]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - mm/slab.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
mm: slub: optimise the SLUB fast path to avoid pfmemalloc checks
[mirror_ubuntu-zesty-kernel.git] / mm / slab.c
CommitLineData
1da177e4
LT		 1/*
2 * linux/mm/slab.c
3 * Written by Mark Hemment, 1996/97.
4 * (markhe@nextd.demon.co.uk)
5 *
6 * kmem_cache_destroy() + some cleanup - 1999 Andrea Arcangeli
7 *
8 * Major cleanup, different bufctl logic, per-cpu arrays
9 * (c) 2000 Manfred Spraul
10 *
11 * Cleanup, make the head arrays unconditional, preparation for NUMA
12 * (c) 2002 Manfred Spraul
13 *
14 * An implementation of the Slab Allocator as described in outline in;
15 * UNIX Internals: The New Frontiers by Uresh Vahalia
16 * Pub: Prentice Hall ISBN 0-13-101908-2
17 * or with a little more detail in;
18 * The Slab Allocator: An Object-Caching Kernel Memory Allocator
19 * Jeff Bonwick (Sun Microsystems).
20 * Presented at: USENIX Summer 1994 Technical Conference
21 *
22 * The memory is organized in caches, one cache for each object type.
23 * (e.g. inode_cache, dentry_cache, buffer_head, vm_area_struct)
24 * Each cache consists out of many slabs (they are small (usually one
25 * page long) and always contiguous), and each slab contains multiple
26 * initialized objects.
27 *
28 * This means, that your constructor is used only for newly allocated
183ff22b 29 * slabs and you must pass objects with the same initializations to
1da177e4
LT		 30 * kmem_cache_free.
31 *
32 * Each cache can only support one memory type (GFP_DMA, GFP_HIGHMEM,
33 * normal). If you need a special memory type, then must create a new
34 * cache for that memory type.
35 *
36 * In order to reduce fragmentation, the slabs are sorted in 3 groups:
37 * full slabs with 0 free objects
38 * partial slabs
39 * empty slabs with no allocated objects
40 *
41 * If partial slabs exist, then new allocations come from these slabs,
42 * otherwise from empty slabs or new slabs are allocated.
43 *
44 * kmem_cache_destroy() CAN CRASH if you try to allocate from the cache
45 * during kmem_cache_destroy(). The caller must prevent concurrent allocs.
46 *
47 * Each cache has a short per-cpu head array, most allocs
48 * and frees go into that array, and if that array overflows, then 1/2
49 * of the entries in the array are given back into the global cache.
50 * The head array is strictly LIFO and should improve the cache hit rates.
51 * On SMP, it additionally reduces the spinlock operations.
52 *
a737b3e2 53 * The c_cpuarray may not be read with enabled local interrupts -
1da177e4
LT		 54 * it's changed with a smp_call_function().
55 *
56 * SMP synchronization:
57 * constructors and destructors are called without any locking.
343e0d7a 58 * Several members in struct kmem_cache and struct slab never change, they
1da177e4
LT		 59 * are accessed without any locking.
60 * The per-cpu arrays are never accessed from the wrong cpu, no locking,
61 * and local interrupts are disabled so slab code is preempt-safe.
62 * The non-constant members are protected with a per-cache irq spinlock.
63 *
64 * Many thanks to Mark Hemment, who wrote another per-cpu slab patch
65 * in 2000 - many ideas in the current implementation are derived from
66 * his patch.
67 *
68 * Further notes from the original documentation:
69 *
70 * 11 April '97. Started multi-threading - markhe
18004c5d 71 * The global cache-chain is protected by the mutex 'slab_mutex'.
1da177e4
LT		 72 * The sem is only needed when accessing/extending the cache-chain, which
73 * can never happen inside an interrupt (kmem_cache_create(),
74 * kmem_cache_shrink() and kmem_cache_reap()).
75 *
76 * At present, each engine can be growing a cache. This should be blocked.
77 *
e498be7d
CL		 78 * 15 March 2005. NUMA slab allocator.
79 * Shai Fultheim <shai@scalex86.org>.
80 * Shobhit Dayal <shobhit@calsoftinc.com>
81 * Alok N Kataria <alokk@calsoftinc.com>
82 * Christoph Lameter <christoph@lameter.com>
83 *
84 * Modified the slab allocator to be node aware on NUMA systems.
85 * Each node has its own list of partial, free and full slabs.
86 * All object allocations for a node occur from node specific slab lists.
1da177e4
LT		 87 */
88
1da177e4 89#include <linux/slab.h>
97d06609 90#include "slab.h"
1da177e4 91#include <linux/mm.h>
c9cf5528 92#include <linux/poison.h>
1da177e4
LT		 93#include <linux/swap.h>
94#include <linux/cache.h>
95#include <linux/interrupt.h>
96#include <linux/init.h>
97#include <linux/compiler.h>
101a5001 98#include <linux/cpuset.h>
a0ec95a8 99#include <linux/proc_fs.h>
1da177e4
LT		 100#include <linux/seq_file.h>
101#include <linux/notifier.h>
102#include <linux/kallsyms.h>
103#include <linux/cpu.h>
104#include <linux/sysctl.h>
105#include <linux/module.h>
106#include <linux/rcupdate.h>
543537bd 107#include <linux/string.h>
138ae663 108#include <linux/uaccess.h>
e498be7d 109#include <linux/nodemask.h>
d5cff635 110#include <linux/kmemleak.h>
dc85da15 111#include <linux/mempolicy.h>
fc0abb14 112#include <linux/mutex.h>
8a8b6502 113#include <linux/fault-inject.h>
e7eebaf6 114#include <linux/rtmutex.h>
6a2d7a95 115#include <linux/reciprocal_div.h>
3ac7fe5a 116#include <linux/debugobjects.h>
c175eea4 117#include <linux/kmemcheck.h>
8f9f8d9e 118#include <linux/memory.h>
268bb0ce 119#include <linux/prefetch.h>
1da177e4 120
1da177e4
LT		 121#include <asm/cacheflush.h>
122#include <asm/tlbflush.h>
123#include <asm/page.h>
124
4dee6b64
SR		 125#include <trace/events/kmem.h>
126
072bb0aa
MG		 127#include "internal.h"
128
1da177e4 129/*
50953fe9 130 * DEBUG - 1 for kmem_cache_create() to honour; SLAB_RED_ZONE & SLAB_POISON.
1da177e4
LT		 131 * 0 for faster, smaller code (especially in the critical paths).
132 *
133 * STATS - 1 to collect stats for /proc/slabinfo.
134 * 0 for faster, smaller code (especially in the critical paths).
135 *
136 * FORCED_DEBUG - 1 enables SLAB_RED_ZONE and SLAB_POISON (if possible)
137 */
138
139#ifdef CONFIG_DEBUG_SLAB
140#define DEBUG 1
141#define STATS 1
142#define FORCED_DEBUG 1
143#else
144#define DEBUG 0
145#define STATS 0
146#define FORCED_DEBUG 0
147#endif
148
1da177e4
LT		 149/* Shouldn't this be in a header file somewhere? */
150#define BYTES_PER_WORD sizeof(void *)
87a927c7 151#define REDZONE_ALIGN max(BYTES_PER_WORD, __alignof__(unsigned long long))
1da177e4 152
1da177e4
LT		 153#ifndef ARCH_KMALLOC_FLAGS
154#define ARCH_KMALLOC_FLAGS SLAB_HWCACHE_ALIGN
155#endif
156
072bb0aa
MG		 157/*
158 * true if a page was allocated from pfmemalloc reserves for network-based
159 * swap
160 */
161static bool pfmemalloc_active __read_mostly;
162
1da177e4
LT		 163/* Legal flag mask for kmem_cache_create(). */
164#if DEBUG
50953fe9 165# define CREATE_MASK (SLAB_RED_ZONE | \
1da177e4 166 SLAB_POISON | SLAB_HWCACHE_ALIGN | \
ac2b898c 167 SLAB_CACHE_DMA | \
5af60839 168 SLAB_STORE_USER | \
1da177e4 169 SLAB_RECLAIM_ACCOUNT | SLAB_PANIC | \
3ac7fe5a 170 SLAB_DESTROY_BY_RCU | SLAB_MEM_SPREAD | \
c175eea4 171 SLAB_DEBUG_OBJECTS | SLAB_NOLEAKTRACE | SLAB_NOTRACK)
1da177e4 172#else
ac2b898c 173# define CREATE_MASK (SLAB_HWCACHE_ALIGN | \
5af60839 174 SLAB_CACHE_DMA | \
1da177e4 175 SLAB_RECLAIM_ACCOUNT | SLAB_PANIC | \
3ac7fe5a 176 SLAB_DESTROY_BY_RCU | SLAB_MEM_SPREAD | \
c175eea4 177 SLAB_DEBUG_OBJECTS | SLAB_NOLEAKTRACE | SLAB_NOTRACK)
1da177e4
LT		 178#endif
179
180/*
181 * kmem_bufctl_t:
182 *
183 * Bufctl's are used for linking objs within a slab
184 * linked offsets.
185 *
186 * This implementation relies on "struct page" for locating the cache &
187 * slab an object belongs to.
188 * This allows the bufctl structure to be small (one int), but limits
189 * the number of objects a slab (not a cache) can contain when off-slab
190 * bufctls are used. The limit is the size of the largest general cache
191 * that does not use off-slab slabs.
192 * For 32bit archs with 4 kB pages, is this 56.
193 * This is not serious, as it is only for large objects, when it is unwise
194 * to have too many per slab.
195 * Note: This limit can be raised by introducing a general cache whose size
196 * is less than 512 (PAGE_SIZE<<3), but greater than 256.
197 */
198
fa5b08d5 199typedef unsigned int kmem_bufctl_t;
1da177e4
LT		 200#define BUFCTL_END (((kmem_bufctl_t)(~0U))-0)
201#define BUFCTL_FREE (((kmem_bufctl_t)(~0U))-1)
871751e2
AV		 202#define BUFCTL_ACTIVE (((kmem_bufctl_t)(~0U))-2)
203#define SLAB_LIMIT (((kmem_bufctl_t)(~0U))-3)
1da177e4 204
1da177e4
LT		 205/*
206 * struct slab_rcu
207 *
208 * slab_destroy on a SLAB_DESTROY_BY_RCU cache uses this structure to
209 * arrange for kmem_freepages to be called via RCU. This is useful if
210 * we need to approach a kernel structure obliquely, from its address
211 * obtained without the usual locking. We can lock the structure to
212 * stabilize it and check it's still at the given address, only if we
213 * can be sure that the memory has not been meanwhile reused for some
214 * other kind of object (which our subsystem's lock might corrupt).
215 *
216 * rcu_read_lock before reading the address, then rcu_read_unlock after
217 * taking the spinlock within the structure expected at that address.
1da177e4
LT		 218 */
219struct slab_rcu {
b28a02de 220 struct rcu_head head;
343e0d7a 221 struct kmem_cache *cachep;
b28a02de 222 void *addr;
1da177e4
LT		 223};
224
5bfe53a7
LJ		 225/*
226 * struct slab
227 *
228 * Manages the objs in a slab. Placed either at the beginning of mem allocated
229 * for a slab, or allocated from an general cache.
230 * Slabs are chained into three list: fully used, partial, fully free slabs.
231 */
232struct slab {
233 union {
234 struct {
235 struct list_head list;
236 unsigned long colouroff;
237 void *s_mem; /* including colour offset */
238 unsigned int inuse; /* num of objs active in slab */
239 kmem_bufctl_t free;
240 unsigned short nodeid;
241 };
242 struct slab_rcu __slab_cover_slab_rcu;
243 };
244};
245
1da177e4
LT		 246/*
247 * struct array_cache
248 *
1da177e4
LT		 249 * Purpose:
250 * - LIFO ordering, to hand out cache-warm objects from _alloc
251 * - reduce the number of linked list operations
252 * - reduce spinlock operations
253 *
254 * The limit is stored in the per-cpu structure to reduce the data cache
255 * footprint.
256 *
257 */
258struct array_cache {
259 unsigned int avail;
260 unsigned int limit;
261 unsigned int batchcount;
262 unsigned int touched;
e498be7d 263 spinlock_t lock;
bda5b655 264 void *entry[]; /*
a737b3e2
AM		 265 * Must have this definition in here for the proper
266 * alignment of array_cache. Also simplifies accessing
267 * the entries.
072bb0aa
MG		 268 *
269 * Entries should not be directly dereferenced as
270 * entries belonging to slabs marked pfmemalloc will
271 * have the lower bits set SLAB_OBJ_PFMEMALLOC
a737b3e2 272 */
1da177e4
LT		 273};
274
072bb0aa
MG		 275#define SLAB_OBJ_PFMEMALLOC 1
276static inline bool is_obj_pfmemalloc(void *objp)
277{
278 return (unsigned long)objp & SLAB_OBJ_PFMEMALLOC;
279}
280
281static inline void set_obj_pfmemalloc(void **objp)
282{
283 *objp = (void *)((unsigned long)*objp | SLAB_OBJ_PFMEMALLOC);
284 return;
285}
286
287static inline void clear_obj_pfmemalloc(void **objp)
288{
289 *objp = (void *)((unsigned long)*objp & ~SLAB_OBJ_PFMEMALLOC);
290}
291
a737b3e2
AM		 292/*
293 * bootstrap: The caches do not work without cpuarrays anymore, but the
294 * cpuarrays are allocated from the generic caches...
1da177e4
LT		 295 */
296#define BOOT_CPUCACHE_ENTRIES 1
297struct arraycache_init {
298 struct array_cache cache;
b28a02de 299 void *entries[BOOT_CPUCACHE_ENTRIES];
1da177e4
LT		 300};
301
302/*
e498be7d 303 * The slab lists for all objects.
1da177e4
LT		 304 */
305struct kmem_list3 {
b28a02de
PE		 306 struct list_head slabs_partial; /* partial list first, better asm code */
307 struct list_head slabs_full;
308 struct list_head slabs_free;
309 unsigned long free_objects;
b28a02de 310 unsigned int free_limit;
2e1217cf 311 unsigned int colour_next; /* Per-node cache coloring */
b28a02de
PE		 312 spinlock_t list_lock;
313 struct array_cache *shared; /* shared per node */
314 struct array_cache **alien; /* on other nodes */
35386e3b
CL		 315 unsigned long next_reap; /* updated without locking */
316 int free_touched; /* updated without locking */
1da177e4
LT		 317};
318
e498be7d
CL		 319/*
320 * Need this for bootstrapping a per node allocator.
321 */
556a169d 322#define NUM_INIT_LISTS (3 * MAX_NUMNODES)
68a1b195 323static struct kmem_list3 __initdata initkmem_list3[NUM_INIT_LISTS];
e498be7d 324#define CACHE_CACHE 0
556a169d
PE		 325#define SIZE_AC MAX_NUMNODES
326#define SIZE_L3 (2 * MAX_NUMNODES)
e498be7d 327
ed11d9eb
CL		 328static int drain_freelist(struct kmem_cache *cache,
329 struct kmem_list3 *l3, int tofree);
330static void free_block(struct kmem_cache *cachep, void **objpp, int len,
331 int node);
83b519e8 332static int enable_cpucache(struct kmem_cache *cachep, gfp_t gfp);
65f27f38 333static void cache_reap(struct work_struct *unused);
ed11d9eb 334
e498be7d 335/*
a737b3e2
AM		 336 * This function must be completely optimized away if a constant is passed to
337 * it. Mostly the same as what is in linux/slab.h except it returns an index.
e498be7d 338 */
7243cc05 339static __always_inline int index_of(const size_t size)
e498be7d 340{
5ec8a847
SR		 341 extern void __bad_size(void);
342
e498be7d
CL		 343 if (__builtin_constant_p(size)) {
344 int i = 0;
345
346#define CACHE(x) \
347 if (size <=x) \
348 return i; \
349 else \
350 i++;
1c61fc40 351#include <linux/kmalloc_sizes.h>
e498be7d 352#undef CACHE
5ec8a847 353 __bad_size();
7243cc05 354 } else
5ec8a847 355 __bad_size();
e498be7d
CL		 356 return 0;
357}
358
e0a42726
IM		 359static int slab_early_init = 1;
360
e498be7d
CL		 361#define INDEX_AC index_of(sizeof(struct arraycache_init))
362#define INDEX_L3 index_of(sizeof(struct kmem_list3))
1da177e4 363
5295a74c 364static void kmem_list3_init(struct kmem_list3 *parent)
e498be7d
CL		 365{
366 INIT_LIST_HEAD(&parent->slabs_full);
367 INIT_LIST_HEAD(&parent->slabs_partial);
368 INIT_LIST_HEAD(&parent->slabs_free);
369 parent->shared = NULL;
370 parent->alien = NULL;
2e1217cf 371 parent->colour_next = 0;
e498be7d
CL		 372 spin_lock_init(&parent->list_lock);
373 parent->free_objects = 0;
374 parent->free_touched = 0;
375}
376
a737b3e2
AM		 377#define MAKE_LIST(cachep, listp, slab, nodeid) \
378 do { \
379 INIT_LIST_HEAD(listp); \
380 list_splice(&(cachep->nodelists[nodeid]->slab), listp); \
e498be7d
CL		 381 } while (0)
382
a737b3e2
AM		 383#define MAKE_ALL_LISTS(cachep, ptr, nodeid) \
384 do { \
e498be7d
CL		 385 MAKE_LIST((cachep), (&(ptr)->slabs_full), slabs_full, nodeid); \
386 MAKE_LIST((cachep), (&(ptr)->slabs_partial), slabs_partial, nodeid); \
387 MAKE_LIST((cachep), (&(ptr)->slabs_free), slabs_free, nodeid); \
388 } while (0)
1da177e4 389
1da177e4
LT		 390#define CFLGS_OFF_SLAB (0x80000000UL)
391#define OFF_SLAB(x) ((x)->flags & CFLGS_OFF_SLAB)
392
393#define BATCHREFILL_LIMIT 16
a737b3e2
AM		 394/*
395 * Optimization question: fewer reaps means less probability for unnessary
396 * cpucache drain/refill cycles.
1da177e4 397 *
dc6f3f27 398 * OTOH the cpuarrays can contain lots of objects,
1da177e4
LT		 399 * which could lock up otherwise freeable slabs.
400 */
401#define REAPTIMEOUT_CPUC (2*HZ)
402#define REAPTIMEOUT_LIST3 (4*HZ)
403
404#if STATS
405#define STATS_INC_ACTIVE(x) ((x)->num_active++)
406#define STATS_DEC_ACTIVE(x) ((x)->num_active--)
407#define STATS_INC_ALLOCED(x) ((x)->num_allocations++)
408#define STATS_INC_GROWN(x) ((x)->grown++)
ed11d9eb 409#define STATS_ADD_REAPED(x,y) ((x)->reaped += (y))
a737b3e2
AM		 410#define STATS_SET_HIGH(x) \
411 do { \
412 if ((x)->num_active > (x)->high_mark) \
413 (x)->high_mark = (x)->num_active; \
414 } while (0)
1da177e4
LT		 415#define STATS_INC_ERR(x) ((x)->errors++)
416#define STATS_INC_NODEALLOCS(x) ((x)->node_allocs++)
e498be7d 417#define STATS_INC_NODEFREES(x) ((x)->node_frees++)
fb7faf33 418#define STATS_INC_ACOVERFLOW(x) ((x)->node_overflow++)
a737b3e2
AM		 419#define STATS_SET_FREEABLE(x, i) \
420 do { \
421 if ((x)->max_freeable < i) \
422 (x)->max_freeable = i; \
423 } while (0)
1da177e4
LT		 424#define STATS_INC_ALLOCHIT(x) atomic_inc(&(x)->allochit)
425#define STATS_INC_ALLOCMISS(x) atomic_inc(&(x)->allocmiss)
426#define STATS_INC_FREEHIT(x) atomic_inc(&(x)->freehit)
427#define STATS_INC_FREEMISS(x) atomic_inc(&(x)->freemiss)
428#else
429#define STATS_INC_ACTIVE(x) do { } while (0)
430#define STATS_DEC_ACTIVE(x) do { } while (0)
431#define STATS_INC_ALLOCED(x) do { } while (0)
432#define STATS_INC_GROWN(x) do { } while (0)
4e60c86b 433#define STATS_ADD_REAPED(x,y) do { (void)(y); } while (0)
1da177e4
LT		 434#define STATS_SET_HIGH(x) do { } while (0)
435#define STATS_INC_ERR(x) do { } while (0)
436#define STATS_INC_NODEALLOCS(x) do { } while (0)
e498be7d 437#define STATS_INC_NODEFREES(x) do { } while (0)
fb7faf33 438#define STATS_INC_ACOVERFLOW(x) do { } while (0)
a737b3e2 439#define STATS_SET_FREEABLE(x, i) do { } while (0)
1da177e4
LT		 440#define STATS_INC_ALLOCHIT(x) do { } while (0)
441#define STATS_INC_ALLOCMISS(x) do { } while (0)
442#define STATS_INC_FREEHIT(x) do { } while (0)
443#define STATS_INC_FREEMISS(x) do { } while (0)
444#endif
445
446#if DEBUG
1da177e4 447
a737b3e2
AM		 448/*
449 * memory layout of objects:
1da177e4 450 * 0 : objp
3dafccf2 451 * 0 .. cachep->obj_offset - BYTES_PER_WORD - 1: padding. This ensures that
1da177e4
LT		 452 * the end of an object is aligned with the end of the real
453 * allocation. Catches writes behind the end of the allocation.
3dafccf2 454 * cachep->obj_offset - BYTES_PER_WORD .. cachep->obj_offset - 1:
1da177e4 455 * redzone word.
3dafccf2 456 * cachep->obj_offset: The real object.
3b0efdfa
CL		 457 * cachep->size - 2* BYTES_PER_WORD: redzone word [BYTES_PER_WORD long]
458 * cachep->size - 1* BYTES_PER_WORD: last caller address
a737b3e2 459 * [BYTES_PER_WORD long]
1da177e4 460 */
343e0d7a 461static int obj_offset(struct kmem_cache *cachep)
1da177e4 462{
3dafccf2 463 return cachep->obj_offset;
1da177e4
LT		 464}
465
b46b8f19 466static unsigned long long *dbg_redzone1(struct kmem_cache *cachep, void *objp)
1da177e4
LT		 467{
468 BUG_ON(!(cachep->flags & SLAB_RED_ZONE));
b46b8f19
DW		 469 return (unsigned long long*) (objp + obj_offset(cachep) -
470 sizeof(unsigned long long));
1da177e4
LT		 471}
472
b46b8f19 473static unsigned long long *dbg_redzone2(struct kmem_cache *cachep, void *objp)
1da177e4
LT		 474{
475 BUG_ON(!(cachep->flags & SLAB_RED_ZONE));
476 if (cachep->flags & SLAB_STORE_USER)
3b0efdfa 477 return (unsigned long long *)(objp + cachep->size -
b46b8f19 478 sizeof(unsigned long long) -
87a927c7 479 REDZONE_ALIGN);
3b0efdfa 480 return (unsigned long long *) (objp + cachep->size -
b46b8f19 481 sizeof(unsigned long long));
1da177e4
LT		 482}
483
343e0d7a 484static void **dbg_userword(struct kmem_cache *cachep, void *objp)
1da177e4
LT		 485{
486 BUG_ON(!(cachep->flags & SLAB_STORE_USER));
3b0efdfa 487 return (void **)(objp + cachep->size - BYTES_PER_WORD);
1da177e4
LT		 488}
489
490#else
491
3dafccf2 492#define obj_offset(x) 0
b46b8f19
DW		 493#define dbg_redzone1(cachep, objp) ({BUG(); (unsigned long long *)NULL;})
494#define dbg_redzone2(cachep, objp) ({BUG(); (unsigned long long *)NULL;})
1da177e4
LT		 495#define dbg_userword(cachep, objp) ({BUG(); (void **)NULL;})
496
497#endif
498
0f24f128 499#ifdef CONFIG_TRACING
36555751
EGM		 500size_t slab_buffer_size(struct kmem_cache *cachep)
501{
3b0efdfa 502 return cachep->size;
36555751
EGM		 503}
504EXPORT_SYMBOL(slab_buffer_size);
505#endif
506
1da177e4 507/*
3df1cccd
DR		 508 * Do not go above this order unless 0 objects fit into the slab or
509 * overridden on the command line.
1da177e4 510 */
543585cc
DR		 511#define SLAB_MAX_ORDER_HI 1
512#define SLAB_MAX_ORDER_LO 0
513static int slab_max_order = SLAB_MAX_ORDER_LO;
3df1cccd 514static bool slab_max_order_set __initdata;
1da177e4 515
065d41cb
PE		 516static inline struct kmem_cache *page_get_cache(struct page *page)
517{
d85f3385 518 page = compound_head(page);
ddc2e812 519 BUG_ON(!PageSlab(page));
e571b0ad 520 return page->slab_cache;
065d41cb
PE		 521}
522
6ed5eb22
PE		 523static inline struct kmem_cache *virt_to_cache(const void *obj)
524{
b49af68f 525 struct page *page = virt_to_head_page(obj);
35026088 526 return page->slab_cache;
6ed5eb22
PE		 527}
528
529static inline struct slab *virt_to_slab(const void *obj)
530{
b49af68f 531 struct page *page = virt_to_head_page(obj);
35026088
CL		 532
533 VM_BUG_ON(!PageSlab(page));
534 return page->slab_page;
6ed5eb22
PE		 535}
536
8fea4e96
PE		 537static inline void *index_to_obj(struct kmem_cache *cache, struct slab *slab,
538 unsigned int idx)
539{
3b0efdfa 540 return slab->s_mem + cache->size * idx;
8fea4e96
PE		 541}
542
6a2d7a95 543/*
3b0efdfa
CL		 544 * We want to avoid an expensive divide : (offset / cache->size)
545 * Using the fact that size is a constant for a particular cache,
546 * we can replace (offset / cache->size) by
6a2d7a95
ED		 547 * reciprocal_divide(offset, cache->reciprocal_buffer_size)
548 */
549static inline unsigned int obj_to_index(const struct kmem_cache *cache,
550 const struct slab *slab, void *obj)
8fea4e96 551{
6a2d7a95
ED		 552 u32 offset = (obj - slab->s_mem);
553 return reciprocal_divide(offset, cache->reciprocal_buffer_size);
8fea4e96
PE		 554}
555
a737b3e2
AM		 556/*
557 * These are the default caches for kmalloc. Custom caches can have other sizes.
558 */
1da177e4
LT		 559struct cache_sizes malloc_sizes[] = {
560#define CACHE(x) { .cs_size = (x) },
561#include <linux/kmalloc_sizes.h>
562 CACHE(ULONG_MAX)
563#undef CACHE
564};
565EXPORT_SYMBOL(malloc_sizes);
566
567/* Must match cache_sizes above. Out of line to keep cache footprint low. */
568struct cache_names {
569 char *name;
570 char *name_dma;
571};
572
573static struct cache_names __initdata cache_names[] = {
574#define CACHE(x) { .name = "size-" #x, .name_dma = "size-" #x "(DMA)" },
575#include <linux/kmalloc_sizes.h>
b28a02de 576 {NULL,}
1da177e4
LT		 577#undef CACHE
578};
579
580static struct arraycache_init initarray_cache __initdata =
b28a02de 581 { {0, BOOT_CPUCACHE_ENTRIES, 1, 0} };
1da177e4 582static struct arraycache_init initarray_generic =
b28a02de 583 { {0, BOOT_CPUCACHE_ENTRIES, 1, 0} };
1da177e4
LT		 584
585/* internal cache of cache description objs */
b56efcf0 586static struct kmem_list3 *cache_cache_nodelists[MAX_NUMNODES];
343e0d7a 587static struct kmem_cache cache_cache = {
b56efcf0 588 .nodelists = cache_cache_nodelists,
b28a02de
PE		 589 .batchcount = 1,
590 .limit = BOOT_CPUCACHE_ENTRIES,
591 .shared = 1,
3b0efdfa 592 .size = sizeof(struct kmem_cache),
b28a02de 593 .name = "kmem_cache",
1da177e4
LT		 594};
595
056c6241
RT		 596#define BAD_ALIEN_MAGIC 0x01020304ul
597
f1aaee53
AV		 598#ifdef CONFIG_LOCKDEP
599
600/*
601 * Slab sometimes uses the kmalloc slabs to store the slab headers
602 * for other slabs "off slab".
603 * The locking for this is tricky in that it nests within the locks
604 * of all other slabs in a few places; to deal with this special
605 * locking we put on-slab caches into a separate lock-class.
056c6241
RT		 606 *
607 * We set lock class for alien array caches which are up during init.
608 * The lock annotation will be lost if all cpus of a node goes down and
609 * then comes back up during hotplug
f1aaee53 610 */
056c6241
RT		 611static struct lock_class_key on_slab_l3_key;
612static struct lock_class_key on_slab_alc_key;
613
83835b3d
PZ		 614static struct lock_class_key debugobj_l3_key;
615static struct lock_class_key debugobj_alc_key;
616
617static void slab_set_lock_classes(struct kmem_cache *cachep,
618 struct lock_class_key *l3_key, struct lock_class_key *alc_key,
619 int q)
620{
621 struct array_cache **alc;
622 struct kmem_list3 *l3;
623 int r;
624
625 l3 = cachep->nodelists[q];
626 if (!l3)
627 return;
628
629 lockdep_set_class(&l3->list_lock, l3_key);
630 alc = l3->alien;
631 /*
632 * FIXME: This check for BAD_ALIEN_MAGIC
633 * should go away when common slab code is taught to
634 * work even without alien caches.
635 * Currently, non NUMA code returns BAD_ALIEN_MAGIC
636 * for alloc_alien_cache,
637 */
638 if (!alc || (unsigned long)alc == BAD_ALIEN_MAGIC)
639 return;
640 for_each_node(r) {
641 if (alc[r])
642 lockdep_set_class(&alc[r]->lock, alc_key);
643 }
644}
645
646static void slab_set_debugobj_lock_classes_node(struct kmem_cache *cachep, int node)
647{
648 slab_set_lock_classes(cachep, &debugobj_l3_key, &debugobj_alc_key, node);
649}
650
651static void slab_set_debugobj_lock_classes(struct kmem_cache *cachep)
652{
653 int node;
654
655 for_each_online_node(node)
656 slab_set_debugobj_lock_classes_node(cachep, node);
657}
658
ce79ddc8 659static void init_node_lock_keys(int q)
f1aaee53 660{
056c6241
RT		 661 struct cache_sizes *s = malloc_sizes;
662
97d06609 663 if (slab_state < UP)
ce79ddc8
PE		 664 return;
665
666 for (s = malloc_sizes; s->cs_size != ULONG_MAX; s++) {
ce79ddc8 667 struct kmem_list3 *l3;
ce79ddc8
PE		 668
669 l3 = s->cs_cachep->nodelists[q];
670 if (!l3 || OFF_SLAB(s->cs_cachep))
00afa758 671 continue;
83835b3d
PZ		 672
673 slab_set_lock_classes(s->cs_cachep, &on_slab_l3_key,
674 &on_slab_alc_key, q);
f1aaee53
AV		 675 }
676}
ce79ddc8
PE		 677
678static inline void init_lock_keys(void)
679{
680 int node;
681
682 for_each_node(node)
683 init_node_lock_keys(node);
684}
f1aaee53 685#else
ce79ddc8
PE		 686static void init_node_lock_keys(int q)
687{
688}
689
056c6241 690static inline void init_lock_keys(void)
f1aaee53
AV		 691{
692}
83835b3d
PZ		 693
694static void slab_set_debugobj_lock_classes_node(struct kmem_cache *cachep, int node)
695{
696}
697
698static void slab_set_debugobj_lock_classes(struct kmem_cache *cachep)
699{
700}
f1aaee53
AV		 701#endif
702
1871e52c 703static DEFINE_PER_CPU(struct delayed_work, slab_reap_work);
1da177e4 704
343e0d7a 705static inline struct array_cache *cpu_cache_get(struct kmem_cache *cachep)
1da177e4
LT		 706{
707 return cachep->array[smp_processor_id()];
708}
709
a737b3e2
AM		 710static inline struct kmem_cache *__find_general_cachep(size_t size,
711 gfp_t gfpflags)
1da177e4
LT		 712{
713 struct cache_sizes *csizep = malloc_sizes;
714
715#if DEBUG
716 /* This happens if someone tries to call
b28a02de
PE		 717 * kmem_cache_create(), or __kmalloc(), before
718 * the generic caches are initialized.
719 */
c7e43c78 720 BUG_ON(malloc_sizes[INDEX_AC].cs_cachep == NULL);
1da177e4 721#endif
6cb8f913
CL		 722 if (!size)
723 return ZERO_SIZE_PTR;
724
1da177e4
LT		 725 while (size > csizep->cs_size)
726 csizep++;
727
728 /*
0abf40c1 729 * Really subtle: The last entry with cs->cs_size==ULONG_MAX
1da177e4
LT		 730 * has cs_{dma,}cachep==NULL. Thus no special case
731 * for large kmalloc calls required.
732 */
4b51d669 733#ifdef CONFIG_ZONE_DMA
1da177e4
LT		 734 if (unlikely(gfpflags & GFP_DMA))
735 return csizep->cs_dmacachep;
4b51d669 736#endif
1da177e4
LT		 737 return csizep->cs_cachep;
738}
739
b221385b 740static struct kmem_cache *kmem_find_general_cachep(size_t size, gfp_t gfpflags)
97e2bde4
MS		 741{
742 return __find_general_cachep(size, gfpflags);
743}
97e2bde4 744
fbaccacf 745static size_t slab_mgmt_size(size_t nr_objs, size_t align)
1da177e4 746{
fbaccacf
SR		 747 return ALIGN(sizeof(struct slab)+nr_objs*sizeof(kmem_bufctl_t), align);
748}
1da177e4 749
a737b3e2
AM		 750/*
751 * Calculate the number of objects and left-over bytes for a given buffer size.
752 */
fbaccacf
SR		 753static void cache_estimate(unsigned long gfporder, size_t buffer_size,
754 size_t align, int flags, size_t *left_over,
755 unsigned int *num)
756{
757 int nr_objs;
758 size_t mgmt_size;
759 size_t slab_size = PAGE_SIZE << gfporder;
1da177e4 760
fbaccacf
SR		 761 /*
762 * The slab management structure can be either off the slab or
763 * on it. For the latter case, the memory allocated for a
764 * slab is used for:
765 *
766 * - The struct slab
767 * - One kmem_bufctl_t for each object
768 * - Padding to respect alignment of @align
769 * - @buffer_size bytes for each object
770 *
771 * If the slab management structure is off the slab, then the
772 * alignment will already be calculated into the size. Because
773 * the slabs are all pages aligned, the objects will be at the
774 * correct alignment when allocated.
775 */
776 if (flags & CFLGS_OFF_SLAB) {
777 mgmt_size = 0;
778 nr_objs = slab_size / buffer_size;
779
780 if (nr_objs > SLAB_LIMIT)
781 nr_objs = SLAB_LIMIT;
782 } else {
783 /*
784 * Ignore padding for the initial guess. The padding
785 * is at most @align-1 bytes, and @buffer_size is at
786 * least @align. In the worst case, this result will
787 * be one greater than the number of objects that fit
788 * into the memory allocation when taking the padding
789 * into account.
790 */
791 nr_objs = (slab_size - sizeof(struct slab)) /
792 (buffer_size + sizeof(kmem_bufctl_t));
793
794 /*
795 * This calculated number will be either the right
796 * amount, or one greater than what we want.
797 */
798 if (slab_mgmt_size(nr_objs, align) + nr_objs*buffer_size
799 > slab_size)
800 nr_objs--;
801
802 if (nr_objs > SLAB_LIMIT)
803 nr_objs = SLAB_LIMIT;
804
805 mgmt_size = slab_mgmt_size(nr_objs, align);
806 }
807 *num = nr_objs;
808 *left_over = slab_size - nr_objs*buffer_size - mgmt_size;
1da177e4
LT		 809}
810
d40cee24 811#define slab_error(cachep, msg) __slab_error(__func__, cachep, msg)
1da177e4 812
a737b3e2
AM		 813static void __slab_error(const char *function, struct kmem_cache *cachep,
814 char *msg)
1da177e4
LT		 815{
816 printk(KERN_ERR "slab error in %s(): cache `%s': %s\n",
b28a02de 817 function, cachep->name, msg);
1da177e4
LT		 818 dump_stack();
819}
820
3395ee05
PM		 821/*
822 * By default on NUMA we use alien caches to stage the freeing of
823 * objects allocated from other nodes. This causes massive memory
824 * inefficiencies when using fake NUMA setup to split memory into a
825 * large number of small nodes, so it can be disabled on the command
826 * line
827 */
828
829static int use_alien_caches __read_mostly = 1;
830static int __init noaliencache_setup(char *s)
831{
832 use_alien_caches = 0;
833 return 1;
834}
835__setup("noaliencache", noaliencache_setup);
836
3df1cccd
DR		 837static int __init slab_max_order_setup(char *str)
838{
839 get_option(&str, &slab_max_order);
840 slab_max_order = slab_max_order < 0 ? 0 :
841 min(slab_max_order, MAX_ORDER - 1);
842 slab_max_order_set = true;
843
844 return 1;
845}
846__setup("slab_max_order=", slab_max_order_setup);
847
8fce4d8e
CL		 848#ifdef CONFIG_NUMA
849/*
850 * Special reaping functions for NUMA systems called from cache_reap().
851 * These take care of doing round robin flushing of alien caches (containing
852 * objects freed on different nodes from which they were allocated) and the
853 * flushing of remote pcps by calling drain_node_pages.
854 */
1871e52c 855static DEFINE_PER_CPU(unsigned long, slab_reap_node);
8fce4d8e
CL		 856
857static void init_reap_node(int cpu)
858{
859 int node;
860
7d6e6d09 861 node = next_node(cpu_to_mem(cpu), node_online_map);
8fce4d8e 862 if (node == MAX_NUMNODES)
442295c9 863 node = first_node(node_online_map);
8fce4d8e 864
1871e52c 865 per_cpu(slab_reap_node, cpu) = node;
8fce4d8e
CL		 866}
867
868static void next_reap_node(void)
869{
909ea964 870 int node = __this_cpu_read(slab_reap_node);
8fce4d8e 871
8fce4d8e
CL		 872 node = next_node(node, node_online_map);
873 if (unlikely(node >= MAX_NUMNODES))
874 node = first_node(node_online_map);
909ea964 875 __this_cpu_write(slab_reap_node, node);
8fce4d8e
CL		 876}
877
878#else
879#define init_reap_node(cpu) do { } while (0)
880#define next_reap_node(void) do { } while (0)
881#endif
882
1da177e4
LT		 883/*
884 * Initiate the reap timer running on the target CPU. We run at around 1 to 2Hz
885 * via the workqueue/eventd.
886 * Add the CPU number into the expiration time to minimize the possibility of
887 * the CPUs getting into lockstep and contending for the global cache chain
888 * lock.
889 */
897e679b 890static void __cpuinit start_cpu_timer(int cpu)
1da177e4 891{
1871e52c 892 struct delayed_work *reap_work = &per_cpu(slab_reap_work, cpu);
1da177e4
LT		 893
894 /*
895 * When this gets called from do_initcalls via cpucache_init(),
896 * init_workqueues() has already run, so keventd will be setup
897 * at that time.
898 */
52bad64d 899 if (keventd_up() && reap_work->work.func == NULL) {
8fce4d8e 900 init_reap_node(cpu);
78b43536 901 INIT_DELAYED_WORK_DEFERRABLE(reap_work, cache_reap);
2b284214
AV		 902 schedule_delayed_work_on(cpu, reap_work,
903 __round_jiffies_relative(HZ, cpu));
1da177e4
LT		 904 }
905}
906
e498be7d 907static struct array_cache *alloc_arraycache(int node, int entries,
83b519e8 908 int batchcount, gfp_t gfp)
1da177e4 909{
b28a02de 910 int memsize = sizeof(void *) * entries + sizeof(struct array_cache);
1da177e4
LT		 911 struct array_cache *nc = NULL;
912
83b519e8 913 nc = kmalloc_node(memsize, gfp, node);
d5cff635
CM		 914 /*
915 * The array_cache structures contain pointers to free object.
25985edc 916 * However, when such objects are allocated or transferred to another
d5cff635
CM		 917 * cache the pointers are not cleared and they could be counted as
918 * valid references during a kmemleak scan. Therefore, kmemleak must
919 * not scan such objects.
920 */
921 kmemleak_no_scan(nc);
1da177e4
LT		 922 if (nc) {
923 nc->avail = 0;
924 nc->limit = entries;
925 nc->batchcount = batchcount;
926 nc->touched = 0;
e498be7d 927 spin_lock_init(&nc->lock);
1da177e4
LT		 928 }
929 return nc;
930}
931
072bb0aa
MG		 932static inline bool is_slab_pfmemalloc(struct slab *slabp)
933{
934 struct page *page = virt_to_page(slabp->s_mem);
935
936 return PageSlabPfmemalloc(page);
937}
938
939/* Clears pfmemalloc_active if no slabs have pfmalloc set */
940static void recheck_pfmemalloc_active(struct kmem_cache *cachep,
941 struct array_cache *ac)
942{
943 struct kmem_list3 *l3 = cachep->nodelists[numa_mem_id()];
944 struct slab *slabp;
945 unsigned long flags;
946
947 if (!pfmemalloc_active)
948 return;
949
950 spin_lock_irqsave(&l3->list_lock, flags);
951 list_for_each_entry(slabp, &l3->slabs_full, list)
952 if (is_slab_pfmemalloc(slabp))
953 goto out;
954
955 list_for_each_entry(slabp, &l3->slabs_partial, list)
956 if (is_slab_pfmemalloc(slabp))
957 goto out;
958
959 list_for_each_entry(slabp, &l3->slabs_free, list)
960 if (is_slab_pfmemalloc(slabp))
961 goto out;
962
963 pfmemalloc_active = false;
964out:
965 spin_unlock_irqrestore(&l3->list_lock, flags);
966}
967
968static void *ac_get_obj(struct kmem_cache *cachep, struct array_cache *ac,
969 gfp_t flags, bool force_refill)
970{
971 int i;
972 void *objp = ac->entry[--ac->avail];
973
974 /* Ensure the caller is allowed to use objects from PFMEMALLOC slab */
975 if (unlikely(is_obj_pfmemalloc(objp))) {
976 struct kmem_list3 *l3;
977
978 if (gfp_pfmemalloc_allowed(flags)) {
979 clear_obj_pfmemalloc(&objp);
980 return objp;
981 }
982
983 /* The caller cannot use PFMEMALLOC objects, find another one */
984 for (i = 1; i < ac->avail; i++) {
985 /* If a !PFMEMALLOC object is found, swap them */
986 if (!is_obj_pfmemalloc(ac->entry[i])) {
987 objp = ac->entry[i];
988 ac->entry[i] = ac->entry[ac->avail];
989 ac->entry[ac->avail] = objp;
990 return objp;
991 }
992 }
993
994 /*
995 * If there are empty slabs on the slabs_free list and we are
996 * being forced to refill the cache, mark this one !pfmemalloc.
997 */
998 l3 = cachep->nodelists[numa_mem_id()];
999 if (!list_empty(&l3->slabs_free) && force_refill) {
1000 struct slab *slabp = virt_to_slab(objp);
1001 ClearPageSlabPfmemalloc(virt_to_page(slabp->s_mem));
1002 clear_obj_pfmemalloc(&objp);
1003 recheck_pfmemalloc_active(cachep, ac);
1004 return objp;
1005 }
1006
1007 /* No !PFMEMALLOC objects available */
1008 ac->avail++;
1009 objp = NULL;
1010 }
1011
1012 return objp;
1013}
1014
1015static void ac_put_obj(struct kmem_cache *cachep, struct array_cache *ac,
1016 void *objp)
1017{
1018 if (unlikely(pfmemalloc_active)) {
1019 /* Some pfmemalloc slabs exist, check if this is one */
1020 struct page *page = virt_to_page(objp);
1021 if (PageSlabPfmemalloc(page))
1022 set_obj_pfmemalloc(&objp);
1023 }
1024
1025 ac->entry[ac->avail++] = objp;
1026}
1027
3ded175a
CL		 1028/*
1029 * Transfer objects in one arraycache to another.
1030 * Locking must be handled by the caller.
1031 *
1032 * Return the number of entries transferred.
1033 */
1034static int transfer_objects(struct array_cache *to,
1035 struct array_cache *from, unsigned int max)
1036{
1037 /* Figure out how many entries to transfer */
732eacc0 1038 int nr = min3(from->avail, max, to->limit - to->avail);
3ded175a
CL		 1039
1040 if (!nr)
1041 return 0;
1042
1043 memcpy(to->entry + to->avail, from->entry + from->avail -nr,
1044 sizeof(void *) *nr);
1045
1046 from->avail -= nr;
1047 to->avail += nr;
3ded175a
CL		 1048 return nr;
1049}
1050
765c4507
CL		 1051#ifndef CONFIG_NUMA
1052
1053#define drain_alien_cache(cachep, alien) do { } while (0)
1054#define reap_alien(cachep, l3) do { } while (0)
1055
83b519e8 1056static inline struct array_cache **alloc_alien_cache(int node, int limit, gfp_t gfp)
765c4507
CL		 1057{
1058 return (struct array_cache **)BAD_ALIEN_MAGIC;
1059}
1060
1061static inline void free_alien_cache(struct array_cache **ac_ptr)
1062{
1063}
1064
1065static inline int cache_free_alien(struct kmem_cache *cachep, void *objp)
1066{
1067 return 0;
1068}
1069
1070static inline void *alternate_node_alloc(struct kmem_cache *cachep,
1071 gfp_t flags)
1072{
1073 return NULL;
1074}
1075
8b98c169 1076static inline void *____cache_alloc_node(struct kmem_cache *cachep,
765c4507
CL		 1077 gfp_t flags, int nodeid)
1078{
1079 return NULL;
1080}
1081
1082#else /* CONFIG_NUMA */
1083
8b98c169 1084static void *____cache_alloc_node(struct kmem_cache *, gfp_t, int);
c61afb18 1085static void *alternate_node_alloc(struct kmem_cache *, gfp_t);
dc85da15 1086
83b519e8 1087static struct array_cache **alloc_alien_cache(int node, int limit, gfp_t gfp)
e498be7d
CL		 1088{
1089 struct array_cache **ac_ptr;
8ef82866 1090 int memsize = sizeof(void *) * nr_node_ids;
e498be7d
CL		 1091 int i;
1092
1093 if (limit > 1)
1094 limit = 12;
f3186a9c 1095 ac_ptr = kzalloc_node(memsize, gfp, node);
e498be7d
CL		 1096 if (ac_ptr) {
1097 for_each_node(i) {
f3186a9c 1098 if (i == node || !node_online(i))
e498be7d 1099 continue;
83b519e8 1100 ac_ptr[i] = alloc_arraycache(node, limit, 0xbaadf00d, gfp);
e498be7d 1101 if (!ac_ptr[i]) {
cc550def 1102 for (i--; i >= 0; i--)
e498be7d
CL		 1103 kfree(ac_ptr[i]);
1104 kfree(ac_ptr);
1105 return NULL;
1106 }
1107 }
1108 }
1109 return ac_ptr;
1110}
1111
5295a74c 1112static void free_alien_cache(struct array_cache **ac_ptr)
e498be7d
CL		 1113{
1114 int i;
1115
1116 if (!ac_ptr)
1117 return;
e498be7d 1118 for_each_node(i)
b28a02de 1119 kfree(ac_ptr[i]);
e498be7d
CL		 1120 kfree(ac_ptr);
1121}
1122
343e0d7a 1123static void __drain_alien_cache(struct kmem_cache *cachep,
5295a74c 1124 struct array_cache *ac, int node)
e498be7d
CL		 1125{
1126 struct kmem_list3 *rl3 = cachep->nodelists[node];
1127
1128 if (ac->avail) {
1129 spin_lock(&rl3->list_lock);
e00946fe
CL		 1130 /*
1131 * Stuff objects into the remote nodes shared array first.
1132 * That way we could avoid the overhead of putting the objects
1133 * into the free lists and getting them back later.
1134 */
693f7d36
JS		 1135 if (rl3->shared)
1136 transfer_objects(rl3->shared, ac, ac->limit);
e00946fe 1137
ff69416e 1138 free_block(cachep, ac->entry, ac->avail, node);
e498be7d
CL		 1139 ac->avail = 0;
1140 spin_unlock(&rl3->list_lock);
1141 }
1142}
1143
8fce4d8e
CL		 1144/*
1145 * Called from cache_reap() to regularly drain alien caches round robin.
1146 */
1147static void reap_alien(struct kmem_cache *cachep, struct kmem_list3 *l3)
1148{
909ea964 1149 int node = __this_cpu_read(slab_reap_node);
8fce4d8e
CL		 1150
1151 if (l3->alien) {
1152 struct array_cache *ac = l3->alien[node];
e00946fe
CL		 1153
1154 if (ac && ac->avail && spin_trylock_irq(&ac->lock)) {
8fce4d8e
CL		 1155 __drain_alien_cache(cachep, ac, node);
1156 spin_unlock_irq(&ac->lock);
1157 }
1158 }
1159}
1160
a737b3e2
AM		 1161static void drain_alien_cache(struct kmem_cache *cachep,
1162 struct array_cache **alien)
e498be7d 1163{
b28a02de 1164 int i = 0;
e498be7d
CL		 1165 struct array_cache *ac;
1166 unsigned long flags;
1167
1168 for_each_online_node(i) {
4484ebf1 1169 ac = alien[i];
e498be7d
CL		 1170 if (ac) {
1171 spin_lock_irqsave(&ac->lock, flags);
1172 __drain_alien_cache(cachep, ac, i);
1173 spin_unlock_irqrestore(&ac->lock, flags);
1174 }
1175 }
1176}
729bd0b7 1177
873623df 1178static inline int cache_free_alien(struct kmem_cache *cachep, void *objp)
729bd0b7
PE		 1179{
1180 struct slab *slabp = virt_to_slab(objp);
1181 int nodeid = slabp->nodeid;
1182 struct kmem_list3 *l3;
1183 struct array_cache *alien = NULL;
1ca4cb24
PE		 1184 int node;
1185
7d6e6d09 1186 node = numa_mem_id();
729bd0b7
PE		 1187
1188 /*
1189 * Make sure we are not freeing a object from another node to the array
1190 * cache on this cpu.
1191 */
62918a03 1192 if (likely(slabp->nodeid == node))
729bd0b7
PE		 1193 return 0;
1194
1ca4cb24 1195 l3 = cachep->nodelists[node];
729bd0b7
PE		 1196 STATS_INC_NODEFREES(cachep);
1197 if (l3->alien && l3->alien[nodeid]) {
1198 alien = l3->alien[nodeid];
873623df 1199 spin_lock(&alien->lock);
729bd0b7
PE		 1200 if (unlikely(alien->avail == alien->limit)) {
1201 STATS_INC_ACOVERFLOW(cachep);
1202 __drain_alien_cache(cachep, alien, nodeid);
1203 }
072bb0aa 1204 ac_put_obj(cachep, alien, objp);
729bd0b7
PE		 1205 spin_unlock(&alien->lock);
1206 } else {
1207 spin_lock(&(cachep->nodelists[nodeid])->list_lock);
1208 free_block(cachep, &objp, 1, nodeid);
1209 spin_unlock(&(cachep->nodelists[nodeid])->list_lock);
1210 }
1211 return 1;
1212}
e498be7d
CL		 1213#endif
1214
8f9f8d9e
DR		 1215/*
1216 * Allocates and initializes nodelists for a node on each slab cache, used for
1217 * either memory or cpu hotplug. If memory is being hot-added, the kmem_list3
1218 * will be allocated off-node since memory is not yet online for the new node.
1219 * When hotplugging memory or a cpu, existing nodelists are not replaced if
1220 * already in use.
1221 *
18004c5d 1222 * Must hold slab_mutex.
8f9f8d9e
DR		 1223 */
1224static int init_cache_nodelists_node(int node)
1225{
1226 struct kmem_cache *cachep;
1227 struct kmem_list3 *l3;
1228 const int memsize = sizeof(struct kmem_list3);
1229
18004c5d 1230 list_for_each_entry(cachep, &slab_caches, list) {
8f9f8d9e
DR		 1231 /*
1232 * Set up the size64 kmemlist for cpu before we can
1233 * begin anything. Make sure some other cpu on this
1234 * node has not already allocated this
1235 */
1236 if (!cachep->nodelists[node]) {
1237 l3 = kmalloc_node(memsize, GFP_KERNEL, node);
1238 if (!l3)
1239 return -ENOMEM;
1240 kmem_list3_init(l3);
1241 l3->next_reap = jiffies + REAPTIMEOUT_LIST3 +
1242 ((unsigned long)cachep) % REAPTIMEOUT_LIST3;
1243
1244 /*
1245 * The l3s don't come and go as CPUs come and
18004c5d 1246 * go. slab_mutex is sufficient
8f9f8d9e
DR		 1247 * protection here.
1248 */
1249 cachep->nodelists[node] = l3;
1250 }
1251
1252 spin_lock_irq(&cachep->nodelists[node]->list_lock);
1253 cachep->nodelists[node]->free_limit =
1254 (1 + nr_cpus_node(node)) *
1255 cachep->batchcount + cachep->num;
1256 spin_unlock_irq(&cachep->nodelists[node]->list_lock);
1257 }
1258 return 0;
1259}
1260
fbf1e473
AM		 1261static void __cpuinit cpuup_canceled(long cpu)
1262{
1263 struct kmem_cache *cachep;
1264 struct kmem_list3 *l3 = NULL;
7d6e6d09 1265 int node = cpu_to_mem(cpu);
a70f7302 1266 const struct cpumask *mask = cpumask_of_node(node);
fbf1e473 1267
18004c5d 1268 list_for_each_entry(cachep, &slab_caches, list) {
fbf1e473
AM		 1269 struct array_cache *nc;
1270 struct array_cache *shared;
1271 struct array_cache **alien;
fbf1e473 1272
fbf1e473
AM		 1273 /* cpu is dead; no one can alloc from it. */
1274 nc = cachep->array[cpu];
1275 cachep->array[cpu] = NULL;
1276 l3 = cachep->nodelists[node];
1277
1278 if (!l3)
1279 goto free_array_cache;
1280
1281 spin_lock_irq(&l3->list_lock);
1282
1283 /* Free limit for this kmem_list3 */
1284 l3->free_limit -= cachep->batchcount;
1285 if (nc)
1286 free_block(cachep, nc->entry, nc->avail, node);
1287
58463c1f 1288 if (!cpumask_empty(mask)) {
fbf1e473
AM		 1289 spin_unlock_irq(&l3->list_lock);
1290 goto free_array_cache;
1291 }
1292
1293 shared = l3->shared;
1294 if (shared) {
1295 free_block(cachep, shared->entry,
1296 shared->avail, node);
1297 l3->shared = NULL;
1298 }
1299
1300 alien = l3->alien;
1301 l3->alien = NULL;
1302
1303 spin_unlock_irq(&l3->list_lock);
1304
1305 kfree(shared);
1306 if (alien) {
1307 drain_alien_cache(cachep, alien);
1308 free_alien_cache(alien);
1309 }
1310free_array_cache:
1311 kfree(nc);
1312 }
1313 /*
1314 * In the previous loop, all the objects were freed to
1315 * the respective cache's slabs, now we can go ahead and
1316 * shrink each nodelist to its limit.
1317 */
18004c5d 1318 list_for_each_entry(cachep, &slab_caches, list) {
fbf1e473
AM		 1319 l3 = cachep->nodelists[node];
1320 if (!l3)
1321 continue;
1322 drain_freelist(cachep, l3, l3->free_objects);
1323 }
1324}
1325
1326static int __cpuinit cpuup_prepare(long cpu)
1da177e4 1327{
343e0d7a 1328 struct kmem_cache *cachep;
e498be7d 1329 struct kmem_list3 *l3 = NULL;
7d6e6d09 1330 int node = cpu_to_mem(cpu);
8f9f8d9e 1331 int err;
1da177e4 1332
fbf1e473
AM		 1333 /*
1334 * We need to do this right in the beginning since
1335 * alloc_arraycache's are going to use this list.
1336 * kmalloc_node allows us to add the slab to the right
1337 * kmem_list3 and not this cpu's kmem_list3
1338 */
8f9f8d9e
DR		 1339 err = init_cache_nodelists_node(node);
1340 if (err < 0)
1341 goto bad;
fbf1e473
AM		 1342
1343 /*
1344 * Now we can go ahead with allocating the shared arrays and
1345 * array caches
1346 */
18004c5d 1347 list_for_each_entry(cachep, &slab_caches, list) {
fbf1e473
AM		 1348 struct array_cache *nc;
1349 struct array_cache *shared = NULL;
1350 struct array_cache **alien = NULL;
1351
1352 nc = alloc_arraycache(node, cachep->limit,
83b519e8 1353 cachep->batchcount, GFP_KERNEL);
fbf1e473
AM		 1354 if (!nc)
1355 goto bad;
1356 if (cachep->shared) {
1357 shared = alloc_arraycache(node,
1358 cachep->shared * cachep->batchcount,
83b519e8 1359 0xbaadf00d, GFP_KERNEL);
12d00f6a
AM		 1360 if (!shared) {
1361 kfree(nc);
1da177e4 1362 goto bad;
12d00f6a 1363 }
fbf1e473
AM		 1364 }
1365 if (use_alien_caches) {
83b519e8 1366 alien = alloc_alien_cache(node, cachep->limit, GFP_KERNEL);
12d00f6a
AM		 1367 if (!alien) {
1368 kfree(shared);
1369 kfree(nc);
fbf1e473 1370 goto bad;
12d00f6a 1371 }
fbf1e473
AM		 1372 }
1373 cachep->array[cpu] = nc;
1374 l3 = cachep->nodelists[node];
1375 BUG_ON(!l3);
1376
1377 spin_lock_irq(&l3->list_lock);
1378 if (!l3->shared) {
1379 /*
1380 * We are serialised from CPU_DEAD or
1381 * CPU_UP_CANCELLED by the cpucontrol lock
1382 */
1383 l3->shared = shared;
1384 shared = NULL;
1385 }
4484ebf1 1386#ifdef CONFIG_NUMA
fbf1e473
AM		 1387 if (!l3->alien) {
1388 l3->alien = alien;
1389 alien = NULL;
1da177e4 1390 }
fbf1e473
AM		 1391#endif
1392 spin_unlock_irq(&l3->list_lock);
1393 kfree(shared);
1394 free_alien_cache(alien);
83835b3d
PZ		 1395 if (cachep->flags & SLAB_DEBUG_OBJECTS)
1396 slab_set_debugobj_lock_classes_node(cachep, node);
fbf1e473 1397 }
ce79ddc8
PE		 1398 init_node_lock_keys(node);
1399
fbf1e473
AM		 1400 return 0;
1401bad:
12d00f6a 1402 cpuup_canceled(cpu);
fbf1e473
AM		 1403 return -ENOMEM;
1404}
1405
1406static int __cpuinit cpuup_callback(struct notifier_block *nfb,
1407 unsigned long action, void *hcpu)
1408{
1409 long cpu = (long)hcpu;
1410 int err = 0;
1411
1412 switch (action) {
fbf1e473
AM		 1413 case CPU_UP_PREPARE:
1414 case CPU_UP_PREPARE_FROZEN:
18004c5d 1415 mutex_lock(&slab_mutex);
fbf1e473 1416 err = cpuup_prepare(cpu);
18004c5d 1417 mutex_unlock(&slab_mutex);
1da177e4
LT		 1418 break;
1419 case CPU_ONLINE:
8bb78442 1420 case CPU_ONLINE_FROZEN:
1da177e4
LT		 1421 start_cpu_timer(cpu);
1422 break;
1423#ifdef CONFIG_HOTPLUG_CPU
5830c590 1424 case CPU_DOWN_PREPARE:
8bb78442 1425 case CPU_DOWN_PREPARE_FROZEN:
5830c590 1426 /*
18004c5d 1427 * Shutdown cache reaper. Note that the slab_mutex is
5830c590
CL		 1428 * held so that if cache_reap() is invoked it cannot do
1429 * anything expensive but will only modify reap_work
1430 * and reschedule the timer.
1431 */
afe2c511 1432 cancel_delayed_work_sync(&per_cpu(slab_reap_work, cpu));
5830c590 1433 /* Now the cache_reaper is guaranteed to be not running. */
1871e52c 1434 per_cpu(slab_reap_work, cpu).work.func = NULL;
5830c590
CL		 1435 break;
1436 case CPU_DOWN_FAILED:
8bb78442 1437 case CPU_DOWN_FAILED_FROZEN:
5830c590
CL		 1438 start_cpu_timer(cpu);
1439 break;
1da177e4 1440 case CPU_DEAD:
8bb78442 1441 case CPU_DEAD_FROZEN:
4484ebf1
RT		 1442 /*
1443 * Even if all the cpus of a node are down, we don't free the
1444 * kmem_list3 of any cache. This to avoid a race between
1445 * cpu_down, and a kmalloc allocation from another cpu for
1446 * memory from the node of the cpu going down. The list3
1447 * structure is usually allocated from kmem_cache_create() and
1448 * gets destroyed at kmem_cache_destroy().
1449 */
183ff22b 1450 /* fall through */
8f5be20b 1451#endif
1da177e4 1452 case CPU_UP_CANCELED:
8bb78442 1453 case CPU_UP_CANCELED_FROZEN:
18004c5d 1454 mutex_lock(&slab_mutex);
fbf1e473 1455 cpuup_canceled(cpu);
18004c5d 1456 mutex_unlock(&slab_mutex);
1da177e4 1457 break;
1da177e4 1458 }
eac40680 1459 return notifier_from_errno(err);
1da177e4
LT		 1460}
1461
74b85f37
CS		 1462static struct notifier_block __cpuinitdata cpucache_notifier = {
1463 &cpuup_callback, NULL, 0
1464};
1da177e4 1465
8f9f8d9e
DR		 1466#if defined(CONFIG_NUMA) && defined(CONFIG_MEMORY_HOTPLUG)
1467/*
1468 * Drains freelist for a node on each slab cache, used for memory hot-remove.
1469 * Returns -EBUSY if all objects cannot be drained so that the node is not
1470 * removed.
1471 *
18004c5d 1472 * Must hold slab_mutex.
8f9f8d9e
DR		 1473 */
1474static int __meminit drain_cache_nodelists_node(int node)
1475{
1476 struct kmem_cache *cachep;
1477 int ret = 0;
1478
18004c5d 1479 list_for_each_entry(cachep, &slab_caches, list) {
8f9f8d9e
DR		 1480 struct kmem_list3 *l3;
1481
1482 l3 = cachep->nodelists[node];
1483 if (!l3)
1484 continue;
1485
1486 drain_freelist(cachep, l3, l3->free_objects);
1487
1488 if (!list_empty(&l3->slabs_full) ||
1489 !list_empty(&l3->slabs_partial)) {
1490 ret = -EBUSY;
1491 break;
1492 }
1493 }
1494 return ret;
1495}
1496
1497static int __meminit slab_memory_callback(struct notifier_block *self,
1498 unsigned long action, void *arg)
1499{
1500 struct memory_notify *mnb = arg;
1501 int ret = 0;
1502 int nid;
1503
1504 nid = mnb->status_change_nid;
1505 if (nid < 0)
1506 goto out;
1507
1508 switch (action) {
1509 case MEM_GOING_ONLINE:
18004c5d 1510 mutex_lock(&slab_mutex);
8f9f8d9e 1511 ret = init_cache_nodelists_node(nid);
18004c5d 1512 mutex_unlock(&slab_mutex);
8f9f8d9e
DR		 1513 break;
1514 case MEM_GOING_OFFLINE:
18004c5d 1515 mutex_lock(&slab_mutex);
8f9f8d9e 1516 ret = drain_cache_nodelists_node(nid);
18004c5d 1517 mutex_unlock(&slab_mutex);
8f9f8d9e
DR		 1518 break;
1519 case MEM_ONLINE:
1520 case MEM_OFFLINE:
1521 case MEM_CANCEL_ONLINE:
1522 case MEM_CANCEL_OFFLINE:
1523 break;
1524 }
1525out:
5fda1bd5 1526 return notifier_from_errno(ret);
8f9f8d9e
DR		 1527}
1528#endif /* CONFIG_NUMA && CONFIG_MEMORY_HOTPLUG */
1529
e498be7d
CL		 1530/*
1531 * swap the static kmem_list3 with kmalloced memory
1532 */
8f9f8d9e
DR		 1533static void __init init_list(struct kmem_cache *cachep, struct kmem_list3 *list,
1534 int nodeid)
e498be7d
CL		 1535{
1536 struct kmem_list3 *ptr;
1537
83b519e8 1538 ptr = kmalloc_node(sizeof(struct kmem_list3), GFP_NOWAIT, nodeid);
e498be7d
CL		 1539 BUG_ON(!ptr);
1540
e498be7d 1541 memcpy(ptr, list, sizeof(struct kmem_list3));
2b2d5493
IM		 1542 /*
1543 * Do not assume that spinlocks can be initialized via memcpy:
1544 */
1545 spin_lock_init(&ptr->list_lock);
1546
e498be7d
CL		 1547 MAKE_ALL_LISTS(cachep, ptr, nodeid);
1548 cachep->nodelists[nodeid] = ptr;
e498be7d
CL		 1549}
1550
556a169d
PE		 1551/*
1552 * For setting up all the kmem_list3s for cache whose buffer_size is same as
1553 * size of kmem_list3.
1554 */
1555static void __init set_up_list3s(struct kmem_cache *cachep, int index)
1556{
1557 int node;
1558
1559 for_each_online_node(node) {
1560 cachep->nodelists[node] = &initkmem_list3[index + node];
1561 cachep->nodelists[node]->next_reap = jiffies +
1562 REAPTIMEOUT_LIST3 +
1563 ((unsigned long)cachep) % REAPTIMEOUT_LIST3;
1564 }
1565}
1566
a737b3e2
AM		 1567/*
1568 * Initialisation. Called after the page allocator have been initialised and
1569 * before smp_init().
1da177e4
LT		 1570 */
1571void __init kmem_cache_init(void)
1572{
1573 size_t left_over;
1574 struct cache_sizes *sizes;
1575 struct cache_names *names;
e498be7d 1576 int i;
07ed76b2 1577 int order;
1ca4cb24 1578 int node;
e498be7d 1579
b6e68bc1 1580 if (num_possible_nodes() == 1)
62918a03
SS		 1581 use_alien_caches = 0;
1582
e498be7d
CL		 1583 for (i = 0; i < NUM_INIT_LISTS; i++) {
1584 kmem_list3_init(&initkmem_list3[i]);
1585 if (i < MAX_NUMNODES)
1586 cache_cache.nodelists[i] = NULL;
1587 }
556a169d 1588 set_up_list3s(&cache_cache, CACHE_CACHE);
1da177e4
LT		 1589
1590 /*
1591 * Fragmentation resistance on low memory - only use bigger
3df1cccd
DR		 1592 * page orders on machines with more than 32MB of memory if
1593 * not overridden on the command line.
1da177e4 1594 */
3df1cccd 1595 if (!slab_max_order_set && totalram_pages > (32 << 20) >> PAGE_SHIFT)
543585cc 1596 slab_max_order = SLAB_MAX_ORDER_HI;
1da177e4 1597
1da177e4
LT		 1598 /* Bootstrap is tricky, because several objects are allocated
1599 * from caches that do not exist yet:
a737b3e2
AM		 1600 * 1) initialize the cache_cache cache: it contains the struct
1601 * kmem_cache structures of all caches, except cache_cache itself:
1602 * cache_cache is statically allocated.
e498be7d
CL		 1603 * Initially an __init data area is used for the head array and the
1604 * kmem_list3 structures, it's replaced with a kmalloc allocated
1605 * array at the end of the bootstrap.
1da177e4 1606 * 2) Create the first kmalloc cache.
343e0d7a 1607 * The struct kmem_cache for the new cache is allocated normally.
e498be7d
CL		 1608 * An __init data area is used for the head array.
1609 * 3) Create the remaining kmalloc caches, with minimally sized
1610 * head arrays.
1da177e4
LT		 1611 * 4) Replace the __init data head arrays for cache_cache and the first
1612 * kmalloc cache with kmalloc allocated arrays.
e498be7d
CL		 1613 * 5) Replace the __init data for kmem_list3 for cache_cache and
1614 * the other cache's with kmalloc allocated memory.
1615 * 6) Resize the head arrays of the kmalloc caches to their final sizes.
1da177e4
LT		 1616 */
1617
7d6e6d09 1618 node = numa_mem_id();
1ca4cb24 1619
1da177e4 1620 /* 1) create the cache_cache */
18004c5d
CL		 1621 INIT_LIST_HEAD(&slab_caches);
1622 list_add(&cache_cache.list, &slab_caches);
1da177e4
LT		 1623 cache_cache.colour_off = cache_line_size();
1624 cache_cache.array[smp_processor_id()] = &initarray_cache.cache;
ec1f5eee 1625 cache_cache.nodelists[node] = &initkmem_list3[CACHE_CACHE + node];
1da177e4 1626
8da3430d 1627 /*
b56efcf0 1628 * struct kmem_cache size depends on nr_node_ids & nr_cpu_ids
8da3430d 1629 */
3b0efdfa 1630 cache_cache.size = offsetof(struct kmem_cache, array[nr_cpu_ids]) +
b56efcf0 1631 nr_node_ids * sizeof(struct kmem_list3 *);
3b0efdfa
CL		 1632 cache_cache.object_size = cache_cache.size;
1633 cache_cache.size = ALIGN(cache_cache.size,
a737b3e2 1634 cache_line_size());
6a2d7a95 1635 cache_cache.reciprocal_buffer_size =
3b0efdfa 1636 reciprocal_value(cache_cache.size);
1da177e4 1637
07ed76b2 1638 for (order = 0; order < MAX_ORDER; order++) {
3b0efdfa 1639 cache_estimate(order, cache_cache.size,
07ed76b2
JS		 1640 cache_line_size(), 0, &left_over, &cache_cache.num);
1641 if (cache_cache.num)
1642 break;
1643 }
40094fa6 1644 BUG_ON(!cache_cache.num);
07ed76b2 1645 cache_cache.gfporder = order;
b28a02de 1646 cache_cache.colour = left_over / cache_cache.colour_off;
b28a02de
PE		 1647 cache_cache.slab_size = ALIGN(cache_cache.num * sizeof(kmem_bufctl_t) +
1648 sizeof(struct slab), cache_line_size());
1da177e4
LT		 1649
1650 /* 2+3) create the kmalloc caches */
1651 sizes = malloc_sizes;
1652 names = cache_names;
1653
a737b3e2
AM		 1654 /*
1655 * Initialize the caches that provide memory for the array cache and the
1656 * kmem_list3 structures first. Without this, further allocations will
1657 * bug.
e498be7d
CL		 1658 */
1659
039363f3 1660 sizes[INDEX_AC].cs_cachep = __kmem_cache_create(names[INDEX_AC].name,
a737b3e2
AM		 1661 sizes[INDEX_AC].cs_size,
1662 ARCH_KMALLOC_MINALIGN,
1663 ARCH_KMALLOC_FLAGS|SLAB_PANIC,
20c2df83 1664 NULL);
e498be7d 1665
a737b3e2 1666 if (INDEX_AC != INDEX_L3) {
e498be7d 1667 sizes[INDEX_L3].cs_cachep =
039363f3 1668 __kmem_cache_create(names[INDEX_L3].name,
a737b3e2
AM		 1669 sizes[INDEX_L3].cs_size,
1670 ARCH_KMALLOC_MINALIGN,
1671 ARCH_KMALLOC_FLAGS|SLAB_PANIC,
20c2df83 1672 NULL);
a737b3e2 1673 }
e498be7d 1674
e0a42726
IM		 1675 slab_early_init = 0;
1676
1da177e4 1677 while (sizes->cs_size != ULONG_MAX) {
e498be7d
CL		 1678 /*
1679 * For performance, all the general caches are L1 aligned.
1da177e4
LT		 1680 * This should be particularly beneficial on SMP boxes, as it
1681 * eliminates "false sharing".
1682 * Note for systems short on memory removing the alignment will
e498be7d
CL		 1683 * allow tighter packing of the smaller caches.
1684 */
a737b3e2 1685 if (!sizes->cs_cachep) {
039363f3 1686 sizes->cs_cachep = __kmem_cache_create(names->name,
a737b3e2
AM		 1687 sizes->cs_size,
1688 ARCH_KMALLOC_MINALIGN,
1689 ARCH_KMALLOC_FLAGS|SLAB_PANIC,
20c2df83 1690 NULL);
a737b3e2 1691 }
4b51d669 1692#ifdef CONFIG_ZONE_DMA
039363f3 1693 sizes->cs_dmacachep = __kmem_cache_create(
4b51d669 1694 names->name_dma,
a737b3e2
AM		 1695 sizes->cs_size,
1696 ARCH_KMALLOC_MINALIGN,
1697 ARCH_KMALLOC_FLAGS|SLAB_CACHE_DMA|
1698 SLAB_PANIC,
20c2df83 1699 NULL);
4b51d669 1700#endif
1da177e4
LT		 1701 sizes++;
1702 names++;
1703 }
1704 /* 4) Replace the bootstrap head arrays */
1705 {
2b2d5493 1706 struct array_cache *ptr;
e498be7d 1707
83b519e8 1708 ptr = kmalloc(sizeof(struct arraycache_init), GFP_NOWAIT);
e498be7d 1709
9a2dba4b
PE		 1710 BUG_ON(cpu_cache_get(&cache_cache) != &initarray_cache.cache);
1711 memcpy(ptr, cpu_cache_get(&cache_cache),
b28a02de 1712 sizeof(struct arraycache_init));
2b2d5493
IM		 1713 /*
1714 * Do not assume that spinlocks can be initialized via memcpy:
1715 */
1716 spin_lock_init(&ptr->lock);
1717
1da177e4 1718 cache_cache.array[smp_processor_id()] = ptr;
e498be7d 1719
83b519e8 1720 ptr = kmalloc(sizeof(struct arraycache_init), GFP_NOWAIT);
e498be7d 1721
9a2dba4b 1722 BUG_ON(cpu_cache_get(malloc_sizes[INDEX_AC].cs_cachep)
b28a02de 1723 != &initarray_generic.cache);
9a2dba4b 1724 memcpy(ptr, cpu_cache_get(malloc_sizes[INDEX_AC].cs_cachep),
b28a02de 1725 sizeof(struct arraycache_init));
2b2d5493
IM		 1726 /*
1727 * Do not assume that spinlocks can be initialized via memcpy:
1728 */
1729 spin_lock_init(&ptr->lock);
1730
e498be7d 1731 malloc_sizes[INDEX_AC].cs_cachep->array[smp_processor_id()] =
b28a02de 1732 ptr;
1da177e4 1733 }
e498be7d
CL		 1734 /* 5) Replace the bootstrap kmem_list3's */
1735 {
1ca4cb24
PE		 1736 int nid;
1737
9c09a95c 1738 for_each_online_node(nid) {
ec1f5eee 1739 init_list(&cache_cache, &initkmem_list3[CACHE_CACHE + nid], nid);
556a169d 1740
e498be7d 1741 init_list(malloc_sizes[INDEX_AC].cs_cachep,
1ca4cb24 1742 &initkmem_list3[SIZE_AC + nid], nid);
e498be7d
CL		 1743
1744 if (INDEX_AC != INDEX_L3) {
1745 init_list(malloc_sizes[INDEX_L3].cs_cachep,
1ca4cb24 1746 &initkmem_list3[SIZE_L3 + nid], nid);
e498be7d
CL		 1747 }
1748 }
1749 }
1da177e4 1750
97d06609 1751 slab_state = UP;
8429db5c
PE		 1752}
1753
1754void __init kmem_cache_init_late(void)
1755{
1756 struct kmem_cache *cachep;
1757
97d06609 1758 slab_state = UP;
52cef189 1759
30765b92
PZ		 1760 /* Annotate slab for lockdep -- annotate the malloc caches */
1761 init_lock_keys();
1762
8429db5c 1763 /* 6) resize the head arrays to their final sizes */
18004c5d
CL		 1764 mutex_lock(&slab_mutex);
1765 list_for_each_entry(cachep, &slab_caches, list)
8429db5c
PE		 1766 if (enable_cpucache(cachep, GFP_NOWAIT))
1767 BUG();
18004c5d 1768 mutex_unlock(&slab_mutex);
056c6241 1769
97d06609
CL		 1770 /* Done! */
1771 slab_state = FULL;
1772
a737b3e2
AM		 1773 /*
1774 * Register a cpu startup notifier callback that initializes
1775 * cpu_cache_get for all new cpus
1da177e4
LT		 1776 */
1777 register_cpu_notifier(&cpucache_notifier);
1da177e4 1778
8f9f8d9e
DR		 1779#ifdef CONFIG_NUMA
1780 /*
1781 * Register a memory hotplug callback that initializes and frees
1782 * nodelists.
1783 */
1784 hotplug_memory_notifier(slab_memory_callback, SLAB_CALLBACK_PRI);
1785#endif
1786
a737b3e2
AM		 1787 /*
1788 * The reap timers are started later, with a module init call: That part
1789 * of the kernel is not yet operational.
1da177e4
LT		 1790 */
1791}
1792
1793static int __init cpucache_init(void)
1794{
1795 int cpu;
1796
a737b3e2
AM		 1797 /*
1798 * Register the timers that return unneeded pages to the page allocator
1da177e4 1799 */
e498be7d 1800 for_each_online_cpu(cpu)
a737b3e2 1801 start_cpu_timer(cpu);
a164f896
GC		 1802
1803 /* Done! */
97d06609 1804 slab_state = FULL;
1da177e4
LT		 1805 return 0;
1806}
1da177e4
LT		 1807__initcall(cpucache_init);
1808
8bdec192
RA		 1809static noinline void
1810slab_out_of_memory(struct kmem_cache *cachep, gfp_t gfpflags, int nodeid)
1811{
1812 struct kmem_list3 *l3;
1813 struct slab *slabp;
1814 unsigned long flags;
1815 int node;
1816
1817 printk(KERN_WARNING
1818 "SLAB: Unable to allocate memory on node %d (gfp=0x%x)\n",
1819 nodeid, gfpflags);
1820 printk(KERN_WARNING " cache: %s, object size: %d, order: %d\n",
3b0efdfa 1821 cachep->name, cachep->size, cachep->gfporder);
8bdec192
RA		 1822
1823 for_each_online_node(node) {
1824 unsigned long active_objs = 0, num_objs = 0, free_objects = 0;
1825 unsigned long active_slabs = 0, num_slabs = 0;
1826
1827 l3 = cachep->nodelists[node];
1828 if (!l3)
1829 continue;
1830
1831 spin_lock_irqsave(&l3->list_lock, flags);
1832 list_for_each_entry(slabp, &l3->slabs_full, list) {
1833 active_objs += cachep->num;
1834 active_slabs++;
1835 }
1836 list_for_each_entry(slabp, &l3->slabs_partial, list) {
1837 active_objs += slabp->inuse;
1838 active_slabs++;
1839 }
1840 list_for_each_entry(slabp, &l3->slabs_free, list)
1841 num_slabs++;
1842
1843 free_objects += l3->free_objects;
1844 spin_unlock_irqrestore(&l3->list_lock, flags);
1845
1846 num_slabs += active_slabs;
1847 num_objs = num_slabs * cachep->num;
1848 printk(KERN_WARNING
1849 " node %d: slabs: %ld/%ld, objs: %ld/%ld, free: %ld\n",
1850 node, active_slabs, num_slabs, active_objs, num_objs,
1851 free_objects);
1852 }
1853}
1854
1da177e4
LT		 1855/*
1856 * Interface to system's page allocator. No need to hold the cache-lock.
1857 *
1858 * If we requested dmaable memory, we will get it. Even if we
1859 * did not request dmaable memory, we might get it, but that
1860 * would be relatively rare and ignorable.
1861 */
343e0d7a 1862static void *kmem_getpages(struct kmem_cache *cachep, gfp_t flags, int nodeid)
1da177e4
LT		 1863{
1864 struct page *page;
e1b6aa6f 1865 int nr_pages;
1da177e4
LT		 1866 int i;
1867
d6fef9da 1868#ifndef CONFIG_MMU
e1b6aa6f
CH		 1869 /*
1870 * Nommu uses slab's for process anonymous memory allocations, and thus
1871 * requires __GFP_COMP to properly refcount higher order allocations
d6fef9da 1872 */
e1b6aa6f 1873 flags |= __GFP_COMP;
d6fef9da 1874#endif
765c4507 1875
a618e89f 1876 flags |= cachep->allocflags;
e12ba74d
MG		 1877 if (cachep->flags & SLAB_RECLAIM_ACCOUNT)
1878 flags |= __GFP_RECLAIMABLE;
e1b6aa6f 1879
517d0869 1880 page = alloc_pages_exact_node(nodeid, flags | __GFP_NOTRACK, cachep->gfporder);
8bdec192
RA		 1881 if (!page) {
1882 if (!(flags & __GFP_NOWARN) && printk_ratelimit())
1883 slab_out_of_memory(cachep, flags, nodeid);
1da177e4 1884 return NULL;
8bdec192 1885 }
1da177e4 1886
072bb0aa
MG		 1887 /* Record if ALLOC_PFMEMALLOC was set when allocating the slab */
1888 if (unlikely(page->pfmemalloc))
1889 pfmemalloc_active = true;
1890
e1b6aa6f 1891 nr_pages = (1 << cachep->gfporder);
1da177e4 1892 if (cachep->flags & SLAB_RECLAIM_ACCOUNT)
972d1a7b
CL		 1893 add_zone_page_state(page_zone(page),
1894 NR_SLAB_RECLAIMABLE, nr_pages);
1895 else
1896 add_zone_page_state(page_zone(page),
1897 NR_SLAB_UNRECLAIMABLE, nr_pages);
072bb0aa 1898 for (i = 0; i < nr_pages; i++) {
e1b6aa6f 1899 __SetPageSlab(page + i);
c175eea4 1900
072bb0aa
MG		 1901 if (page->pfmemalloc)
1902 SetPageSlabPfmemalloc(page + i);
1903 }
1904
b1eeab67
VN		 1905 if (kmemcheck_enabled && !(cachep->flags & SLAB_NOTRACK)) {
1906 kmemcheck_alloc_shadow(page, cachep->gfporder, flags, nodeid);
1907
1908 if (cachep->ctor)
1909 kmemcheck_mark_uninitialized_pages(page, nr_pages);
1910 else
1911 kmemcheck_mark_unallocated_pages(page, nr_pages);
1912 }
c175eea4 1913
e1b6aa6f 1914 return page_address(page);
1da177e4
LT		 1915}
1916
1917/*
1918 * Interface to system's page release.
1919 */
343e0d7a 1920static void kmem_freepages(struct kmem_cache *cachep, void *addr)
1da177e4 1921{
b28a02de 1922 unsigned long i = (1 << cachep->gfporder);
1da177e4
LT		 1923 struct page *page = virt_to_page(addr);
1924 const unsigned long nr_freed = i;
1925
b1eeab67 1926 kmemcheck_free_shadow(page, cachep->gfporder);
c175eea4 1927
972d1a7b
CL		 1928 if (cachep->flags & SLAB_RECLAIM_ACCOUNT)
1929 sub_zone_page_state(page_zone(page),
1930 NR_SLAB_RECLAIMABLE, nr_freed);
1931 else
1932 sub_zone_page_state(page_zone(page),
1933 NR_SLAB_UNRECLAIMABLE, nr_freed);
1da177e4 1934 while (i--) {
f205b2fe 1935 BUG_ON(!PageSlab(page));
072bb0aa 1936 __ClearPageSlabPfmemalloc(page);
f205b2fe 1937 __ClearPageSlab(page);
1da177e4
LT		 1938 page++;
1939 }
1da177e4
LT		 1940 if (current->reclaim_state)
1941 current->reclaim_state->reclaimed_slab += nr_freed;
1942 free_pages((unsigned long)addr, cachep->gfporder);
1da177e4
LT		 1943}
1944
1945static void kmem_rcu_free(struct rcu_head *head)
1946{
b28a02de 1947 struct slab_rcu *slab_rcu = (struct slab_rcu *)head;
343e0d7a 1948 struct kmem_cache *cachep = slab_rcu->cachep;
1da177e4
LT		 1949
1950 kmem_freepages(cachep, slab_rcu->addr);
1951 if (OFF_SLAB(cachep))
1952 kmem_cache_free(cachep->slabp_cache, slab_rcu);
1953}
1954
1955#if DEBUG
1956
1957#ifdef CONFIG_DEBUG_PAGEALLOC
343e0d7a 1958static void store_stackinfo(struct kmem_cache *cachep, unsigned long *addr,
b28a02de 1959 unsigned long caller)
1da177e4 1960{
8c138bc0 1961 int size = cachep->object_size;
1da177e4 1962
3dafccf2 1963 addr = (unsigned long *)&((char *)addr)[obj_offset(cachep)];
1da177e4 1964
b28a02de 1965 if (size < 5 * sizeof(unsigned long))
1da177e4
LT		 1966 return;
1967
b28a02de
PE		 1968 *addr++ = 0x12345678;
1969 *addr++ = caller;
1970 *addr++ = smp_processor_id();
1971 size -= 3 * sizeof(unsigned long);
1da177e4
LT		 1972 {
1973 unsigned long *sptr = &caller;
1974 unsigned long svalue;
1975
1976 while (!kstack_end(sptr)) {
1977 svalue = *sptr++;
1978 if (kernel_text_address(svalue)) {
b28a02de 1979 *addr++ = svalue;
1da177e4
LT		 1980 size -= sizeof(unsigned long);
1981 if (size <= sizeof(unsigned long))
1982 break;
1983 }
1984 }
1985
1986 }
b28a02de 1987 *addr++ = 0x87654321;
1da177e4
LT		 1988}
1989#endif
1990
343e0d7a 1991static void poison_obj(struct kmem_cache *cachep, void *addr, unsigned char val)
1da177e4 1992{
8c138bc0 1993 int size = cachep->object_size;
3dafccf2 1994 addr = &((char *)addr)[obj_offset(cachep)];
1da177e4
LT		 1995
1996 memset(addr, val, size);
b28a02de 1997 *(unsigned char *)(addr + size - 1) = POISON_END;
1da177e4
LT		 1998}
1999
2000static void dump_line(char *data, int offset, int limit)
2001{
2002 int i;
aa83aa40
DJ		 2003 unsigned char error = 0;
2004 int bad_count = 0;
2005
fdde6abb 2006 printk(KERN_ERR "%03x: ", offset);
aa83aa40
DJ		 2007 for (i = 0; i < limit; i++) {
2008 if (data[offset + i] != POISON_FREE) {
2009 error = data[offset + i];
2010 bad_count++;
2011 }
aa83aa40 2012 }
fdde6abb
SAS		 2013 print_hex_dump(KERN_CONT, "", 0, 16, 1,
2014 &data[offset], limit, 1);
aa83aa40
DJ		 2015
2016 if (bad_count == 1) {
2017 error ^= POISON_FREE;
2018 if (!(error & (error - 1))) {
2019 printk(KERN_ERR "Single bit error detected. Probably "
2020 "bad RAM.\n");
2021#ifdef CONFIG_X86
2022 printk(KERN_ERR "Run memtest86+ or a similar memory "
2023 "test tool.\n");
2024#else
2025 printk(KERN_ERR "Run a memory test tool.\n");
2026#endif
2027 }
2028 }
1da177e4
LT		 2029}
2030#endif
2031
2032#if DEBUG
2033
343e0d7a 2034static void print_objinfo(struct kmem_cache *cachep, void *objp, int lines)
1da177e4
LT		 2035{
2036 int i, size;
2037 char *realobj;
2038
2039 if (cachep->flags & SLAB_RED_ZONE) {
b46b8f19 2040 printk(KERN_ERR "Redzone: 0x%llx/0x%llx.\n",
a737b3e2
AM		 2041 *dbg_redzone1(cachep, objp),
2042 *dbg_redzone2(cachep, objp));
1da177e4
LT		 2043 }
2044
2045 if (cachep->flags & SLAB_STORE_USER) {
2046 printk(KERN_ERR "Last user: [<%p>]",
a737b3e2 2047 *dbg_userword(cachep, objp));
1da177e4 2048 print_symbol("(%s)",
a737b3e2 2049 (unsigned long)*dbg_userword(cachep, objp));
1da177e4
LT		 2050 printk("\n");
2051 }
3dafccf2 2052 realobj = (char *)objp + obj_offset(cachep);
8c138bc0 2053 size = cachep->object_size;
b28a02de 2054 for (i = 0; i < size && lines; i += 16, lines--) {
1da177e4
LT		 2055 int limit;
2056 limit = 16;
b28a02de
PE		 2057 if (i + limit > size)
2058 limit = size - i;
1da177e4
LT		 2059 dump_line(realobj, i, limit);
2060 }
2061}
2062
343e0d7a 2063static void check_poison_obj(struct kmem_cache *cachep, void *objp)
1da177e4
LT		 2064{
2065 char *realobj;
2066 int size, i;
2067 int lines = 0;
2068
3dafccf2 2069 realobj = (char *)objp + obj_offset(cachep);
8c138bc0 2070 size = cachep->object_size;
1da177e4 2071
b28a02de 2072 for (i = 0; i < size; i++) {
1da177e4 2073 char exp = POISON_FREE;
b28a02de 2074 if (i == size - 1)
1da177e4
LT		 2075 exp = POISON_END;
2076 if (realobj[i] != exp) {
2077 int limit;
2078 /* Mismatch ! */
2079 /* Print header */
2080 if (lines == 0) {
b28a02de 2081 printk(KERN_ERR
face37f5
DJ		 2082 "Slab corruption (%s): %s start=%p, len=%d\n",
2083 print_tainted(), cachep->name, realobj, size);
1da177e4
LT		 2084 print_objinfo(cachep, objp, 0);
2085 }
2086 /* Hexdump the affected line */
b28a02de 2087 i = (i / 16) * 16;
1da177e4 2088 limit = 16;
b28a02de
PE		 2089 if (i + limit > size)
2090 limit = size - i;
1da177e4
LT		 2091 dump_line(realobj, i, limit);
2092 i += 16;
2093 lines++;
2094 /* Limit to 5 lines */
2095 if (lines > 5)
2096 break;
2097 }
2098 }
2099 if (lines != 0) {
2100 /* Print some data about the neighboring objects, if they
2101 * exist:
2102 */
6ed5eb22 2103 struct slab *slabp = virt_to_slab(objp);
8fea4e96 2104 unsigned int objnr;
1da177e4 2105
8fea4e96 2106 objnr = obj_to_index(cachep, slabp, objp);
1da177e4 2107 if (objnr) {
8fea4e96 2108 objp = index_to_obj(cachep, slabp, objnr - 1);
3dafccf2 2109 realobj = (char *)objp + obj_offset(cachep);
1da177e4 2110 printk(KERN_ERR "Prev obj: start=%p, len=%d\n",
b28a02de 2111 realobj, size);
1da177e4
LT		 2112 print_objinfo(cachep, objp, 2);
2113 }
b28a02de 2114 if (objnr + 1 < cachep->num) {
8fea4e96 2115 objp = index_to_obj(cachep, slabp, objnr + 1);
3dafccf2 2116 realobj = (char *)objp + obj_offset(cachep);
1da177e4 2117 printk(KERN_ERR "Next obj: start=%p, len=%d\n",
b28a02de 2118 realobj, size);
1da177e4
LT		 2119 print_objinfo(cachep, objp, 2);
2120 }
2121 }
2122}
2123#endif
2124
12dd36fa 2125#if DEBUG
e79aec29 2126static void slab_destroy_debugcheck(struct kmem_cache *cachep, struct slab *slabp)
1da177e4 2127{
1da177e4
LT		 2128 int i;
2129 for (i = 0; i < cachep->num; i++) {
8fea4e96 2130 void *objp = index_to_obj(cachep, slabp, i);
1da177e4
LT		 2131
2132 if (cachep->flags & SLAB_POISON) {
2133#ifdef CONFIG_DEBUG_PAGEALLOC
3b0efdfa 2134 if (cachep->size % PAGE_SIZE == 0 &&
a737b3e2 2135 OFF_SLAB(cachep))
b28a02de 2136 kernel_map_pages(virt_to_page(objp),
3b0efdfa 2137 cachep->size / PAGE_SIZE, 1);
1da177e4
LT		 2138 else
2139 check_poison_obj(cachep, objp);
2140#else
2141 check_poison_obj(cachep, objp);
2142#endif
2143 }
2144 if (cachep->flags & SLAB_RED_ZONE) {
2145 if (*dbg_redzone1(cachep, objp) != RED_INACTIVE)
2146 slab_error(cachep, "start of a freed object "
b28a02de 2147 "was overwritten");
1da177e4
LT		 2148 if (*dbg_redzone2(cachep, objp) != RED_INACTIVE)
2149 slab_error(cachep, "end of a freed object "
b28a02de 2150 "was overwritten");
1da177e4 2151 }
1da177e4 2152 }
12dd36fa 2153}
1da177e4 2154#else
e79aec29 2155static void slab_destroy_debugcheck(struct kmem_cache *cachep, struct slab *slabp)
12dd36fa 2156{
12dd36fa 2157}
1da177e4
LT		 2158#endif
2159
911851e6
RD		 2160/**
2161 * slab_destroy - destroy and release all objects in a slab
2162 * @cachep: cache pointer being destroyed
2163 * @slabp: slab pointer being destroyed
2164 *
12dd36fa 2165 * Destroy all the objs in a slab, and release the mem back to the system.
a737b3e2
AM		 2166 * Before calling the slab must have been unlinked from the cache. The
2167 * cache-lock is not held/needed.
12dd36fa 2168 */
343e0d7a 2169static void slab_destroy(struct kmem_cache *cachep, struct slab *slabp)
12dd36fa
MD		 2170{
2171 void *addr = slabp->s_mem - slabp->colouroff;
2172
e79aec29 2173 slab_destroy_debugcheck(cachep, slabp);
1da177e4
LT		 2174 if (unlikely(cachep->flags & SLAB_DESTROY_BY_RCU)) {
2175 struct slab_rcu *slab_rcu;
2176
b28a02de 2177 slab_rcu = (struct slab_rcu *)slabp;
1da177e4
LT		 2178 slab_rcu->cachep = cachep;
2179 slab_rcu->addr = addr;
2180 call_rcu(&slab_rcu->head, kmem_rcu_free);
2181 } else {
2182 kmem_freepages(cachep, addr);
873623df
IM		 2183 if (OFF_SLAB(cachep))
2184 kmem_cache_free(cachep->slabp_cache, slabp);
1da177e4
LT		 2185 }
2186}
2187
117f6eb1
CL		 2188static void __kmem_cache_destroy(struct kmem_cache *cachep)
2189{
2190 int i;
2191 struct kmem_list3 *l3;
2192
2193 for_each_online_cpu(i)
2194 kfree(cachep->array[i]);
2195
2196 /* NUMA: free the list3 structures */
2197 for_each_online_node(i) {
2198 l3 = cachep->nodelists[i];
2199 if (l3) {
2200 kfree(l3->shared);
2201 free_alien_cache(l3->alien);
2202 kfree(l3);
2203 }
2204 }
2205 kmem_cache_free(&cache_cache, cachep);
2206}
2207
2208
4d268eba 2209/**
a70773dd
RD		 2210 * calculate_slab_order - calculate size (page order) of slabs
2211 * @cachep: pointer to the cache that is being created
2212 * @size: size of objects to be created in this cache.
2213 * @align: required alignment for the objects.
2214 * @flags: slab allocation flags
2215 *
2216 * Also calculates the number of objects per slab.
4d268eba
PE		 2217 *
2218 * This could be made much more intelligent. For now, try to avoid using
2219 * high order pages for slabs. When the gfp() functions are more friendly
2220 * towards high-order requests, this should be changed.
2221 */
a737b3e2 2222static size_t calculate_slab_order(struct kmem_cache *cachep,
ee13d785 2223 size_t size, size_t align, unsigned long flags)
4d268eba 2224{
b1ab41c4 2225 unsigned long offslab_limit;
4d268eba 2226 size_t left_over = 0;
9888e6fa 2227 int gfporder;
4d268eba 2228
0aa817f0 2229 for (gfporder = 0; gfporder <= KMALLOC_MAX_ORDER; gfporder++) {
4d268eba
PE		 2230 unsigned int num;
2231 size_t remainder;
2232
9888e6fa 2233 cache_estimate(gfporder, size, align, flags, &remainder, &num);
4d268eba
PE		 2234 if (!num)
2235 continue;
9888e6fa 2236
b1ab41c4
IM		 2237 if (flags & CFLGS_OFF_SLAB) {
2238 /*
2239 * Max number of objs-per-slab for caches which
2240 * use off-slab slabs. Needed to avoid a possible
2241 * looping condition in cache_grow().
2242 */
2243 offslab_limit = size - sizeof(struct slab);
2244 offslab_limit /= sizeof(kmem_bufctl_t);
2245
2246 if (num > offslab_limit)
2247 break;
2248 }
4d268eba 2249
9888e6fa 2250 /* Found something acceptable - save it away */
4d268eba 2251 cachep->num = num;
9888e6fa 2252 cachep->gfporder = gfporder;
4d268eba
PE		 2253 left_over = remainder;
2254
f78bb8ad
LT		 2255 /*
2256 * A VFS-reclaimable slab tends to have most allocations
2257 * as GFP_NOFS and we really don't want to have to be allocating
2258 * higher-order pages when we are unable to shrink dcache.
2259 */
2260 if (flags & SLAB_RECLAIM_ACCOUNT)
2261 break;
2262
4d268eba
PE		 2263 /*
2264 * Large number of objects is good, but very large slabs are
2265 * currently bad for the gfp()s.
2266 */
543585cc 2267 if (gfporder >= slab_max_order)
4d268eba
PE		 2268 break;
2269
9888e6fa
LT		 2270 /*
2271 * Acceptable internal fragmentation?
2272 */
a737b3e2 2273 if (left_over * 8 <= (PAGE_SIZE << gfporder))
4d268eba
PE		 2274 break;
2275 }
2276 return left_over;
2277}
2278
83b519e8 2279static int __init_refok setup_cpu_cache(struct kmem_cache *cachep, gfp_t gfp)
f30cf7d1 2280{
97d06609 2281 if (slab_state >= FULL)
83b519e8 2282 return enable_cpucache(cachep, gfp);
2ed3a4ef 2283
97d06609 2284 if (slab_state == DOWN) {
f30cf7d1
PE		 2285 /*
2286 * Note: the first kmem_cache_create must create the cache
2287 * that's used by kmalloc(24), otherwise the creation of
2288 * further caches will BUG().
2289 */
2290 cachep->array[smp_processor_id()] = &initarray_generic.cache;
2291
2292 /*
2293 * If the cache that's used by kmalloc(sizeof(kmem_list3)) is
2294 * the first cache, then we need to set up all its list3s,
2295 * otherwise the creation of further caches will BUG().
2296 */
2297 set_up_list3s(cachep, SIZE_AC);
2298 if (INDEX_AC == INDEX_L3)
97d06609 2299 slab_state = PARTIAL_L3;
f30cf7d1 2300 else
97d06609 2301 slab_state = PARTIAL_ARRAYCACHE;
f30cf7d1
PE		 2302 } else {
2303 cachep->array[smp_processor_id()] =
83b519e8 2304 kmalloc(sizeof(struct arraycache_init), gfp);
f30cf7d1 2305
97d06609 2306 if (slab_state == PARTIAL_ARRAYCACHE) {
f30cf7d1 2307 set_up_list3s(cachep, SIZE_L3);
97d06609 2308 slab_state = PARTIAL_L3;
f30cf7d1
PE		 2309 } else {
2310 int node;
556a169d 2311 for_each_online_node(node) {
f30cf7d1
PE		 2312 cachep->nodelists[node] =
2313 kmalloc_node(sizeof(struct kmem_list3),
eb91f1d0 2314 gfp, node);
f30cf7d1
PE		 2315 BUG_ON(!cachep->nodelists[node]);
2316 kmem_list3_init(cachep->nodelists[node]);
2317 }
2318 }
2319 }
7d6e6d09 2320 cachep->nodelists[numa_mem_id()]->next_reap =
f30cf7d1
PE		 2321 jiffies + REAPTIMEOUT_LIST3 +
2322 ((unsigned long)cachep) % REAPTIMEOUT_LIST3;
2323
2324 cpu_cache_get(cachep)->avail = 0;
2325 cpu_cache_get(cachep)->limit = BOOT_CPUCACHE_ENTRIES;
2326 cpu_cache_get(cachep)->batchcount = 1;
2327 cpu_cache_get(cachep)->touched = 0;
2328 cachep->batchcount = 1;
2329 cachep->limit = BOOT_CPUCACHE_ENTRIES;
2ed3a4ef 2330 return 0;
f30cf7d1
PE		 2331}
2332
1da177e4 2333/**
039363f3 2334 * __kmem_cache_create - Create a cache.
1da177e4
LT		 2335 * @name: A string which is used in /proc/slabinfo to identify this cache.
2336 * @size: The size of objects to be created in this cache.
2337 * @align: The required alignment for the objects.
2338 * @flags: SLAB flags
2339 * @ctor: A constructor for the objects.
1da177e4
LT		 2340 *
2341 * Returns a ptr to the cache on success, NULL on failure.
2342 * Cannot be called within a int, but can be interrupted.
20c2df83 2343 * The @ctor is run when new pages are allocated by the cache.
1da177e4
LT		 2344 *
2345 * @name must be valid until the cache is destroyed. This implies that
a737b3e2
AM		 2346 * the module calling this has to destroy the cache before getting unloaded.
2347 *
1da177e4
LT		 2348 * The flags are
2349 *
2350 * %SLAB_POISON - Poison the slab with a known test pattern (a5a5a5a5)
2351 * to catch references to uninitialised memory.
2352 *
2353 * %SLAB_RED_ZONE - Insert `Red' zones around the allocated memory to check
2354 * for buffer overruns.
2355 *
1da177e4
LT		 2356 * %SLAB_HWCACHE_ALIGN - Align the objects in this cache to a hardware
2357 * cacheline. This can be beneficial if you're counting cycles as closely
2358 * as davem.
2359 */
343e0d7a 2360struct kmem_cache *
039363f3 2361__kmem_cache_create (const char *name, size_t size, size_t align,
51cc5068 2362 unsigned long flags, void (*ctor)(void *))
1da177e4
LT		 2363{
2364 size_t left_over, slab_size, ralign;
20cea968 2365 struct kmem_cache *cachep = NULL;
83b519e8 2366 gfp_t gfp;
1da177e4 2367
1da177e4 2368#if DEBUG
1da177e4
LT		 2369#if FORCED_DEBUG
2370 /*
2371 * Enable redzoning and last user accounting, except for caches with
2372 * large objects, if the increased size would increase the object size
2373 * above the next power of two: caches with object sizes just above a
2374 * power of two have a significant amount of internal fragmentation.
2375 */
87a927c7
DW		 2376 if (size < 4096 || fls(size - 1) == fls(size-1 + REDZONE_ALIGN +
2377 2 * sizeof(unsigned long long)))
b28a02de 2378 flags |= SLAB_RED_ZONE | SLAB_STORE_USER;
1da177e4
LT		 2379 if (!(flags & SLAB_DESTROY_BY_RCU))
2380 flags |= SLAB_POISON;
2381#endif
2382 if (flags & SLAB_DESTROY_BY_RCU)
2383 BUG_ON(flags & SLAB_POISON);
2384#endif
1da177e4 2385 /*
a737b3e2
AM		 2386 * Always checks flags, a caller might be expecting debug support which
2387 * isn't available.
1da177e4 2388 */
40094fa6 2389 BUG_ON(flags & ~CREATE_MASK);
1da177e4 2390
a737b3e2
AM		 2391 /*
2392 * Check that size is in terms of words. This is needed to avoid
1da177e4
LT		 2393 * unaligned accesses for some archs when redzoning is used, and makes
2394 * sure any on-slab bufctl's are also correctly aligned.
2395 */
b28a02de
PE		 2396 if (size & (BYTES_PER_WORD - 1)) {
2397 size += (BYTES_PER_WORD - 1);
2398 size &= ~(BYTES_PER_WORD - 1);
1da177e4
LT		 2399 }
2400
a737b3e2
AM		 2401 /* calculate the final buffer alignment: */
2402
1da177e4
LT		 2403 /* 1) arch recommendation: can be overridden for debug */
2404 if (flags & SLAB_HWCACHE_ALIGN) {
a737b3e2
AM		 2405 /*
2406 * Default alignment: as specified by the arch code. Except if
2407 * an object is really small, then squeeze multiple objects into
2408 * one cacheline.
1da177e4
LT		 2409 */
2410 ralign = cache_line_size();
b28a02de 2411 while (size <= ralign / 2)
1da177e4
LT		 2412 ralign /= 2;
2413 } else {
2414 ralign = BYTES_PER_WORD;
2415 }
ca5f9703
PE		 2416
2417 /*
87a927c7
DW		 2418 * Redzoning and user store require word alignment or possibly larger.
2419 * Note this will be overridden by architecture or caller mandated
2420 * alignment if either is greater than BYTES_PER_WORD.
ca5f9703 2421 */
87a927c7
DW		 2422 if (flags & SLAB_STORE_USER)
2423 ralign = BYTES_PER_WORD;
2424
2425 if (flags & SLAB_RED_ZONE) {
2426 ralign = REDZONE_ALIGN;
2427 /* If redzoning, ensure that the second redzone is suitably
2428 * aligned, by adjusting the object size accordingly. */
2429 size += REDZONE_ALIGN - 1;
2430 size &= ~(REDZONE_ALIGN - 1);
2431 }
ca5f9703 2432
a44b56d3 2433 /* 2) arch mandated alignment */
1da177e4
LT		 2434 if (ralign < ARCH_SLAB_MINALIGN) {
2435 ralign = ARCH_SLAB_MINALIGN;
1da177e4 2436 }
a44b56d3 2437 /* 3) caller mandated alignment */
1da177e4
LT		 2438 if (ralign < align) {
2439 ralign = align;
1da177e4 2440 }
3ff84a7f
PE		 2441 /* disable debug if necessary */
2442 if (ralign > __alignof__(unsigned long long))
a44b56d3 2443 flags &= ~(SLAB_RED_ZONE | SLAB_STORE_USER);
a737b3e2 2444 /*
ca5f9703 2445 * 4) Store it.
1da177e4
LT		 2446 */
2447 align = ralign;
2448
83b519e8
PE		 2449 if (slab_is_available())
2450 gfp = GFP_KERNEL;
2451 else
2452 gfp = GFP_NOWAIT;
2453
1da177e4 2454 /* Get cache's description obj. */
83b519e8 2455 cachep = kmem_cache_zalloc(&cache_cache, gfp);
1da177e4 2456 if (!cachep)
039363f3 2457 return NULL;
1da177e4 2458
b56efcf0 2459 cachep->nodelists = (struct kmem_list3 **)&cachep->array[nr_cpu_ids];
3b0efdfa
CL		 2460 cachep->object_size = size;
2461 cachep->align = align;
1da177e4 2462#if DEBUG
1da177e4 2463
ca5f9703
PE		 2464 /*
2465 * Both debugging options require word-alignment which is calculated
2466 * into align above.
2467 */
1da177e4 2468 if (flags & SLAB_RED_ZONE) {
1da177e4 2469 /* add space for red zone words */
3ff84a7f
PE		 2470 cachep->obj_offset += sizeof(unsigned long long);
2471 size += 2 * sizeof(unsigned long long);
1da177e4
LT		 2472 }
2473 if (flags & SLAB_STORE_USER) {
ca5f9703 2474 /* user store requires one word storage behind the end of
87a927c7
DW		 2475 * the real object. But if the second red zone needs to be
2476 * aligned to 64 bits, we must allow that much space.
1da177e4 2477 */
87a927c7
DW		 2478 if (flags & SLAB_RED_ZONE)
2479 size += REDZONE_ALIGN;
2480 else
2481 size += BYTES_PER_WORD;
1da177e4
LT		 2482 }
2483#if FORCED_DEBUG && defined(CONFIG_DEBUG_PAGEALLOC)
b28a02de 2484 if (size >= malloc_sizes[INDEX_L3 + 1].cs_size
3b0efdfa 2485 && cachep->object_size > cache_line_size() && ALIGN(size, align) < PAGE_SIZE) {
1ab335d8 2486 cachep->obj_offset += PAGE_SIZE - ALIGN(size, align);
1da177e4
LT		 2487 size = PAGE_SIZE;
2488 }
2489#endif
2490#endif
2491
e0a42726
IM		 2492 /*
2493 * Determine if the slab management is 'on' or 'off' slab.
2494 * (bootstrapping cannot cope with offslab caches so don't do
e7cb55b9
CM		 2495 * it too early on. Always use on-slab management when
2496 * SLAB_NOLEAKTRACE to avoid recursive calls into kmemleak)
e0a42726 2497 */
e7cb55b9
CM		 2498 if ((size >= (PAGE_SIZE >> 3)) && !slab_early_init &&
2499 !(flags & SLAB_NOLEAKTRACE))
1da177e4
LT		 2500 /*
2501 * Size is large, assume best to place the slab management obj
2502 * off-slab (should allow better packing of objs).
2503 */
2504 flags |= CFLGS_OFF_SLAB;
2505
2506 size = ALIGN(size, align);
2507
f78bb8ad 2508 left_over = calculate_slab_order(cachep, size, align, flags);
1da177e4
LT		 2509
2510 if (!cachep->num) {
b4169525 2511 printk(KERN_ERR
2512 "kmem_cache_create: couldn't create cache %s.\n", name);
1da177e4 2513 kmem_cache_free(&cache_cache, cachep);
039363f3 2514 return NULL;
1da177e4 2515 }
b28a02de
PE		 2516 slab_size = ALIGN(cachep->num * sizeof(kmem_bufctl_t)
2517 + sizeof(struct slab), align);
1da177e4
LT		 2518
2519 /*
2520 * If the slab has been placed off-slab, and we have enough space then
2521 * move it on-slab. This is at the expense of any extra colouring.
2522 */
2523 if (flags & CFLGS_OFF_SLAB && left_over >= slab_size) {
2524 flags &= ~CFLGS_OFF_SLAB;
2525 left_over -= slab_size;
2526 }
2527
2528 if (flags & CFLGS_OFF_SLAB) {
2529 /* really off slab. No need for manual alignment */
b28a02de
PE		 2530 slab_size =
2531 cachep->num * sizeof(kmem_bufctl_t) + sizeof(struct slab);
67461365
RL		 2532
2533#ifdef CONFIG_PAGE_POISONING
2534 /* If we're going to use the generic kernel_map_pages()
2535 * poisoning, then it's going to smash the contents of
2536 * the redzone and userword anyhow, so switch them off.
2537 */
2538 if (size % PAGE_SIZE == 0 && flags & SLAB_POISON)
2539 flags &= ~(SLAB_RED_ZONE | SLAB_STORE_USER);
2540#endif
1da177e4
LT		 2541 }
2542
2543 cachep->colour_off = cache_line_size();
2544 /* Offset must be a multiple of the alignment. */
2545 if (cachep->colour_off < align)
2546 cachep->colour_off = align;
b28a02de 2547 cachep->colour = left_over / cachep->colour_off;
1da177e4
LT		 2548 cachep->slab_size = slab_size;
2549 cachep->flags = flags;
a618e89f 2550 cachep->allocflags = 0;
4b51d669 2551 if (CONFIG_ZONE_DMA_FLAG && (flags & SLAB_CACHE_DMA))
a618e89f 2552 cachep->allocflags |= GFP_DMA;
3b0efdfa 2553 cachep->size = size;
6a2d7a95 2554 cachep->reciprocal_buffer_size = reciprocal_value(size);
1da177e4 2555
e5ac9c5a 2556 if (flags & CFLGS_OFF_SLAB) {
b2d55073 2557 cachep->slabp_cache = kmem_find_general_cachep(slab_size, 0u);
e5ac9c5a
RT		 2558 /*
2559 * This is a possibility for one of the malloc_sizes caches.
2560 * But since we go off slab only for object size greater than
2561 * PAGE_SIZE/8, and malloc_sizes gets created in ascending order,
2562 * this should not happen at all.
2563 * But leave a BUG_ON for some lucky dude.
2564 */
6cb8f913 2565 BUG_ON(ZERO_OR_NULL_PTR(cachep->slabp_cache));
e5ac9c5a 2566 }
1da177e4 2567 cachep->ctor = ctor;
1da177e4
LT		 2568 cachep->name = name;
2569
83b519e8 2570 if (setup_cpu_cache(cachep, gfp)) {
2ed3a4ef 2571 __kmem_cache_destroy(cachep);
039363f3 2572 return NULL;
2ed3a4ef 2573 }
1da177e4 2574
83835b3d
PZ		 2575 if (flags & SLAB_DEBUG_OBJECTS) {
2576 /*
2577 * Would deadlock through slab_destroy()->call_rcu()->
2578 * debug_object_activate()->kmem_cache_alloc().
2579 */
2580 WARN_ON_ONCE(flags & SLAB_DESTROY_BY_RCU);
2581
2582 slab_set_debugobj_lock_classes(cachep);
2583 }
2584
1da177e4 2585 /* cache setup completed, link it into the list */
18004c5d 2586 list_add(&cachep->list, &slab_caches);
1da177e4
LT		 2587 return cachep;
2588}
1da177e4
LT		 2589
2590#if DEBUG
2591static void check_irq_off(void)
2592{
2593 BUG_ON(!irqs_disabled());
2594}
2595
2596static void check_irq_on(void)
2597{
2598 BUG_ON(irqs_disabled());
2599}
2600
343e0d7a 2601static void check_spinlock_acquired(struct kmem_cache *cachep)
1da177e4
LT		 2602{
2603#ifdef CONFIG_SMP
2604 check_irq_off();
7d6e6d09 2605 assert_spin_locked(&cachep->nodelists[numa_mem_id()]->list_lock);
1da177e4
LT		 2606#endif
2607}
e498be7d 2608
343e0d7a 2609static void check_spinlock_acquired_node(struct kmem_cache *cachep, int node)
e498be7d
CL		 2610{
2611#ifdef CONFIG_SMP
2612 check_irq_off();
2613 assert_spin_locked(&cachep->nodelists[node]->list_lock);
2614#endif
2615}
2616
1da177e4
LT		 2617#else
2618#define check_irq_off() do { } while(0)
2619#define check_irq_on() do { } while(0)
2620#define check_spinlock_acquired(x) do { } while(0)
e498be7d 2621#define check_spinlock_acquired_node(x, y) do { } while(0)
1da177e4
LT		 2622#endif
2623
aab2207c
CL		 2624static void drain_array(struct kmem_cache *cachep, struct kmem_list3 *l3,
2625 struct array_cache *ac,
2626 int force, int node);
2627
1da177e4
LT		 2628static void do_drain(void *arg)
2629{
a737b3e2 2630 struct kmem_cache *cachep = arg;
1da177e4 2631 struct array_cache *ac;
7d6e6d09 2632 int node = numa_mem_id();
1da177e4
LT		 2633
2634 check_irq_off();
9a2dba4b 2635 ac = cpu_cache_get(cachep);
ff69416e
CL		 2636 spin_lock(&cachep->nodelists[node]->list_lock);
2637 free_block(cachep, ac->entry, ac->avail, node);
2638 spin_unlock(&cachep->nodelists[node]->list_lock);
1da177e4
LT		 2639 ac->avail = 0;
2640}
2641
343e0d7a 2642static void drain_cpu_caches(struct kmem_cache *cachep)
1da177e4 2643{
e498be7d
CL		 2644 struct kmem_list3 *l3;
2645 int node;
2646
15c8b6c1 2647 on_each_cpu(do_drain, cachep, 1);
1da177e4 2648 check_irq_on();
b28a02de 2649 for_each_online_node(node) {
e498be7d 2650 l3 = cachep->nodelists[node];
a4523a8b
RD		 2651 if (l3 && l3->alien)
2652 drain_alien_cache(cachep, l3->alien);
2653 }
2654
2655 for_each_online_node(node) {
2656 l3 = cachep->nodelists[node];
2657 if (l3)
aab2207c 2658 drain_array(cachep, l3, l3->shared, 1, node);
e498be7d 2659 }
1da177e4
LT		 2660}
2661
ed11d9eb
CL		 2662/*
2663 * Remove slabs from the list of free slabs.
2664 * Specify the number of slabs to drain in tofree.
2665 *
2666 * Returns the actual number of slabs released.
2667 */
2668static int drain_freelist(struct kmem_cache *cache,
2669 struct kmem_list3 *l3, int tofree)
1da177e4 2670{
ed11d9eb
CL		 2671 struct list_head *p;
2672 int nr_freed;
1da177e4 2673 struct slab *slabp;
1da177e4 2674
ed11d9eb
CL		 2675 nr_freed = 0;
2676 while (nr_freed < tofree && !list_empty(&l3->slabs_free)) {
1da177e4 2677
ed11d9eb 2678 spin_lock_irq(&l3->list_lock);
e498be7d 2679 p = l3->slabs_free.prev;
ed11d9eb
CL		 2680 if (p == &l3->slabs_free) {
2681 spin_unlock_irq(&l3->list_lock);
2682 goto out;
2683 }
1da177e4 2684
ed11d9eb 2685 slabp = list_entry(p, struct slab, list);
1da177e4 2686#if DEBUG
40094fa6 2687 BUG_ON(slabp->inuse);
1da177e4
LT		 2688#endif
2689 list_del(&slabp->list);
ed11d9eb
CL		 2690 /*
2691 * Safe to drop the lock. The slab is no longer linked
2692 * to the cache.
2693 */
2694 l3->free_objects -= cache->num;
e498be7d 2695 spin_unlock_irq(&l3->list_lock);
ed11d9eb
CL		 2696 slab_destroy(cache, slabp);
2697 nr_freed++;
1da177e4 2698 }
ed11d9eb
CL		 2699out:
2700 return nr_freed;
1da177e4
LT		 2701}
2702
18004c5d 2703/* Called with slab_mutex held to protect against cpu hotplug */
343e0d7a 2704static int __cache_shrink(struct kmem_cache *cachep)
e498be7d
CL		 2705{
2706 int ret = 0, i = 0;
2707 struct kmem_list3 *l3;
2708
2709 drain_cpu_caches(cachep);
2710
2711 check_irq_on();
2712 for_each_online_node(i) {
2713 l3 = cachep->nodelists[i];
ed11d9eb
CL		 2714 if (!l3)
2715 continue;
2716
2717 drain_freelist(cachep, l3, l3->free_objects);
2718
2719 ret += !list_empty(&l3->slabs_full) ||
2720 !list_empty(&l3->slabs_partial);
e498be7d
CL		 2721 }
2722 return (ret ? 1 : 0);
2723}
2724
1da177e4
LT		 2725/**
2726 * kmem_cache_shrink - Shrink a cache.
2727 * @cachep: The cache to shrink.
2728 *
2729 * Releases as many slabs as possible for a cache.
2730 * To help debugging, a zero exit status indicates all slabs were released.
2731 */
343e0d7a 2732int kmem_cache_shrink(struct kmem_cache *cachep)
1da177e4 2733{
8f5be20b 2734 int ret;
40094fa6 2735 BUG_ON(!cachep || in_interrupt());
1da177e4 2736
95402b38 2737 get_online_cpus();
18004c5d 2738 mutex_lock(&slab_mutex);
8f5be20b 2739 ret = __cache_shrink(cachep);
18004c5d 2740 mutex_unlock(&slab_mutex);
95402b38 2741 put_online_cpus();
8f5be20b 2742 return ret;
1da177e4
LT		 2743}
2744EXPORT_SYMBOL(kmem_cache_shrink);
2745
2746/**
2747 * kmem_cache_destroy - delete a cache
2748 * @cachep: the cache to destroy
2749 *
72fd4a35 2750 * Remove a &struct kmem_cache object from the slab cache.
1da177e4
LT		 2751 *
2752 * It is expected this function will be called by a module when it is
2753 * unloaded. This will remove the cache completely, and avoid a duplicate
2754 * cache being allocated each time a module is loaded and unloaded, if the
2755 * module doesn't have persistent in-kernel storage across loads and unloads.
2756 *
2757 * The cache must be empty before calling this function.
2758 *
25985edc 2759 * The caller must guarantee that no one will allocate memory from the cache
1da177e4
LT		 2760 * during the kmem_cache_destroy().
2761 */
133d205a 2762void kmem_cache_destroy(struct kmem_cache *cachep)
1da177e4 2763{
40094fa6 2764 BUG_ON(!cachep || in_interrupt());
1da177e4 2765
1da177e4 2766 /* Find the cache in the chain of caches. */
95402b38 2767 get_online_cpus();
18004c5d 2768 mutex_lock(&slab_mutex);
1da177e4
LT		 2769 /*
2770 * the chain is never empty, cache_cache is never destroyed
2771 */
3b0efdfa 2772 list_del(&cachep->list);
1da177e4
LT		 2773 if (__cache_shrink(cachep)) {
2774 slab_error(cachep, "Can't free all objects");
18004c5d
CL		 2775 list_add(&cachep->list, &slab_caches);
2776 mutex_unlock(&slab_mutex);
95402b38 2777 put_online_cpus();
133d205a 2778 return;
1da177e4
LT		 2779 }
2780
2781 if (unlikely(cachep->flags & SLAB_DESTROY_BY_RCU))
7ed9f7e5 2782 rcu_barrier();
1da177e4 2783
117f6eb1 2784 __kmem_cache_destroy(cachep);
18004c5d 2785 mutex_unlock(&slab_mutex);
95402b38 2786 put_online_cpus();
1da177e4
LT		 2787}
2788EXPORT_SYMBOL(kmem_cache_destroy);
2789
e5ac9c5a
RT		 2790/*
2791 * Get the memory for a slab management obj.
2792 * For a slab cache when the slab descriptor is off-slab, slab descriptors
2793 * always come from malloc_sizes caches. The slab descriptor cannot
2794 * come from the same cache which is getting created because,
2795 * when we are searching for an appropriate cache for these
2796 * descriptors in kmem_cache_create, we search through the malloc_sizes array.
2797 * If we are creating a malloc_sizes cache here it would not be visible to
2798 * kmem_find_general_cachep till the initialization is complete.
2799 * Hence we cannot have slabp_cache same as the original cache.
2800 */
343e0d7a 2801static struct slab *alloc_slabmgmt(struct kmem_cache *cachep, void *objp,
5b74ada7
RT		 2802 int colour_off, gfp_t local_flags,
2803 int nodeid)
1da177e4
LT		 2804{
2805 struct slab *slabp;
b28a02de 2806
1da177e4
LT		 2807 if (OFF_SLAB(cachep)) {
2808 /* Slab management obj is off-slab. */
5b74ada7 2809 slabp = kmem_cache_alloc_node(cachep->slabp_cache,
8759ec50 2810 local_flags, nodeid);
d5cff635
CM		 2811 /*
2812 * If the first object in the slab is leaked (it's allocated
2813 * but no one has a reference to it), we want to make sure
2814 * kmemleak does not treat the ->s_mem pointer as a reference
2815 * to the object. Otherwise we will not report the leak.
2816 */
c017b4be
CM		 2817 kmemleak_scan_area(&slabp->list, sizeof(struct list_head),
2818 local_flags);
1da177e4
LT		 2819 if (!slabp)
2820 return NULL;
2821 } else {
b28a02de 2822 slabp = objp + colour_off;
1da177e4
LT		 2823 colour_off += cachep->slab_size;
2824 }
2825 slabp->inuse = 0;
2826 slabp->colouroff = colour_off;
b28a02de 2827 slabp->s_mem = objp + colour_off;
5b74ada7 2828 slabp->nodeid = nodeid;
e51bfd0a 2829 slabp->free = 0;
1da177e4
LT		 2830 return slabp;
2831}
2832
2833static inline kmem_bufctl_t *slab_bufctl(struct slab *slabp)
2834{
b28a02de 2835 return (kmem_bufctl_t *) (slabp + 1);
1da177e4
LT		 2836}
2837
343e0d7a 2838static void cache_init_objs(struct kmem_cache *cachep,
a35afb83 2839 struct slab *slabp)
1da177e4
LT		 2840{
2841 int i;
2842
2843 for (i = 0; i < cachep->num; i++) {
8fea4e96 2844 void *objp = index_to_obj(cachep, slabp, i);
1da177e4
LT		 2845#if DEBUG
2846 /* need to poison the objs? */
2847 if (cachep->flags & SLAB_POISON)
2848 poison_obj(cachep, objp, POISON_FREE);
2849 if (cachep->flags & SLAB_STORE_USER)
2850 *dbg_userword(cachep, objp) = NULL;
2851
2852 if (cachep->flags & SLAB_RED_ZONE) {
2853 *dbg_redzone1(cachep, objp) = RED_INACTIVE;
2854 *dbg_redzone2(cachep, objp) = RED_INACTIVE;
2855 }
2856 /*
a737b3e2
AM		 2857 * Constructors are not allowed to allocate memory from the same
2858 * cache which they are a constructor for. Otherwise, deadlock.
2859 * They must also be threaded.
1da177e4
LT		 2860 */
2861 if (cachep->ctor && !(cachep->flags & SLAB_POISON))
51cc5068 2862 cachep->ctor(objp + obj_offset(cachep));
1da177e4
LT		 2863
2864 if (cachep->flags & SLAB_RED_ZONE) {
2865 if (*dbg_redzone2(cachep, objp) != RED_INACTIVE)
2866 slab_error(cachep, "constructor overwrote the"
b28a02de 2867 " end of an object");
1da177e4
LT		 2868 if (*dbg_redzone1(cachep, objp) != RED_INACTIVE)
2869 slab_error(cachep, "constructor overwrote the"
b28a02de 2870 " start of an object");
1da177e4 2871 }
3b0efdfa 2872 if ((cachep->size % PAGE_SIZE) == 0 &&
a737b3e2 2873 OFF_SLAB(cachep) && cachep->flags & SLAB_POISON)
b28a02de 2874 kernel_map_pages(virt_to_page(objp),
3b0efdfa 2875 cachep->size / PAGE_SIZE, 0);
1da177e4
LT		 2876#else
2877 if (cachep->ctor)
51cc5068 2878 cachep->ctor(objp);
1da177e4 2879#endif
b28a02de 2880 slab_bufctl(slabp)[i] = i + 1;
1da177e4 2881 }
b28a02de 2882 slab_bufctl(slabp)[i - 1] = BUFCTL_END;
1da177e4
LT		 2883}
2884
343e0d7a 2885static void kmem_flagcheck(struct kmem_cache *cachep, gfp_t flags)
1da177e4 2886{
4b51d669
CL		 2887 if (CONFIG_ZONE_DMA_FLAG) {
2888 if (flags & GFP_DMA)
a618e89f 2889 BUG_ON(!(cachep->allocflags & GFP_DMA));
4b51d669 2890 else
a618e89f 2891 BUG_ON(cachep->allocflags & GFP_DMA);
4b51d669 2892 }
1da177e4
LT		 2893}
2894
a737b3e2
AM		 2895static void *slab_get_obj(struct kmem_cache *cachep, struct slab *slabp,
2896 int nodeid)
78d382d7 2897{
8fea4e96 2898 void *objp = index_to_obj(cachep, slabp, slabp->free);
78d382d7
MD		 2899 kmem_bufctl_t next;
2900
2901 slabp->inuse++;
2902 next = slab_bufctl(slabp)[slabp->free];
2903#if DEBUG
2904 slab_bufctl(slabp)[slabp->free] = BUFCTL_FREE;
2905 WARN_ON(slabp->nodeid != nodeid);
2906#endif
2907 slabp->free = next;
2908
2909 return objp;
2910}
2911
a737b3e2
AM		 2912static void slab_put_obj(struct kmem_cache *cachep, struct slab *slabp,
2913 void *objp, int nodeid)
78d382d7 2914{
8fea4e96 2915 unsigned int objnr = obj_to_index(cachep, slabp, objp);
78d382d7
MD		 2916
2917#if DEBUG
2918 /* Verify that the slab belongs to the intended node */
2919 WARN_ON(slabp->nodeid != nodeid);
2920
871751e2 2921 if (slab_bufctl(slabp)[objnr] + 1 <= SLAB_LIMIT + 1) {
78d382d7 2922 printk(KERN_ERR "slab: double free detected in cache "
a737b3e2 2923 "'%s', objp %p\n", cachep->name, objp);
78d382d7
MD		 2924 BUG();
2925 }
2926#endif
2927 slab_bufctl(slabp)[objnr] = slabp->free;
2928 slabp->free = objnr;
2929 slabp->inuse--;
2930}
2931
4776874f
PE		 2932/*
2933 * Map pages beginning at addr to the given cache and slab. This is required
2934 * for the slab allocator to be able to lookup the cache and slab of a
ccd35fb9 2935 * virtual address for kfree, ksize, and slab debugging.
4776874f
PE		 2936 */
2937static void slab_map_pages(struct kmem_cache *cache, struct slab *slab,
2938 void *addr)
1da177e4 2939{
4776874f 2940 int nr_pages;
1da177e4
LT		 2941 struct page *page;
2942
4776874f 2943 page = virt_to_page(addr);
84097518 2944
4776874f 2945 nr_pages = 1;
84097518 2946 if (likely(!PageCompound(page)))
4776874f
PE		 2947 nr_pages <<= cache->gfporder;
2948
1da177e4 2949 do {
35026088
CL		 2950 page->slab_cache = cache;
2951 page->slab_page = slab;
1da177e4 2952 page++;
4776874f 2953 } while (--nr_pages);
1da177e4
LT		 2954}
2955
2956/*
2957 * Grow (by 1) the number of slabs within a cache. This is called by
2958 * kmem_cache_alloc() when there are no active objs left in a cache.
2959 */
3c517a61
CL		 2960static int cache_grow(struct kmem_cache *cachep,
2961 gfp_t flags, int nodeid, void *objp)
1da177e4 2962{
b28a02de 2963 struct slab *slabp;
b28a02de
PE		 2964 size_t offset;
2965 gfp_t local_flags;
e498be7d 2966 struct kmem_list3 *l3;
1da177e4 2967
a737b3e2
AM		 2968 /*
2969 * Be lazy and only check for valid flags here, keeping it out of the
2970 * critical path in kmem_cache_alloc().
1da177e4 2971 */
6cb06229
CL		 2972 BUG_ON(flags & GFP_SLAB_BUG_MASK);
2973 local_flags = flags & (GFP_CONSTRAINT_MASK|GFP_RECLAIM_MASK);
1da177e4 2974
2e1217cf 2975 /* Take the l3 list lock to change the colour_next on this node */
1da177e4 2976 check_irq_off();
2e1217cf
RT		 2977 l3 = cachep->nodelists[nodeid];
2978 spin_lock(&l3->list_lock);
1da177e4
LT		 2979
2980 /* Get colour for the slab, and cal the next value. */
2e1217cf
RT		 2981 offset = l3->colour_next;
2982 l3->colour_next++;
2983 if (l3->colour_next >= cachep->colour)
2984 l3->colour_next = 0;
2985 spin_unlock(&l3->list_lock);
1da177e4 2986
2e1217cf 2987 offset *= cachep->colour_off;
1da177e4
LT		 2988
2989 if (local_flags & __GFP_WAIT)
2990 local_irq_enable();
2991
2992 /*
2993 * The test for missing atomic flag is performed here, rather than
2994 * the more obvious place, simply to reduce the critical path length
2995 * in kmem_cache_alloc(). If a caller is seriously mis-behaving they
2996 * will eventually be caught here (where it matters).
2997 */
2998 kmem_flagcheck(cachep, flags);
2999
a737b3e2
AM		 3000 /*
3001 * Get mem for the objs. Attempt to allocate a physical page from
3002 * 'nodeid'.
e498be7d 3003 */
3c517a61 3004 if (!objp)
b8c1c5da 3005 objp = kmem_getpages(cachep, local_flags, nodeid);
a737b3e2 3006 if (!objp)
1da177e4
LT		 3007 goto failed;
3008
3009 /* Get slab management. */
3c517a61 3010 slabp = alloc_slabmgmt(cachep, objp, offset,
6cb06229 3011 local_flags & ~GFP_CONSTRAINT_MASK, nodeid);
a737b3e2 3012 if (!slabp)
1da177e4
LT		 3013 goto opps1;
3014
4776874f 3015 slab_map_pages(cachep, slabp, objp);
1da177e4 3016
a35afb83 3017 cache_init_objs(cachep, slabp);
1da177e4
LT		 3018
3019 if (local_flags & __GFP_WAIT)
3020 local_irq_disable();
3021 check_irq_off();
e498be7d 3022 spin_lock(&l3->list_lock);
1da177e4
LT		 3023
3024 /* Make slab active. */
e498be7d 3025 list_add_tail(&slabp->list, &(l3->slabs_free));
1da177e4 3026 STATS_INC_GROWN(cachep);
e498be7d
CL		 3027 l3->free_objects += cachep->num;
3028 spin_unlock(&l3->list_lock);
1da177e4 3029 return 1;
a737b3e2 3030opps1:
1da177e4 3031 kmem_freepages(cachep, objp);
a737b3e2 3032failed:
1da177e4
LT		 3033 if (local_flags & __GFP_WAIT)
3034 local_irq_disable();
3035 return 0;
3036}
3037
3038#if DEBUG
3039
3040/*
3041 * Perform extra freeing checks:
3042 * - detect bad pointers.
3043 * - POISON/RED_ZONE checking
1da177e4
LT		 3044 */
3045static void kfree_debugcheck(const void *objp)
3046{
1da177e4
LT		 3047 if (!virt_addr_valid(objp)) {
3048 printk(KERN_ERR "kfree_debugcheck: out of range ptr %lxh.\n",
b28a02de
PE		 3049 (unsigned long)objp);
3050 BUG();
1da177e4 3051 }
1da177e4
LT		 3052}
3053
58ce1fd5
PE		 3054static inline void verify_redzone_free(struct kmem_cache *cache, void *obj)
3055{
b46b8f19 3056 unsigned long long redzone1, redzone2;
58ce1fd5
PE		 3057
3058 redzone1 = *dbg_redzone1(cache, obj);
3059 redzone2 = *dbg_redzone2(cache, obj);
3060
3061 /*
3062 * Redzone is ok.
3063 */
3064 if (redzone1 == RED_ACTIVE && redzone2 == RED_ACTIVE)
3065 return;
3066
3067 if (redzone1 == RED_INACTIVE && redzone2 == RED_INACTIVE)
3068 slab_error(cache, "double free detected");
3069 else
3070 slab_error(cache, "memory outside object was overwritten");
3071
b46b8f19 3072 printk(KERN_ERR "%p: redzone 1:0x%llx, redzone 2:0x%llx.\n",
58ce1fd5
PE		 3073 obj, redzone1, redzone2);
3074}
3075
343e0d7a 3076static void *cache_free_debugcheck(struct kmem_cache *cachep, void *objp,
b28a02de 3077 void *caller)
1da177e4
LT		 3078{
3079 struct page *page;
3080 unsigned int objnr;
3081 struct slab *slabp;
3082
80cbd911
MW		 3083 BUG_ON(virt_to_cache(objp) != cachep);
3084
3dafccf2 3085 objp -= obj_offset(cachep);
1da177e4 3086 kfree_debugcheck(objp);
b49af68f 3087 page = virt_to_head_page(objp);
1da177e4 3088
35026088 3089 slabp = page->slab_page;
1da177e4
LT		 3090
3091 if (cachep->flags & SLAB_RED_ZONE) {
58ce1fd5 3092 verify_redzone_free(cachep, objp);
1da177e4
LT		 3093 *dbg_redzone1(cachep, objp) = RED_INACTIVE;
3094 *dbg_redzone2(cachep, objp) = RED_INACTIVE;
3095 }
3096 if (cachep->flags & SLAB_STORE_USER)
3097 *dbg_userword(cachep, objp) = caller;
3098
8fea4e96 3099 objnr = obj_to_index(cachep, slabp, objp);
1da177e4
LT		 3100
3101 BUG_ON(objnr >= cachep->num);
8fea4e96 3102 BUG_ON(objp != index_to_obj(cachep, slabp, objnr));
1da177e4 3103
871751e2
AV		 3104#ifdef CONFIG_DEBUG_SLAB_LEAK
3105 slab_bufctl(slabp)[objnr] = BUFCTL_FREE;
3106#endif
1da177e4
LT		 3107 if (cachep->flags & SLAB_POISON) {
3108#ifdef CONFIG_DEBUG_PAGEALLOC
3b0efdfa 3109 if ((cachep->size % PAGE_SIZE)==0 && OFF_SLAB(cachep)) {
1da177e4 3110 store_stackinfo(cachep, objp, (unsigned long)caller);
b28a02de 3111 kernel_map_pages(virt_to_page(objp),
3b0efdfa 3112 cachep->size / PAGE_SIZE, 0);
1da177e4
LT		 3113 } else {
3114 poison_obj(cachep, objp, POISON_FREE);
3115 }
3116#else
3117 poison_obj(cachep, objp, POISON_FREE);
3118#endif
3119 }
3120 return objp;
3121}
3122
343e0d7a 3123static void check_slabp(struct kmem_cache *cachep, struct slab *slabp)
1da177e4
LT		 3124{
3125 kmem_bufctl_t i;
3126 int entries = 0;
b28a02de 3127
1da177e4
LT		 3128 /* Check slab's freelist to see if this obj is there. */
3129 for (i = slabp->free; i != BUFCTL_END; i = slab_bufctl(slabp)[i]) {
3130 entries++;
3131 if (entries > cachep->num || i >= cachep->num)
3132 goto bad;
3133 }
3134 if (entries != cachep->num - slabp->inuse) {
a737b3e2
AM		 3135bad:
3136 printk(KERN_ERR "slab: Internal list corruption detected in "
face37f5
DJ		 3137 "cache '%s'(%d), slabp %p(%d). Tainted(%s). Hexdump:\n",
3138 cachep->name, cachep->num, slabp, slabp->inuse,
3139 print_tainted());
fdde6abb
SAS		 3140 print_hex_dump(KERN_ERR, "", DUMP_PREFIX_OFFSET, 16, 1, slabp,
3141 sizeof(*slabp) + cachep->num * sizeof(kmem_bufctl_t),
3142 1);
1da177e4
LT		 3143 BUG();
3144 }
3145}
3146#else
3147#define kfree_debugcheck(x) do { } while(0)
3148#define cache_free_debugcheck(x,objp,z) (objp)
3149#define check_slabp(x,y) do { } while(0)
3150#endif
3151
072bb0aa
MG		 3152static void *cache_alloc_refill(struct kmem_cache *cachep, gfp_t flags,
3153 bool force_refill)
1da177e4
LT		 3154{
3155 int batchcount;
3156 struct kmem_list3 *l3;
3157 struct array_cache *ac;
1ca4cb24
PE		 3158 int node;
3159
1da177e4 3160 check_irq_off();
7d6e6d09 3161 node = numa_mem_id();
072bb0aa
MG		 3162 if (unlikely(force_refill))
3163 goto force_grow;
3164retry:
9a2dba4b 3165 ac = cpu_cache_get(cachep);
1da177e4
LT		 3166 batchcount = ac->batchcount;
3167 if (!ac->touched && batchcount > BATCHREFILL_LIMIT) {
a737b3e2
AM		 3168 /*
3169 * If there was little recent activity on this cache, then
3170 * perform only a partial refill. Otherwise we could generate
3171 * refill bouncing.
1da177e4
LT		 3172 */
3173 batchcount = BATCHREFILL_LIMIT;
3174 }
1ca4cb24 3175 l3 = cachep->nodelists[node];
e498be7d
CL		 3176
3177 BUG_ON(ac->avail > 0 || !l3);
3178 spin_lock(&l3->list_lock);
1da177e4 3179
3ded175a 3180 /* See if we can refill from the shared array */
44b57f1c
NP		 3181 if (l3->shared && transfer_objects(ac, l3->shared, batchcount)) {
3182 l3->shared->touched = 1;
3ded175a 3183 goto alloc_done;
44b57f1c 3184 }
3ded175a 3185
1da177e4
LT		 3186 while (batchcount > 0) {
3187 struct list_head *entry;
3188 struct slab *slabp;
3189 /* Get slab alloc is to come from. */
3190 entry = l3->slabs_partial.next;
3191 if (entry == &l3->slabs_partial) {
3192 l3->free_touched = 1;
3193 entry = l3->slabs_free.next;
3194 if (entry == &l3->slabs_free)
3195 goto must_grow;
3196 }
3197
3198 slabp = list_entry(entry, struct slab, list);
3199 check_slabp(cachep, slabp);
3200 check_spinlock_acquired(cachep);
714b8171
PE		 3201
3202 /*
3203 * The slab was either on partial or free list so
3204 * there must be at least one object available for
3205 * allocation.
3206 */
249b9f33 3207 BUG_ON(slabp->inuse >= cachep->num);
714b8171 3208
1da177e4 3209 while (slabp->inuse < cachep->num && batchcount--) {
1da177e4
LT		 3210 STATS_INC_ALLOCED(cachep);
3211 STATS_INC_ACTIVE(cachep);
3212 STATS_SET_HIGH(cachep);
3213
072bb0aa
MG		 3214 ac_put_obj(cachep, ac, slab_get_obj(cachep, slabp,
3215 node));
1da177e4
LT		 3216 }
3217 check_slabp(cachep, slabp);
3218
3219 /* move slabp to correct slabp list: */
3220 list_del(&slabp->list);
3221 if (slabp->free == BUFCTL_END)
3222 list_add(&slabp->list, &l3->slabs_full);
3223 else
3224 list_add(&slabp->list, &l3->slabs_partial);
3225 }
3226
a737b3e2 3227must_grow:
1da177e4 3228 l3->free_objects -= ac->avail;
a737b3e2 3229alloc_done:
e498be7d 3230 spin_unlock(&l3->list_lock);
1da177e4
LT		 3231
3232 if (unlikely(!ac->avail)) {
3233 int x;
072bb0aa 3234force_grow:
3c517a61 3235 x = cache_grow(cachep, flags | GFP_THISNODE, node, NULL);
e498be7d 3236
a737b3e2 3237 /* cache_grow can reenable interrupts, then ac could change. */
9a2dba4b 3238 ac = cpu_cache_get(cachep);
072bb0aa
MG		 3239
3240 /* no objects in sight? abort */
3241 if (!x && (ac->avail == 0 || force_refill))
1da177e4
LT		 3242 return NULL;
3243
a737b3e2 3244 if (!ac->avail) /* objects refilled by interrupt? */
1da177e4
LT		 3245 goto retry;
3246 }
3247 ac->touched = 1;
072bb0aa
MG		 3248
3249 return ac_get_obj(cachep, ac, flags, force_refill);
1da177e4
LT		 3250}
3251
a737b3e2
AM		 3252static inline void cache_alloc_debugcheck_before(struct kmem_cache *cachep,
3253 gfp_t flags)
1da177e4
LT		 3254{
3255 might_sleep_if(flags & __GFP_WAIT);
3256#if DEBUG
3257 kmem_flagcheck(cachep, flags);
3258#endif
3259}
3260
3261#if DEBUG
a737b3e2
AM		 3262static void *cache_alloc_debugcheck_after(struct kmem_cache *cachep,
3263 gfp_t flags, void *objp, void *caller)
1da177e4 3264{
b28a02de 3265 if (!objp)
1da177e4 3266 return objp;
b28a02de 3267 if (cachep->flags & SLAB_POISON) {
1da177e4 3268#ifdef CONFIG_DEBUG_PAGEALLOC
3b0efdfa 3269 if ((cachep->size % PAGE_SIZE) == 0 && OFF_SLAB(cachep))
b28a02de 3270 kernel_map_pages(virt_to_page(objp),
3b0efdfa 3271 cachep->size / PAGE_SIZE, 1);
1da177e4
LT		 3272 else
3273 check_poison_obj(cachep, objp);
3274#else
3275 check_poison_obj(cachep, objp);
3276#endif
3277 poison_obj(cachep, objp, POISON_INUSE);
3278 }
3279 if (cachep->flags & SLAB_STORE_USER)
3280 *dbg_userword(cachep, objp) = caller;
3281
3282 if (cachep->flags & SLAB_RED_ZONE) {
a737b3e2
AM		 3283 if (*dbg_redzone1(cachep, objp) != RED_INACTIVE ||
3284 *dbg_redzone2(cachep, objp) != RED_INACTIVE) {
3285 slab_error(cachep, "double free, or memory outside"
3286 " object was overwritten");
b28a02de 3287 printk(KERN_ERR
b46b8f19 3288 "%p: redzone 1:0x%llx, redzone 2:0x%llx\n",
a737b3e2
AM		 3289 objp, *dbg_redzone1(cachep, objp),
3290 *dbg_redzone2(cachep, objp));
1da177e4
LT		 3291 }
3292 *dbg_redzone1(cachep, objp) = RED_ACTIVE;
3293 *dbg_redzone2(cachep, objp) = RED_ACTIVE;
3294 }
871751e2
AV		 3295#ifdef CONFIG_DEBUG_SLAB_LEAK
3296 {
3297 struct slab *slabp;
3298 unsigned objnr;
3299
35026088 3300 slabp = virt_to_head_page(objp)->slab_page;
3b0efdfa 3301 objnr = (unsigned)(objp - slabp->s_mem) / cachep->size;
871751e2
AV		 3302 slab_bufctl(slabp)[objnr] = BUFCTL_ACTIVE;
3303 }
3304#endif
3dafccf2 3305 objp += obj_offset(cachep);
4f104934 3306 if (cachep->ctor && cachep->flags & SLAB_POISON)
51cc5068 3307 cachep->ctor(objp);
7ea466f2
TH		 3308 if (ARCH_SLAB_MINALIGN &&
3309 ((unsigned long)objp & (ARCH_SLAB_MINALIGN-1))) {
a44b56d3 3310 printk(KERN_ERR "0x%p: not aligned to ARCH_SLAB_MINALIGN=%d\n",
c225150b 3311 objp, (int)ARCH_SLAB_MINALIGN);
a44b56d3 3312 }
1da177e4
LT		 3313 return objp;
3314}
3315#else
3316#define cache_alloc_debugcheck_after(a,b,objp,d) (objp)
3317#endif
3318
773ff60e 3319static bool slab_should_failslab(struct kmem_cache *cachep, gfp_t flags)
8a8b6502
AM		 3320{
3321 if (cachep == &cache_cache)
773ff60e 3322 return false;
8a8b6502 3323
8c138bc0 3324 return should_failslab(cachep->object_size, flags, cachep->flags);
8a8b6502
AM		 3325}
3326
343e0d7a 3327static inline void *____cache_alloc(struct kmem_cache *cachep, gfp_t flags)
1da177e4 3328{
b28a02de 3329 void *objp;
1da177e4 3330 struct array_cache *ac;
072bb0aa 3331 bool force_refill = false;
1da177e4 3332
5c382300 3333 check_irq_off();
8a8b6502 3334
9a2dba4b 3335 ac = cpu_cache_get(cachep);
1da177e4 3336 if (likely(ac->avail)) {
1da177e4 3337 ac->touched = 1;
072bb0aa
MG		 3338 objp = ac_get_obj(cachep, ac, flags, false);
3339
ddbf2e83 3340 /*
072bb0aa
MG		 3341 * Allow for the possibility all avail objects are not allowed
3342 * by the current flags
ddbf2e83 3343 */
072bb0aa
MG		 3344 if (objp) {
3345 STATS_INC_ALLOCHIT(cachep);
3346 goto out;
3347 }
3348 force_refill = true;
1da177e4 3349 }
072bb0aa
MG		 3350
3351 STATS_INC_ALLOCMISS(cachep);
3352 objp = cache_alloc_refill(cachep, flags, force_refill);
3353 /*
3354 * the 'ac' may be updated by cache_alloc_refill(),
3355 * and kmemleak_erase() requires its correct value.
3356 */
3357 ac = cpu_cache_get(cachep);
3358
3359out:
d5cff635
CM		 3360 /*
3361 * To avoid a false negative, if an object that is in one of the
3362 * per-CPU caches is leaked, we need to make sure kmemleak doesn't
3363 * treat the array pointers as a reference to the object.
3364 */
f3d8b53a
O		 3365 if (objp)
3366 kmemleak_erase(&ac->entry[ac->avail]);
5c382300
AK		 3367 return objp;
3368}
3369
e498be7d 3370#ifdef CONFIG_NUMA
c61afb18 3371/*
b2455396 3372 * Try allocating on another node if PF_SPREAD_SLAB|PF_MEMPOLICY.
c61afb18
PJ		 3373 *
3374 * If we are in_interrupt, then process context, including cpusets and
3375 * mempolicy, may not apply and should not be used for allocation policy.
3376 */
3377static void *alternate_node_alloc(struct kmem_cache *cachep, gfp_t flags)
3378{
3379 int nid_alloc, nid_here;
3380
765c4507 3381 if (in_interrupt() || (flags & __GFP_THISNODE))
c61afb18 3382 return NULL;
7d6e6d09 3383 nid_alloc = nid_here = numa_mem_id();
c61afb18 3384 if (cpuset_do_slab_mem_spread() && (cachep->flags & SLAB_MEM_SPREAD))
6adef3eb 3385 nid_alloc = cpuset_slab_spread_node();
c61afb18 3386 else if (current->mempolicy)
e7b691b0 3387 nid_alloc = slab_node();
c61afb18 3388 if (nid_alloc != nid_here)
8b98c169 3389 return ____cache_alloc_node(cachep, flags, nid_alloc);
c61afb18
PJ		 3390 return NULL;
3391}
3392
765c4507
CL		 3393/*
3394 * Fallback function if there was no memory available and no objects on a
3c517a61
CL		 3395 * certain node and fall back is permitted. First we scan all the
3396 * available nodelists for available objects. If that fails then we
3397 * perform an allocation without specifying a node. This allows the page
3398 * allocator to do its reclaim / fallback magic. We then insert the
3399 * slab into the proper nodelist and then allocate from it.
765c4507 3400 */
8c8cc2c1 3401static void *fallback_alloc(struct kmem_cache *cache, gfp_t flags)
765c4507 3402{
8c8cc2c1
PE		 3403 struct zonelist *zonelist;
3404 gfp_t local_flags;
dd1a239f 3405 struct zoneref *z;
54a6eb5c
MG		 3406 struct zone *zone;
3407 enum zone_type high_zoneidx = gfp_zone(flags);
765c4507 3408 void *obj = NULL;
3c517a61 3409 int nid;
cc9a6c87 3410 unsigned int cpuset_mems_cookie;
8c8cc2c1
PE		 3411
3412 if (flags & __GFP_THISNODE)
3413 return NULL;
3414
6cb06229 3415 local_flags = flags & (GFP_CONSTRAINT_MASK|GFP_RECLAIM_MASK);
765c4507 3416
cc9a6c87
MG		 3417retry_cpuset:
3418 cpuset_mems_cookie = get_mems_allowed();
e7b691b0 3419 zonelist = node_zonelist(slab_node(), flags);
cc9a6c87 3420
3c517a61
CL		 3421retry:
3422 /*
3423 * Look through allowed nodes for objects available
3424 * from existing per node queues.
3425 */
54a6eb5c
MG		 3426 for_each_zone_zonelist(zone, z, zonelist, high_zoneidx) {
3427 nid = zone_to_nid(zone);
aedb0eb1 3428
54a6eb5c 3429 if (cpuset_zone_allowed_hardwall(zone, flags) &&
3c517a61 3430 cache->nodelists[nid] &&
481c5346 3431 cache->nodelists[nid]->free_objects) {
3c517a61
CL		 3432 obj = ____cache_alloc_node(cache,
3433 flags | GFP_THISNODE, nid);
481c5346
CL		 3434 if (obj)
3435 break;
3436 }
3c517a61
CL		 3437 }
3438
cfce6604 3439 if (!obj) {
3c517a61
CL		 3440 /*
3441 * This allocation will be performed within the constraints
3442 * of the current cpuset / memory policy requirements.
3443 * We may trigger various forms of reclaim on the allowed
3444 * set and go into memory reserves if necessary.
3445 */
dd47ea75
CL		 3446 if (local_flags & __GFP_WAIT)
3447 local_irq_enable();
3448 kmem_flagcheck(cache, flags);
7d6e6d09 3449 obj = kmem_getpages(cache, local_flags, numa_mem_id());
dd47ea75
CL		 3450 if (local_flags & __GFP_WAIT)
3451 local_irq_disable();
3c517a61
CL		 3452 if (obj) {
3453 /*
3454 * Insert into the appropriate per node queues
3455 */
3456 nid = page_to_nid(virt_to_page(obj));
3457 if (cache_grow(cache, flags, nid, obj)) {
3458 obj = ____cache_alloc_node(cache,
3459 flags | GFP_THISNODE, nid);
3460 if (!obj)
3461 /*
3462 * Another processor may allocate the
3463 * objects in the slab since we are
3464 * not holding any locks.
3465 */
3466 goto retry;
3467 } else {
b6a60451 3468 /* cache_grow already freed obj */
3c517a61
CL		 3469 obj = NULL;
3470 }
3471 }
aedb0eb1 3472 }
cc9a6c87
MG		 3473
3474 if (unlikely(!put_mems_allowed(cpuset_mems_cookie) && !obj))
3475 goto retry_cpuset;
765c4507
CL		 3476 return obj;
3477}
3478
e498be7d
CL		 3479/*
3480 * A interface to enable slab creation on nodeid
1da177e4 3481 */
8b98c169 3482static void *____cache_alloc_node(struct kmem_cache *cachep, gfp_t flags,
a737b3e2 3483 int nodeid)
e498be7d
CL		 3484{
3485 struct list_head *entry;
b28a02de
PE		 3486 struct slab *slabp;
3487 struct kmem_list3 *l3;
3488 void *obj;
b28a02de
PE		 3489 int x;
3490
3491 l3 = cachep->nodelists[nodeid];
3492 BUG_ON(!l3);
3493
a737b3e2 3494retry:
ca3b9b91 3495 check_irq_off();
b28a02de
PE		 3496 spin_lock(&l3->list_lock);
3497 entry = l3->slabs_partial.next;
3498 if (entry == &l3->slabs_partial) {
3499 l3->free_touched = 1;
3500 entry = l3->slabs_free.next;
3501 if (entry == &l3->slabs_free)
3502 goto must_grow;
3503 }
3504
3505 slabp = list_entry(entry, struct slab, list);
3506 check_spinlock_acquired_node(cachep, nodeid);
3507 check_slabp(cachep, slabp);
3508
3509 STATS_INC_NODEALLOCS(cachep);
3510 STATS_INC_ACTIVE(cachep);
3511 STATS_SET_HIGH(cachep);
3512
3513 BUG_ON(slabp->inuse == cachep->num);
3514
78d382d7 3515 obj = slab_get_obj(cachep, slabp, nodeid);
b28a02de
PE		 3516 check_slabp(cachep, slabp);
3517 l3->free_objects--;
3518 /* move slabp to correct slabp list: */
3519 list_del(&slabp->list);
3520
a737b3e2 3521 if (slabp->free == BUFCTL_END)
b28a02de 3522 list_add(&slabp->list, &l3->slabs_full);
a737b3e2 3523 else
b28a02de 3524 list_add(&slabp->list, &l3->slabs_partial);
e498be7d 3525
b28a02de
PE		 3526 spin_unlock(&l3->list_lock);
3527 goto done;
e498be7d 3528
a737b3e2 3529must_grow:
b28a02de 3530 spin_unlock(&l3->list_lock);
3c517a61 3531 x = cache_grow(cachep, flags | GFP_THISNODE, nodeid, NULL);
765c4507
CL		 3532 if (x)
3533 goto retry;
1da177e4 3534
8c8cc2c1 3535 return fallback_alloc(cachep, flags);
e498be7d 3536
a737b3e2 3537done:
b28a02de 3538 return obj;
e498be7d 3539}
8c8cc2c1
PE		 3540
3541/**
3542 * kmem_cache_alloc_node - Allocate an object on the specified node
3543 * @cachep: The cache to allocate from.
3544 * @flags: See kmalloc().
3545 * @nodeid: node number of the target node.
3546 * @caller: return address of caller, used for debug information
3547 *
3548 * Identical to kmem_cache_alloc but it will allocate memory on the given
3549 * node, which can improve the performance for cpu bound structures.
3550 *
3551 * Fallback to other node is possible if __GFP_THISNODE is not set.
3552 */
3553static __always_inline void *
3554__cache_alloc_node(struct kmem_cache *cachep, gfp_t flags, int nodeid,
3555 void *caller)
3556{
3557 unsigned long save_flags;
3558 void *ptr;
7d6e6d09 3559 int slab_node = numa_mem_id();
8c8cc2c1 3560
dcce284a 3561 flags &= gfp_allowed_mask;
7e85ee0c 3562
cf40bd16
NP		 3563 lockdep_trace_alloc(flags);
3564
773ff60e 3565 if (slab_should_failslab(cachep, flags))
824ebef1
AM		 3566 return NULL;
3567
8c8cc2c1
PE		 3568 cache_alloc_debugcheck_before(cachep, flags);
3569 local_irq_save(save_flags);
3570
eacbbae3 3571 if (nodeid == NUMA_NO_NODE)
7d6e6d09 3572 nodeid = slab_node;
8c8cc2c1
PE		 3573
3574 if (unlikely(!cachep->nodelists[nodeid])) {
3575 /* Node not bootstrapped yet */
3576 ptr = fallback_alloc(cachep, flags);
3577 goto out;
3578 }
3579
7d6e6d09 3580 if (nodeid == slab_node) {
8c8cc2c1
PE		 3581 /*
3582 * Use the locally cached objects if possible.
3583 * However ____cache_alloc does not allow fallback
3584 * to other nodes. It may fail while we still have
3585 * objects on other nodes available.
3586 */
3587 ptr = ____cache_alloc(cachep, flags);
3588 if (ptr)
3589 goto out;
3590 }
3591 /* ___cache_alloc_node can fall back to other nodes */
3592 ptr = ____cache_alloc_node(cachep, flags, nodeid);
3593 out:
3594 local_irq_restore(save_flags);
3595 ptr = cache_alloc_debugcheck_after(cachep, flags, ptr, caller);
8c138bc0 3596 kmemleak_alloc_recursive(ptr, cachep->object_size, 1, cachep->flags,
d5cff635 3597 flags);
8c8cc2c1 3598
c175eea4 3599 if (likely(ptr))
8c138bc0 3600 kmemcheck_slab_alloc(cachep, flags, ptr, cachep->object_size);
c175eea4 3601
d07dbea4 3602 if (unlikely((flags & __GFP_ZERO) && ptr))
8c138bc0 3603 memset(ptr, 0, cachep->object_size);
d07dbea4 3604
8c8cc2c1
PE		 3605 return ptr;
3606}
3607
3608static __always_inline void *
3609__do_cache_alloc(struct kmem_cache *cache, gfp_t flags)
3610{
3611 void *objp;
3612
3613 if (unlikely(current->flags & (PF_SPREAD_SLAB | PF_MEMPOLICY))) {
3614 objp = alternate_node_alloc(cache, flags);
3615 if (objp)
3616 goto out;
3617 }
3618 objp = ____cache_alloc(cache, flags);
3619
3620 /*
3621 * We may just have run out of memory on the local node.
3622 * ____cache_alloc_node() knows how to locate memory on other nodes
3623 */
7d6e6d09
LS		 3624 if (!objp)
3625 objp = ____cache_alloc_node(cache, flags, numa_mem_id());
8c8cc2c1
PE		 3626
3627 out:
3628 return objp;
3629}
3630#else
3631
3632static __always_inline void *
3633__do_cache_alloc(struct kmem_cache *cachep, gfp_t flags)
3634{
3635 return ____cache_alloc(cachep, flags);
3636}
3637
3638#endif /* CONFIG_NUMA */
3639
3640static __always_inline void *
3641__cache_alloc(struct kmem_cache *cachep, gfp_t flags, void *caller)
3642{
3643 unsigned long save_flags;
3644 void *objp;
3645
dcce284a 3646 flags &= gfp_allowed_mask;
7e85ee0c 3647
cf40bd16
NP		 3648 lockdep_trace_alloc(flags);
3649
773ff60e 3650 if (slab_should_failslab(cachep, flags))
824ebef1
AM		 3651 return NULL;
3652
8c8cc2c1
PE		 3653 cache_alloc_debugcheck_before(cachep, flags);
3654 local_irq_save(save_flags);
3655 objp = __do_cache_alloc(cachep, flags);
3656 local_irq_restore(save_flags);
3657 objp = cache_alloc_debugcheck_after(cachep, flags, objp, caller);
8c138bc0 3658 kmemleak_alloc_recursive(objp, cachep->object_size, 1, cachep->flags,
d5cff635 3659 flags);
8c8cc2c1
PE		 3660 prefetchw(objp);
3661
c175eea4 3662 if (likely(objp))
8c138bc0 3663 kmemcheck_slab_alloc(cachep, flags, objp, cachep->object_size);
c175eea4 3664
d07dbea4 3665 if (unlikely((flags & __GFP_ZERO) && objp))
8c138bc0 3666 memset(objp, 0, cachep->object_size);
d07dbea4 3667
8c8cc2c1
PE		 3668 return objp;
3669}
e498be7d
CL		 3670
3671/*
3672 * Caller needs to acquire correct kmem_list's list_lock
3673 */
343e0d7a 3674static void free_block(struct kmem_cache *cachep, void **objpp, int nr_objects,
b28a02de 3675 int node)
1da177e4
LT		 3676{
3677 int i;
e498be7d 3678 struct kmem_list3 *l3;
1da177e4
LT		 3679
3680 for (i = 0; i < nr_objects; i++) {
072bb0aa 3681 void *objp;
1da177e4 3682 struct slab *slabp;
1da177e4 3683
072bb0aa
MG		 3684 clear_obj_pfmemalloc(&objpp[i]);
3685 objp = objpp[i];
3686
6ed5eb22 3687 slabp = virt_to_slab(objp);
ff69416e 3688 l3 = cachep->nodelists[node];
1da177e4 3689 list_del(&slabp->list);
ff69416e 3690 check_spinlock_acquired_node(cachep, node);
1da177e4 3691 check_slabp(cachep, slabp);
78d382d7 3692 slab_put_obj(cachep, slabp, objp, node);
1da177e4 3693 STATS_DEC_ACTIVE(cachep);
e498be7d 3694 l3->free_objects++;
1da177e4
LT		 3695 check_slabp(cachep, slabp);
3696
3697 /* fixup slab chains */
3698 if (slabp->inuse == 0) {
e498be7d
CL		 3699 if (l3->free_objects > l3->free_limit) {
3700 l3->free_objects -= cachep->num;
e5ac9c5a
RT		 3701 /* No need to drop any previously held
3702 * lock here, even if we have a off-slab slab
3703 * descriptor it is guaranteed to come from
3704 * a different cache, refer to comments before
3705 * alloc_slabmgmt.
3706 */
1da177e4
LT		 3707 slab_destroy(cachep, slabp);
3708 } else {
e498be7d 3709 list_add(&slabp->list, &l3->slabs_free);
1da177e4
LT		 3710 }
3711 } else {
3712 /* Unconditionally move a slab to the end of the
3713 * partial list on free - maximum time for the
3714 * other objects to be freed, too.
3715 */
e498be7d 3716 list_add_tail(&slabp->list, &l3->slabs_partial);
1da177e4
LT		 3717 }
3718 }
3719}
3720
343e0d7a 3721static void cache_flusharray(struct kmem_cache *cachep, struct array_cache *ac)
1da177e4
LT		 3722{
3723 int batchcount;
e498be7d 3724 struct kmem_list3 *l3;
7d6e6d09 3725 int node = numa_mem_id();
1da177e4
LT		 3726
3727 batchcount = ac->batchcount;
3728#if DEBUG
3729 BUG_ON(!batchcount || batchcount > ac->avail);
3730#endif
3731 check_irq_off();
ff69416e 3732 l3 = cachep->nodelists[node];
873623df 3733 spin_lock(&l3->list_lock);
e498be7d
CL		 3734 if (l3->shared) {
3735 struct array_cache *shared_array = l3->shared;
b28a02de 3736 int max = shared_array->limit - shared_array->avail;
1da177e4
LT		 3737 if (max) {
3738 if (batchcount > max)
3739 batchcount = max;
e498be7d 3740 memcpy(&(shared_array->entry[shared_array->avail]),
b28a02de 3741 ac->entry, sizeof(void *) * batchcount);
1da177e4
LT		 3742 shared_array->avail += batchcount;
3743 goto free_done;
3744 }
3745 }
3746
ff69416e 3747 free_block(cachep, ac->entry, batchcount, node);
a737b3e2 3748free_done:
1da177e4
LT		 3749#if STATS
3750 {
3751 int i = 0;
3752 struct list_head *p;
3753
e498be7d
CL		 3754 p = l3->slabs_free.next;
3755 while (p != &(l3->slabs_free)) {
1da177e4
LT		 3756 struct slab *slabp;
3757
3758 slabp = list_entry(p, struct slab, list);
3759 BUG_ON(slabp->inuse);
3760
3761 i++;
3762 p = p->next;
3763 }
3764 STATS_SET_FREEABLE(cachep, i);
3765 }
3766#endif
e498be7d 3767 spin_unlock(&l3->list_lock);
1da177e4 3768 ac->avail -= batchcount;
a737b3e2 3769 memmove(ac->entry, &(ac->entry[batchcount]), sizeof(void *)*ac->avail);
1da177e4
LT		 3770}
3771
3772/*
a737b3e2
AM		 3773 * Release an obj back to its cache. If the obj has a constructed state, it must
3774 * be in this state _before_ it is released. Called with disabled ints.
1da177e4 3775 */
a947eb95
SS		 3776static inline void __cache_free(struct kmem_cache *cachep, void *objp,
3777 void *caller)
1da177e4 3778{
9a2dba4b 3779 struct array_cache *ac = cpu_cache_get(cachep);
1da177e4
LT		 3780
3781 check_irq_off();
d5cff635 3782 kmemleak_free_recursive(objp, cachep->flags);
a947eb95 3783 objp = cache_free_debugcheck(cachep, objp, caller);
1da177e4 3784
8c138bc0 3785 kmemcheck_slab_free(cachep, objp, cachep->object_size);
c175eea4 3786
1807a1aa
SS		 3787 /*
3788 * Skip calling cache_free_alien() when the platform is not numa.
3789 * This will avoid cache misses that happen while accessing slabp (which
3790 * is per page memory reference) to get nodeid. Instead use a global
3791 * variable to skip the call, which is mostly likely to be present in
3792 * the cache.
3793 */
b6e68bc1 3794 if (nr_online_nodes > 1 && cache_free_alien(cachep, objp))
729bd0b7
PE		 3795 return;
3796
1da177e4
LT		 3797 if (likely(ac->avail < ac->limit)) {
3798 STATS_INC_FREEHIT(cachep);
1da177e4
LT		 3799 } else {
3800 STATS_INC_FREEMISS(cachep);
3801 cache_flusharray(cachep, ac);
1da177e4 3802 }
42c8c99c 3803
072bb0aa 3804 ac_put_obj(cachep, ac, objp);
1da177e4
LT		 3805}
3806
3807/**
3808 * kmem_cache_alloc - Allocate an object
3809 * @cachep: The cache to allocate from.
3810 * @flags: See kmalloc().
3811 *
3812 * Allocate an object from this cache. The flags are only relevant
3813 * if the cache has no available objects.
3814 */
343e0d7a 3815void *kmem_cache_alloc(struct kmem_cache *cachep, gfp_t flags)
1da177e4 3816{
36555751
EGM		 3817 void *ret = __cache_alloc(cachep, flags, __builtin_return_address(0));
3818
ca2b84cb 3819 trace_kmem_cache_alloc(_RET_IP_, ret,
8c138bc0 3820 cachep->object_size, cachep->size, flags);
36555751
EGM		 3821
3822 return ret;
1da177e4
LT		 3823}
3824EXPORT_SYMBOL(kmem_cache_alloc);
3825
0f24f128 3826#ifdef CONFIG_TRACING
85beb586
SR		 3827void *
3828kmem_cache_alloc_trace(size_t size, struct kmem_cache *cachep, gfp_t flags)
36555751 3829{
85beb586
SR		 3830 void *ret;
3831
3832 ret = __cache_alloc(cachep, flags, __builtin_return_address(0));
3833
3834 trace_kmalloc(_RET_IP_, ret,
3835 size, slab_buffer_size(cachep), flags);
3836 return ret;
36555751 3837}
85beb586 3838EXPORT_SYMBOL(kmem_cache_alloc_trace);
36555751
EGM		 3839#endif
3840
1da177e4 3841#ifdef CONFIG_NUMA
8b98c169
CH		 3842void *kmem_cache_alloc_node(struct kmem_cache *cachep, gfp_t flags, int nodeid)
3843{
36555751
EGM		 3844 void *ret = __cache_alloc_node(cachep, flags, nodeid,
3845 __builtin_return_address(0));
3846
ca2b84cb 3847 trace_kmem_cache_alloc_node(_RET_IP_, ret,
8c138bc0 3848 cachep->object_size, cachep->size,
ca2b84cb 3849 flags, nodeid);
36555751
EGM		 3850
3851 return ret;
8b98c169 3852}
1da177e4
LT		 3853EXPORT_SYMBOL(kmem_cache_alloc_node);
3854
0f24f128 3855#ifdef CONFIG_TRACING
85beb586
SR		 3856void *kmem_cache_alloc_node_trace(size_t size,
3857 struct kmem_cache *cachep,
3858 gfp_t flags,
3859 int nodeid)
36555751 3860{
85beb586
SR		 3861 void *ret;
3862
3863 ret = __cache_alloc_node(cachep, flags, nodeid,
36555751 3864 __builtin_return_address(0));
85beb586
SR		 3865 trace_kmalloc_node(_RET_IP_, ret,
3866 size, slab_buffer_size(cachep),
3867 flags, nodeid);
3868 return ret;
36555751 3869}
85beb586 3870EXPORT_SYMBOL(kmem_cache_alloc_node_trace);
36555751
EGM		 3871#endif
3872
8b98c169
CH		 3873static __always_inline void *
3874__do_kmalloc_node(size_t size, gfp_t flags, int node, void *caller)
97e2bde4 3875{
343e0d7a 3876 struct kmem_cache *cachep;
97e2bde4
MS		 3877
3878 cachep = kmem_find_general_cachep(size, flags);
6cb8f913
CL		 3879 if (unlikely(ZERO_OR_NULL_PTR(cachep)))
3880 return cachep;
85beb586 3881 return kmem_cache_alloc_node_trace(size, cachep, flags, node);
97e2bde4 3882}
8b98c169 3883
0bb38a5c 3884#if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_TRACING)
8b98c169
CH		 3885void *__kmalloc_node(size_t size, gfp_t flags, int node)
3886{
3887 return __do_kmalloc_node(size, flags, node,
3888 __builtin_return_address(0));
3889}
dbe5e69d 3890EXPORT_SYMBOL(__kmalloc_node);
8b98c169
CH		 3891
3892void *__kmalloc_node_track_caller(size_t size, gfp_t flags,
ce71e27c 3893 int node, unsigned long caller)
8b98c169 3894{
ce71e27c 3895 return __do_kmalloc_node(size, flags, node, (void *)caller);
8b98c169
CH		 3896}
3897EXPORT_SYMBOL(__kmalloc_node_track_caller);
3898#else
3899void *__kmalloc_node(size_t size, gfp_t flags, int node)
3900{
3901 return __do_kmalloc_node(size, flags, node, NULL);
3902}
3903EXPORT_SYMBOL(__kmalloc_node);
0bb38a5c 3904#endif /* CONFIG_DEBUG_SLAB || CONFIG_TRACING */
8b98c169 3905#endif /* CONFIG_NUMA */
1da177e4
LT		 3906
3907/**
800590f5 3908 * __do_kmalloc - allocate memory
1da177e4 3909 * @size: how many bytes of memory are required.
800590f5 3910 * @flags: the type of memory to allocate (see kmalloc).
911851e6 3911 * @caller: function caller for debug tracking of the caller
1da177e4 3912 */
7fd6b141
PE		 3913static __always_inline void *__do_kmalloc(size_t size, gfp_t flags,
3914 void *caller)
1da177e4 3915{
343e0d7a 3916 struct kmem_cache *cachep;
36555751 3917 void *ret;
1da177e4 3918
97e2bde4
MS		 3919 /* If you want to save a few bytes .text space: replace
3920 * __ with kmem_.
3921 * Then kmalloc uses the uninlined functions instead of the inline
3922 * functions.
3923 */
3924 cachep = __find_general_cachep(size, flags);
a5c96d8a
LT		 3925 if (unlikely(ZERO_OR_NULL_PTR(cachep)))
3926 return cachep;
36555751
EGM		 3927 ret = __cache_alloc(cachep, flags, caller);
3928
ca2b84cb 3929 trace_kmalloc((unsigned long) caller, ret,
3b0efdfa 3930 size, cachep->size, flags);
36555751
EGM		 3931
3932 return ret;
7fd6b141
PE		 3933}
3934
7fd6b141 3935
0bb38a5c 3936#if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_TRACING)
7fd6b141
PE		 3937void *__kmalloc(size_t size, gfp_t flags)
3938{
871751e2 3939 return __do_kmalloc(size, flags, __builtin_return_address(0));
1da177e4
LT		 3940}
3941EXPORT_SYMBOL(__kmalloc);
3942
ce71e27c 3943void *__kmalloc_track_caller(size_t size, gfp_t flags, unsigned long caller)
7fd6b141 3944{
ce71e27c 3945 return __do_kmalloc(size, flags, (void *)caller);
7fd6b141
PE		 3946}
3947EXPORT_SYMBOL(__kmalloc_track_caller);
1d2c8eea
CH		 3948
3949#else
3950void *__kmalloc(size_t size, gfp_t flags)
3951{
3952 return __do_kmalloc(size, flags, NULL);
3953}
3954EXPORT_SYMBOL(__kmalloc);
7fd6b141
PE		 3955#endif
3956
1da177e4
LT		 3957/**
3958 * kmem_cache_free - Deallocate an object
3959 * @cachep: The cache the allocation was from.
3960 * @objp: The previously allocated object.
3961 *
3962 * Free an object which was previously allocated from this
3963 * cache.
3964 */
343e0d7a 3965void kmem_cache_free(struct kmem_cache *cachep, void *objp)
1da177e4
LT		 3966{
3967 unsigned long flags;
3968
3969 local_irq_save(flags);
d97d476b 3970 debug_check_no_locks_freed(objp, cachep->object_size);
3ac7fe5a 3971 if (!(cachep->flags & SLAB_DEBUG_OBJECTS))
8c138bc0 3972 debug_check_no_obj_freed(objp, cachep->object_size);
a947eb95 3973 __cache_free(cachep, objp, __builtin_return_address(0));
1da177e4 3974 local_irq_restore(flags);
36555751 3975
ca2b84cb 3976 trace_kmem_cache_free(_RET_IP_, objp);
1da177e4
LT		 3977}
3978EXPORT_SYMBOL(kmem_cache_free);
3979
1da177e4
LT		 3980/**
3981 * kfree - free previously allocated memory
3982 * @objp: pointer returned by kmalloc.
3983 *
80e93eff
PE		 3984 * If @objp is NULL, no operation is performed.
3985 *
1da177e4
LT		 3986 * Don't free memory not originally allocated by kmalloc()
3987 * or you will run into trouble.
3988 */
3989void kfree(const void *objp)
3990{
343e0d7a 3991 struct kmem_cache *c;
1da177e4
LT		 3992 unsigned long flags;
3993
2121db74
PE		 3994 trace_kfree(_RET_IP_, objp);
3995
6cb8f913 3996 if (unlikely(ZERO_OR_NULL_PTR(objp)))
1da177e4
LT		 3997 return;
3998 local_irq_save(flags);
3999 kfree_debugcheck(objp);
6ed5eb22 4000 c = virt_to_cache(objp);
8c138bc0
CL		 4001 debug_check_no_locks_freed(objp, c->object_size);
4002
4003 debug_check_no_obj_freed(objp, c->object_size);
a947eb95 4004 __cache_free(c, (void *)objp, __builtin_return_address(0));
1da177e4
LT		 4005 local_irq_restore(flags);
4006}
4007EXPORT_SYMBOL(kfree);
4008
343e0d7a 4009unsigned int kmem_cache_size(struct kmem_cache *cachep)
1da177e4 4010{
8c138bc0 4011 return cachep->object_size;
1da177e4
LT		 4012}
4013EXPORT_SYMBOL(kmem_cache_size);
4014
e498be7d 4015/*
183ff22b 4016 * This initializes kmem_list3 or resizes various caches for all nodes.
e498be7d 4017 */
83b519e8 4018static int alloc_kmemlist(struct kmem_cache *cachep, gfp_t gfp)
e498be7d
CL		 4019{
4020 int node;
4021 struct kmem_list3 *l3;
cafeb02e 4022 struct array_cache *new_shared;
3395ee05 4023 struct array_cache **new_alien = NULL;
e498be7d 4024
9c09a95c 4025 for_each_online_node(node) {
cafeb02e 4026
3395ee05 4027 if (use_alien_caches) {
83b519e8 4028 new_alien = alloc_alien_cache(node, cachep->limit, gfp);
3395ee05
PM		 4029 if (!new_alien)
4030 goto fail;
4031 }
cafeb02e 4032
63109846
ED		 4033 new_shared = NULL;
4034 if (cachep->shared) {
4035 new_shared = alloc_arraycache(node,
0718dc2a 4036 cachep->shared*cachep->batchcount,
83b519e8 4037 0xbaadf00d, gfp);
63109846
ED		 4038 if (!new_shared) {
4039 free_alien_cache(new_alien);
4040 goto fail;
4041 }
0718dc2a 4042 }
cafeb02e 4043
a737b3e2
AM		 4044 l3 = cachep->nodelists[node];
4045 if (l3) {
cafeb02e
CL		 4046 struct array_cache *shared = l3->shared;
4047
e498be7d
CL		 4048 spin_lock_irq(&l3->list_lock);
4049
cafeb02e 4050 if (shared)
0718dc2a
CL		 4051 free_block(cachep, shared->entry,
4052 shared->avail, node);
e498be7d 4053
cafeb02e
CL		 4054 l3->shared = new_shared;
4055 if (!l3->alien) {
e498be7d
CL		 4056 l3->alien = new_alien;
4057 new_alien = NULL;
4058 }
b28a02de 4059 l3->free_limit = (1 + nr_cpus_node(node)) *
a737b3e2 4060 cachep->batchcount + cachep->num;
e498be7d 4061 spin_unlock_irq(&l3->list_lock);
cafeb02e 4062 kfree(shared);
e498be7d
CL		 4063 free_alien_cache(new_alien);
4064 continue;
4065 }
83b519e8 4066 l3 = kmalloc_node(sizeof(struct kmem_list3), gfp, node);
0718dc2a
CL		 4067 if (!l3) {
4068 free_alien_cache(new_alien);
4069 kfree(new_shared);
e498be7d 4070 goto fail;
0718dc2a 4071 }
e498be7d
CL		 4072
4073 kmem_list3_init(l3);
4074 l3->next_reap = jiffies + REAPTIMEOUT_LIST3 +
a737b3e2 4075 ((unsigned long)cachep) % REAPTIMEOUT_LIST3;
cafeb02e 4076 l3->shared = new_shared;
e498be7d 4077 l3->alien = new_alien;
b28a02de 4078 l3->free_limit = (1 + nr_cpus_node(node)) *
a737b3e2 4079 cachep->batchcount + cachep->num;
e498be7d
CL		 4080 cachep->nodelists[node] = l3;
4081 }
cafeb02e 4082 return 0;
0718dc2a 4083
a737b3e2 4084fail:
3b0efdfa 4085 if (!cachep->list.next) {
0718dc2a
CL		 4086 /* Cache is not active yet. Roll back what we did */
4087 node--;
4088 while (node >= 0) {
4089 if (cachep->nodelists[node]) {
4090 l3 = cachep->nodelists[node];
4091
4092 kfree(l3->shared);
4093 free_alien_cache(l3->alien);
4094 kfree(l3);
4095 cachep->nodelists[node] = NULL;
4096 }
4097 node--;
4098 }
4099 }
cafeb02e 4100 return -ENOMEM;
e498be7d
CL		 4101}
4102
1da177e4 4103struct ccupdate_struct {
343e0d7a 4104 struct kmem_cache *cachep;
acfe7d74 4105 struct array_cache *new[0];
1da177e4
LT		 4106};
4107
4108static void do_ccupdate_local(void *info)
4109{
a737b3e2 4110 struct ccupdate_struct *new = info;
1da177e4
LT		 4111 struct array_cache *old;
4112
4113 check_irq_off();
9a2dba4b 4114 old = cpu_cache_get(new->cachep);
e498be7d 4115
1da177e4
LT		 4116 new->cachep->array[smp_processor_id()] = new->new[smp_processor_id()];
4117 new->new[smp_processor_id()] = old;
4118}
4119
18004c5d 4120/* Always called with the slab_mutex held */
a737b3e2 4121static int do_tune_cpucache(struct kmem_cache *cachep, int limit,
83b519e8 4122 int batchcount, int shared, gfp_t gfp)
1da177e4 4123{
d2e7b7d0 4124 struct ccupdate_struct *new;
2ed3a4ef 4125 int i;
1da177e4 4126
acfe7d74
ED		 4127 new = kzalloc(sizeof(*new) + nr_cpu_ids * sizeof(struct array_cache *),
4128 gfp);
d2e7b7d0
SS		 4129 if (!new)
4130 return -ENOMEM;
4131
e498be7d 4132 for_each_online_cpu(i) {
7d6e6d09 4133 new->new[i] = alloc_arraycache(cpu_to_mem(i), limit,
83b519e8 4134 batchcount, gfp);
d2e7b7d0 4135 if (!new->new[i]) {
b28a02de 4136 for (i--; i >= 0; i--)
d2e7b7d0
SS		 4137 kfree(new->new[i]);
4138 kfree(new);
e498be7d 4139 return -ENOMEM;
1da177e4
LT		 4140 }
4141 }
d2e7b7d0 4142 new->cachep = cachep;
1da177e4 4143
15c8b6c1 4144 on_each_cpu(do_ccupdate_local, (void *)new, 1);
e498be7d 4145
1da177e4 4146 check_irq_on();
1da177e4
LT		 4147 cachep->batchcount = batchcount;
4148 cachep->limit = limit;
e498be7d 4149 cachep->shared = shared;
1da177e4 4150
e498be7d 4151 for_each_online_cpu(i) {
d2e7b7d0 4152 struct array_cache *ccold = new->new[i];
1da177e4
LT		 4153 if (!ccold)
4154 continue;
7d6e6d09
LS		 4155 spin_lock_irq(&cachep->nodelists[cpu_to_mem(i)]->list_lock);
4156 free_block(cachep, ccold->entry, ccold->avail, cpu_to_mem(i));
4157 spin_unlock_irq(&cachep->nodelists[cpu_to_mem(i)]->list_lock);
1da177e4
LT		 4158 kfree(ccold);
4159 }
d2e7b7d0 4160 kfree(new);
83b519e8 4161 return alloc_kmemlist(cachep, gfp);
1da177e4
LT		 4162}
4163
18004c5d 4164/* Called with slab_mutex held always */
83b519e8 4165static int enable_cpucache(struct kmem_cache *cachep, gfp_t gfp)
1da177e4
LT		 4166{
4167 int err;
4168 int limit, shared;
4169
a737b3e2
AM		 4170 /*
4171 * The head array serves three purposes:
1da177e4
LT		 4172 * - create a LIFO ordering, i.e. return objects that are cache-warm
4173 * - reduce the number of spinlock operations.
a737b3e2 4174 * - reduce the number of linked list operations on the slab and
1da177e4
LT		 4175 * bufctl chains: array operations are cheaper.
4176 * The numbers are guessed, we should auto-tune as described by
4177 * Bonwick.
4178 */
3b0efdfa 4179 if (cachep->size > 131072)
1da177e4 4180 limit = 1;
3b0efdfa 4181 else if (cachep->size > PAGE_SIZE)
1da177e4 4182 limit = 8;
3b0efdfa 4183 else if (cachep->size > 1024)
1da177e4 4184 limit = 24;
3b0efdfa 4185 else if (cachep->size > 256)
1da177e4
LT		 4186 limit = 54;
4187 else
4188 limit = 120;
4189
a737b3e2
AM		 4190 /*
4191 * CPU bound tasks (e.g. network routing) can exhibit cpu bound
1da177e4
LT		 4192 * allocation behaviour: Most allocs on one cpu, most free operations
4193 * on another cpu. For these cases, an efficient object passing between
4194 * cpus is necessary. This is provided by a shared array. The array
4195 * replaces Bonwick's magazine layer.
4196 * On uniprocessor, it's functionally equivalent (but less efficient)
4197 * to a larger limit. Thus disabled by default.
4198 */
4199 shared = 0;
3b0efdfa 4200 if (cachep->size <= PAGE_SIZE && num_possible_cpus() > 1)
1da177e4 4201 shared = 8;
1da177e4
LT		 4202
4203#if DEBUG
a737b3e2
AM		 4204 /*
4205 * With debugging enabled, large batchcount lead to excessively long
4206 * periods with disabled local interrupts. Limit the batchcount
1da177e4
LT		 4207 */
4208 if (limit > 32)
4209 limit = 32;
4210#endif
83b519e8 4211 err = do_tune_cpucache(cachep, limit, (limit + 1) / 2, shared, gfp);
1da177e4
LT		 4212 if (err)
4213 printk(KERN_ERR "enable_cpucache failed for %s, error %d.\n",
b28a02de 4214 cachep->name, -err);
2ed3a4ef 4215 return err;
1da177e4
LT		 4216}
4217
1b55253a
CL		 4218/*
4219 * Drain an array if it contains any elements taking the l3 lock only if
b18e7e65
CL		 4220 * necessary. Note that the l3 listlock also protects the array_cache
4221 * if drain_array() is used on the shared array.
1b55253a 4222 */
68a1b195 4223static void drain_array(struct kmem_cache *cachep, struct kmem_list3 *l3,
1b55253a 4224 struct array_cache *ac, int force, int node)
1da177e4
LT		 4225{
4226 int tofree;
4227
1b55253a
CL		 4228 if (!ac || !ac->avail)
4229 return;
1da177e4
LT		 4230 if (ac->touched && !force) {
4231 ac->touched = 0;
b18e7e65 4232 } else {
1b55253a 4233 spin_lock_irq(&l3->list_lock);
b18e7e65
CL		 4234 if (ac->avail) {
4235 tofree = force ? ac->avail : (ac->limit + 4) / 5;
4236 if (tofree > ac->avail)
4237 tofree = (ac->avail + 1) / 2;
4238 free_block(cachep, ac->entry, tofree, node);
4239 ac->avail -= tofree;
4240 memmove(ac->entry, &(ac->entry[tofree]),
4241 sizeof(void *) * ac->avail);
4242 }
1b55253a 4243 spin_unlock_irq(&l3->list_lock);
1da177e4
LT		 4244 }
4245}
4246
4247/**
4248 * cache_reap - Reclaim memory from caches.
05fb6bf0 4249 * @w: work descriptor
1da177e4
LT		 4250 *
4251 * Called from workqueue/eventd every few seconds.
4252 * Purpose:
4253 * - clear the per-cpu caches for this CPU.
4254 * - return freeable pages to the main free memory pool.
4255 *
a737b3e2
AM		 4256 * If we cannot acquire the cache chain mutex then just give up - we'll try
4257 * again on the next iteration.
1da177e4 4258 */
7c5cae36 4259static void cache_reap(struct work_struct *w)
1da177e4 4260{
7a7c381d 4261 struct kmem_cache *searchp;
e498be7d 4262 struct kmem_list3 *l3;
7d6e6d09 4263 int node = numa_mem_id();
bf6aede7 4264 struct delayed_work *work = to_delayed_work(w);
1da177e4 4265
18004c5d 4266 if (!mutex_trylock(&slab_mutex))
1da177e4 4267 /* Give up. Setup the next iteration. */
7c5cae36 4268 goto out;
1da177e4 4269
18004c5d 4270 list_for_each_entry(searchp, &slab_caches, list) {
1da177e4
LT		 4271 check_irq_on();
4272
35386e3b
CL		 4273 /*
4274 * We only take the l3 lock if absolutely necessary and we
4275 * have established with reasonable certainty that
4276 * we can do some work if the lock was obtained.
4277 */
aab2207c 4278 l3 = searchp->nodelists[node];
35386e3b 4279
8fce4d8e 4280 reap_alien(searchp, l3);
1da177e4 4281
aab2207c 4282 drain_array(searchp, l3, cpu_cache_get(searchp), 0, node);
1da177e4 4283
35386e3b
CL		 4284 /*
4285 * These are racy checks but it does not matter
4286 * if we skip one check or scan twice.
4287 */
e498be7d 4288 if (time_after(l3->next_reap, jiffies))
35386e3b 4289 goto next;
1da177e4 4290
e498be7d 4291 l3->next_reap = jiffies + REAPTIMEOUT_LIST3;
1da177e4 4292
aab2207c 4293 drain_array(searchp, l3, l3->shared, 0, node);
1da177e4 4294
ed11d9eb 4295 if (l3->free_touched)
e498be7d 4296 l3->free_touched = 0;
ed11d9eb
CL		 4297 else {
4298 int freed;
1da177e4 4299
ed11d9eb
CL		 4300 freed = drain_freelist(searchp, l3, (l3->free_limit +
4301 5 * searchp->num - 1) / (5 * searchp->num));
4302 STATS_ADD_REAPED(searchp, freed);
4303 }
35386e3b 4304next:
1da177e4
LT		 4305 cond_resched();
4306 }
4307 check_irq_on();
18004c5d 4308 mutex_unlock(&slab_mutex);
8fce4d8e 4309 next_reap_node();
7c5cae36 4310out:
a737b3e2 4311 /* Set up the next iteration */
7c5cae36 4312 schedule_delayed_work(work, round_jiffies_relative(REAPTIMEOUT_CPUC));
1da177e4
LT		 4313}
4314
158a9624 4315#ifdef CONFIG_SLABINFO
1da177e4 4316
85289f98 4317static void print_slabinfo_header(struct seq_file *m)
1da177e4 4318{
85289f98
PE		 4319 /*
4320 * Output format version, so at least we can change it
4321 * without _too_ many complaints.
4322 */
1da177e4 4323#if STATS
85289f98 4324 seq_puts(m, "slabinfo - version: 2.1 (statistics)\n");
1da177e4 4325#else
85289f98 4326 seq_puts(m, "slabinfo - version: 2.1\n");
1da177e4 4327#endif
85289f98
PE		 4328 seq_puts(m, "# name <active_objs> <num_objs> <objsize> "
4329 "<objperslab> <pagesperslab>");
4330 seq_puts(m, " : tunables <limit> <batchcount> <sharedfactor>");
4331 seq_puts(m, " : slabdata <active_slabs> <num_slabs> <sharedavail>");
1da177e4 4332#if STATS
85289f98 4333 seq_puts(m, " : globalstat <listallocs> <maxobjs> <grown> <reaped> "
fb7faf33 4334 "<error> <maxfreeable> <nodeallocs> <remotefrees> <alienoverflow>");
85289f98 4335 seq_puts(m, " : cpustat <allochit> <allocmiss> <freehit> <freemiss>");
1da177e4 4336#endif
85289f98
PE		 4337 seq_putc(m, '\n');
4338}
4339
4340static void *s_start(struct seq_file *m, loff_t *pos)
4341{
4342 loff_t n = *pos;
85289f98 4343
18004c5d 4344 mutex_lock(&slab_mutex);
85289f98
PE		 4345 if (!n)
4346 print_slabinfo_header(m);
b92151ba 4347
18004c5d 4348 return seq_list_start(&slab_caches, *pos);
1da177e4
LT		 4349}
4350
4351static void *s_next(struct seq_file *m, void *p, loff_t *pos)
4352{
18004c5d 4353 return seq_list_next(p, &slab_caches, pos);
1da177e4
LT		 4354}
4355
4356static void s_stop(struct seq_file *m, void *p)
4357{
18004c5d 4358 mutex_unlock(&slab_mutex);
1da177e4
LT		 4359}
4360
4361static int s_show(struct seq_file *m, void *p)
4362{
3b0efdfa 4363 struct kmem_cache *cachep = list_entry(p, struct kmem_cache, list);
b28a02de
PE		 4364 struct slab *slabp;
4365 unsigned long active_objs;
4366 unsigned long num_objs;
4367 unsigned long active_slabs = 0;
4368 unsigned long num_slabs, free_objects = 0, shared_avail = 0;
e498be7d 4369 const char *name;
1da177e4 4370 char *error = NULL;
e498be7d
CL		 4371 int node;
4372 struct kmem_list3 *l3;
1da177e4 4373
1da177e4
LT		 4374 active_objs = 0;
4375 num_slabs = 0;
e498be7d
CL		 4376 for_each_online_node(node) {
4377 l3 = cachep->nodelists[node];
4378 if (!l3)
4379 continue;
4380
ca3b9b91
RT		 4381 check_irq_on();
4382 spin_lock_irq(&l3->list_lock);
e498be7d 4383
7a7c381d 4384 list_for_each_entry(slabp, &l3->slabs_full, list) {
e498be7d
CL		 4385 if (slabp->inuse != cachep->num && !error)
4386 error = "slabs_full accounting error";
4387 active_objs += cachep->num;
4388 active_slabs++;
4389 }
7a7c381d 4390 list_for_each_entry(slabp, &l3->slabs_partial, list) {
e498be7d
CL		 4391 if (slabp->inuse == cachep->num && !error)
4392 error = "slabs_partial inuse accounting error";
4393 if (!slabp->inuse && !error)
4394 error = "slabs_partial/inuse accounting error";
4395 active_objs += slabp->inuse;
4396 active_slabs++;
4397 }
7a7c381d 4398 list_for_each_entry(slabp, &l3->slabs_free, list) {
e498be7d
CL		 4399 if (slabp->inuse && !error)
4400 error = "slabs_free/inuse accounting error";
4401 num_slabs++;
4402 }
4403 free_objects += l3->free_objects;
4484ebf1
RT		 4404 if (l3->shared)
4405 shared_avail += l3->shared->avail;
e498be7d 4406
ca3b9b91 4407 spin_unlock_irq(&l3->list_lock);
1da177e4 4408 }
b28a02de
PE		 4409 num_slabs += active_slabs;
4410 num_objs = num_slabs * cachep->num;
e498be7d 4411 if (num_objs - active_objs != free_objects && !error)
1da177e4
LT		 4412 error = "free_objects accounting error";
4413
b28a02de 4414 name = cachep->name;
1da177e4
LT		 4415 if (error)
4416 printk(KERN_ERR "slab: cache %s error: %s\n", name, error);
4417
4418 seq_printf(m, "%-17s %6lu %6lu %6u %4u %4d",
3b0efdfa 4419 name, active_objs, num_objs, cachep->size,
b28a02de 4420 cachep->num, (1 << cachep->gfporder));
1da177e4 4421 seq_printf(m, " : tunables %4u %4u %4u",
b28a02de 4422 cachep->limit, cachep->batchcount, cachep->shared);
e498be7d 4423 seq_printf(m, " : slabdata %6lu %6lu %6lu",
b28a02de 4424 active_slabs, num_slabs, shared_avail);
1da177e4 4425#if STATS
b28a02de 4426 { /* list3 stats */
1da177e4
LT		 4427 unsigned long high = cachep->high_mark;
4428 unsigned long allocs = cachep->num_allocations;
4429 unsigned long grown = cachep->grown;
4430 unsigned long reaped = cachep->reaped;
4431 unsigned long errors = cachep->errors;
4432 unsigned long max_freeable = cachep->max_freeable;
1da177e4 4433 unsigned long node_allocs = cachep->node_allocs;
e498be7d 4434 unsigned long node_frees = cachep->node_frees;
fb7faf33 4435 unsigned long overflows = cachep->node_overflow;
1da177e4 4436
e92dd4fd
JP		 4437 seq_printf(m, " : globalstat %7lu %6lu %5lu %4lu "
4438 "%4lu %4lu %4lu %4lu %4lu",
4439 allocs, high, grown,
4440 reaped, errors, max_freeable, node_allocs,
4441 node_frees, overflows);
1da177e4
LT		 4442 }
4443 /* cpu stats */
4444 {
4445 unsigned long allochit = atomic_read(&cachep->allochit);
4446 unsigned long allocmiss = atomic_read(&cachep->allocmiss);
4447 unsigned long freehit = atomic_read(&cachep->freehit);
4448 unsigned long freemiss = atomic_read(&cachep->freemiss);
4449
4450 seq_printf(m, " : cpustat %6lu %6lu %6lu %6lu",
b28a02de 4451 allochit, allocmiss, freehit, freemiss);
1da177e4
LT		 4452 }
4453#endif
4454 seq_putc(m, '\n');
1da177e4
LT		 4455 return 0;
4456}
4457
4458/*
4459 * slabinfo_op - iterator that generates /proc/slabinfo
4460 *
4461 * Output layout:
4462 * cache-name
4463 * num-active-objs
4464 * total-objs
4465 * object size
4466 * num-active-slabs
4467 * total-slabs
4468 * num-pages-per-slab
4469 * + further values on SMP and with statistics enabled
4470 */
4471
7b3c3a50 4472static const struct seq_operations slabinfo_op = {
b28a02de
PE		 4473 .start = s_start,
4474 .next = s_next,
4475 .stop = s_stop,
4476 .show = s_show,
1da177e4
LT		 4477};
4478
4479#define MAX_SLABINFO_WRITE 128
4480/**
4481 * slabinfo_write - Tuning for the slab allocator
4482 * @file: unused
4483 * @buffer: user buffer
4484 * @count: data length
4485 * @ppos: unused
4486 */
68a1b195 4487static ssize_t slabinfo_write(struct file *file, const char __user *buffer,
b28a02de 4488 size_t count, loff_t *ppos)
1da177e4 4489{
b28a02de 4490 char kbuf[MAX_SLABINFO_WRITE + 1], *tmp;
1da177e4 4491 int limit, batchcount, shared, res;
7a7c381d 4492 struct kmem_cache *cachep;
b28a02de 4493
1da177e4
LT		 4494 if (count > MAX_SLABINFO_WRITE)
4495 return -EINVAL;
4496 if (copy_from_user(&kbuf, buffer, count))
4497 return -EFAULT;
b28a02de 4498 kbuf[MAX_SLABINFO_WRITE] = '\0';
1da177e4
LT		 4499
4500 tmp = strchr(kbuf, ' ');
4501 if (!tmp)
4502 return -EINVAL;
4503 *tmp = '\0';
4504 tmp++;
4505 if (sscanf(tmp, " %d %d %d", &limit, &batchcount, &shared) != 3)
4506 return -EINVAL;
4507
4508 /* Find the cache in the chain of caches. */
18004c5d 4509 mutex_lock(&slab_mutex);
1da177e4 4510 res = -EINVAL;
18004c5d 4511 list_for_each_entry(cachep, &slab_caches, list) {
1da177e4 4512 if (!strcmp(cachep->name, kbuf)) {
a737b3e2
AM		 4513 if (limit < 1 || batchcount < 1 ||
4514 batchcount > limit || shared < 0) {
e498be7d 4515 res = 0;
1da177e4 4516 } else {
e498be7d 4517 res = do_tune_cpucache(cachep, limit,
83b519e8
PE		 4518 batchcount, shared,
4519 GFP_KERNEL);
1da177e4
LT		 4520 }
4521 break;
4522 }
4523 }
18004c5d 4524 mutex_unlock(&slab_mutex);
1da177e4
LT		 4525 if (res >= 0)
4526 res = count;
4527 return res;
4528}
871751e2 4529
7b3c3a50
AD		 4530static int slabinfo_open(struct inode *inode, struct file *file)
4531{
4532 return seq_open(file, &slabinfo_op);
4533}
4534
4535static const struct file_operations proc_slabinfo_operations = {
4536 .open = slabinfo_open,
4537 .read = seq_read,
4538 .write = slabinfo_write,
4539 .llseek = seq_lseek,
4540 .release = seq_release,
4541};
4542
871751e2
AV		 4543#ifdef CONFIG_DEBUG_SLAB_LEAK
4544
4545static void *leaks_start(struct seq_file *m, loff_t *pos)
4546{
18004c5d
CL		 4547 mutex_lock(&slab_mutex);
4548 return seq_list_start(&slab_caches, *pos);
871751e2
AV		 4549}
4550
4551static inline int add_caller(unsigned long *n, unsigned long v)
4552{
4553 unsigned long *p;
4554 int l;
4555 if (!v)
4556 return 1;
4557 l = n[1];
4558 p = n + 2;
4559 while (l) {
4560 int i = l/2;
4561 unsigned long *q = p + 2 * i;
4562 if (*q == v) {
4563 q[1]++;
4564 return 1;
4565 }
4566 if (*q > v) {
4567 l = i;
4568 } else {
4569 p = q + 2;
4570 l -= i + 1;
4571 }
4572 }
4573 if (++n[1] == n[0])
4574 return 0;
4575 memmove(p + 2, p, n[1] * 2 * sizeof(unsigned long) - ((void *)p - (void *)n));
4576 p[0] = v;
4577 p[1] = 1;
4578 return 1;
4579}
4580
4581static void handle_slab(unsigned long *n, struct kmem_cache *c, struct slab *s)
4582{
4583 void *p;
4584 int i;
4585 if (n[0] == n[1])
4586 return;
3b0efdfa 4587 for (i = 0, p = s->s_mem; i < c->num; i++, p += c->size) {
871751e2
AV		 4588 if (slab_bufctl(s)[i] != BUFCTL_ACTIVE)
4589 continue;
4590 if (!add_caller(n, (unsigned long)*dbg_userword(c, p)))
4591 return;
4592 }
4593}
4594
4595static void show_symbol(struct seq_file *m, unsigned long address)
4596{
4597#ifdef CONFIG_KALLSYMS
871751e2 4598 unsigned long offset, size;
9281acea 4599 char modname[MODULE_NAME_LEN], name[KSYM_NAME_LEN];
871751e2 4600
a5c43dae 4601 if (lookup_symbol_attrs(address, &size, &offset, modname, name) == 0) {
871751e2 4602 seq_printf(m, "%s+%#lx/%#lx", name, offset, size);
a5c43dae 4603 if (modname[0])
871751e2
AV		 4604 seq_printf(m, " [%s]", modname);
4605 return;
4606 }
4607#endif
4608 seq_printf(m, "%p", (void *)address);
4609}
4610
4611static int leaks_show(struct seq_file *m, void *p)
4612{
0672aa7c 4613 struct kmem_cache *cachep = list_entry(p, struct kmem_cache, list);
871751e2
AV		 4614 struct slab *slabp;
4615 struct kmem_list3 *l3;
4616 const char *name;
4617 unsigned long *n = m->private;
4618 int node;
4619 int i;
4620
4621 if (!(cachep->flags & SLAB_STORE_USER))
4622 return 0;
4623 if (!(cachep->flags & SLAB_RED_ZONE))
4624 return 0;
4625
4626 /* OK, we can do it */
4627
4628 n[1] = 0;
4629
4630 for_each_online_node(node) {
4631 l3 = cachep->nodelists[node];
4632 if (!l3)
4633 continue;
4634
4635 check_irq_on();
4636 spin_lock_irq(&l3->list_lock);
4637
7a7c381d 4638 list_for_each_entry(slabp, &l3->slabs_full, list)
871751e2 4639 handle_slab(n, cachep, slabp);
7a7c381d 4640 list_for_each_entry(slabp, &l3->slabs_partial, list)
871751e2 4641 handle_slab(n, cachep, slabp);
871751e2
AV		 4642 spin_unlock_irq(&l3->list_lock);
4643 }
4644 name = cachep->name;
4645 if (n[0] == n[1]) {
4646 /* Increase the buffer size */
18004c5d 4647 mutex_unlock(&slab_mutex);
871751e2
AV		 4648 m->private = kzalloc(n[0] * 4 * sizeof(unsigned long), GFP_KERNEL);
4649 if (!m->private) {
4650 /* Too bad, we are really out */
4651 m->private = n;
18004c5d 4652 mutex_lock(&slab_mutex);
871751e2
AV		 4653 return -ENOMEM;
4654 }
4655 *(unsigned long *)m->private = n[0] * 2;
4656 kfree(n);
18004c5d 4657 mutex_lock(&slab_mutex);
871751e2
AV		 4658 /* Now make sure this entry will be retried */
4659 m->count = m->size;
4660 return 0;
4661 }
4662 for (i = 0; i < n[1]; i++) {
4663 seq_printf(m, "%s: %lu ", name, n[2*i+3]);
4664 show_symbol(m, n[2*i+2]);
4665 seq_putc(m, '\n');
4666 }
d2e7b7d0 4667
871751e2
AV		 4668 return 0;
4669}
4670
a0ec95a8 4671static const struct seq_operations slabstats_op = {
871751e2
AV		 4672 .start = leaks_start,
4673 .next = s_next,
4674 .stop = s_stop,
4675 .show = leaks_show,
4676};
a0ec95a8
AD		 4677
4678static int slabstats_open(struct inode *inode, struct file *file)
4679{
4680 unsigned long *n = kzalloc(PAGE_SIZE, GFP_KERNEL);
4681 int ret = -ENOMEM;
4682 if (n) {
4683 ret = seq_open(file, &slabstats_op);
4684 if (!ret) {
4685 struct seq_file *m = file->private_data;
4686 *n = PAGE_SIZE / (2 * sizeof(unsigned long));
4687 m->private = n;
4688 n = NULL;
4689 }
4690 kfree(n);
4691 }
4692 return ret;
4693}
4694
4695static const struct file_operations proc_slabstats_operations = {
4696 .open = slabstats_open,
4697 .read = seq_read,
4698 .llseek = seq_lseek,
4699 .release = seq_release_private,
4700};
4701#endif
4702
4703static int __init slab_proc_init(void)
4704{
ab067e99 4705 proc_create("slabinfo",S_IWUSR|S_IRUSR,NULL,&proc_slabinfo_operations);
a0ec95a8
AD		 4706#ifdef CONFIG_DEBUG_SLAB_LEAK
4707 proc_create("slab_allocators", 0, NULL, &proc_slabstats_operations);
871751e2 4708#endif
a0ec95a8
AD		 4709 return 0;
4710}
4711module_init(slab_proc_init);
1da177e4
LT		 4712#endif
4713
00e145b6
MS		 4714/**
4715 * ksize - get the actual amount of memory allocated for a given object
4716 * @objp: Pointer to the object
4717 *
4718 * kmalloc may internally round up allocations and return more memory
4719 * than requested. ksize() can be used to determine the actual amount of
4720 * memory allocated. The caller may use this additional memory, even though
4721 * a smaller amount of memory was initially specified with the kmalloc call.
4722 * The caller must guarantee that objp points to a valid object previously
4723 * allocated with either kmalloc() or kmem_cache_alloc(). The object
4724 * must not be freed during the duration of the call.
4725 */
fd76bab2 4726size_t ksize(const void *objp)
1da177e4 4727{
ef8b4520
CL		 4728 BUG_ON(!objp);
4729 if (unlikely(objp == ZERO_SIZE_PTR))
00e145b6 4730 return 0;
1da177e4 4731
8c138bc0 4732 return virt_to_cache(objp)->object_size;
1da177e4 4733}
b1aabecd 4734EXPORT_SYMBOL(ksize);
ubuntu-zesty-kernel mirror