kern_malloc.c revision 1.48
1 /* $NetBSD: kern_malloc.c,v 1.48 2000/02/01 19:37:58 thorpej Exp $ */ 2 3 /* 4 * Copyright (c) 1996 Christopher G. Demetriou. All rights reserved. 5 * Copyright (c) 1987, 1991, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. All advertising materials mentioning features or use of this software 17 * must display the following acknowledgement: 18 * This product includes software developed by the University of 19 * California, Berkeley and its contributors. 20 * 4. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)kern_malloc.c 8.4 (Berkeley) 5/20/95 37 */ 38 39 #include "opt_lockdebug.h" 40 41 #include <sys/param.h> 42 #include <sys/proc.h> 43 #include <sys/map.h> 44 #include <sys/kernel.h> 45 #include <sys/malloc.h> 46 #include <sys/systm.h> 47 48 #include <vm/vm.h> 49 #include <vm/vm_kern.h> 50 51 #include <uvm/uvm_extern.h> 52 53 static struct vm_map_intrsafe kmem_map_store; 54 vm_map_t kmem_map = NULL; 55 56 #include "opt_kmemstats.h" 57 #include "opt_malloclog.h" 58 59 struct kmembuckets bucket[MINBUCKET + 16]; 60 struct kmemstats kmemstats[M_LAST]; 61 struct kmemusage *kmemusage; 62 char *kmembase, *kmemlimit; 63 const char *memname[] = INITKMEMNAMES; 64 65 #ifdef MALLOCLOG 66 #ifndef MALLOCLOGSIZE 67 #define MALLOCLOGSIZE 100000 68 #endif 69 70 struct malloclog { 71 void *addr; 72 long size; 73 int type; 74 int action; 75 const char *file; 76 long line; 77 } malloclog[MALLOCLOGSIZE]; 78 79 long malloclogptr; 80 81 static void domlog __P((void *a, long size, int type, int action, 82 const char *file, long line)); 83 static void hitmlog __P((void *a)); 84 85 static void 86 domlog(a, size, type, action, file, line) 87 void *a; 88 long size; 89 int type; 90 int action; 91 const char *file; 92 long line; 93 { 94 95 malloclog[malloclogptr].addr = a; 96 malloclog[malloclogptr].size = size; 97 malloclog[malloclogptr].type = type; 98 malloclog[malloclogptr].action = action; 99 malloclog[malloclogptr].file = file; 100 malloclog[malloclogptr].line = line; 101 malloclogptr++; 102 if (malloclogptr >= MALLOCLOGSIZE) 103 malloclogptr = 0; 104 } 105 106 static void 107 hitmlog(a) 108 void *a; 109 { 110 struct malloclog *lp; 111 long l; 112 113 #define PRT \ 114 if (malloclog[l].addr == a && malloclog[l].action) { \ 115 lp = &malloclog[l]; \ 116 printf("malloc log entry %ld:\n", l); \ 117 printf("\taddr = %p\n", lp->addr); \ 118 printf("\tsize = %ld\n", lp->size); \ 119 printf("\ttype = %s\n", memname[lp->type]); \ 120 printf("\taction = %s\n", lp->action == 1 ? "alloc" : "free"); \ 121 printf("\tfile = %s\n", lp->file); \ 122 printf("\tline = %ld\n", lp->line); \ 123 } 124 125 for (l = malloclogptr; l < MALLOCLOGSIZE; l++) 126 PRT 127 128 for (l = 0; l < malloclogptr; l++) 129 PRT 130 } 131 #endif /* MALLOCLOG */ 132 133 #ifdef DIAGNOSTIC 134 /* 135 * This structure provides a set of masks to catch unaligned frees. 136 */ 137 long addrmask[] = { 0, 138 0x00000001, 0x00000003, 0x00000007, 0x0000000f, 139 0x0000001f, 0x0000003f, 0x0000007f, 0x000000ff, 140 0x000001ff, 0x000003ff, 0x000007ff, 0x00000fff, 141 0x00001fff, 0x00003fff, 0x00007fff, 0x0000ffff, 142 }; 143 144 /* 145 * The WEIRD_ADDR is used as known text to copy into free objects so 146 * that modifications after frees can be detected. 147 */ 148 #define WEIRD_ADDR ((unsigned) 0xdeadbeef) 149 #define MAX_COPY 32 150 151 /* 152 * Normally the freelist structure is used only to hold the list pointer 153 * for free objects. However, when running with diagnostics, the first 154 * 8 bytes of the structure is unused except for diagnostic information, 155 * and the free list pointer is at offst 8 in the structure. Since the 156 * first 8 bytes is the portion of the structure most often modified, this 157 * helps to detect memory reuse problems and avoid free list corruption. 158 */ 159 struct freelist { 160 int32_t spare0; 161 int16_t type; 162 int16_t spare1; 163 caddr_t next; 164 }; 165 #else /* !DIAGNOSTIC */ 166 struct freelist { 167 caddr_t next; 168 }; 169 #endif /* DIAGNOSTIC */ 170 171 /* 172 * Allocate a block of memory 173 */ 174 #ifdef MALLOCLOG 175 void * 176 _malloc(size, type, flags, file, line) 177 unsigned long size; 178 int type, flags; 179 const char *file; 180 long line; 181 #else 182 void * 183 malloc(size, type, flags) 184 unsigned long size; 185 int type, flags; 186 #endif /* MALLOCLOG */ 187 { 188 register struct kmembuckets *kbp; 189 register struct kmemusage *kup; 190 register struct freelist *freep; 191 long indx, npg, allocsize; 192 int s; 193 caddr_t va, cp, savedlist; 194 #ifdef DIAGNOSTIC 195 int32_t *end, *lp; 196 int copysize; 197 const char *savedtype; 198 #endif 199 #ifdef KMEMSTATS 200 register struct kmemstats *ksp = &kmemstats[type]; 201 202 if (((unsigned long)type) > M_LAST) 203 panic("malloc - bogus type"); 204 #endif 205 indx = BUCKETINDX(size); 206 kbp = &bucket[indx]; 207 s = splmem(); 208 #ifdef KMEMSTATS 209 while (ksp->ks_memuse >= ksp->ks_limit) { 210 if (flags & M_NOWAIT) { 211 splx(s); 212 return ((void *) NULL); 213 } 214 if (ksp->ks_limblocks < 65535) 215 ksp->ks_limblocks++; 216 tsleep((caddr_t)ksp, PSWP+2, memname[type], 0); 217 } 218 ksp->ks_size |= 1 << indx; 219 #endif 220 #ifdef DIAGNOSTIC 221 copysize = 1 << indx < MAX_COPY ? 1 << indx : MAX_COPY; 222 #endif 223 if (kbp->kb_next == NULL) { 224 kbp->kb_last = NULL; 225 if (size > MAXALLOCSAVE) 226 allocsize = roundup(size, NBPG); 227 else 228 allocsize = 1 << indx; 229 npg = btoc(allocsize); 230 va = (caddr_t) uvm_km_kmemalloc(kmem_map, uvmexp.kmem_object, 231 (vsize_t)ctob(npg), 232 (flags & M_NOWAIT) ? UVM_KMF_NOWAIT : 0); 233 if (va == NULL) { 234 /* 235 * Kmem_malloc() can return NULL, even if it can 236 * wait, if there is no map space avaiable, because 237 * it can't fix that problem. Neither can we, 238 * right now. (We should release pages which 239 * are completely free and which are in buckets 240 * with too many free elements.) 241 */ 242 if ((flags & M_NOWAIT) == 0) 243 panic("malloc: out of space in kmem_map"); 244 splx(s); 245 return ((void *) NULL); 246 } 247 #ifdef KMEMSTATS 248 kbp->kb_total += kbp->kb_elmpercl; 249 #endif 250 kup = btokup(va); 251 kup->ku_indx = indx; 252 if (allocsize > MAXALLOCSAVE) { 253 if (npg > 65535) 254 panic("malloc: allocation too large"); 255 kup->ku_pagecnt = npg; 256 #ifdef KMEMSTATS 257 ksp->ks_memuse += allocsize; 258 #endif 259 goto out; 260 } 261 #ifdef KMEMSTATS 262 kup->ku_freecnt = kbp->kb_elmpercl; 263 kbp->kb_totalfree += kbp->kb_elmpercl; 264 #endif 265 /* 266 * Just in case we blocked while allocating memory, 267 * and someone else also allocated memory for this 268 * bucket, don't assume the list is still empty. 269 */ 270 savedlist = kbp->kb_next; 271 kbp->kb_next = cp = va + (npg * NBPG) - allocsize; 272 for (;;) { 273 freep = (struct freelist *)cp; 274 #ifdef DIAGNOSTIC 275 /* 276 * Copy in known text to detect modification 277 * after freeing. 278 */ 279 end = (int32_t *)&cp[copysize]; 280 for (lp = (int32_t *)cp; lp < end; lp++) 281 *lp = WEIRD_ADDR; 282 freep->type = M_FREE; 283 #endif /* DIAGNOSTIC */ 284 if (cp <= va) 285 break; 286 cp -= allocsize; 287 freep->next = cp; 288 } 289 freep->next = savedlist; 290 if (kbp->kb_last == NULL) 291 kbp->kb_last = (caddr_t)freep; 292 } 293 va = kbp->kb_next; 294 kbp->kb_next = ((struct freelist *)va)->next; 295 #ifdef DIAGNOSTIC 296 freep = (struct freelist *)va; 297 savedtype = (unsigned)freep->type < M_LAST ? 298 memname[freep->type] : "???"; 299 if (kbp->kb_next) { 300 int rv; 301 vaddr_t addr = (vaddr_t)kbp->kb_next; 302 303 vm_map_lock(kmem_map); 304 rv = uvm_map_checkprot(kmem_map, addr, 305 addr + sizeof(struct freelist), 306 VM_PROT_WRITE); 307 vm_map_unlock(kmem_map); 308 309 if (!rv) 310 { 311 printf( 312 "%s %ld of object %p size %ld %s %s (invalid addr %p)\n", 313 "Data modified on freelist: word", 314 (long)((int32_t *)&kbp->kb_next - (int32_t *)kbp), 315 va, size, "previous type", savedtype, kbp->kb_next); 316 #ifdef MALLOCLOG 317 hitmlog(va); 318 #endif 319 kbp->kb_next = NULL; 320 } 321 } 322 323 /* Fill the fields that we've used with WEIRD_ADDR */ 324 #if BYTE_ORDER == BIG_ENDIAN 325 freep->type = WEIRD_ADDR >> 16; 326 #endif 327 #if BYTE_ORDER == LITTLE_ENDIAN 328 freep->type = (short)WEIRD_ADDR; 329 #endif 330 end = (int32_t *)&freep->next + 331 (sizeof(freep->next) / sizeof(int32_t)); 332 for (lp = (int32_t *)&freep->next; lp < end; lp++) 333 *lp = WEIRD_ADDR; 334 335 /* and check that the data hasn't been modified. */ 336 end = (int32_t *)&va[copysize]; 337 for (lp = (int32_t *)va; lp < end; lp++) { 338 if (*lp == WEIRD_ADDR) 339 continue; 340 printf("%s %ld of object %p size %ld %s %s (0x%x != 0x%x)\n", 341 "Data modified on freelist: word", 342 (long)(lp - (int32_t *)va), va, size, "previous type", 343 savedtype, *lp, WEIRD_ADDR); 344 #ifdef MALLOCLOG 345 hitmlog(va); 346 #endif 347 break; 348 } 349 350 freep->spare0 = 0; 351 #endif /* DIAGNOSTIC */ 352 #ifdef KMEMSTATS 353 kup = btokup(va); 354 if (kup->ku_indx != indx) 355 panic("malloc: wrong bucket"); 356 if (kup->ku_freecnt == 0) 357 panic("malloc: lost data"); 358 kup->ku_freecnt--; 359 kbp->kb_totalfree--; 360 ksp->ks_memuse += 1 << indx; 361 out: 362 kbp->kb_calls++; 363 ksp->ks_inuse++; 364 ksp->ks_calls++; 365 if (ksp->ks_memuse > ksp->ks_maxused) 366 ksp->ks_maxused = ksp->ks_memuse; 367 #else 368 out: 369 #endif 370 #ifdef MALLOCLOG 371 domlog(va, size, type, 1, file, line); 372 #endif 373 splx(s); 374 return ((void *) va); 375 } 376 377 /* 378 * Free a block of memory allocated by malloc. 379 */ 380 #ifdef MALLOCLOG 381 void 382 _free(addr, type, file, line) 383 void *addr; 384 int type; 385 const char *file; 386 long line; 387 #else 388 void 389 free(addr, type) 390 void *addr; 391 int type; 392 #endif /* MALLOCLOG */ 393 { 394 register struct kmembuckets *kbp; 395 register struct kmemusage *kup; 396 register struct freelist *freep; 397 long size; 398 int s; 399 #ifdef DIAGNOSTIC 400 caddr_t cp; 401 int32_t *end, *lp; 402 long alloc, copysize; 403 #endif 404 #ifdef KMEMSTATS 405 register struct kmemstats *ksp = &kmemstats[type]; 406 #endif 407 408 #ifdef DIAGNOSTIC 409 /* 410 * Ensure that we're free'ing something that we could 411 * have allocated in the first place. That is, check 412 * to see that the address is within kmem_map. 413 */ 414 if ((vaddr_t)addr < kmem_map->header.start || 415 (vaddr_t)addr >= kmem_map->header.end) 416 panic("free: addr %p not within kmem_map", addr); 417 #endif 418 419 kup = btokup(addr); 420 size = 1 << kup->ku_indx; 421 kbp = &bucket[kup->ku_indx]; 422 s = splmem(); 423 #ifdef MALLOCLOG 424 domlog(addr, 0, type, 2, file, line); 425 #endif 426 #ifdef DIAGNOSTIC 427 /* 428 * Check for returns of data that do not point to the 429 * beginning of the allocation. 430 */ 431 if (size > NBPG) 432 alloc = addrmask[BUCKETINDX(NBPG)]; 433 else 434 alloc = addrmask[kup->ku_indx]; 435 if (((u_long)addr & alloc) != 0) 436 panic("free: unaligned addr %p, size %ld, type %s, mask %ld\n", 437 addr, size, memname[type], alloc); 438 #endif /* DIAGNOSTIC */ 439 if (size > MAXALLOCSAVE) { 440 uvm_km_free(kmem_map, (vaddr_t)addr, ctob(kup->ku_pagecnt)); 441 #ifdef KMEMSTATS 442 size = kup->ku_pagecnt << PGSHIFT; 443 ksp->ks_memuse -= size; 444 kup->ku_indx = 0; 445 kup->ku_pagecnt = 0; 446 if (ksp->ks_memuse + size >= ksp->ks_limit && 447 ksp->ks_memuse < ksp->ks_limit) 448 wakeup((caddr_t)ksp); 449 ksp->ks_inuse--; 450 kbp->kb_total -= 1; 451 #endif 452 splx(s); 453 return; 454 } 455 freep = (struct freelist *)addr; 456 #ifdef DIAGNOSTIC 457 /* 458 * Check for multiple frees. Use a quick check to see if 459 * it looks free before laboriously searching the freelist. 460 */ 461 if (freep->spare0 == WEIRD_ADDR) { 462 for (cp = kbp->kb_next; cp; 463 cp = ((struct freelist *)cp)->next) { 464 if (addr != cp) 465 continue; 466 printf("multiply freed item %p\n", addr); 467 #ifdef MALLOCLOG 468 hitmlog(addr); 469 #endif 470 panic("free: duplicated free"); 471 } 472 } 473 #ifdef LOCKDEBUG 474 /* 475 * Check if we're freeing a locked simple lock. 476 */ 477 simple_lock_freecheck(addr, (char *)addr + size); 478 #endif 479 /* 480 * Copy in known text to detect modification after freeing 481 * and to make it look free. Also, save the type being freed 482 * so we can list likely culprit if modification is detected 483 * when the object is reallocated. 484 */ 485 copysize = size < MAX_COPY ? size : MAX_COPY; 486 end = (int32_t *)&((caddr_t)addr)[copysize]; 487 for (lp = (int32_t *)addr; lp < end; lp++) 488 *lp = WEIRD_ADDR; 489 freep->type = type; 490 #endif /* DIAGNOSTIC */ 491 #ifdef KMEMSTATS 492 kup->ku_freecnt++; 493 if (kup->ku_freecnt >= kbp->kb_elmpercl) { 494 if (kup->ku_freecnt > kbp->kb_elmpercl) 495 panic("free: multiple frees"); 496 else if (kbp->kb_totalfree > kbp->kb_highwat) 497 kbp->kb_couldfree++; 498 } 499 kbp->kb_totalfree++; 500 ksp->ks_memuse -= size; 501 if (ksp->ks_memuse + size >= ksp->ks_limit && 502 ksp->ks_memuse < ksp->ks_limit) 503 wakeup((caddr_t)ksp); 504 ksp->ks_inuse--; 505 #endif 506 if (kbp->kb_next == NULL) 507 kbp->kb_next = addr; 508 else 509 ((struct freelist *)kbp->kb_last)->next = addr; 510 freep->next = NULL; 511 kbp->kb_last = addr; 512 splx(s); 513 } 514 515 /* 516 * Change the size of a block of memory. 517 */ 518 void * 519 realloc(curaddr, newsize, type, flags) 520 void *curaddr; 521 unsigned long newsize; 522 int type, flags; 523 { 524 register struct kmemusage *kup; 525 long cursize; 526 void *newaddr; 527 #ifdef DIAGNOSTIC 528 long alloc; 529 #endif 530 531 /* 532 * Realloc() with a NULL pointer is the same as malloc(). 533 */ 534 if (curaddr == NULL) 535 return (malloc(newsize, type, flags)); 536 537 /* 538 * Realloc() with zero size is the same as free(). 539 */ 540 if (newsize == 0) { 541 free(curaddr, type); 542 return (NULL); 543 } 544 545 /* 546 * Find out how large the old allocation was (and do some 547 * sanity checking). 548 */ 549 kup = btokup(curaddr); 550 cursize = 1 << kup->ku_indx; 551 552 #ifdef DIAGNOSTIC 553 /* 554 * Check for returns of data that do not point to the 555 * beginning of the allocation. 556 */ 557 if (cursize > NBPG) 558 alloc = addrmask[BUCKETINDX(NBPG)]; 559 else 560 alloc = addrmask[kup->ku_indx]; 561 if (((u_long)curaddr & alloc) != 0) 562 panic("realloc: unaligned addr %p, size %ld, type %s, mask %ld\n", 563 curaddr, cursize, memname[type], alloc); 564 #endif /* DIAGNOSTIC */ 565 566 if (cursize > MAXALLOCSAVE) 567 cursize = ctob(kup->ku_pagecnt); 568 569 /* 570 * If we already actually have as much as they want, we're done. 571 */ 572 if (newsize <= cursize) 573 return (curaddr); 574 575 /* 576 * Can't satisfy the allocation with the existing block. 577 * Allocate a new one and copy the data. 578 */ 579 newaddr = malloc(newsize, type, flags); 580 if (newaddr == NULL) { 581 /* 582 * Malloc() failed, because flags included M_NOWAIT. 583 * Return NULL to indicate that failure. The old 584 * pointer is still valid. 585 */ 586 return NULL; 587 } 588 memcpy(newaddr, curaddr, cursize); 589 590 /* 591 * We were successful: free the old allocation and return 592 * the new one. 593 */ 594 free(curaddr, type); 595 return (newaddr); 596 } 597 598 /* 599 * Initialize the kernel memory allocator 600 */ 601 void 602 kmeminit() 603 { 604 #ifdef KMEMSTATS 605 register long indx; 606 #endif 607 int npg; 608 609 #if ((MAXALLOCSAVE & (MAXALLOCSAVE - 1)) != 0) 610 ERROR!_kmeminit:_MAXALLOCSAVE_not_power_of_2 611 #endif 612 #if (MAXALLOCSAVE > MINALLOCSIZE * 32768) 613 ERROR!_kmeminit:_MAXALLOCSAVE_too_big 614 #endif 615 #if (MAXALLOCSAVE < NBPG) 616 ERROR!_kmeminit:_MAXALLOCSAVE_too_small 617 #endif 618 619 if (sizeof(struct freelist) > (1 << MINBUCKET)) 620 panic("minbucket too small/struct freelist too big"); 621 622 npg = VM_KMEM_SIZE/ NBPG; 623 kmemusage = (struct kmemusage *) uvm_km_zalloc(kernel_map, 624 (vsize_t)(npg * sizeof(struct kmemusage))); 625 kmem_map = uvm_km_suballoc(kernel_map, (vaddr_t *)&kmembase, 626 (vaddr_t *)&kmemlimit, (vsize_t)(npg * NBPG), 627 VM_MAP_INTRSAFE, FALSE, &kmem_map_store.vmi_map); 628 #ifdef KMEMSTATS 629 for (indx = 0; indx < MINBUCKET + 16; indx++) { 630 if (1 << indx >= NBPG) 631 bucket[indx].kb_elmpercl = 1; 632 else 633 bucket[indx].kb_elmpercl = NBPG / (1 << indx); 634 bucket[indx].kb_highwat = 5 * bucket[indx].kb_elmpercl; 635 } 636 for (indx = 0; indx < M_LAST; indx++) 637 kmemstats[indx].ks_limit = npg * NBPG * 6 / 10; 638 #endif 639 } 640 641 #ifdef DDB 642 #include <ddb/db_output.h> 643 644 /* 645 * Dump kmem statistics from ddb. 646 * 647 * usage: call dump_kmemstats 648 */ 649 void dump_kmemstats __P((void)); 650 651 void 652 dump_kmemstats() 653 { 654 #ifdef KMEMSTATS 655 const char *name; 656 int i; 657 658 for (i = 0; i < M_LAST; i++) { 659 name = memname[i] ? memname[i] : ""; 660 661 db_printf("%2d %s%.*s %ld\n", i, name, 662 (int)(20 - strlen(name)), " ", 663 kmemstats[i].ks_memuse); 664 } 665 #else 666 db_printf("Kmem stats are not being collected.\n"); 667 #endif /* KMEMSTATS */ 668 } 669 #endif /* DDB */ 670
Indexes created Sun Sep 21 20:09:37 GMT 2025