1 // SPDX-License-Identifier: GPL-2.0
3 * SLOB Allocator: Simple List Of Blocks
5 * Matt Mackall <mpm@selenic.com> 12/30/03
7 * NUMA support by Paul Mundt, 2007.
11 * The core of SLOB is a traditional K&R style heap allocator, with
12 * support for returning aligned objects. The granularity of this
13 * allocator is as little as 2 bytes, however typically most architectures
14 * will require 4 bytes on 32-bit and 8 bytes on 64-bit.
16 * The slob heap is a set of linked list of pages from alloc_pages(),
17 * and within each page, there is a singly-linked list of free blocks
18 * (slob_t). The heap is grown on demand. To reduce fragmentation,
19 * heap pages are segregated into three lists, with objects less than
20 * 256 bytes, objects less than 1024 bytes, and all other objects.
22 * Allocation from heap involves first searching for a page with
23 * sufficient free blocks (using a next-fit-like approach) followed by
24 * a first-fit scan of the page. Deallocation inserts objects back
25 * into the free list in address order, so this is effectively an
26 * address-ordered first fit.
28 * Above this is an implementation of kmalloc/kfree. Blocks returned
29 * from kmalloc are prepended with a 4-byte header with the kmalloc size.
30 * If kmalloc is asked for objects of PAGE_SIZE or larger, it calls
31 * alloc_pages() directly, allocating compound pages so the page order
32 * does not have to be separately tracked.
33 * These objects are detected in kfree() because folio_test_slab()
36 * SLAB is emulated on top of SLOB by simply calling constructors and
37 * destructors for every SLAB allocation. Objects are returned with the
38 * 4-byte alignment unless the SLAB_HWCACHE_ALIGN flag is set, in which
39 * case the low-level allocator will fragment blocks to create the proper
40 * alignment. Again, objects of page-size or greater are allocated by
41 * calling alloc_pages(). As SLAB objects know their size, no separate
42 * size bookkeeping is necessary and there is essentially no allocation
43 * space overhead, and compound pages aren't needed for multi-page
46 * NUMA support in SLOB is fairly simplistic, pushing most of the real
47 * logic down to the page allocator, and simply doing the node accounting
48 * on the upper levels. In the event that a node id is explicitly
49 * provided, __alloc_pages_node() with the specified node id is used
50 * instead. The common case (or when the node id isn't explicitly provided)
51 * will default to the current node, as per numa_node_id().
53 * Node aware pages are still inserted in to the global freelist, and
54 * these are scanned for by matching against the node id encoded in the
55 * page flags. As a result, block allocations that can be satisfied from
56 * the freelist will only be done so on pages residing on the same node,
57 * in order to prevent random node placement.
60 #include <linux/kernel.h>
61 #include <linux/slab.h>
64 #include <linux/swap.h> /* struct reclaim_state */
65 #include <linux/cache.h>
66 #include <linux/init.h>
67 #include <linux/export.h>
68 #include <linux/rcupdate.h>
69 #include <linux/list.h>
70 #include <linux/kmemleak.h>
72 #include <trace/events/kmem.h>
74 #include <linux/atomic.h>
78 * slob_block has a field 'units', which indicates size of block if +ve,
79 * or offset of next block if -ve (in SLOB_UNITs).
81 * Free blocks of size 1 unit simply contain the offset of the next block.
82 * Those with larger size contain their size in the first SLOB_UNIT of
83 * memory, and the offset of the next free block in the second SLOB_UNIT.
85 #if PAGE_SIZE <= (32767 * 2)
86 typedef s16 slobidx_t;
88 typedef s32 slobidx_t;
94 typedef struct slob_block slob_t;
97 * All partially free slob pages go on these lists.
99 #define SLOB_BREAK1 256
100 #define SLOB_BREAK2 1024
101 static LIST_HEAD(free_slob_small);
102 static LIST_HEAD(free_slob_medium);
103 static LIST_HEAD(free_slob_large);
106 * slob_page_free: true for pages on free_slob_pages list.
108 static inline int slob_page_free(struct slab *slab)
110 return PageSlobFree(slab_page(slab));
113 static void set_slob_page_free(struct slab *slab, struct list_head *list)
115 list_add(&slab->slab_list, list);
116 __SetPageSlobFree(slab_page(slab));
119 static inline void clear_slob_page_free(struct slab *slab)
121 list_del(&slab->slab_list);
122 __ClearPageSlobFree(slab_page(slab));
125 #define SLOB_UNIT sizeof(slob_t)
126 #define SLOB_UNITS(size) DIV_ROUND_UP(size, SLOB_UNIT)
129 * struct slob_rcu is inserted at the tail of allocated slob blocks, which
130 * were created with a SLAB_TYPESAFE_BY_RCU slab. slob_rcu is used to free
131 * the block using call_rcu.
134 struct rcu_head head;
139 * slob_lock protects all slob allocator structures.
141 static DEFINE_SPINLOCK(slob_lock);
144 * Encode the given size and next info into a free slob block s.
146 static void set_slob(slob_t *s, slobidx_t size, slob_t *next)
148 slob_t *base = (slob_t *)((unsigned long)s & PAGE_MASK);
149 slobidx_t offset = next - base;
155 s[0].units = -offset;
159 * Return the size of a slob block.
161 static slobidx_t slob_units(slob_t *s)
169 * Return the next free slob block pointer after this one.
171 static slob_t *slob_next(slob_t *s)
173 slob_t *base = (slob_t *)((unsigned long)s & PAGE_MASK);
184 * Returns true if s is the last free block in its page.
186 static int slob_last(slob_t *s)
188 return !((unsigned long)slob_next(s) & ~PAGE_MASK);
191 static void *slob_new_pages(gfp_t gfp, int order, int node)
196 if (node != NUMA_NO_NODE)
197 page = __alloc_pages_node(node, gfp, order);
200 page = alloc_pages(gfp, order);
205 mod_node_page_state(page_pgdat(page), NR_SLAB_UNRECLAIMABLE_B,
207 return page_address(page);
210 static void slob_free_pages(void *b, int order)
212 struct page *sp = virt_to_page(b);
214 if (current->reclaim_state)
215 current->reclaim_state->reclaimed_slab += 1 << order;
217 mod_node_page_state(page_pgdat(sp), NR_SLAB_UNRECLAIMABLE_B,
218 -(PAGE_SIZE << order));
219 __free_pages(sp, order);
223 * slob_page_alloc() - Allocate a slob block within a given slob_page sp.
224 * @sp: Page to look in.
225 * @size: Size of the allocation.
226 * @align: Allocation alignment.
227 * @align_offset: Offset in the allocated block that will be aligned.
228 * @page_removed_from_list: Return parameter.
230 * Tries to find a chunk of memory at least @size bytes big within @page.
232 * Return: Pointer to memory if allocated, %NULL otherwise. If the
233 * allocation fills up @page then the page is removed from the
234 * freelist, in this case @page_removed_from_list will be set to
235 * true (set to false otherwise).
237 static void *slob_page_alloc(struct slab *sp, size_t size, int align,
238 int align_offset, bool *page_removed_from_list)
240 slob_t *prev, *cur, *aligned = NULL;
241 int delta = 0, units = SLOB_UNITS(size);
243 *page_removed_from_list = false;
244 for (prev = NULL, cur = sp->freelist; ; prev = cur, cur = slob_next(cur)) {
245 slobidx_t avail = slob_units(cur);
248 * 'aligned' will hold the address of the slob block so that the
249 * address 'aligned'+'align_offset' is aligned according to the
250 * 'align' parameter. This is for kmalloc() which prepends the
251 * allocated block with its size, so that the block itself is
252 * aligned when needed.
256 (ALIGN((unsigned long)cur + align_offset, align)
258 delta = aligned - cur;
260 if (avail >= units + delta) { /* room enough? */
263 if (delta) { /* need to fragment head to align? */
264 next = slob_next(cur);
265 set_slob(aligned, avail - delta, next);
266 set_slob(cur, delta, aligned);
269 avail = slob_units(cur);
272 next = slob_next(cur);
273 if (avail == units) { /* exact fit? unlink. */
275 set_slob(prev, slob_units(prev), next);
278 } else { /* fragment */
280 set_slob(prev, slob_units(prev), cur + units);
282 sp->freelist = cur + units;
283 set_slob(cur + units, avail - units, next);
288 clear_slob_page_free(sp);
289 *page_removed_from_list = true;
299 * slob_alloc: entry point into the slob allocator.
301 static void *slob_alloc(size_t size, gfp_t gfp, int align, int node,
306 struct list_head *slob_list;
311 if (size < SLOB_BREAK1)
312 slob_list = &free_slob_small;
313 else if (size < SLOB_BREAK2)
314 slob_list = &free_slob_medium;
316 slob_list = &free_slob_large;
318 spin_lock_irqsave(&slob_lock, flags);
319 /* Iterate through each partially free page, try to find room */
320 list_for_each_entry(sp, slob_list, slab_list) {
321 bool page_removed_from_list = false;
324 * If there's a node specification, search for a partial
325 * page with a matching node id in the freelist.
327 if (node != NUMA_NO_NODE && slab_nid(sp) != node)
330 /* Enough room on this page? */
331 if (sp->units < SLOB_UNITS(size))
334 b = slob_page_alloc(sp, size, align, align_offset, &page_removed_from_list);
339 * If slob_page_alloc() removed sp from the list then we
340 * cannot call list functions on sp. If so allocation
341 * did not fragment the page anyway so optimisation is
344 if (!page_removed_from_list) {
346 * Improve fragment distribution and reduce our average
347 * search time by starting our next search here. (see
348 * Knuth vol 1, sec 2.5, pg 449)
350 if (!list_is_first(&sp->slab_list, slob_list))
351 list_rotate_to_front(&sp->slab_list, slob_list);
355 spin_unlock_irqrestore(&slob_lock, flags);
357 /* Not enough space: must allocate a new page */
359 b = slob_new_pages(gfp & ~__GFP_ZERO, 0, node);
362 folio = virt_to_folio(b);
363 __folio_set_slab(folio);
364 sp = folio_slab(folio);
366 spin_lock_irqsave(&slob_lock, flags);
367 sp->units = SLOB_UNITS(PAGE_SIZE);
369 INIT_LIST_HEAD(&sp->slab_list);
370 set_slob(b, SLOB_UNITS(PAGE_SIZE), b + SLOB_UNITS(PAGE_SIZE));
371 set_slob_page_free(sp, slob_list);
372 b = slob_page_alloc(sp, size, align, align_offset, &_unused);
374 spin_unlock_irqrestore(&slob_lock, flags);
376 if (unlikely(gfp & __GFP_ZERO))
382 * slob_free: entry point into the slob allocator.
384 static void slob_free(void *block, int size)
387 slob_t *prev, *next, *b = (slob_t *)block;
390 struct list_head *slob_list;
392 if (unlikely(ZERO_OR_NULL_PTR(block)))
396 sp = virt_to_slab(block);
397 units = SLOB_UNITS(size);
399 spin_lock_irqsave(&slob_lock, flags);
401 if (sp->units + units == SLOB_UNITS(PAGE_SIZE)) {
402 /* Go directly to page allocator. Do not pass slob allocator */
403 if (slob_page_free(sp))
404 clear_slob_page_free(sp);
405 spin_unlock_irqrestore(&slob_lock, flags);
406 __folio_clear_slab(slab_folio(sp));
407 slob_free_pages(b, 0);
411 if (!slob_page_free(sp)) {
412 /* This slob page is about to become partially free. Easy! */
416 (void *)((unsigned long)(b +
417 SLOB_UNITS(PAGE_SIZE)) & PAGE_MASK));
418 if (size < SLOB_BREAK1)
419 slob_list = &free_slob_small;
420 else if (size < SLOB_BREAK2)
421 slob_list = &free_slob_medium;
423 slob_list = &free_slob_large;
424 set_slob_page_free(sp, slob_list);
429 * Otherwise the page is already partially free, so find reinsertion
434 if (b < (slob_t *)sp->freelist) {
435 if (b + units == sp->freelist) {
436 units += slob_units(sp->freelist);
437 sp->freelist = slob_next(sp->freelist);
439 set_slob(b, units, sp->freelist);
443 next = slob_next(prev);
446 next = slob_next(prev);
449 if (!slob_last(prev) && b + units == next) {
450 units += slob_units(next);
451 set_slob(b, units, slob_next(next));
453 set_slob(b, units, next);
455 if (prev + slob_units(prev) == b) {
456 units = slob_units(b) + slob_units(prev);
457 set_slob(prev, units, slob_next(b));
459 set_slob(prev, slob_units(prev), b);
462 spin_unlock_irqrestore(&slob_lock, flags);
466 void __kmem_obj_info(struct kmem_obj_info *kpp, void *object, struct slab *slab)
468 kpp->kp_ptr = object;
474 * End of slob allocator proper. Begin kmem_cache_alloc and kmalloc frontend.
477 static __always_inline void *
478 __do_kmalloc_node(size_t size, gfp_t gfp, int node, unsigned long caller)
481 unsigned int minalign;
484 minalign = max_t(unsigned int, ARCH_KMALLOC_MINALIGN,
485 arch_slab_minalign());
486 gfp &= gfp_allowed_mask;
490 if (size < PAGE_SIZE - minalign) {
491 int align = minalign;
494 * For power of two sizes, guarantee natural alignment for
495 * kmalloc()'d objects.
497 if (is_power_of_2(size))
498 align = max_t(unsigned int, minalign, size);
501 return ZERO_SIZE_PTR;
503 m = slob_alloc(size + minalign, gfp, align, node, minalign);
508 ret = (void *)m + minalign;
510 trace_kmalloc_node(caller, ret,
511 size, size + minalign, gfp, node);
513 unsigned int order = get_order(size);
517 ret = slob_new_pages(gfp, order, node);
519 trace_kmalloc_node(caller, ret,
520 size, PAGE_SIZE << order, gfp, node);
523 kmemleak_alloc(ret, size, 1, gfp);
527 void *__kmalloc(size_t size, gfp_t gfp)
529 return __do_kmalloc_node(size, gfp, NUMA_NO_NODE, _RET_IP_);
531 EXPORT_SYMBOL(__kmalloc);
533 void *__kmalloc_track_caller(size_t size, gfp_t gfp, unsigned long caller)
535 return __do_kmalloc_node(size, gfp, NUMA_NO_NODE, caller);
537 EXPORT_SYMBOL(__kmalloc_track_caller);
540 void *__kmalloc_node_track_caller(size_t size, gfp_t gfp,
541 int node, unsigned long caller)
543 return __do_kmalloc_node(size, gfp, node, caller);
545 EXPORT_SYMBOL(__kmalloc_node_track_caller);
548 void kfree(const void *block)
552 trace_kfree(_RET_IP_, block);
554 if (unlikely(ZERO_OR_NULL_PTR(block)))
556 kmemleak_free(block);
558 sp = virt_to_folio(block);
559 if (folio_test_slab(sp)) {
560 unsigned int align = max_t(unsigned int,
561 ARCH_KMALLOC_MINALIGN,
562 arch_slab_minalign());
563 unsigned int *m = (unsigned int *)(block - align);
565 slob_free(m, *m + align);
567 unsigned int order = folio_order(sp);
569 mod_node_page_state(folio_pgdat(sp), NR_SLAB_UNRECLAIMABLE_B,
570 -(PAGE_SIZE << order));
571 __free_pages(folio_page(sp, 0), order);
575 EXPORT_SYMBOL(kfree);
577 /* can't use ksize for kmem_cache_alloc memory, only kmalloc */
578 size_t __ksize(const void *block)
585 if (unlikely(block == ZERO_SIZE_PTR))
588 folio = virt_to_folio(block);
589 if (unlikely(!folio_test_slab(folio)))
590 return folio_size(folio);
592 align = max_t(unsigned int, ARCH_KMALLOC_MINALIGN,
593 arch_slab_minalign());
594 m = (unsigned int *)(block - align);
595 return SLOB_UNITS(*m) * SLOB_UNIT;
597 EXPORT_SYMBOL(__ksize);
599 int __kmem_cache_create(struct kmem_cache *c, slab_flags_t flags)
601 if (flags & SLAB_TYPESAFE_BY_RCU) {
602 /* leave room for rcu footer at the end of object */
603 c->size += sizeof(struct slob_rcu);
609 static void *slob_alloc_node(struct kmem_cache *c, gfp_t flags, int node)
613 flags &= gfp_allowed_mask;
617 if (c->size < PAGE_SIZE) {
618 b = slob_alloc(c->size, flags, c->align, node, 0);
619 trace_kmem_cache_alloc_node(_RET_IP_, b, c->object_size,
620 SLOB_UNITS(c->size) * SLOB_UNIT,
623 b = slob_new_pages(flags, get_order(c->size), node);
624 trace_kmem_cache_alloc_node(_RET_IP_, b, c->object_size,
625 PAGE_SIZE << get_order(c->size),
630 WARN_ON_ONCE(flags & __GFP_ZERO);
634 kmemleak_alloc_recursive(b, c->size, 1, c->flags, flags);
638 void *kmem_cache_alloc(struct kmem_cache *cachep, gfp_t flags)
640 return slob_alloc_node(cachep, flags, NUMA_NO_NODE);
642 EXPORT_SYMBOL(kmem_cache_alloc);
645 void *kmem_cache_alloc_lru(struct kmem_cache *cachep, struct list_lru *lru, gfp_t flags)
647 return slob_alloc_node(cachep, flags, NUMA_NO_NODE);
649 EXPORT_SYMBOL(kmem_cache_alloc_lru);
651 void *__kmalloc_node(size_t size, gfp_t gfp, int node)
653 return __do_kmalloc_node(size, gfp, node, _RET_IP_);
655 EXPORT_SYMBOL(__kmalloc_node);
657 void *kmem_cache_alloc_node(struct kmem_cache *cachep, gfp_t gfp, int node)
659 return slob_alloc_node(cachep, gfp, node);
661 EXPORT_SYMBOL(kmem_cache_alloc_node);
664 static void __kmem_cache_free(void *b, int size)
666 if (size < PAGE_SIZE)
669 slob_free_pages(b, get_order(size));
672 static void kmem_rcu_free(struct rcu_head *head)
674 struct slob_rcu *slob_rcu = (struct slob_rcu *)head;
675 void *b = (void *)slob_rcu - (slob_rcu->size - sizeof(struct slob_rcu));
677 __kmem_cache_free(b, slob_rcu->size);
680 void kmem_cache_free(struct kmem_cache *c, void *b)
682 kmemleak_free_recursive(b, c->flags);
683 trace_kmem_cache_free(_RET_IP_, b, c->name);
684 if (unlikely(c->flags & SLAB_TYPESAFE_BY_RCU)) {
685 struct slob_rcu *slob_rcu;
686 slob_rcu = b + (c->size - sizeof(struct slob_rcu));
687 slob_rcu->size = c->size;
688 call_rcu(&slob_rcu->head, kmem_rcu_free);
690 __kmem_cache_free(b, c->size);
693 EXPORT_SYMBOL(kmem_cache_free);
695 void kmem_cache_free_bulk(struct kmem_cache *s, size_t size, void **p)
697 __kmem_cache_free_bulk(s, size, p);
699 EXPORT_SYMBOL(kmem_cache_free_bulk);
701 int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size,
704 return __kmem_cache_alloc_bulk(s, flags, size, p);
706 EXPORT_SYMBOL(kmem_cache_alloc_bulk);
708 int __kmem_cache_shutdown(struct kmem_cache *c)
710 /* No way to check for remaining objects */
714 void __kmem_cache_release(struct kmem_cache *c)
718 int __kmem_cache_shrink(struct kmem_cache *d)
723 static struct kmem_cache kmem_cache_boot = {
724 .name = "kmem_cache",
725 .size = sizeof(struct kmem_cache),
727 .align = ARCH_KMALLOC_MINALIGN,
730 void __init kmem_cache_init(void)
732 kmem_cache = &kmem_cache_boot;
736 void __init kmem_cache_init_late(void)