.
1da177e4 2246 *
1da177e4
LT		 2247 * The flags are
2248 *
2249 * %SLAB_POISON - Poison the slab with a known test pattern (a5a5a5a5)
2250 * to catch references to uninitialised memory.
2251 *
2252 * %SLAB_RED_ZONE - Insert `Red' zones around the allocated memory to check
2253 * for buffer overruns.
2254 *
1da177e4
LT		 2255 * %SLAB_HWCACHE_ALIGN - Align the objects in this cache to a hardware
2256 * cacheline. This can be beneficial if you're counting cycles as closely
2257 * as davem.
2258 */
278b1bb1 2259int
8a13a4cc 2260__kmem_cache_create (struct kmem_cache *cachep, unsigned long flags)
1da177e4 2261{
8456a648 2262 size_t left_over, freelist_size, ralign;
83b519e8 2263 gfp_t gfp;
278b1bb1 2264 int err;
8a13a4cc 2265 size_t size = cachep->size;
1da177e4 2266
1da177e4 2267#if DEBUG
1da177e4
LT		 2268#if FORCED_DEBUG
2269 /*
2270 * Enable redzoning and last user accounting, except for caches with
2271 * large objects, if the increased size would increase the object size
2272 * above the next power of two: caches with object sizes just above a
2273 * power of two have a significant amount of internal fragmentation.
2274 */
87a927c7
DW		 2275 if (size < 4096 || fls(size - 1) == fls(size-1 + REDZONE_ALIGN +
2276 2 * sizeof(unsigned long long)))
b28a02de 2277 flags |= SLAB_RED_ZONE | SLAB_STORE_USER;
1da177e4
LT		 2278 if (!(flags & SLAB_DESTROY_BY_RCU))
2279 flags |= SLAB_POISON;
2280#endif
2281 if (flags & SLAB_DESTROY_BY_RCU)
2282 BUG_ON(flags & SLAB_POISON);
2283#endif
1da177e4 2284
a737b3e2
AM		 2285 /*
2286 * Check that size is in terms of words. This is needed to avoid
1da177e4
LT		 2287 * unaligned accesses for some archs when redzoning is used, and makes
2288 * sure any on-slab bufctl's are also correctly aligned.
2289 */
b28a02de
PE		 2290 if (size & (BYTES_PER_WORD - 1)) {
2291 size += (BYTES_PER_WORD - 1);
2292 size &= ~(BYTES_PER_WORD - 1);
1da177e4
LT		 2293 }
2294
ca5f9703 2295 /*
87a927c7
DW		 2296 * Redzoning and user store require word alignment or possibly larger.
2297 * Note this will be overridden by architecture or caller mandated
2298 * alignment if either is greater than BYTES_PER_WORD.
ca5f9703 2299 */
87a927c7
DW		 2300 if (flags & SLAB_STORE_USER)
2301 ralign = BYTES_PER_WORD;
2302
2303 if (flags & SLAB_RED_ZONE) {
2304 ralign = REDZONE_ALIGN;
2305 /* If redzoning, ensure that the second redzone is suitably
2306 * aligned, by adjusting the object size accordingly. */
2307 size += REDZONE_ALIGN - 1;
2308 size &= ~(REDZONE_ALIGN - 1);
2309 }
ca5f9703 2310
a44b56d3 2311 /* 3) caller mandated alignment */
8a13a4cc
CL		 2312 if (ralign < cachep->align) {
2313 ralign = cachep->align;
1da177e4 2314 }
3ff84a7f
PE		 2315 /* disable debug if necessary */
2316 if (ralign > __alignof__(unsigned long long))
a44b56d3 2317 flags &= ~(SLAB_RED_ZONE | SLAB_STORE_USER);
a737b3e2 2318 /*
ca5f9703 2319 * 4) Store it.
1da177e4 2320 */
8a13a4cc 2321 cachep->align = ralign;
1da177e4 2322
83b519e8
PE		 2323 if (slab_is_available())
2324 gfp = GFP_KERNEL;
2325 else
2326 gfp = GFP_NOWAIT;
2327
6a67368c 2328 setup_node_pointer(cachep);
1da177e4 2329#if DEBUG
1da177e4 2330
ca5f9703
PE		 2331 /*
2332 * Both debugging options require word-alignment which is calculated
2333 * into align above.
2334 */
1da177e4 2335 if (flags & SLAB_RED_ZONE) {
1da177e4 2336 /* add space for red zone words */
3ff84a7f
PE		 2337 cachep->obj_offset += sizeof(unsigned long long);
2338 size += 2 * sizeof(unsigned long long);
1da177e4
LT		 2339 }
2340 if (flags & SLAB_STORE_USER) {
ca5f9703 2341 /* user store requires one word storage behind the end of
87a927c7
DW		 2342 * the real object. But if the second red zone needs to be
2343 * aligned to 64 bits, we must allow that much space.
1da177e4 2344 */
87a927c7
DW		 2345 if (flags & SLAB_RED_ZONE)
2346 size += REDZONE_ALIGN;
2347 else
2348 size += BYTES_PER_WORD;
1da177e4
LT		 2349 }
2350#if FORCED_DEBUG && defined(CONFIG_DEBUG_PAGEALLOC)
ce8eb6c4 2351 if (size >= kmalloc_size(INDEX_NODE + 1)
608da7e3
TH		 2352 && cachep->object_size > cache_line_size()
2353 && ALIGN(size, cachep->align) < PAGE_SIZE) {
2354 cachep->obj_offset += PAGE_SIZE - ALIGN(size, cachep->align);
1da177e4
LT		 2355 size = PAGE_SIZE;
2356 }
2357#endif
2358#endif
2359
e0a42726
IM		 2360 /*
2361 * Determine if the slab management is 'on' or 'off' slab.
2362 * (bootstrapping cannot cope with offslab caches so don't do
e7cb55b9
CM		 2363 * it too early on. Always use on-slab management when
2364 * SLAB_NOLEAKTRACE to avoid recursive calls into kmemleak)
e0a42726 2365 */
8fc9cf42 2366 if ((size >= (PAGE_SIZE >> 5)) && !slab_early_init &&
e7cb55b9 2367 !(flags & SLAB_NOLEAKTRACE))
1da177e4
LT		 2368 /*
2369 * Size is large, assume best to place the slab management obj
2370 * off-slab (should allow better packing of objs).
2371 */
2372 flags |= CFLGS_OFF_SLAB;
2373
8a13a4cc 2374 size = ALIGN(size, cachep->align);
f315e3fa
JK		 2375 /*
2376 * We should restrict the number of objects in a slab to implement
2377 * byte sized index. Refer comment on SLAB_OBJ_MIN_SIZE definition.
2378 */
2379 if (FREELIST_BYTE_INDEX && size < SLAB_OBJ_MIN_SIZE)
2380 size = ALIGN(SLAB_OBJ_MIN_SIZE, cachep->align);
1da177e4 2381
8a13a4cc 2382 left_over = calculate_slab_order(cachep, size, cachep->align, flags);
1da177e4 2383
8a13a4cc 2384 if (!cachep->num)
278b1bb1 2385 return -E2BIG;
1da177e4 2386
03787301 2387 freelist_size = calculate_freelist_size(cachep->num, cachep->align);
1da177e4
LT		 2388
2389 /*
2390 * If the slab has been placed off-slab, and we have enough space then
2391 * move it on-slab. This is at the expense of any extra colouring.
2392 */
8456a648 2393 if (flags & CFLGS_OFF_SLAB && left_over >= freelist_size) {
1da177e4 2394 flags &= ~CFLGS_OFF_SLAB;
8456a648 2395 left_over -= freelist_size;
1da177e4
LT		 2396 }
2397
2398 if (flags & CFLGS_OFF_SLAB) {
2399 /* really off slab. No need for manual alignment */
03787301 2400 freelist_size = calculate_freelist_size(cachep->num, 0);
67461365
RL		 2401
2402#ifdef CONFIG_PAGE_POISONING
2403 /* If we're going to use the generic kernel_map_pages()
2404 * poisoning, then it's going to smash the contents of
2405 * the redzone and userword anyhow, so switch them off.
2406 */
2407 if (size % PAGE_SIZE == 0 && flags & SLAB_POISON)
2408 flags &= ~(SLAB_RED_ZONE | SLAB_STORE_USER);
2409#endif
1da177e4
LT		 2410 }
2411
2412 cachep->colour_off = cache_line_size();
2413 /* Offset must be a multiple of the alignment. */
8a13a4cc
CL		 2414 if (cachep->colour_off < cachep->align)
2415 cachep->colour_off = cachep->align;
b28a02de 2416 cachep->colour = left_over / cachep->colour_off;
8456a648 2417 cachep->freelist_size = freelist_size;
1da177e4 2418 cachep->flags = flags;
a57a4988 2419 cachep->allocflags = __GFP_COMP;
4b51d669 2420 if (CONFIG_ZONE_DMA_FLAG && (flags & SLAB_CACHE_DMA))
a618e89f 2421 cachep->allocflags |= GFP_DMA;
3b0efdfa 2422 cachep->size = size;
6a2d7a95 2423 cachep->reciprocal_buffer_size = reciprocal_value(size);
1da177e4 2424
e5ac9c5a 2425 if (flags & CFLGS_OFF_SLAB) {
8456a648 2426 cachep->freelist_cache = kmalloc_slab(freelist_size, 0u);
e5ac9c5a 2427 /*
5f0985bb 2428 * This is a possibility for one of the kmalloc_{dma,}_caches.
e5ac9c5a 2429 * But since we go off slab only for object size greater than
5f0985bb
JZ		 2430 * PAGE_SIZE/8, and kmalloc_{dma,}_caches get created
2431 * in ascending order,this should not happen at all.
e5ac9c5a
RT		 2432 * But leave a BUG_ON for some lucky dude.
2433 */
8456a648 2434 BUG_ON(ZERO_OR_NULL_PTR(cachep->freelist_cache));
e5ac9c5a 2435 }
1da177e4 2436
278b1bb1
CL		 2437 err = setup_cpu_cache(cachep, gfp);
2438 if (err) {
12c3667f 2439 __kmem_cache_shutdown(cachep);
278b1bb1 2440 return err;
2ed3a4ef 2441 }
1da177e4 2442
83835b3d
PZ		 2443 if (flags & SLAB_DEBUG_OBJECTS) {
2444 /*
2445 * Would deadlock through slab_destroy()->call_rcu()->
2446 * debug_object_activate()->kmem_cache_alloc().
2447 */
2448 WARN_ON_ONCE(flags & SLAB_DESTROY_BY_RCU);
2449
2450 slab_set_debugobj_lock_classes(cachep);
6ccfb5bc
GC		 2451 } else if (!OFF_SLAB(cachep) && !(flags & SLAB_DESTROY_BY_RCU))
2452 on_slab_lock_classes(cachep);
83835b3d 2453
278b1bb1 2454 return 0;
1da177e4 2455}
1da177e4
LT		 2456
2457#if DEBUG
2458static void check_irq_off(void)
2459{
2460 BUG_ON(!irqs_disabled());
2461}
2462
2463static void check_irq_on(void)
2464{
2465 BUG_ON(irqs_disabled());
2466}
2467
343e0d7a 2468static void check_spinlock_acquired(struct kmem_cache *cachep)
1da177e4
LT		 2469{
2470#ifdef CONFIG_SMP
2471 check_irq_off();
18bf8541 2472 assert_spin_locked(&get_node(cachep, numa_mem_id())->list_lock);
1da177e4
LT		 2473#endif
2474}
e498be7d 2475
343e0d7a 2476static void check_spinlock_acquired_node(struct kmem_cache *cachep, int node)
e498be7d
CL		 2477{
2478#ifdef CONFIG_SMP
2479 check_irq_off();
18bf8541 2480 assert_spin_locked(&get_node(cachep, node)->list_lock);
e498be7d
CL		 2481#endif
2482}
2483
1da177e4
LT		 2484#else
2485#define check_irq_off() do { } while(0)
2486#define check_irq_on() do { } while(0)
2487#define check_spinlock_acquired(x) do { } while(0)
e498be7d 2488#define check_spinlock_acquired_node(x, y) do { } while(0)
1da177e4
LT		 2489#endif
2490
ce8eb6c4 2491static void drain_array(struct kmem_cache *cachep, struct kmem_cache_node *n,
aab2207c
CL		 2492 struct array_cache *ac,
2493 int force, int node);
2494
1da177e4
LT		 2495static void do_drain(void *arg)
2496{
a737b3e2 2497 struct kmem_cache *cachep = arg;
1da177e4 2498 struct array_cache *ac;
7d6e6d09 2499 int node = numa_mem_id();
18bf8541 2500 struct kmem_cache_node *n;
97654dfa 2501 LIST_HEAD(list);
1da177e4
LT		 2502
2503 check_irq_off();
9a2dba4b 2504 ac = cpu_cache_get(cachep);
18bf8541
CL		 2505 n = get_node(cachep, node);
2506 spin_lock(&n->list_lock);
97654dfa 2507 free_block(cachep, ac->entry, ac->avail, node, &list);
18bf8541 2508 spin_unlock(&n->list_lock);
97654dfa 2509 slabs_destroy(cachep, &list);
1da177e4
LT		 2510 ac->avail = 0;
2511}
2512
343e0d7a 2513static void drain_cpu_caches(struct kmem_cache *cachep)
1da177e4 2514{
ce8eb6c4 2515 struct kmem_cache_node *n;
e498be7d
CL		 2516 int node;
2517
15c8b6c1 2518 on_each_cpu(do_drain, cachep, 1);
1da177e4 2519 check_irq_on();
18bf8541
CL		 2520 for_each_kmem_cache_node(cachep, node, n)
2521 if (n->alien)
ce8eb6c4 2522 drain_alien_cache(cachep, n->alien);
a4523a8b 2523
18bf8541
CL		 2524 for_each_kmem_cache_node(cachep, node, n)
2525 drain_array(cachep, n, n->shared, 1, node);
1da177e4
LT		 2526}
2527
ed11d9eb
CL		 2528/*
2529 * Remove slabs from the list of free slabs.
2530 * Specify the number of slabs to drain in tofree.
2531 *
2532 * Returns the actual number of slabs released.
2533 */
2534static int drain_freelist(struct kmem_cache *cache,
ce8eb6c4 2535 struct kmem_cache_node *n, int tofree)
1da177e4 2536{
ed11d9eb
CL		 2537 struct list_head *p;
2538 int nr_freed;
8456a648 2539 struct page *page;
1da177e4 2540
ed11d9eb 2541 nr_freed = 0;
ce8eb6c4 2542 while (nr_freed < tofree && !list_empty(&n->slabs_free)) {
1da177e4 2543
ce8eb6c4
CL		 2544 spin_lock_irq(&n->list_lock);
2545 p = n->slabs_free.prev;
2546 if (p == &n->slabs_free) {
2547 spin_unlock_irq(&n->list_lock);
ed11d9eb
CL		 2548 goto out;
2549 }
1da177e4 2550
8456a648 2551 page = list_entry(p, struct page, lru);
1da177e4 2552#if DEBUG
8456a648 2553 BUG_ON(page->active);
1da177e4 2554#endif
8456a648 2555 list_del(&page->lru);
ed11d9eb
CL		 2556 /*
2557 * Safe to drop the lock. The slab is no longer linked
2558 * to the cache.
2559 */
ce8eb6c4
CL		 2560 n->free_objects -= cache->num;
2561 spin_unlock_irq(&n->list_lock);
8456a648 2562 slab_destroy(cache, page);
ed11d9eb 2563 nr_freed++;
1da177e4 2564 }
ed11d9eb
CL		 2565out:
2566 return nr_freed;
1da177e4
LT		 2567}
2568
03afc0e2 2569int __kmem_cache_shrink(struct kmem_cache *cachep)
e498be7d 2570{
18bf8541
CL		 2571 int ret = 0;
2572 int node;
ce8eb6c4 2573 struct kmem_cache_node *n;
e498be7d
CL		 2574
2575 drain_cpu_caches(cachep);
2576
2577 check_irq_on();
18bf8541 2578 for_each_kmem_cache_node(cachep, node, n) {
0fa8103b 2579 drain_freelist(cachep, n, slabs_tofree(cachep, n));
ed11d9eb 2580
ce8eb6c4
CL		 2581 ret += !list_empty(&n->slabs_full) ||
2582 !list_empty(&n->slabs_partial);
e498be7d
CL		 2583 }
2584 return (ret ? 1 : 0);
2585}
2586
945cf2b6 2587int __kmem_cache_shutdown(struct kmem_cache *cachep)
1da177e4 2588{
12c3667f 2589 int i;
ce8eb6c4 2590 struct kmem_cache_node *n;
03afc0e2 2591 int rc = __kmem_cache_shrink(cachep);
1da177e4 2592
12c3667f
CL		 2593 if (rc)
2594 return rc;
1da177e4 2595
12c3667f
CL		 2596 for_each_online_cpu(i)
2597 kfree(cachep->array[i]);
1da177e4 2598
ce8eb6c4 2599 /* NUMA: free the node structures */
18bf8541
CL		 2600 for_each_kmem_cache_node(cachep, i, n) {
2601 kfree(n->shared);
2602 free_alien_cache(n->alien);
2603 kfree(n);
2604 cachep->node[i] = NULL;
12c3667f
CL		 2605 }
2606 return 0;
1da177e4 2607}
1da177e4 2608
e5ac9c5a
RT		 2609/*
2610 * Get the memory for a slab management obj.
5f0985bb
JZ		 2611 *
2612 * For a slab cache when the slab descriptor is off-slab, the
2613 * slab descriptor can't come from the same cache which is being created,
2614 * Because if it is the case, that means we defer the creation of
2615 * the kmalloc_{dma,}_cache of size sizeof(slab descriptor) to this point.
2616 * And we eventually call down to __kmem_cache_create(), which
2617 * in turn looks up in the kmalloc_{dma,}_caches for the disired-size one.
2618 * This is a "chicken-and-egg" problem.
2619 *
2620 * So the off-slab slab descriptor shall come from the kmalloc_{dma,}_caches,
2621 * which are all initialized during kmem_cache_init().
e5ac9c5a 2622 */
7e007355 2623static void *alloc_slabmgmt(struct kmem_cache *cachep,
0c3aa83e
JK		 2624 struct page *page, int colour_off,
2625 gfp_t local_flags, int nodeid)
1da177e4 2626{
7e007355 2627 void *freelist;
0c3aa83e 2628 void *addr = page_address(page);
b28a02de 2629
1da177e4
LT		 2630 if (OFF_SLAB(cachep)) {
2631 /* Slab management obj is off-slab. */
8456a648 2632 freelist = kmem_cache_alloc_node(cachep->freelist_cache,
8759ec50 2633 local_flags, nodeid);
8456a648 2634 if (!freelist)
1da177e4
LT		 2635 return NULL;
2636 } else {
8456a648
JK		 2637 freelist = addr + colour_off;
2638 colour_off += cachep->freelist_size;
1da177e4 2639 }
8456a648
JK		 2640 page->active = 0;
2641 page->s_mem = addr + colour_off;
2642 return freelist;
1da177e4
LT		 2643}
2644
7cc68973 2645static inline freelist_idx_t get_free_obj(struct page *page, unsigned int idx)
1da177e4 2646{
a41adfaa 2647 return ((freelist_idx_t *)page->freelist)[idx];
e5c58dfd
JK		 2648}
2649
2650static inline void set_free_obj(struct page *page,
7cc68973 2651 unsigned int idx, freelist_idx_t val)
e5c58dfd 2652{
a41adfaa 2653 ((freelist_idx_t *)(page->freelist))[idx] = val;
1da177e4
LT		 2654}
2655
343e0d7a 2656static void cache_init_objs(struct kmem_cache *cachep,
8456a648 2657 struct page *page)
1da177e4
LT		 2658{
2659 int i;
2660
2661 for (i = 0; i < cachep->num; i++) {
8456a648 2662 void *objp = index_to_obj(cachep, page, i);
1da177e4
LT		 2663#if DEBUG
2664 /* need to poison the objs? */
2665 if (cachep->flags & SLAB_POISON)
2666 poison_obj(cachep, objp, POISON_FREE);
2667 if (cachep->flags & SLAB_STORE_USER)
2668 *dbg_userword(cachep, objp) = NULL;
2669
2670 if (cachep->flags & SLAB_RED_ZONE) {
2671 *dbg_redzone1(cachep, objp) = RED_INACTIVE;
2672 *dbg_redzone2(cachep, objp) = RED_INACTIVE;
2673 }
2674 /*
a737b3e2
AM		 2675 * Constructors are not allowed to allocate memory from the same
2676 * cache which they are a constructor for. Otherwise, deadlock.
2677 * They must also be threaded.
1da177e4
LT		 2678 */
2679 if (cachep->ctor && !(cachep->flags & SLAB_POISON))
51cc5068 2680 cachep->ctor(objp + obj_offset(cachep));
1da177e4
LT		 2681
2682 if (cachep->flags & SLAB_RED_ZONE) {
2683 if (*dbg_redzone2(cachep, objp) != RED_INACTIVE)
2684 slab_error(cachep, "constructor overwrote the"
b28a02de 2685 " end of an object");
1da177e4
LT		 2686 if (*dbg_redzone1(cachep, objp) != RED_INACTIVE)
2687 slab_error(cachep, "constructor overwrote the"
b28a02de 2688 " start of an object");
1da177e4 2689 }
3b0efdfa 2690 if ((cachep->size % PAGE_SIZE) == 0 &&
a737b3e2 2691 OFF_SLAB(cachep) && cachep->flags & SLAB_POISON)
b28a02de 2692 kernel_map_pages(virt_to_page(objp),
3b0efdfa 2693 cachep->size / PAGE_SIZE, 0);
1da177e4
LT		 2694#else
2695 if (cachep->ctor)
51cc5068 2696 cachep->ctor(objp);
1da177e4 2697#endif
03787301 2698 set_obj_status(page, i, OBJECT_FREE);
e5c58dfd 2699 set_free_obj(page, i, i);
1da177e4 2700 }
1da177e4
LT		 2701}
2702
343e0d7a 2703static void kmem_flagcheck(struct kmem_cache *cachep, gfp_t flags)
1da177e4 2704{
4b51d669
CL		 2705 if (CONFIG_ZONE_DMA_FLAG) {
2706 if (flags & GFP_DMA)
a618e89f 2707 BUG_ON(!(cachep->allocflags & GFP_DMA));
4b51d669 2708 else
a618e89f 2709 BUG_ON(cachep->allocflags & GFP_DMA);
4b51d669 2710 }
1da177e4
LT		 2711}
2712
8456a648 2713static void *slab_get_obj(struct kmem_cache *cachep, struct page *page,
a737b3e2 2714 int nodeid)
78d382d7 2715{
b1cb0982 2716 void *objp;
78d382d7 2717
e5c58dfd 2718 objp = index_to_obj(cachep, page, get_free_obj(page, page->active));
8456a648 2719 page->active++;
78d382d7 2720#if DEBUG
1ea991b0 2721 WARN_ON(page_to_nid(virt_to_page(objp)) != nodeid);
78d382d7 2722#endif
78d382d7
MD		 2723
2724 return objp;
2725}
2726
8456a648 2727static void slab_put_obj(struct kmem_cache *cachep, struct page *page,
a737b3e2 2728 void *objp, int nodeid)
78d382d7 2729{
8456a648 2730 unsigned int objnr = obj_to_index(cachep, page, objp);
78d382d7 2731#if DEBUG
16025177 2732 unsigned int i;
b1cb0982 2733
78d382d7 2734 /* Verify that the slab belongs to the intended node */
1ea991b0 2735 WARN_ON(page_to_nid(virt_to_page(objp)) != nodeid);
78d382d7 2736
b1cb0982 2737 /* Verify double free bug */
8456a648 2738 for (i = page->active; i < cachep->num; i++) {
e5c58dfd 2739 if (get_free_obj(page, i) == objnr) {
b1cb0982
JK		 2740 printk(KERN_ERR "slab: double free detected in cache "
2741 "'%s', objp %p\n", cachep->name, objp);
2742 BUG();
2743 }
78d382d7
MD		 2744 }
2745#endif
8456a648 2746 page->active--;
e5c58dfd 2747 set_free_obj(page, page->active, objnr);
78d382d7
MD		 2748}
2749
4776874f
PE		 2750/*
2751 * Map pages beginning at addr to the given cache and slab. This is required
2752 * for the slab allocator to be able to lookup the cache and slab of a
ccd35fb9 2753 * virtual address for kfree, ksize, and slab debugging.
4776874f 2754 */
8456a648 2755static void slab_map_pages(struct kmem_cache *cache, struct page *page,
7e007355 2756 void *freelist)
1da177e4 2757{
a57a4988 2758 page->slab_cache = cache;
8456a648 2759 page->freelist = freelist;
1da177e4
LT		 2760}
2761
2762/*
2763 * Grow (by 1) the number of slabs within a cache. This is called by
2764 * kmem_cache_alloc() when there are no active objs left in a cache.
2765 */
3c517a61 2766static int cache_grow(struct kmem_cache *cachep,
0c3aa83e 2767 gfp_t flags, int nodeid, struct page *page)
1da177e4 2768{
7e007355 2769 void *freelist;
b28a02de
PE		 2770 size_t offset;
2771 gfp_t local_flags;
ce8eb6c4 2772 struct kmem_cache_node *n;
1da177e4 2773
a737b3e2
AM		 2774 /*
2775 * Be lazy and only check for valid flags here, keeping it out of the
2776 * critical path in kmem_cache_alloc().
1da177e4 2777 */
6cb06229
CL		 2778 BUG_ON(flags & GFP_SLAB_BUG_MASK);
2779 local_flags = flags & (GFP_CONSTRAINT_MASK|GFP_RECLAIM_MASK);
1da177e4 2780
ce8eb6c4 2781 /* Take the node list lock to change the colour_next on this node */
1da177e4 2782 check_irq_off();
18bf8541 2783 n = get_node(cachep, nodeid);
ce8eb6c4 2784 spin_lock(&n->list_lock);
1da177e4
LT		 2785
2786 /* Get colour for the slab, and cal the next value. */
ce8eb6c4
CL		 2787 offset = n->colour_next;
2788 n->colour_next++;
2789 if (n->colour_next >= cachep->colour)
2790 n->colour_next = 0;
2791 spin_unlock(&n->list_lock);
1da177e4 2792
2e1217cf 2793 offset *= cachep->colour_off;
1da177e4
LT		 2794
2795 if (local_flags & __GFP_WAIT)
2796 local_irq_enable();
2797
2798 /*
2799 * The test for missing atomic flag is performed here, rather than
2800 * the more obvious place, simply to reduce the critical path length
2801 * in kmem_cache_alloc(). If a caller is seriously mis-behaving they
2802 * will eventually be caught here (where it matters).
2803 */
2804 kmem_flagcheck(cachep, flags);
2805
a737b3e2
AM		 2806 /*
2807 * Get mem for the objs. Attempt to allocate a physical page from
2808 * 'nodeid'.
e498be7d 2809 */
0c3aa83e
JK		 2810 if (!page)
2811 page = kmem_getpages(cachep, local_flags, nodeid);
2812 if (!page)
1da177e4
LT		 2813 goto failed;
2814
2815 /* Get slab management. */
8456a648 2816 freelist = alloc_slabmgmt(cachep, page, offset,
6cb06229 2817 local_flags & ~GFP_CONSTRAINT_MASK, nodeid);
8456a648 2818 if (!freelist)
1da177e4
LT		 2819 goto opps1;
2820
8456a648 2821 slab_map_pages(cachep, page, freelist);
1da177e4 2822
8456a648 2823 cache_init_objs(cachep, page);
1da177e4
LT		 2824
2825 if (local_flags & __GFP_WAIT)
2826 local_irq_disable();
2827 check_irq_off();
ce8eb6c4 2828 spin_lock(&n->list_lock);
1da177e4
LT		 2829
2830 /* Make slab active. */
8456a648 2831 list_add_tail(&page->lru, &(n->slabs_free));
1da177e4 2832 STATS_INC_GROWN(cachep);
ce8eb6c4
CL		 2833 n->free_objects += cachep->num;
2834 spin_unlock(&n->list_lock);
1da177e4 2835 return 1;
a737b3e2 2836opps1:
0c3aa83e 2837 kmem_freepages(cachep, page);
a737b3e2 2838failed:
1da177e4
LT		 2839 if (local_flags & __GFP_WAIT)
2840 local_irq_disable();
2841 return 0;
2842}
2843
2844#if DEBUG
2845
2846/*
2847 * Perform extra freeing checks:
2848 * - detect bad pointers.
2849 * - POISON/RED_ZONE checking
1da177e4
LT		 2850 */
2851static void kfree_debugcheck(const void *objp)
2852{
1da177e4
LT		 2853 if (!virt_addr_valid(objp)) {
2854 printk(KERN_ERR "kfree_debugcheck: out of range ptr %lxh.\n",
b28a02de
PE		 2855 (unsigned long)objp);
2856 BUG();
1da177e4 2857 }
1da177e4
LT		 2858}
2859
58ce1fd5
PE		 2860static inline void verify_redzone_free(struct kmem_cache *cache, void *obj)
2861{
b46b8f19 2862 unsigned long long redzone1, redzone2;
58ce1fd5
PE		 2863
2864 redzone1 = *dbg_redzone1(cache, obj);
2865 redzone2 = *dbg_redzone2(cache, obj);
2866
2867 /*
2868 * Redzone is ok.
2869 */
2870 if (redzone1 == RED_ACTIVE && redzone2 == RED_ACTIVE)
2871 return;
2872
2873 if (redzone1 == RED_INACTIVE && redzone2 == RED_INACTIVE)
2874 slab_error(cache, "double free detected");
2875 else
2876 slab_error(cache, "memory outside object was overwritten");
2877
b46b8f19 2878 printk(KERN_ERR "%p: redzone 1:0x%llx, redzone 2:0x%llx.\n",
58ce1fd5
PE		 2879 obj, redzone1, redzone2);
2880}
2881
343e0d7a 2882static void *cache_free_debugcheck(struct kmem_cache *cachep, void *objp,
7c0cb9c6 2883 unsigned long caller)
1da177e4 2884{
1da177e4 2885 unsigned int objnr;
8456a648 2886 struct page *page;
1da177e4 2887
80cbd911
MW		 2888 BUG_ON(virt_to_cache(objp) != cachep);
2889
3dafccf2 2890 objp -= obj_offset(cachep);
1da177e4 2891 kfree_debugcheck(objp);
b49af68f 2892 page = virt_to_head_page(objp);
1da177e4 2893
1da177e4 2894 if (cachep->flags & SLAB_RED_ZONE) {
58ce1fd5 2895 verify_redzone_free(cachep, objp);
1da177e4
LT		 2896 *dbg_redzone1(cachep, objp) = RED_INACTIVE;
2897 *dbg_redzone2(cachep, objp) = RED_INACTIVE;
2898 }
2899 if (cachep->flags & SLAB_STORE_USER)
7c0cb9c6 2900 *dbg_userword(cachep, objp) = (void *)caller;
1da177e4 2901
8456a648 2902 objnr = obj_to_index(cachep, page, objp);
1da177e4
LT		 2903
2904 BUG_ON(objnr >= cachep->num);
8456a648 2905 BUG_ON(objp != index_to_obj(cachep, page, objnr));
1da177e4 2906
03787301 2907 set_obj_status(page, objnr, OBJECT_FREE);
1da177e4
LT		 2908 if (cachep->flags & SLAB_POISON) {
2909#ifdef CONFIG_DEBUG_PAGEALLOC
3b0efdfa 2910 if ((cachep->size % PAGE_SIZE)==0 && OFF_SLAB(cachep)) {
7c0cb9c6 2911 store_stackinfo(cachep, objp, caller);
b28a02de 2912 kernel_map_pages(virt_to_page(objp),
3b0efdfa 2913 cachep->size / PAGE_SIZE, 0);
1da177e4
LT		 2914 } else {
2915 poison_obj(cachep, objp, POISON_FREE);
2916 }
2917#else
2918 poison_obj(cachep, objp, POISON_FREE);
2919#endif
2920 }
2921 return objp;
2922}
2923
1da177e4
LT		 2924#else
2925#define kfree_debugcheck(x) do { } while(0)
2926#define cache_free_debugcheck(x,objp,z) (objp)
1da177e4
LT		 2927#endif
2928
072bb0aa
MG		 2929static void *cache_alloc_refill(struct kmem_cache *cachep, gfp_t flags,
2930 bool force_refill)
1da177e4
LT		 2931{
2932 int batchcount;
ce8eb6c4 2933 struct kmem_cache_node *n;
1da177e4 2934 struct array_cache *ac;
1ca4cb24
PE		 2935 int node;
2936
1da177e4 2937 check_irq_off();
7d6e6d09 2938 node = numa_mem_id();
072bb0aa
MG		 2939 if (unlikely(force_refill))
2940 goto force_grow;
2941retry:
9a2dba4b 2942 ac = cpu_cache_get(cachep);
1da177e4
LT		 2943 batchcount = ac->batchcount;
2944 if (!ac->touched && batchcount > BATCHREFILL_LIMIT) {
a737b3e2
AM		 2945 /*
2946 * If there was little recent activity on this cache, then
2947 * perform only a partial refill. Otherwise we could generate
2948 * refill bouncing.
1da177e4
LT		 2949 */
2950 batchcount = BATCHREFILL_LIMIT;
2951 }
18bf8541 2952 n = get_node(cachep, node);
e498be7d 2953
ce8eb6c4
CL		 2954 BUG_ON(ac->avail > 0 || !n);
2955 spin_lock(&n->list_lock);
1da177e4 2956
3ded175a 2957 /* See if we can refill from the shared array */
ce8eb6c4
CL		 2958 if (n->shared && transfer_objects(ac, n->shared, batchcount)) {
2959 n->shared->touched = 1;
3ded175a 2960 goto alloc_done;
44b57f1c 2961 }
3ded175a 2962
1da177e4
LT		 2963 while (batchcount > 0) {
2964 struct list_head *entry;
8456a648 2965 struct page *page;
1da177e4 2966 /* Get slab alloc is to come from. */
ce8eb6c4
CL		 2967 entry = n->slabs_partial.next;
2968 if (entry == &n->slabs_partial) {
2969 n->free_touched = 1;
2970 entry = n->slabs_free.next;
2971 if (entry == &n->slabs_free)
1da177e4
LT		 2972 goto must_grow;
2973 }
2974
8456a648 2975 page = list_entry(entry, struct page, lru);
1da177e4 2976 check_spinlock_acquired(cachep);
714b8171
PE		 2977
2978 /*
2979 * The slab was either on partial or free list so
2980 * there must be at least one object available for
2981 * allocation.
2982 */
8456a648 2983 BUG_ON(page->active >= cachep->num);
714b8171 2984
8456a648 2985 while (page->active < cachep->num && batchcount--) {
1da177e4
LT		 2986 STATS_INC_ALLOCED(cachep);
2987 STATS_INC_ACTIVE(cachep);
2988 STATS_SET_HIGH(cachep);
2989
8456a648 2990 ac_put_obj(cachep, ac, slab_get_obj(cachep, page,
072bb0aa 2991 node));
1da177e4 2992 }
1da177e4
LT		 2993
2994 /* move slabp to correct slabp list: */
8456a648
JK		 2995 list_del(&page->lru);
2996 if (page->active == cachep->num)
34bf6ef9 2997 list_add(&page->lru, &n->slabs_full);
1da177e4 2998 else
34bf6ef9 2999 list_add(&page->lru, &n->slabs_partial);
1da177e4
LT		 3000 }
3001
a737b3e2 3002must_grow:
ce8eb6c4 3003 n->free_objects -= ac->avail;
a737b3e2 3004alloc_done:
ce8eb6c4 3005 spin_unlock(&n->list_lock);
1da177e4
LT		 3006
3007 if (unlikely(!ac->avail)) {
3008 int x;
072bb0aa 3009force_grow:
3c517a61 3010 x = cache_grow(cachep, flags | GFP_THISNODE, node, NULL);
e498be7d 3011
a737b3e2 3012 /* cache_grow can reenable interrupts, then ac could change. */
9a2dba4b 3013 ac = cpu_cache_get(cachep);
51cd8e6f 3014 node = numa_mem_id();
072bb0aa
MG		 3015
3016 /* no objects in sight? abort */
3017 if (!x && (ac->avail == 0 || force_refill))
1da177e4
LT		 3018 return NULL;
3019
a737b3e2 3020 if (!ac->avail) /* objects refilled by interrupt? */
1da177e4
LT		 3021 goto retry;
3022 }
3023 ac->touched = 1;
072bb0aa
MG		 3024
3025 return ac_get_obj(cachep, ac, flags, force_refill);
1da177e4
LT		 3026}
3027
a737b3e2
AM		 3028static inline void cache_alloc_debugcheck_before(struct kmem_cache *cachep,
3029 gfp_t flags)
1da177e4
LT		 3030{
3031 might_sleep_if(flags & __GFP_WAIT);
3032#if DEBUG
3033 kmem_flagcheck(cachep, flags);
3034#endif
3035}
3036
3037#if DEBUG
a737b3e2 3038static void *cache_alloc_debugcheck_after(struct kmem_cache *cachep,
7c0cb9c6 3039 gfp_t flags, void *objp, unsigned long caller)
1da177e4 3040{
03787301
JK		 3041 struct page *page;
3042
b28a02de 3043 if (!objp)
1da177e4 3044 return objp;
b28a02de 3045 if (cachep->flags & SLAB_POISON) {
1da177e4 3046#ifdef CONFIG_DEBUG_PAGEALLOC
3b0efdfa 3047 if ((cachep->size % PAGE_SIZE) == 0 && OFF_SLAB(cachep))
b28a02de 3048 kernel_map_pages(virt_to_page(objp),
3b0efdfa 3049 cachep->size / PAGE_SIZE, 1);
1da177e4
LT		 3050 else
3051 check_poison_obj(cachep, objp);
3052#else
3053 check_poison_obj(cachep, objp);
3054#endif
3055 poison_obj(cachep, objp, POISON_INUSE);
3056 }
3057 if (cachep->flags & SLAB_STORE_USER)
7c0cb9c6 3058 *dbg_userword(cachep, objp) = (void *)caller;
1da177e4
LT		 3059
3060 if (cachep->flags & SLAB_RED_ZONE) {
a737b3e2
AM		 3061 if (*dbg_redzone1(cachep, objp) != RED_INACTIVE ||
3062 *dbg_redzone2(cachep, objp) != RED_INACTIVE) {
3063 slab_error(cachep, "double free, or memory outside"
3064 " object was overwritten");
b28a02de 3065 printk(KERN_ERR
b46b8f19 3066 "%p: redzone 1:0x%llx, redzone 2:0x%llx\n",
a737b3e2
AM		 3067 objp, *dbg_redzone1(cachep, objp),
3068 *dbg_redzone2(cachep, objp));
1da177e4
LT		 3069 }
3070 *dbg_redzone1(cachep, objp) = RED_ACTIVE;
3071 *dbg_redzone2(cachep, objp) = RED_ACTIVE;
3072 }
03787301
JK		 3073
3074 page = virt_to_head_page(objp);
3075 set_obj_status(page, obj_to_index(cachep, page, objp), OBJECT_ACTIVE);
3dafccf2 3076 objp += obj_offset(cachep);
4f104934 3077 if (cachep->ctor && cachep->flags & SLAB_POISON)
51cc5068 3078 cachep->ctor(objp);
7ea466f2
TH		 3079 if (ARCH_SLAB_MINALIGN &&
3080 ((unsigned long)objp & (ARCH_SLAB_MINALIGN-1))) {
a44b56d3 3081 printk(KERN_ERR "0x%p: not aligned to ARCH_SLAB_MINALIGN=%d\n",
c225150b 3082 objp, (int)ARCH_SLAB_MINALIGN);
a44b56d3 3083 }
1da177e4
LT		 3084 return objp;
3085}
3086#else
3087#define cache_alloc_debugcheck_after(a,b,objp,d) (objp)
3088#endif
3089
773ff60e 3090static bool slab_should_failslab(struct kmem_cache *cachep, gfp_t flags)
8a8b6502 3091{
8a9c61d4 3092 if (unlikely(cachep == kmem_cache))
773ff60e 3093 return false;
8a8b6502 3094
8c138bc0 3095 return should_failslab(cachep->object_size, flags, cachep->flags);
8a8b6502
AM		 3096}
3097
343e0d7a 3098static inline void *____cache_alloc(struct kmem_cache *cachep, gfp_t flags)
1da177e4 3099{
b28a02de 3100 void *objp;
1da177e4 3101 struct array_cache *ac;
072bb0aa 3102 bool force_refill = false;
1da177e4 3103
5c382300 3104 check_irq_off();
8a8b6502 3105
9a2dba4b 3106 ac = cpu_cache_get(cachep);
1da177e4 3107 if (likely(ac->avail)) {
1da177e4 3108 ac->touched = 1;
072bb0aa
MG		 3109 objp = ac_get_obj(cachep, ac, flags, false);
3110
ddbf2e83 3111 /*
072bb0aa
MG		 3112 * Allow for the possibility all avail objects are not allowed
3113 * by the current flags
ddbf2e83 3114 */
072bb0aa
MG		 3115 if (objp) {
3116 STATS_INC_ALLOCHIT(cachep);
3117 goto out;
3118 }
3119 force_refill = true;
1da177e4 3120 }
072bb0aa
MG		 3121
3122 STATS_INC_ALLOCMISS(cachep);
3123 objp = cache_alloc_refill(cachep, flags, force_refill);
3124 /*
3125 * the 'ac' may be updated by cache_alloc_refill(),
3126 * and kmemleak_erase() requires its correct value.
3127 */
3128 ac = cpu_cache_get(cachep);
3129
3130out:
d5cff635
CM		 3131 /*
3132 * To avoid a false negative, if an object that is in one of the
3133 * per-CPU caches is leaked, we need to make sure kmemleak doesn't
3134 * treat the array pointers as a reference to the object.
3135 */
f3d8b53a
O		 3136 if (objp)
3137 kmemleak_erase(&ac->entry[ac->avail]);
5c382300
AK		 3138 return objp;
3139}
3140
e498be7d 3141#ifdef CONFIG_NUMA
c61afb18 3142/*
f0432d15 3143 * Try allocating on another node if PF_SPREAD_SLAB is a mempolicy is set.
c61afb18
PJ		 3144 *
3145 * If we are in_interrupt, then process context, including cpusets and
3146 * mempolicy, may not apply and should not be used for allocation policy.
3147 */
3148static void *alternate_node_alloc(struct kmem_cache *cachep, gfp_t flags)
3149{
3150 int nid_alloc, nid_here;
3151
765c4507 3152 if (in_interrupt() || (flags & __GFP_THISNODE))
c61afb18 3153 return NULL;
7d6e6d09 3154 nid_alloc = nid_here = numa_mem_id();
c61afb18 3155 if (cpuset_do_slab_mem_spread() && (cachep->flags & SLAB_MEM_SPREAD))
6adef3eb 3156 nid_alloc = cpuset_slab_spread_node();
c61afb18 3157 else if (current->mempolicy)
2a389610 3158 nid_alloc = mempolicy_slab_node();
c61afb18 3159 if (nid_alloc != nid_here)
8b98c169 3160 return ____cache_alloc_node(cachep, flags, nid_alloc);
c61afb18
PJ		 3161 return NULL;
3162}
3163
765c4507
CL		 3164/*
3165 * Fallback function if there was no memory available and no objects on a
3c517a61 3166 * certain node and fall back is permitted. First we scan all the
6a67368c 3167 * available node for available objects. If that fails then we
3c517a61
CL		 3168 * perform an allocation without specifying a node. This allows the page
3169 * allocator to do its reclaim / fallback magic. We then insert the
3170 * slab into the proper nodelist and then allocate from it.
765c4507 3171 */
8c8cc2c1 3172static void *fallback_alloc(struct kmem_cache *cache, gfp_t flags)
765c4507 3173{
8c8cc2c1
PE		 3174 struct zonelist *zonelist;
3175 gfp_t local_flags;
dd1a239f 3176 struct zoneref *z;
54a6eb5c
MG		 3177 struct zone *zone;
3178 enum zone_type high_zoneidx = gfp_zone(flags);
765c4507 3179 void *obj = NULL;
3c517a61 3180 int nid;
cc9a6c87 3181 unsigned int cpuset_mems_cookie;
8c8cc2c1
PE		 3182
3183 if (flags & __GFP_THISNODE)
3184 return NULL;
3185
6cb06229 3186 local_flags = flags & (GFP_CONSTRAINT_MASK|GFP_RECLAIM_MASK);
765c4507 3187
cc9a6c87 3188retry_cpuset:
d26914d1 3189 cpuset_mems_cookie = read_mems_allowed_begin();
2a389610 3190 zonelist = node_zonelist(mempolicy_slab_node(), flags);
cc9a6c87 3191
3c517a61
CL		 3192retry:
3193 /*
3194 * Look through allowed nodes for objects available
3195 * from existing per node queues.
3196 */
54a6eb5c
MG		 3197 for_each_zone_zonelist(zone, z, zonelist, high_zoneidx) {
3198 nid = zone_to_nid(zone);
aedb0eb1 3199
54a6eb5c 3200 if (cpuset_zone_allowed_hardwall(zone, flags) &&
18bf8541
CL		 3201 get_node(cache, nid) &&
3202 get_node(cache, nid)->free_objects) {
3c517a61
CL		 3203 obj = ____cache_alloc_node(cache,
3204 flags | GFP_THISNODE, nid);
481c5346
CL		 3205 if (obj)
3206 break;
3207 }
3c517a61
CL		 3208 }
3209
cfce6604 3210 if (!obj) {
3c517a61
CL		 3211 /*
3212 * This allocation will be performed within the constraints
3213 * of the current cpuset / memory policy requirements.
3214 * We may trigger various forms of reclaim on the allowed
3215 * set and go into memory reserves if necessary.
3216 */
0c3aa83e
JK		 3217 struct page *page;
3218
dd47ea75
CL		 3219 if (local_flags & __GFP_WAIT)
3220 local_irq_enable();
3221 kmem_flagcheck(cache, flags);
0c3aa83e 3222 page = kmem_getpages(cache, local_flags, numa_mem_id());
dd47ea75
CL		 3223 if (local_flags & __GFP_WAIT)
3224 local_irq_disable();
0c3aa83e 3225 if (page) {
3c517a61
CL		 3226 /*
3227 * Insert into the appropriate per node queues
3228 */
0c3aa83e
JK		 3229 nid = page_to_nid(page);
3230 if (cache_grow(cache, flags, nid, page)) {
3c517a61
CL		 3231 obj = ____cache_alloc_node(cache,
3232 flags | GFP_THISNODE, nid);
3233 if (!obj)
3234 /*
3235 * Another processor may allocate the
3236 * objects in the slab since we are
3237 * not holding any locks.
3238 */
3239 goto retry;
3240 } else {
b6a60451 3241 /* cache_grow already freed obj */
3c517a61
CL		 3242 obj = NULL;
3243 }
3244 }
aedb0eb1 3245 }
cc9a6c87 3246
d26914d1 3247 if (unlikely(!obj && read_mems_allowed_retry(cpuset_mems_cookie)))
cc9a6c87 3248 goto retry_cpuset;
765c4507
CL		 3249 return obj;
3250}
3251
e498be7d
CL		 3252/*
3253 * A interface to enable slab creation on nodeid
1da177e4 3254 */
8b98c169 3255static void *____cache_alloc_node(struct kmem_cache *cachep, gfp_t flags,
a737b3e2 3256 int nodeid)
e498be7d
CL		 3257{
3258 struct list_head *entry;
8456a648 3259 struct page *page;
ce8eb6c4 3260 struct kmem_cache_node *n;
b28a02de 3261 void *obj;
b28a02de
PE		 3262 int x;
3263
14e50c6a 3264 VM_BUG_ON(nodeid > num_online_nodes());
18bf8541 3265 n = get_node(cachep, nodeid);
ce8eb6c4 3266 BUG_ON(!n);
b28a02de 3267
a737b3e2 3268retry:
ca3b9b91 3269 check_irq_off();
ce8eb6c4
CL		 3270 spin_lock(&n->list_lock);
3271 entry = n->slabs_partial.next;
3272 if (entry == &n->slabs_partial) {
3273 n->free_touched = 1;
3274 entry = n->slabs_free.next;
3275 if (entry == &n->slabs_free)
b28a02de
PE		 3276 goto must_grow;
3277 }
3278
8456a648 3279 page = list_entry(entry, struct page, lru);
b28a02de 3280 check_spinlock_acquired_node(cachep, nodeid);
b28a02de
PE		 3281
3282 STATS_INC_NODEALLOCS(cachep);
3283 STATS_INC_ACTIVE(cachep);
3284 STATS_SET_HIGH(cachep);
3285
8456a648 3286 BUG_ON(page->active == cachep->num);
b28a02de 3287
8456a648 3288 obj = slab_get_obj(cachep, page, nodeid);
ce8eb6c4 3289 n->free_objects--;
b28a02de 3290 /* move slabp to correct slabp list: */
8456a648 3291 list_del(&page->lru);
b28a02de 3292
8456a648
JK		 3293 if (page->active == cachep->num)
3294 list_add(&page->lru, &n->slabs_full);
a737b3e2 3295 else
8456a648 3296 list_add(&page->lru, &n->slabs_partial);
e498be7d 3297
ce8eb6c4 3298 spin_unlock(&n->list_lock);
b28a02de 3299 goto done;
e498be7d 3300
a737b3e2 3301must_grow:
ce8eb6c4 3302 spin_unlock(&n->list_lock);
3c517a61 3303 x = cache_grow(cachep, flags | GFP_THISNODE, nodeid, NULL);
765c4507
CL		 3304 if (x)
3305 goto retry;
1da177e4 3306
8c8cc2c1 3307 return fallback_alloc(cachep, flags);
e498be7d 3308
a737b3e2 3309done:
b28a02de 3310 return obj;
e498be7d 3311}
8c8cc2c1 3312
8c8cc2c1 3313static __always_inline void *
48356303 3314slab_alloc_node(struct kmem_cache *cachep, gfp_t flags, int nodeid,
7c0cb9c6 3315 unsigned long caller)
8c8cc2c1
PE		 3316{
3317 unsigned long save_flags;
3318 void *ptr;
7d6e6d09 3319 int slab_node = numa_mem_id();
8c8cc2c1 3320
dcce284a 3321 flags &= gfp_allowed_mask;
7e85ee0c 3322
cf40bd16
NP		 3323 lockdep_trace_alloc(flags);
3324
773ff60e 3325 if (slab_should_failslab(cachep, flags))
824ebef1
AM		 3326 return NULL;
3327
d79923fa
GC		 3328 cachep = memcg_kmem_get_cache(cachep, flags);
3329
8c8cc2c1
PE		 3330 cache_alloc_debugcheck_before(cachep, flags);
3331 local_irq_save(save_flags);
3332
eacbbae3 3333 if (nodeid == NUMA_NO_NODE)
7d6e6d09 3334 nodeid = slab_node;
8c8cc2c1 3335
18bf8541 3336 if (unlikely(!get_node(cachep, nodeid))) {
8c8cc2c1
PE		 3337 /* Node not bootstrapped yet */
3338 ptr = fallback_alloc(cachep, flags);
3339 goto out;
3340 }
3341
7d6e6d09 3342 if (nodeid == slab_node) {
8c8cc2c1
PE		 3343 /*
3344 * Use the locally cached objects if possible.
3345 * However ____cache_alloc does not allow fallback
3346 * to other nodes. It may fail while we still have
3347 * objects on other nodes available.
3348 */
3349 ptr = ____cache_alloc(cachep, flags);
3350 if (ptr)
3351 goto out;
3352 }
3353 /* ___cache_alloc_node can fall back to other nodes */
3354 ptr = ____cache_alloc_node(cachep, flags, nodeid);
3355 out:
3356 local_irq_restore(save_flags);
3357 ptr = cache_alloc_debugcheck_after(cachep, flags, ptr, caller);
8c138bc0 3358 kmemleak_alloc_recursive(ptr, cachep->object_size, 1, cachep->flags,
d5cff635 3359 flags);
8c8cc2c1 3360
5087c822 3361 if (likely(ptr)) {
8c138bc0 3362 kmemcheck_slab_alloc(cachep, flags, ptr, cachep->object_size);
5087c822
JP		 3363 if (unlikely(flags & __GFP_ZERO))
3364 memset(ptr, 0, cachep->object_size);
3365 }
d07dbea4 3366
8c8cc2c1
PE		 3367 return ptr;
3368}
3369
3370static __always_inline void *
3371__do_cache_alloc(struct kmem_cache *cache, gfp_t flags)
3372{
3373 void *objp;
3374
f0432d15 3375 if (current->mempolicy || unlikely(current->flags & PF_SPREAD_SLAB)) {
8c8cc2c1
PE		 3376 objp = alternate_node_alloc(cache, flags);
3377 if (objp)
3378 goto out;
3379 }
3380 objp = ____cache_alloc(cache, flags);
3381
3382 /*
3383 * We may just have run out of memory on the local node.
3384 * ____cache_alloc_node() knows how to locate memory on other nodes
3385 */
7d6e6d09
LS		 3386 if (!objp)
3387 objp = ____cache_alloc_node(cache, flags, numa_mem_id());
8c8cc2c1
PE		 3388
3389 out:
3390 return objp;
3391}
3392#else
3393
3394static __always_inline void *
3395__do_cache_alloc(struct kmem_cache *cachep, gfp_t flags)
3396{
3397 return ____cache_alloc(cachep, flags);
3398}
3399
3400#endif /* CONFIG_NUMA */
3401
3402static __always_inline void *
48356303 3403slab_alloc(struct kmem_cache *cachep, gfp_t flags, unsigned long caller)
8c8cc2c1
PE		 3404{
3405 unsigned long save_flags;
3406 void *objp;
3407
dcce284a 3408 flags &= gfp_allowed_mask;
7e85ee0c 3409
cf40bd16
NP		 3410 lockdep_trace_alloc(flags);
3411
773ff60e 3412 if (slab_should_failslab(cachep, flags))
824ebef1
AM		 3413 return NULL;
3414
d79923fa
GC		 3415 cachep = memcg_kmem_get_cache(cachep, flags);
3416
8c8cc2c1
PE		 3417 cache_alloc_debugcheck_before(cachep, flags);
3418 local_irq_save(save_flags);
3419 objp = __do_cache_alloc(cachep, flags);
3420 local_irq_restore(save_flags);
3421 objp = cache_alloc_debugcheck_after(cachep, flags, objp, caller);
8c138bc0 3422 kmemleak_alloc_recursive(objp, cachep->object_size, 1, cachep->flags,
d5cff635 3423 flags);
8c8cc2c1
PE		 3424 prefetchw(objp);
3425
5087c822 3426 if (likely(objp)) {
8c138bc0 3427 kmemcheck_slab_alloc(cachep, flags, objp, cachep->object_size);
5087c822
JP		 3428 if (unlikely(flags & __GFP_ZERO))
3429 memset(objp, 0, cachep->object_size);
3430 }
d07dbea4 3431
8c8cc2c1
PE		 3432 return objp;
3433}
e498be7d
CL		 3434
3435/*
5f0985bb 3436 * Caller needs to acquire correct kmem_cache_node's list_lock
97654dfa 3437 * @list: List of detached free slabs should be freed by caller
e498be7d 3438 */
97654dfa
JK		 3439static void free_block(struct kmem_cache *cachep, void **objpp,
3440 int nr_objects, int node, struct list_head *list)
1da177e4
LT		 3441{
3442 int i;
25c063fb 3443 struct kmem_cache_node *n = get_node(cachep, node);
1da177e4
LT		 3444
3445 for (i = 0; i < nr_objects; i++) {
072bb0aa 3446 void *objp;
8456a648 3447 struct page *page;
1da177e4 3448
072bb0aa
MG		 3449 clear_obj_pfmemalloc(&objpp[i]);
3450 objp = objpp[i];
3451
8456a648 3452 page = virt_to_head_page(objp);
8456a648 3453 list_del(&page->lru);
ff69416e 3454 check_spinlock_acquired_node(cachep, node);
8456a648 3455 slab_put_obj(cachep, page, objp, node);
1da177e4 3456 STATS_DEC_ACTIVE(cachep);
ce8eb6c4 3457 n->free_objects++;
1da177e4
LT		 3458
3459 /* fixup slab chains */
8456a648 3460 if (page->active == 0) {
ce8eb6c4
CL		 3461 if (n->free_objects > n->free_limit) {
3462 n->free_objects -= cachep->num;
97654dfa 3463 list_add_tail(&page->lru, list);
1da177e4 3464 } else {
8456a648 3465 list_add(&page->lru, &n->slabs_free);
1da177e4
LT		 3466 }
3467 } else {
3468 /* Unconditionally move a slab to the end of the
3469 * partial list on free - maximum time for the
3470 * other objects to be freed, too.
3471 */
8456a648 3472 list_add_tail(&page->lru, &n->slabs_partial);
1da177e4
LT		 3473 }
3474 }
3475}
3476
343e0d7a 3477static void cache_flusharray(struct kmem_cache *cachep, struct array_cache *ac)
1da177e4
LT		 3478{
3479 int batchcount;
ce8eb6c4 3480 struct kmem_cache_node *n;
7d6e6d09 3481 int node = numa_mem_id();
97654dfa 3482 LIST_HEAD(list);
1da177e4
LT		 3483
3484 batchcount = ac->batchcount;
3485#if DEBUG
3486 BUG_ON(!batchcount || batchcount > ac->avail);
3487#endif
3488 check_irq_off();
18bf8541 3489 n = get_node(cachep, node);
ce8eb6c4
CL		 3490 spin_lock(&n->list_lock);
3491 if (n->shared) {
3492 struct array_cache *shared_array = n->shared;
b28a02de 3493 int max = shared_array->limit - shared_array->avail;
1da177e4
LT		 3494 if (max) {
3495 if (batchcount > max)
3496 batchcount = max;
e498be7d 3497 memcpy(&(shared_array->entry[shared_array->avail]),
b28a02de 3498 ac->entry, sizeof(void *) * batchcount);
1da177e4
LT		 3499 shared_array->avail += batchcount;
3500 goto free_done;
3501 }
3502 }
3503
97654dfa 3504 free_block(cachep, ac->entry, batchcount, node, &list);
a737b3e2 3505free_done:
1da177e4
LT		 3506#if STATS
3507 {
3508 int i = 0;
3509 struct list_head *p;
3510
ce8eb6c4
CL		 3511 p = n->slabs_free.next;
3512 while (p != &(n->slabs_free)) {
8456a648 3513 struct page *page;
1da177e4 3514
8456a648
JK		 3515 page = list_entry(p, struct page, lru);
3516 BUG_ON(page->active);
1da177e4
LT		 3517
3518 i++;
3519 p = p->next;
3520 }
3521 STATS_SET_FREEABLE(cachep, i);
3522 }
3523#endif
ce8eb6c4 3524 spin_unlock(&n->list_lock);
97654dfa 3525 slabs_destroy(cachep, &list);
1da177e4 3526 ac->avail -= batchcount;
a737b3e2 3527 memmove(ac->entry, &(ac->entry[batchcount]), sizeof(void *)*ac->avail);
1da177e4
LT		 3528}
3529
3530/*
a737b3e2
AM		 3531 * Release an obj back to its cache. If the obj has a constructed state, it must
3532 * be in this state _before_ it is released. Called with disabled ints.
1da177e4 3533 */
a947eb95 3534static inline void __cache_free(struct kmem_cache *cachep, void *objp,
7c0cb9c6 3535 unsigned long caller)
1da177e4 3536{
9a2dba4b 3537 struct array_cache *ac = cpu_cache_get(cachep);
1da177e4
LT		 3538
3539 check_irq_off();
d5cff635 3540 kmemleak_free_recursive(objp, cachep->flags);
a947eb95 3541 objp = cache_free_debugcheck(cachep, objp, caller);
1da177e4 3542
8c138bc0 3543 kmemcheck_slab_free(cachep, objp, cachep->object_size);
c175eea4 3544
1807a1aa
SS		 3545 /*
3546 * Skip calling cache_free_alien() when the platform is not numa.
3547 * This will avoid cache misses that happen while accessing slabp (which
3548 * is per page memory reference) to get nodeid. Instead use a global
3549 * variable to skip the call, which is mostly likely to be present in
3550 * the cache.
3551 */
b6e68bc1 3552 if (nr_online_nodes > 1 && cache_free_alien(cachep, objp))
729bd0b7
PE		 3553 return;
3554
1da177e4
LT		 3555 if (likely(ac->avail < ac->limit)) {
3556 STATS_INC_FREEHIT(cachep);
1da177e4
LT		 3557 } else {
3558 STATS_INC_FREEMISS(cachep);
3559 cache_flusharray(cachep, ac);
1da177e4 3560 }
42c8c99c 3561
072bb0aa 3562 ac_put_obj(cachep, ac, objp);
1da177e4
LT		 3563}
3564
3565/**
3566 * kmem_cache_alloc - Allocate an object
3567 * @cachep: The cache to allocate from.
3568 * @flags: See kmalloc().
3569 *
3570 * Allocate an object from this cache. The flags are only relevant
3571 * if the cache has no available objects.
3572 */
343e0d7a 3573void *kmem_cache_alloc(struct kmem_cache *cachep, gfp_t flags)
1da177e4 3574{
48356303 3575 void *ret = slab_alloc(cachep, flags, _RET_IP_);
36555751 3576
ca2b84cb 3577 trace_kmem_cache_alloc(_RET_IP_, ret,
8c138bc0 3578 cachep->object_size, cachep->size, flags);
36555751
EGM		 3579
3580 return ret;
1da177e4
LT		 3581}
3582EXPORT_SYMBOL(kmem_cache_alloc);
3583
0f24f128 3584#ifdef CONFIG_TRACING
85beb586 3585void *
4052147c 3586kmem_cache_alloc_trace(struct kmem_cache *cachep, gfp_t flags, size_t size)
36555751 3587{
85beb586
SR		 3588 void *ret;
3589
48356303 3590 ret = slab_alloc(cachep, flags, _RET_IP_);
85beb586
SR		 3591
3592 trace_kmalloc(_RET_IP_, ret,
ff4fcd01 3593 size, cachep->size, flags);
85beb586 3594 return ret;
36555751 3595}
85beb586 3596EXPORT_SYMBOL(kmem_cache_alloc_trace);
36555751
EGM		 3597#endif
3598
1da177e4 3599#ifdef CONFIG_NUMA
d0d04b78
ZL		 3600/**
3601 * kmem_cache_alloc_node - Allocate an object on the specified node
3602 * @cachep: The cache to allocate from.
3603 * @flags: See kmalloc().
3604 * @nodeid: node number of the target node.
3605 *
3606 * Identical to kmem_cache_alloc but it will allocate memory on the given
3607 * node, which can improve the performance for cpu bound structures.
3608 *
3609 * Fallback to other node is possible if __GFP_THISNODE is not set.
3610 */
8b98c169
CH		 3611void *kmem_cache_alloc_node(struct kmem_cache *cachep, gfp_t flags, int nodeid)
3612{
48356303 3613 void *ret = slab_alloc_node(cachep, flags, nodeid, _RET_IP_);
36555751 3614
ca2b84cb 3615 trace_kmem_cache_alloc_node(_RET_IP_, ret,
8c138bc0 3616 cachep->object_size, cachep->size,
ca2b84cb 3617 flags, nodeid);
36555751
EGM		 3618
3619 return ret;
8b98c169 3620}
1da177e4
LT		 3621EXPORT_SYMBOL(kmem_cache_alloc_node);
3622
0f24f128 3623#ifdef CONFIG_TRACING
4052147c 3624void *kmem_cache_alloc_node_trace(struct kmem_cache *cachep,
85beb586 3625 gfp_t flags,
4052147c
EG		 3626 int nodeid,
3627 size_t size)
36555751 3628{
85beb586
SR		 3629 void *ret;
3630
592f4145 3631 ret = slab_alloc_node(cachep, flags, nodeid, _RET_IP_);
7c0cb9c6 3632
85beb586 3633 trace_kmalloc_node(_RET_IP_, ret,
ff4fcd01 3634 size, cachep->size,
85beb586
SR		 3635 flags, nodeid);
3636 return ret;
36555751 3637}
85beb586 3638EXPORT_SYMBOL(kmem_cache_alloc_node_trace);
36555751
EGM		 3639#endif
3640
8b98c169 3641static __always_inline void *
7c0cb9c6 3642__do_kmalloc_node(size_t size, gfp_t flags, int node, unsigned long caller)
97e2bde4 3643{
343e0d7a 3644 struct kmem_cache *cachep;
97e2bde4 3645
2c59dd65 3646 cachep = kmalloc_slab(size, flags);
6cb8f913
CL		 3647 if (unlikely(ZERO_OR_NULL_PTR(cachep)))
3648 return cachep;
4052147c 3649 return kmem_cache_alloc_node_trace(cachep, flags, node, size);
97e2bde4 3650}
8b98c169 3651
0bb38a5c 3652#if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_TRACING)
8b98c169
CH		 3653void *__kmalloc_node(size_t size, gfp_t flags, int node)
3654{
7c0cb9c6 3655 return __do_kmalloc_node(size, flags, node, _RET_IP_);
8b98c169 3656}
dbe5e69d 3657EXPORT_SYMBOL(__kmalloc_node);
8b98c169
CH		 3658
3659void *__kmalloc_node_track_caller(size_t size, gfp_t flags,
ce71e27c 3660 int node, unsigned long caller)
8b98c169 3661{
7c0cb9c6 3662 return __do_kmalloc_node(size, flags, node, caller);
8b98c169
CH		 3663}
3664EXPORT_SYMBOL(__kmalloc_node_track_caller);
3665#else
3666void *__kmalloc_node(size_t size, gfp_t flags, int node)
3667{
7c0cb9c6 3668 return __do_kmalloc_node(size, flags, node, 0);
8b98c169
CH		 3669}
3670EXPORT_SYMBOL(__kmalloc_node);
0bb38a5c 3671#endif /* CONFIG_DEBUG_SLAB || CONFIG_TRACING */
8b98c169 3672#endif /* CONFIG_NUMA */
1da177e4
LT		 3673
3674/**
800590f5 3675 * __do_kmalloc - allocate memory
1da177e4 3676 * @size: how many bytes of memory are required.
800590f5 3677 * @flags: the type of memory to allocate (see kmalloc).
911851e6 3678 * @caller: function caller for debug tracking of the caller
1da177e4 3679 */
7fd6b141 3680static __always_inline void *__do_kmalloc(size_t size, gfp_t flags,
7c0cb9c6 3681 unsigned long caller)
1da177e4 3682{
343e0d7a 3683 struct kmem_cache *cachep;
36555751 3684 void *ret;
1da177e4 3685
2c59dd65 3686 cachep = kmalloc_slab(size, flags);
a5c96d8a
LT		 3687 if (unlikely(ZERO_OR_NULL_PTR(cachep)))
3688 return cachep;
48356303 3689 ret = slab_alloc(cachep, flags, caller);
36555751 3690
7c0cb9c6 3691 trace_kmalloc(caller, ret,
3b0efdfa 3692 size, cachep->size, flags);
36555751
EGM		 3693
3694 return ret;
7fd6b141
PE		 3695}
3696
7fd6b141 3697
0bb38a5c 3698#if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_TRACING)
7fd6b141
PE		 3699void *__kmalloc(size_t size, gfp_t flags)
3700{
7c0cb9c6 3701 return __do_kmalloc(size, flags, _RET_IP_);
1da177e4
LT		 3702}
3703EXPORT_SYMBOL(__kmalloc);
3704
ce71e27c 3705void *__kmalloc_track_caller(size_t size, gfp_t flags, unsigned long caller)
7fd6b141 3706{
7c0cb9c6 3707 return __do_kmalloc(size, flags, caller);
7fd6b141
PE		 3708}
3709EXPORT_SYMBOL(__kmalloc_track_caller);
1d2c8eea
CH		 3710
3711#else
3712void *__kmalloc(size_t size, gfp_t flags)
3713{
7c0cb9c6 3714 return __do_kmalloc(size, flags, 0);
1d2c8eea
CH		 3715}
3716EXPORT_SYMBOL(__kmalloc);
7fd6b141
PE		 3717#endif
3718
1da177e4
LT		 3719/**
3720 * kmem_cache_free - Deallocate an object
3721 * @cachep: The cache the allocation was from.
3722 * @objp: The previously allocated object.
3723 *
3724 * Free an object which was previously allocated from this
3725 * cache.
3726 */
343e0d7a 3727void kmem_cache_free(struct kmem_cache *cachep, void *objp)
1da177e4
LT		 3728{
3729 unsigned long flags;
b9ce5ef4
GC		 3730 cachep = cache_from_obj(cachep, objp);
3731 if (!cachep)
3732 return;
1da177e4
LT		 3733
3734 local_irq_save(flags);
d97d476b 3735 debug_check_no_locks_freed(objp, cachep->object_size);
3ac7fe5a 3736 if (!(cachep->flags & SLAB_DEBUG_OBJECTS))
8c138bc0 3737 debug_check_no_obj_freed(objp, cachep->object_size);
7c0cb9c6 3738 __cache_free(cachep, objp, _RET_IP_);
1da177e4 3739 local_irq_restore(flags);
36555751 3740
ca2b84cb 3741 trace_kmem_cache_free(_RET_IP_, objp);
1da177e4
LT		 3742}
3743EXPORT_SYMBOL(kmem_cache_free);
3744
1da177e4
LT		 3745/**
3746 * kfree - free previously allocated memory
3747 * @objp: pointer returned by kmalloc.
3748 *
80e93eff
PE		 3749 * If @objp is NULL, no operation is performed.
3750 *
1da177e4
LT		 3751 * Don't free memory not originally allocated by kmalloc()
3752 * or you will run into trouble.
3753 */
3754void kfree(const void *objp)
3755{
343e0d7a 3756 struct kmem_cache *c;
1da177e4
LT		 3757 unsigned long flags;
3758
2121db74
PE		 3759 trace_kfree(_RET_IP_, objp);
3760
6cb8f913 3761 if (unlikely(ZERO_OR_NULL_PTR(objp)))
1da177e4
LT		 3762 return;
3763 local_irq_save(flags);
3764 kfree_debugcheck(objp);
6ed5eb22 3765 c = virt_to_cache(objp);
8c138bc0
CL		 3766 debug_check_no_locks_freed(objp, c->object_size);
3767
3768 debug_check_no_obj_freed(objp, c->object_size);
7c0cb9c6 3769 __cache_free(c, (void *)objp, _RET_IP_);
1da177e4
LT		 3770 local_irq_restore(flags);
3771}
3772EXPORT_SYMBOL(kfree);
3773
e498be7d 3774/*
ce8eb6c4 3775 * This initializes kmem_cache_node or resizes various caches for all nodes.
e498be7d 3776 */
5f0985bb 3777static int alloc_kmem_cache_node(struct kmem_cache *cachep, gfp_t gfp)
e498be7d
CL		 3778{
3779 int node;
ce8eb6c4 3780 struct kmem_cache_node *n;
cafeb02e 3781 struct array_cache *new_shared;
c8522a3a 3782 struct alien_cache **new_alien = NULL;
e498be7d 3783
9c09a95c 3784 for_each_online_node(node) {
cafeb02e 3785
3395ee05 3786 if (use_alien_caches) {
83b519e8 3787 new_alien = alloc_alien_cache(node, cachep->limit, gfp);
3395ee05
PM		 3788 if (!new_alien)
3789 goto fail;
3790 }
cafeb02e 3791
63109846
ED		 3792 new_shared = NULL;
3793 if (cachep->shared) {
3794 new_shared = alloc_arraycache(node,
0718dc2a 3795 cachep->shared*cachep->batchcount,
83b519e8 3796 0xbaadf00d, gfp);
63109846
ED		 3797 if (!new_shared) {
3798 free_alien_cache(new_alien);
3799 goto fail;
3800 }
0718dc2a 3801 }
cafeb02e 3802
18bf8541 3803 n = get_node(cachep, node);
ce8eb6c4
CL		 3804 if (n) {
3805 struct array_cache *shared = n->shared;
97654dfa 3806 LIST_HEAD(list);
cafeb02e 3807
ce8eb6c4 3808 spin_lock_irq(&n->list_lock);
e498be7d 3809
cafeb02e 3810 if (shared)
0718dc2a 3811 free_block(cachep, shared->entry,
97654dfa 3812 shared->avail, node, &list);
e498be7d 3813
ce8eb6c4
CL		 3814 n->shared = new_shared;
3815 if (!n->alien) {
3816 n->alien = new_alien;
e498be7d
CL		 3817 new_alien = NULL;
3818 }
ce8eb6c4 3819 n->free_limit = (1 + nr_cpus_node(node)) *
a737b3e2 3820 cachep->batchcount + cachep->num;
ce8eb6c4 3821 spin_unlock_irq(&n->list_lock);
97654dfa 3822 slabs_destroy(cachep, &list);
cafeb02e 3823 kfree(shared);
e498be7d
CL		 3824 free_alien_cache(new_alien);
3825 continue;
3826 }
ce8eb6c4
CL		 3827 n = kmalloc_node(sizeof(struct kmem_cache_node), gfp, node);
3828 if (!n) {
0718dc2a
CL		 3829 free_alien_cache(new_alien);
3830 kfree(new_shared);
e498be7d 3831 goto fail;
0718dc2a 3832 }
e498be7d 3833
ce8eb6c4 3834 kmem_cache_node_init(n);
5f0985bb
JZ		 3835 n->next_reap = jiffies + REAPTIMEOUT_NODE +
3836 ((unsigned long)cachep) % REAPTIMEOUT_NODE;
ce8eb6c4
CL		 3837 n->shared = new_shared;
3838 n->alien = new_alien;
3839 n->free_limit = (1 + nr_cpus_node(node)) *
a737b3e2 3840 cachep->batchcount + cachep->num;
ce8eb6c4 3841 cachep->node[node] = n;
e498be7d 3842 }
cafeb02e 3843 return 0;
0718dc2a 3844
a737b3e2 3845fail:
3b0efdfa 3846 if (!cachep->list.next) {
0718dc2a
CL		 3847 /* Cache is not active yet. Roll back what we did */
3848 node--;
3849 while (node >= 0) {
18bf8541
CL		 3850 n = get_node(cachep, node);
3851 if (n) {
ce8eb6c4
CL		 3852 kfree(n->shared);
3853 free_alien_cache(n->alien);
3854 kfree(n);
6a67368c 3855 cachep->node[node] = NULL;
0718dc2a
CL		 3856 }
3857 node--;
3858 }
3859 }
cafeb02e 3860 return -ENOMEM;
e498be7d
CL		 3861}
3862
1da177e4 3863struct ccupdate_struct {
343e0d7a 3864 struct kmem_cache *cachep;
acfe7d74 3865 struct array_cache *new[0];
1da177e4
LT		 3866};
3867
3868static void do_ccupdate_local(void *info)
3869{
a737b3e2 3870 struct ccupdate_struct *new = info;
1da177e4
LT		 3871 struct array_cache *old;
3872
3873 check_irq_off();
9a2dba4b 3874 old = cpu_cache_get(new->cachep);
e498be7d 3875
1da177e4
LT		 3876 new->cachep->array[smp_processor_id()] = new->new[smp_processor_id()];
3877 new->new[smp_processor_id()] = old;
3878}
3879
18004c5d 3880/* Always called with the slab_mutex held */
943a451a 3881static int __do_tune_cpucache(struct kmem_cache *cachep, int limit,
83b519e8 3882 int batchcount, int shared, gfp_t gfp)
1da177e4 3883{
d2e7b7d0 3884 struct ccupdate_struct *new;
2ed3a4ef 3885 int i;
1da177e4 3886
acfe7d74
ED		 3887 new = kzalloc(sizeof(*new) + nr_cpu_ids * sizeof(struct array_cache *),
3888 gfp);
d2e7b7d0
SS		 3889 if (!new)
3890 return -ENOMEM;
3891
e498be7d 3892 for_each_online_cpu(i) {
7d6e6d09 3893 new->new[i] = alloc_arraycache(cpu_to_mem(i), limit,
83b519e8 3894 batchcount, gfp);
d2e7b7d0 3895 if (!new->new[i]) {
b28a02de 3896 for (i--; i >= 0; i--)
d2e7b7d0
SS		 3897 kfree(new->new[i]);
3898 kfree(new);
e498be7d 3899 return -ENOMEM;
1da177e4
LT		 3900 }
3901 }
d2e7b7d0 3902 new->cachep = cachep;
1da177e4 3903
15c8b6c1 3904 on_each_cpu(do_ccupdate_local, (void *)new, 1);
e498be7d 3905
1da177e4 3906 check_irq_on();
1da177e4
LT		 3907 cachep->batchcount = batchcount;
3908 cachep->limit = limit;
e498be7d 3909 cachep->shared = shared;
1da177e4 3910
e498be7d 3911 for_each_online_cpu(i) {
97654dfa 3912 LIST_HEAD(list);
d2e7b7d0 3913 struct array_cache *ccold = new->new[i];
18bf8541
CL		 3914 int node;
3915 struct kmem_cache_node *n;
3916
1da177e4
LT		 3917 if (!ccold)
3918 continue;
18bf8541
CL		 3919
3920 node = cpu_to_mem(i);
3921 n = get_node(cachep, node);
3922 spin_lock_irq(&n->list_lock);
97654dfa 3923 free_block(cachep, ccold->entry, ccold->avail, node, &list);
18bf8541 3924 spin_unlock_irq(&n->list_lock);
97654dfa 3925 slabs_destroy(cachep, &list);
1da177e4
LT		 3926 kfree(ccold);
3927 }
d2e7b7d0 3928 kfree(new);
5f0985bb 3929 return alloc_kmem_cache_node(cachep, gfp);
1da177e4
LT		 3930}
3931
943a451a
GC		 3932static int do_tune_cpucache(struct kmem_cache *cachep, int limit,
3933 int batchcount, int shared, gfp_t gfp)
3934{
3935 int ret;
3936 struct kmem_cache *c = NULL;
3937 int i = 0;
3938
3939 ret = __do_tune_cpucache(cachep, limit, batchcount, shared, gfp);
3940
3941 if (slab_state < FULL)
3942 return ret;
3943
3944 if ((ret < 0) || !is_root_cache(cachep))
3945 return ret;
3946
ebe945c2 3947 VM_BUG_ON(!mutex_is_locked(&slab_mutex));
943a451a 3948 for_each_memcg_cache_index(i) {
2ade4de8 3949 c = cache_from_memcg_idx(cachep, i);
943a451a
GC		 3950 if (c)
3951 /* return value determined by the parent cache only */
3952 __do_tune_cpucache(c, limit, batchcount, shared, gfp);
3953 }
3954
3955 return ret;
3956}
3957
18004c5d 3958/* Called with slab_mutex held always */
83b519e8 3959static int enable_cpucache(struct kmem_cache *cachep, gfp_t gfp)
1da177e4
LT		 3960{
3961 int err;
943a451a
GC		 3962 int limit = 0;
3963 int shared = 0;
3964 int batchcount = 0;
3965
3966 if (!is_root_cache(cachep)) {
3967 struct kmem_cache *root = memcg_root_cache(cachep);
3968 limit = root->limit;
3969 shared = root->shared;
3970 batchcount = root->batchcount;
3971 }
1da177e4 3972
943a451a
GC		 3973 if (limit && shared && batchcount)
3974 goto skip_setup;
a737b3e2
AM		 3975 /*
3976 * The head array serves three purposes:
1da177e4
LT		 3977 * - create a LIFO ordering, i.e. return objects that are cache-warm
3978 * - reduce the number of spinlock operations.
a737b3e2 3979 * - reduce the number of linked list operations on the slab and
1da177e4
LT		 3980 * bufctl chains: array operations are cheaper.
3981 * The numbers are guessed, we should auto-tune as described by
3982 * Bonwick.
3983 */
3b0efdfa 3984 if (cachep->size > 131072)
1da177e4 3985 limit = 1;
3b0efdfa 3986 else if (cachep->size > PAGE_SIZE)
1da177e4 3987 limit = 8;
3b0efdfa 3988 else if (cachep->size > 1024)
1da177e4 3989 limit = 24;
3b0efdfa 3990 else if (cachep->size > 256)
1da177e4
LT		 3991 limit = 54;
3992 else
3993 limit = 120;
3994
a737b3e2
AM		 3995 /*
3996 * CPU bound tasks (e.g. network routing) can exhibit cpu bound
1da177e4
LT		 3997 * allocation behaviour: Most allocs on one cpu, most free operations
3998 * on another cpu. For these cases, an efficient object passing between
3999 * cpus is necessary. This is provided by a shared array. The array
4000 * replaces Bonwick's magazine layer.
4001 * On uniprocessor, it's functionally equivalent (but less efficient)
4002 * to a larger limit. Thus disabled by default.
4003 */
4004 shared = 0;
3b0efdfa 4005 if (cachep->size <= PAGE_SIZE && num_possible_cpus() > 1)
1da177e4 4006 shared = 8;
1da177e4
LT		 4007
4008#if DEBUG
a737b3e2
AM		 4009 /*
4010 * With debugging enabled, large batchcount lead to excessively long
4011 * periods with disabled local interrupts. Limit the batchcount
1da177e4
LT		 4012 */
4013 if (limit > 32)
4014 limit = 32;
4015#endif
943a451a
GC		 4016 batchcount = (limit + 1) / 2;
4017skip_setup:
4018 err = do_tune_cpucache(cachep, limit, batchcount, shared, gfp);
1da177e4
LT		 4019 if (err)
4020 printk(KERN_ERR "enable_cpucache failed for %s, error %d.\n",
b28a02de 4021 cachep->name, -err);
2ed3a4ef 4022 return err;
1da177e4
LT		 4023}
4024
1b55253a 4025/*
ce8eb6c4
CL		 4026 * Drain an array if it contains any elements taking the node lock only if
4027 * necessary. Note that the node listlock also protects the array_cache
b18e7e65 4028 * if drain_array() is used on the shared array.
1b55253a 4029 */
ce8eb6c4 4030static void drain_array(struct kmem_cache *cachep, struct kmem_cache_node *n,
1b55253a 4031 struct array_cache *ac, int force, int node)
1da177e4 4032{
97654dfa 4033 LIST_HEAD(list);
1da177e4
LT		 4034 int tofree;
4035
1b55253a
CL		 4036 if (!ac || !ac->avail)
4037 return;
1da177e4
LT		 4038 if (ac->touched && !force) {
4039 ac->touched = 0;
b18e7e65 4040 } else {
ce8eb6c4 4041 spin_lock_irq(&n->list_lock);
b18e7e65
CL		 4042 if (ac->avail) {
4043 tofree = force ? ac->avail : (ac->limit + 4) / 5;
4044 if (tofree > ac->avail)
4045 tofree = (ac->avail + 1) / 2;
97654dfa 4046 free_block(cachep, ac->entry, tofree, node, &list);
b18e7e65
CL		 4047 ac->avail -= tofree;
4048 memmove(ac->entry, &(ac->entry[tofree]),
4049 sizeof(void *) * ac->avail);
4050 }
ce8eb6c4 4051 spin_unlock_irq(&n->list_lock);
97654dfa 4052 slabs_destroy(cachep, &list);
1da177e4
LT		 4053 }
4054}
4055
4056/**
4057 * cache_reap - Reclaim memory from caches.
05fb6bf0 4058 * @w: work descriptor
1da177e4
LT		 4059 *
4060 * Called from workqueue/eventd every few seconds.
4061 * Purpose:
4062 * - clear the per-cpu caches for this CPU.
4063 * - return freeable pages to the main free memory pool.
4064 *
a737b3e2
AM		 4065 * If we cannot acquire the cache chain mutex then just give up - we'll try
4066 * again on the next iteration.
1da177e4 4067 */
7c5cae36 4068static void cache_reap(struct work_struct *w)
1da177e4 4069{
7a7c381d 4070 struct kmem_cache *searchp;
ce8eb6c4 4071 struct kmem_cache_node *n;
7d6e6d09 4072 int node = numa_mem_id();
bf6aede7 4073 struct delayed_work *work = to_delayed_work(w);
1da177e4 4074
18004c5d 4075 if (!mutex_trylock(&slab_mutex))
1da177e4 4076 /* Give up. Setup the next iteration. */
7c5cae36 4077 goto out;
1da177e4 4078
18004c5d 4079 list_for_each_entry(searchp, &slab_caches, list) {
1da177e4
LT		 4080 check_irq_on();
4081
35386e3b 4082 /*
ce8eb6c4 4083 * We only take the node lock if absolutely necessary and we
35386e3b
CL		 4084 * have established with reasonable certainty that
4085 * we can do some work if the lock was obtained.
4086 */
18bf8541 4087 n = get_node(searchp, node);
35386e3b 4088
ce8eb6c4 4089 reap_alien(searchp, n);
1da177e4 4090
ce8eb6c4 4091 drain_array(searchp, n, cpu_cache_get(searchp), 0, node);
1da177e4 4092
35386e3b
CL		 4093 /*
4094 * These are racy checks but it does not matter
4095 * if we skip one check or scan twice.
4096 */
ce8eb6c4 4097 if (time_after(n->next_reap, jiffies))
35386e3b 4098 goto next;
1da177e4 4099
5f0985bb 4100 n->next_reap = jiffies + REAPTIMEOUT_NODE;
1da177e4 4101
ce8eb6c4 4102 drain_array(searchp, n, n->shared, 0, node);
1da177e4 4103
ce8eb6c4
CL		 4104 if (n->free_touched)
4105 n->free_touched = 0;
ed11d9eb
CL		 4106 else {
4107 int freed;
1da177e4 4108
ce8eb6c4 4109 freed = drain_freelist(searchp, n, (n->free_limit +
ed11d9eb
CL		 4110 5 * searchp->num - 1) / (5 * searchp->num));
4111 STATS_ADD_REAPED(searchp, freed);
4112 }
35386e3b 4113next:
1da177e4
LT		 4114 cond_resched();
4115 }
4116 check_irq_on();
18004c5d 4117 mutex_unlock(&slab_mutex);
8fce4d8e 4118 next_reap_node();
7c5cae36 4119out:
a737b3e2 4120 /* Set up the next iteration */
5f0985bb 4121 schedule_delayed_work(work, round_jiffies_relative(REAPTIMEOUT_AC));
1da177e4
LT		 4122}
4123
158a9624 4124#ifdef CONFIG_SLABINFO
0d7561c6 4125void get_slabinfo(struct kmem_cache *cachep, struct slabinfo *sinfo)
1da177e4 4126{
8456a648 4127 struct page *page;
b28a02de
PE		 4128 unsigned long active_objs;
4129 unsigned long num_objs;
4130 unsigned long active_slabs = 0;
4131 unsigned long num_slabs, free_objects = 0, shared_avail = 0;
e498be7d 4132 const char *name;
1da177e4 4133 char *error = NULL;
e498be7d 4134 int node;
ce8eb6c4 4135 struct kmem_cache_node *n;
1da177e4 4136
1da177e4
LT		 4137 active_objs = 0;
4138 num_slabs = 0;
18bf8541 4139 for_each_kmem_cache_node(cachep, node, n) {
e498be7d 4140
ca3b9b91 4141 check_irq_on();
ce8eb6c4 4142 spin_lock_irq(&n->list_lock);
e498be7d 4143
8456a648
JK		 4144 list_for_each_entry(page, &n->slabs_full, lru) {
4145 if (page->active != cachep->num && !error)
e498be7d
CL		 4146 error = "slabs_full accounting error";
4147 active_objs += cachep->num;
4148 active_slabs++;
4149 }
8456a648
JK		 4150 list_for_each_entry(page, &n->slabs_partial, lru) {
4151 if (page->active == cachep->num && !error)
106a74e1 4152 error = "slabs_partial accounting error";
8456a648 4153 if (!page->active && !error)
106a74e1 4154 error = "slabs_partial accounting error";
8456a648 4155 active_objs += page->active;
e498be7d
CL		 4156 active_slabs++;
4157 }
8456a648
JK		 4158 list_for_each_entry(page, &n->slabs_free, lru) {
4159 if (page->active && !error)
106a74e1 4160 error = "slabs_free accounting error";
e498be7d
CL		 4161 num_slabs++;
4162 }
ce8eb6c4
CL		 4163 free_objects += n->free_objects;
4164 if (n->shared)
4165 shared_avail += n->shared->avail;
e498be7d 4166
ce8eb6c4 4167 spin_unlock_irq(&n->list_lock);
1da177e4 4168 }
b28a02de
PE		 4169 num_slabs += active_slabs;
4170 num_objs = num_slabs * cachep->num;
e498be7d 4171 if (num_objs - active_objs != free_objects && !error)
1da177e4
LT		 4172 error = "free_objects accounting error";
4173
b28a02de 4174 name = cachep->name;
1da177e4
LT		 4175 if (error)
4176 printk(KERN_ERR "slab: cache %s error: %s\n", name, error);
4177
0d7561c6
GC		 4178 sinfo->active_objs = active_objs;
4179 sinfo->num_objs = num_objs;
4180 sinfo->active_slabs = active_slabs;
4181 sinfo->num_slabs = num_slabs;
4182 sinfo->shared_avail = shared_avail;
4183 sinfo->limit = cachep->limit;
4184 sinfo->batchcount = cachep->batchcount;
4185 sinfo->shared = cachep->shared;
4186 sinfo->objects_per_slab = cachep->num;
4187 sinfo->cache_order = cachep->gfporder;
4188}
4189
4190void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep)
4191{
1da177e4 4192#if STATS
ce8eb6c4 4193 { /* node stats */
1da177e4
LT		 4194 unsigned long high = cachep->high_mark;
4195 unsigned long allocs = cachep->num_allocations;
4196 unsigned long grown = cachep->grown;
4197 unsigned long reaped = cachep->reaped;
4198 unsigned long errors = cachep->errors;
4199 unsigned long max_freeable = cachep->max_freeable;
1da177e4 4200 unsigned long node_allocs = cachep->node_allocs;
e498be7d 4201 unsigned long node_frees = cachep->node_frees;
fb7faf33 4202 unsigned long overflows = cachep->node_overflow;
1da177e4 4203
e92dd4fd
JP		 4204 seq_printf(m, " : globalstat %7lu %6lu %5lu %4lu "
4205 "%4lu %4lu %4lu %4lu %4lu",
4206 allocs, high, grown,
4207 reaped, errors, max_freeable, node_allocs,
4208 node_frees, overflows);
1da177e4
LT		 4209 }
4210 /* cpu stats */
4211 {
4212 unsigned long allochit = atomic_read(&cachep->allochit);
4213 unsigned long allocmiss = atomic_read(&cachep->allocmiss);
4214 unsigned long freehit = atomic_read(&cachep->freehit);
4215 unsigned long freemiss = atomic_read(&cachep->freemiss);
4216
4217 seq_printf(m, " : cpustat %6lu %6lu %6lu %6lu",
b28a02de 4218 allochit, allocmiss, freehit, freemiss);
1da177e4
LT		 4219 }
4220#endif
1da177e4
LT		 4221}
4222
1da177e4
LT		 4223#define MAX_SLABINFO_WRITE 128
4224/**
4225 * slabinfo_write - Tuning for the slab allocator
4226 * @file: unused
4227 * @buffer: user buffer
4228 * @count: data length
4229 * @ppos: unused
4230 */
b7454ad3 4231ssize_t slabinfo_write(struct file *file, const char __user *buffer,
b28a02de 4232 size_t count, loff_t *ppos)
1da177e4 4233{
b28a02de 4234 char kbuf[MAX_SLABINFO_WRITE + 1], *tmp;
1da177e4 4235 int limit, batchcount, shared, res;
7a7c381d 4236 struct kmem_cache *cachep;
b28a02de 4237
1da177e4
LT		 4238 if (count > MAX_SLABINFO_WRITE)
4239 return -EINVAL;
4240 if (copy_from_user(&kbuf, buffer, count))
4241 return -EFAULT;
b28a02de 4242 kbuf[MAX_SLABINFO_WRITE] = '\0';
1da177e4
LT		 4243
4244 tmp = strchr(kbuf, ' ');
4245 if (!tmp)
4246 return -EINVAL;
4247 *tmp = '\0';
4248 tmp++;
4249 if (sscanf(tmp, " %d %d %d", &limit, &batchcount, &shared) != 3)
4250 return -EINVAL;
4251
4252 /* Find the cache in the chain of caches. */
18004c5d 4253 mutex_lock(&slab_mutex);
1da177e4 4254 res = -EINVAL;
18004c5d 4255 list_for_each_entry(cachep, &slab_caches, list) {
1da177e4 4256 if (!strcmp(cachep->name, kbuf)) {
a737b3e2
AM		 4257 if (limit < 1 || batchcount < 1 ||
4258 batchcount > limit || shared < 0) {
e498be7d 4259 res = 0;
1da177e4 4260 } else {
e498be7d 4261 res = do_tune_cpucache(cachep, limit,
83b519e8
PE		 4262 batchcount, shared,
4263 GFP_KERNEL);
1da177e4
LT		 4264 }
4265 break;
4266 }
4267 }
18004c5d 4268 mutex_unlock(&slab_mutex);
1da177e4
LT		 4269 if (res >= 0)
4270 res = count;
4271 return res;
4272}
871751e2
AV		 4273
4274#ifdef CONFIG_DEBUG_SLAB_LEAK
4275
4276static void *leaks_start(struct seq_file *m, loff_t *pos)
4277{
18004c5d
CL		 4278 mutex_lock(&slab_mutex);
4279 return seq_list_start(&slab_caches, *pos);
871751e2
AV		 4280}
4281
4282static inline int add_caller(unsigned long *n, unsigned long v)
4283{
4284 unsigned long *p;
4285 int l;
4286 if (!v)
4287 return 1;
4288 l = n[1];
4289 p = n + 2;
4290 while (l) {
4291 int i = l/2;
4292 unsigned long *q = p + 2 * i;
4293 if (*q == v) {
4294 q[1]++;
4295 return 1;
4296 }
4297 if (*q > v) {
4298 l = i;
4299 } else {
4300 p = q + 2;
4301 l -= i + 1;
4302 }
4303 }
4304 if (++n[1] == n[0])
4305 return 0;
4306 memmove(p + 2, p, n[1] * 2 * sizeof(unsigned long) - ((void *)p - (void *)n));
4307 p[0] = v;
4308 p[1] = 1;
4309 return 1;
4310}
4311
8456a648
JK		 4312static void handle_slab(unsigned long *n, struct kmem_cache *c,
4313 struct page *page)
871751e2
AV		 4314{
4315 void *p;
03787301 4316 int i;
b1cb0982 4317
871751e2
AV		 4318 if (n[0] == n[1])
4319 return;
8456a648 4320 for (i = 0, p = page->s_mem; i < c->num; i++, p += c->size) {
03787301 4321 if (get_obj_status(page, i) != OBJECT_ACTIVE)
871751e2 4322 continue;
b1cb0982 4323
871751e2
AV		 4324 if (!add_caller(n, (unsigned long)*dbg_userword(c, p)))
4325 return;
4326 }
4327}
4328
4329static void show_symbol(struct seq_file *m, unsigned long address)
4330{
4331#ifdef CONFIG_KALLSYMS
871751e2 4332 unsigned long offset, size;
9281acea 4333 char modname[MODULE_NAME_LEN], name[KSYM_NAME_LEN];
871751e2 4334
a5c43dae 4335 if (lookup_symbol_attrs(address, &size, &offset, modname, name) == 0) {
871751e2 4336 seq_printf(m, "%s+%#lx/%#lx", name, offset, size);
a5c43dae 4337 if (modname[0])
871751e2
AV		 4338 seq_printf(m, " [%s]", modname);
4339 return;
4340 }
4341#endif
4342 seq_printf(m, "%p", (void *)address);
4343}
4344
4345static int leaks_show(struct seq_file *m, void *p)
4346{
0672aa7c 4347 struct kmem_cache *cachep = list_entry(p, struct kmem_cache, list);
8456a648 4348 struct page *page;
ce8eb6c4 4349 struct kmem_cache_node *n;
871751e2 4350 const char *name;
db845067 4351 unsigned long *x = m->private;
871751e2
AV		 4352 int node;
4353 int i;
4354
4355 if (!(cachep->flags & SLAB_STORE_USER))
4356 return 0;
4357 if (!(cachep->flags & SLAB_RED_ZONE))
4358 return 0;
4359
4360 /* OK, we can do it */
4361
db845067 4362 x[1] = 0;
871751e2 4363
18bf8541 4364 for_each_kmem_cache_node(cachep, node, n) {
871751e2
AV		 4365
4366 check_irq_on();
ce8eb6c4 4367 spin_lock_irq(&n->list_lock);
871751e2 4368
8456a648
JK		 4369 list_for_each_entry(page, &n->slabs_full, lru)
4370 handle_slab(x, cachep, page);
4371 list_for_each_entry(page, &n->slabs_partial, lru)
4372 handle_slab(x, cachep, page);
ce8eb6c4 4373 spin_unlock_irq(&n->list_lock);
871751e2
AV		 4374 }
4375 name = cachep->name;
db845067 4376 if (x[0] == x[1]) {
871751e2 4377 /* Increase the buffer size */
18004c5d 4378 mutex_unlock(&slab_mutex);
db845067 4379 m->private = kzalloc(x[0] * 4 * sizeof(unsigned long), GFP_KERNEL);
871751e2
AV		 4380 if (!m->private) {
4381 /* Too bad, we are really out */
db845067 4382 m->private = x;
18004c5d 4383 mutex_lock(&slab_mutex);
871751e2
AV		 4384 return -ENOMEM;
4385 }
db845067
CL		 4386 *(unsigned long *)m->private = x[0] * 2;
4387 kfree(x);
18004c5d 4388 mutex_lock(&slab_mutex);
871751e2
AV		 4389 /* Now make sure this entry will be retried */
4390 m->count = m->size;
4391 return 0;
4392 }
db845067
CL		 4393 for (i = 0; i < x[1]; i++) {
4394 seq_printf(m, "%s: %lu ", name, x[2*i+3]);
4395 show_symbol(m, x[2*i+2]);
871751e2
AV		 4396 seq_putc(m, '\n');
4397 }
d2e7b7d0 4398
871751e2
AV		 4399 return 0;
4400}
4401
a0ec95a8 4402static const struct seq_operations slabstats_op = {
871751e2 4403 .start = leaks_start,
276a2439
WL		 4404 .next = slab_next,
4405 .stop = slab_stop,
871751e2
AV		 4406 .show = leaks_show,
4407};
a0ec95a8
AD		 4408
4409static int slabstats_open(struct inode *inode, struct file *file)
4410{
4411 unsigned long *n = kzalloc(PAGE_SIZE, GFP_KERNEL);
4412 int ret = -ENOMEM;
4413 if (n) {
4414 ret = seq_open(file, &slabstats_op);
4415 if (!ret) {
4416 struct seq_file *m = file->private_data;
4417 *n = PAGE_SIZE / (2 * sizeof(unsigned long));
4418 m->private = n;
4419 n = NULL;
4420 }
4421 kfree(n);
4422 }
4423 return ret;
4424}
4425
4426static const struct file_operations proc_slabstats_operations = {
4427 .open = slabstats_open,
4428 .read = seq_read,
4429 .llseek = seq_lseek,
4430 .release = seq_release_private,
4431};
4432#endif
4433
4434static int __init slab_proc_init(void)
4435{
4436#ifdef CONFIG_DEBUG_SLAB_LEAK
4437 proc_create("slab_allocators", 0, NULL, &proc_slabstats_operations);
871751e2 4438#endif
a0ec95a8
AD		 4439 return 0;
4440}
4441module_init(slab_proc_init);
1da177e4
LT		 4442#endif
4443
00e145b6
MS		 4444/**
4445 * ksize - get the actual amount of memory allocated for a given object
4446 * @objp: Pointer to the object
4447 *
4448 * kmalloc may internally round up allocations and return more memory
4449 * than requested. ksize() can be used to determine the actual amount of
4450 * memory allocated. The caller may use this additional memory, even though
4451 * a smaller amount of memory was initially specified with the kmalloc call.
4452 * The caller must guarantee that objp points to a valid object previously
4453 * allocated with either kmalloc() or kmem_cache_alloc(). The object
4454 * must not be freed during the duration of the call.
4455 */
fd76bab2 4456size_t ksize(const void *objp)
1da177e4 4457{
ef8b4520
CL		 4458 BUG_ON(!objp);
4459 if (unlikely(objp == ZERO_SIZE_PTR))
00e145b6 4460 return 0;
1da177e4 4461
8c138bc0 4462 return virt_to_cache(objp)->object_size;
1da177e4 4463}
b1aabecd 4464EXPORT_SYMBOL(ksize);
Ubuntu Artful kernel mirror