Sync usage with man page.
[netbsd-mini2440.git] / sys / kern / kern_malloc.c
blobb82599a2e670e0a18d1767e1d0cec5738c5166b0
1 /* $NetBSD: kern_malloc.c,v 1.126 2009/01/07 21:06:31 pooka Exp $ */
3 /*
4 * Copyright (c) 1987, 1991, 1993
5 * The Regents of the University of California. All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
31 * @(#)kern_malloc.c 8.4 (Berkeley) 5/20/95
35 * Copyright (c) 1996 Christopher G. Demetriou. All rights reserved.
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
39 * are met:
40 * 1. Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in the
44 * documentation and/or other materials provided with the distribution.
45 * 3. All advertising materials mentioning features or use of this software
46 * must display the following acknowledgement:
47 * This product includes software developed by the University of
48 * California, Berkeley and its contributors.
49 * 4. Neither the name of the University nor the names of its contributors
50 * may be used to endorse or promote products derived from this software
51 * without specific prior written permission.
53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
56 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
63 * SUCH DAMAGE.
65 * @(#)kern_malloc.c 8.4 (Berkeley) 5/20/95
68 #include <sys/cdefs.h>
69 __KERNEL_RCSID(0, "$NetBSD: kern_malloc.c,v 1.126 2009/01/07 21:06:31 pooka Exp $");
71 #include <sys/param.h>
72 #include <sys/proc.h>
73 #include <sys/kernel.h>
74 #include <sys/malloc.h>
75 #include <sys/systm.h>
76 #include <sys/debug.h>
77 #include <sys/mutex.h>
78 #include <sys/lockdebug.h>
80 #include <uvm/uvm_extern.h>
82 static struct vm_map_kernel kmem_map_store;
83 struct vm_map *kmem_map = NULL;
85 #include "opt_kmempages.h"
87 #ifdef NKMEMCLUSTERS
88 #error NKMEMCLUSTERS is obsolete; remove it from your kernel config file and use NKMEMPAGES instead or let the kernel auto-size
89 #endif
92 * Default number of pages in kmem_map. We attempt to calculate this
93 * at run-time, but allow it to be either patched or set in the kernel
94 * config file.
96 #ifndef NKMEMPAGES
97 #define NKMEMPAGES 0
98 #endif
99 int nkmempages = NKMEMPAGES;
102 * Defaults for lower- and upper-bounds for the kmem_map page count.
103 * Can be overridden by kernel config options.
105 #ifndef NKMEMPAGES_MIN
106 #define NKMEMPAGES_MIN NKMEMPAGES_MIN_DEFAULT
107 #endif
109 #ifndef NKMEMPAGES_MAX
110 #define NKMEMPAGES_MAX NKMEMPAGES_MAX_DEFAULT
111 #endif
113 #include "opt_kmemstats.h"
114 #include "opt_malloclog.h"
115 #include "opt_malloc_debug.h"
117 #define MINALLOCSIZE (1 << MINBUCKET)
118 #define BUCKETINDX(size) \
119 ((size) <= (MINALLOCSIZE * 128) \
120 ? (size) <= (MINALLOCSIZE * 8) \
121 ? (size) <= (MINALLOCSIZE * 2) \
122 ? (size) <= (MINALLOCSIZE * 1) \
123 ? (MINBUCKET + 0) \
124 : (MINBUCKET + 1) \
125 : (size) <= (MINALLOCSIZE * 4) \
126 ? (MINBUCKET + 2) \
127 : (MINBUCKET + 3) \
128 : (size) <= (MINALLOCSIZE* 32) \
129 ? (size) <= (MINALLOCSIZE * 16) \
130 ? (MINBUCKET + 4) \
131 : (MINBUCKET + 5) \
132 : (size) <= (MINALLOCSIZE * 64) \
133 ? (MINBUCKET + 6) \
134 : (MINBUCKET + 7) \
135 : (size) <= (MINALLOCSIZE * 2048) \
136 ? (size) <= (MINALLOCSIZE * 512) \
137 ? (size) <= (MINALLOCSIZE * 256) \
138 ? (MINBUCKET + 8) \
139 : (MINBUCKET + 9) \
140 : (size) <= (MINALLOCSIZE * 1024) \
141 ? (MINBUCKET + 10) \
142 : (MINBUCKET + 11) \
143 : (size) <= (MINALLOCSIZE * 8192) \
144 ? (size) <= (MINALLOCSIZE * 4096) \
145 ? (MINBUCKET + 12) \
146 : (MINBUCKET + 13) \
147 : (size) <= (MINALLOCSIZE * 16384) \
148 ? (MINBUCKET + 14) \
149 : (MINBUCKET + 15))
152 * Array of descriptors that describe the contents of each page
154 struct kmemusage {
155 short ku_indx; /* bucket index */
156 union {
157 u_short freecnt;/* for small allocations, free pieces in page */
158 u_short pagecnt;/* for large allocations, pages alloced */
159 } ku_un;
161 #define ku_freecnt ku_un.freecnt
162 #define ku_pagecnt ku_un.pagecnt
164 struct kmembuckets kmembuckets[MINBUCKET + 16];
165 struct kmemusage *kmemusage;
166 char *kmembase, *kmemlimit;
168 #ifdef DEBUG
169 static void *malloc_freecheck;
170 #endif
173 * Turn virtual addresses into kmem map indicies
175 #define btokup(addr) (&kmemusage[((char *)(addr) - kmembase) >> PGSHIFT])
177 struct malloc_type *kmemstatistics;
179 #ifdef MALLOCLOG
180 #ifndef MALLOCLOGSIZE
181 #define MALLOCLOGSIZE 100000
182 #endif
184 struct malloclog {
185 void *addr;
186 long size;
187 struct malloc_type *type;
188 int action;
189 const char *file;
190 long line;
191 } malloclog[MALLOCLOGSIZE];
193 long malloclogptr;
196 * Fuzz factor for neighbour address match this must be a mask of the lower
197 * bits we wish to ignore when comparing addresses
199 __uintptr_t malloclog_fuzz = 0x7FL;
202 static void
203 domlog(void *a, long size, struct malloc_type *type, int action,
204 const char *file, long line)
207 malloclog[malloclogptr].addr = a;
208 malloclog[malloclogptr].size = size;
209 malloclog[malloclogptr].type = type;
210 malloclog[malloclogptr].action = action;
211 malloclog[malloclogptr].file = file;
212 malloclog[malloclogptr].line = line;
213 malloclogptr++;
214 if (malloclogptr >= MALLOCLOGSIZE)
215 malloclogptr = 0;
218 static void
219 hitmlog(void *a)
221 struct malloclog *lp;
222 long l;
224 #define PRT do { \
225 lp = &malloclog[l]; \
226 if (lp->addr == a && lp->action) { \
227 printf("malloc log entry %ld:\n", l); \
228 printf("\taddr = %p\n", lp->addr); \
229 printf("\tsize = %ld\n", lp->size); \
230 printf("\ttype = %s\n", lp->type->ks_shortdesc); \
231 printf("\taction = %s\n", lp->action == 1 ? "alloc" : "free"); \
232 printf("\tfile = %s\n", lp->file); \
233 printf("\tline = %ld\n", lp->line); \
235 } while (/* CONSTCOND */0)
238 * Print fuzzy matched "neighbour" - look for the memory block that has
239 * been allocated below the address we are interested in. We look for a
240 * base address + size that is within malloclog_fuzz of our target
241 * address. If the base address and target address are the same then it is
242 * likely we have found a free (size is 0 in this case) so we won't report
243 * those, they will get reported by PRT anyway.
245 #define NPRT do { \
246 __uintptr_t fuzz_mask = ~(malloclog_fuzz); \
247 lp = &malloclog[l]; \
248 if ((__uintptr_t)lp->addr != (__uintptr_t)a && \
249 (((__uintptr_t)lp->addr + lp->size + malloclog_fuzz) & fuzz_mask) \
250 == ((__uintptr_t)a & fuzz_mask) && lp->action) { \
251 printf("neighbour malloc log entry %ld:\n", l); \
252 printf("\taddr = %p\n", lp->addr); \
253 printf("\tsize = %ld\n", lp->size); \
254 printf("\ttype = %s\n", lp->type->ks_shortdesc); \
255 printf("\taction = %s\n", lp->action == 1 ? "alloc" : "free"); \
256 printf("\tfile = %s\n", lp->file); \
257 printf("\tline = %ld\n", lp->line); \
259 } while (/* CONSTCOND */0)
261 for (l = malloclogptr; l < MALLOCLOGSIZE; l++) {
262 PRT;
263 NPRT;
267 for (l = 0; l < malloclogptr; l++) {
268 PRT;
269 NPRT;
272 #undef PRT
274 #endif /* MALLOCLOG */
276 #ifdef DIAGNOSTIC
278 * This structure provides a set of masks to catch unaligned frees.
280 const long addrmask[] = { 0,
281 0x00000001, 0x00000003, 0x00000007, 0x0000000f,
282 0x0000001f, 0x0000003f, 0x0000007f, 0x000000ff,
283 0x000001ff, 0x000003ff, 0x000007ff, 0x00000fff,
284 0x00001fff, 0x00003fff, 0x00007fff, 0x0000ffff,
288 * The WEIRD_ADDR is used as known text to copy into free objects so
289 * that modifications after frees can be detected.
291 #define WEIRD_ADDR ((uint32_t) 0xdeadbeef)
292 #ifdef DEBUG
293 #define MAX_COPY PAGE_SIZE
294 #else
295 #define MAX_COPY 32
296 #endif
299 * Normally the freelist structure is used only to hold the list pointer
300 * for free objects. However, when running with diagnostics, the first
301 * 8/16 bytes of the structure is unused except for diagnostic information,
302 * and the free list pointer is at offset 8/16 in the structure. Since the
303 * first 8 bytes is the portion of the structure most often modified, this
304 * helps to detect memory reuse problems and avoid free list corruption.
306 struct freelist {
307 uint32_t spare0;
308 #ifdef _LP64
309 uint32_t spare1; /* explicit padding */
310 #endif
311 struct malloc_type *type;
312 void * next;
314 #else /* !DIAGNOSTIC */
315 struct freelist {
316 void * next;
318 #endif /* DIAGNOSTIC */
320 kmutex_t malloc_lock;
323 * Allocate a block of memory
325 #ifdef MALLOCLOG
326 void *
327 _kern_malloc(unsigned long size, struct malloc_type *ksp, int flags,
328 const char *file, long line)
329 #else
330 void *
331 kern_malloc(unsigned long size, struct malloc_type *ksp, int flags)
332 #endif /* MALLOCLOG */
334 struct kmembuckets *kbp;
335 struct kmemusage *kup;
336 struct freelist *freep;
337 long indx, npg, allocsize;
338 char *va, *cp, *savedlist;
339 #ifdef DIAGNOSTIC
340 uint32_t *end, *lp;
341 int copysize;
342 #endif
344 #ifdef LOCKDEBUG
345 if ((flags & M_NOWAIT) == 0) {
346 ASSERT_SLEEPABLE();
348 #endif
349 #ifdef MALLOC_DEBUG
350 if (debug_malloc(size, ksp, flags, (void *) &va)) {
351 if (va != 0) {
352 FREECHECK_OUT(&malloc_freecheck, (void *)va);
354 return ((void *) va);
356 #endif
357 indx = BUCKETINDX(size);
358 kbp = &kmembuckets[indx];
359 mutex_spin_enter(&malloc_lock);
360 #ifdef KMEMSTATS
361 while (ksp->ks_memuse >= ksp->ks_limit) {
362 if (flags & M_NOWAIT) {
363 mutex_spin_exit(&malloc_lock);
364 return ((void *) NULL);
366 if (ksp->ks_limblocks < 65535)
367 ksp->ks_limblocks++;
368 mtsleep((void *)ksp, PSWP+2, ksp->ks_shortdesc, 0,
369 &malloc_lock);
371 ksp->ks_size |= 1 << indx;
372 #endif
373 #ifdef DIAGNOSTIC
374 copysize = 1 << indx < MAX_COPY ? 1 << indx : MAX_COPY;
375 #endif
376 if (kbp->kb_next == NULL) {
377 int s;
378 kbp->kb_last = NULL;
379 if (size > MAXALLOCSAVE)
380 allocsize = round_page(size);
381 else
382 allocsize = 1 << indx;
383 npg = btoc(allocsize);
384 mutex_spin_exit(&malloc_lock);
385 s = splvm();
386 va = (void *) uvm_km_alloc(kmem_map,
387 (vsize_t)ctob(npg), 0,
388 ((flags & M_NOWAIT) ? UVM_KMF_NOWAIT : 0) |
389 ((flags & M_CANFAIL) ? UVM_KMF_CANFAIL : 0) |
390 UVM_KMF_WIRED);
391 splx(s);
392 if (__predict_false(va == NULL)) {
394 * Kmem_malloc() can return NULL, even if it can
395 * wait, if there is no map space available, because
396 * it can't fix that problem. Neither can we,
397 * right now. (We should release pages which
398 * are completely free and which are in kmembuckets
399 * with too many free elements.)
401 if ((flags & (M_NOWAIT|M_CANFAIL)) == 0)
402 panic("malloc: out of space in kmem_map");
403 return (NULL);
405 mutex_spin_enter(&malloc_lock);
406 #ifdef KMEMSTATS
407 kbp->kb_total += kbp->kb_elmpercl;
408 #endif
409 kup = btokup(va);
410 kup->ku_indx = indx;
411 if (allocsize > MAXALLOCSAVE) {
412 if (npg > 65535)
413 panic("malloc: allocation too large");
414 kup->ku_pagecnt = npg;
415 #ifdef KMEMSTATS
416 ksp->ks_memuse += allocsize;
417 #endif
418 goto out;
420 #ifdef KMEMSTATS
421 kup->ku_freecnt = kbp->kb_elmpercl;
422 kbp->kb_totalfree += kbp->kb_elmpercl;
423 #endif
425 * Just in case we blocked while allocating memory,
426 * and someone else also allocated memory for this
427 * kmembucket, don't assume the list is still empty.
429 savedlist = kbp->kb_next;
430 kbp->kb_next = cp = va + (npg << PAGE_SHIFT) - allocsize;
431 for (;;) {
432 freep = (struct freelist *)cp;
433 #ifdef DIAGNOSTIC
435 * Copy in known text to detect modification
436 * after freeing.
438 end = (uint32_t *)&cp[copysize];
439 for (lp = (uint32_t *)cp; lp < end; lp++)
440 *lp = WEIRD_ADDR;
441 freep->type = M_FREE;
442 #endif /* DIAGNOSTIC */
443 if (cp <= va)
444 break;
445 cp -= allocsize;
446 freep->next = cp;
448 freep->next = savedlist;
449 if (savedlist == NULL)
450 kbp->kb_last = (void *)freep;
452 va = kbp->kb_next;
453 kbp->kb_next = ((struct freelist *)va)->next;
454 #ifdef DIAGNOSTIC
455 freep = (struct freelist *)va;
456 /* XXX potential to get garbage pointer here. */
457 if (kbp->kb_next) {
458 int rv;
459 vaddr_t addr = (vaddr_t)kbp->kb_next;
461 vm_map_lock(kmem_map);
462 rv = uvm_map_checkprot(kmem_map, addr,
463 addr + sizeof(struct freelist), VM_PROT_WRITE);
464 vm_map_unlock(kmem_map);
466 if (__predict_false(rv == 0)) {
467 printf("Data modified on freelist: "
468 "word %ld of object %p size %ld previous type %s "
469 "(invalid addr %p)\n",
470 (long)((int32_t *)&kbp->kb_next - (int32_t *)kbp),
471 va, size, "foo", kbp->kb_next);
472 #ifdef MALLOCLOG
473 hitmlog(va);
474 #endif
475 kbp->kb_next = NULL;
479 /* Fill the fields that we've used with WEIRD_ADDR */
480 #ifdef _LP64
481 freep->type = (struct malloc_type *)
482 (WEIRD_ADDR | (((u_long) WEIRD_ADDR) << 32));
483 #else
484 freep->type = (struct malloc_type *) WEIRD_ADDR;
485 #endif
486 end = (uint32_t *)&freep->next +
487 (sizeof(freep->next) / sizeof(int32_t));
488 for (lp = (uint32_t *)&freep->next; lp < end; lp++)
489 *lp = WEIRD_ADDR;
491 /* and check that the data hasn't been modified. */
492 end = (uint32_t *)&va[copysize];
493 for (lp = (uint32_t *)va; lp < end; lp++) {
494 if (__predict_true(*lp == WEIRD_ADDR))
495 continue;
496 printf("Data modified on freelist: "
497 "word %ld of object %p size %ld previous type %s "
498 "(0x%x != 0x%x)\n",
499 (long)(lp - (uint32_t *)va), va, size,
500 "bar", *lp, WEIRD_ADDR);
501 #ifdef MALLOCLOG
502 hitmlog(va);
503 #endif
504 break;
507 freep->spare0 = 0;
508 #endif /* DIAGNOSTIC */
509 #ifdef KMEMSTATS
510 kup = btokup(va);
511 if (kup->ku_indx != indx)
512 panic("malloc: wrong bucket");
513 if (kup->ku_freecnt == 0)
514 panic("malloc: lost data");
515 kup->ku_freecnt--;
516 kbp->kb_totalfree--;
517 ksp->ks_memuse += 1 << indx;
518 out:
519 kbp->kb_calls++;
520 ksp->ks_inuse++;
521 ksp->ks_calls++;
522 if (ksp->ks_memuse > ksp->ks_maxused)
523 ksp->ks_maxused = ksp->ks_memuse;
524 #else
525 out:
526 #endif
527 #ifdef MALLOCLOG
528 domlog(va, size, ksp, 1, file, line);
529 #endif
530 mutex_spin_exit(&malloc_lock);
531 if ((flags & M_ZERO) != 0)
532 memset(va, 0, size);
533 FREECHECK_OUT(&malloc_freecheck, (void *)va);
534 return ((void *) va);
538 * Free a block of memory allocated by malloc.
540 #ifdef MALLOCLOG
541 void
542 _kern_free(void *addr, struct malloc_type *ksp, const char *file, long line)
543 #else
544 void
545 kern_free(void *addr, struct malloc_type *ksp)
546 #endif /* MALLOCLOG */
548 struct kmembuckets *kbp;
549 struct kmemusage *kup;
550 struct freelist *freep;
551 long size;
552 #ifdef DIAGNOSTIC
553 void *cp;
554 int32_t *end, *lp;
555 long alloc, copysize;
556 #endif
558 FREECHECK_IN(&malloc_freecheck, addr);
559 #ifdef MALLOC_DEBUG
560 if (debug_free(addr, ksp))
561 return;
562 #endif
564 #ifdef DIAGNOSTIC
566 * Ensure that we're free'ing something that we could
567 * have allocated in the first place. That is, check
568 * to see that the address is within kmem_map.
570 if (__predict_false((vaddr_t)addr < vm_map_min(kmem_map) ||
571 (vaddr_t)addr >= vm_map_max(kmem_map)))
572 panic("free: addr %p not within kmem_map", addr);
573 #endif
575 kup = btokup(addr);
576 size = 1 << kup->ku_indx;
577 kbp = &kmembuckets[kup->ku_indx];
579 LOCKDEBUG_MEM_CHECK(addr,
580 size <= MAXALLOCSAVE ? size : ctob(kup->ku_pagecnt));
582 mutex_spin_enter(&malloc_lock);
583 #ifdef MALLOCLOG
584 domlog(addr, 0, ksp, 2, file, line);
585 #endif
586 #ifdef DIAGNOSTIC
588 * Check for returns of data that do not point to the
589 * beginning of the allocation.
591 if (size > PAGE_SIZE)
592 alloc = addrmask[BUCKETINDX(PAGE_SIZE)];
593 else
594 alloc = addrmask[kup->ku_indx];
595 if (((u_long)addr & alloc) != 0)
596 panic("free: unaligned addr %p, size %ld, type %s, mask %ld",
597 addr, size, ksp->ks_shortdesc, alloc);
598 #endif /* DIAGNOSTIC */
599 if (size > MAXALLOCSAVE) {
600 uvm_km_free(kmem_map, (vaddr_t)addr, ctob(kup->ku_pagecnt),
601 UVM_KMF_WIRED);
602 #ifdef KMEMSTATS
603 size = kup->ku_pagecnt << PGSHIFT;
604 ksp->ks_memuse -= size;
605 kup->ku_indx = 0;
606 kup->ku_pagecnt = 0;
607 if (ksp->ks_memuse + size >= ksp->ks_limit &&
608 ksp->ks_memuse < ksp->ks_limit)
609 wakeup((void *)ksp);
610 #ifdef DIAGNOSTIC
611 if (ksp->ks_inuse == 0)
612 panic("free 1: inuse 0, probable double free");
613 #endif
614 ksp->ks_inuse--;
615 kbp->kb_total -= 1;
616 #endif
617 mutex_spin_exit(&malloc_lock);
618 return;
620 freep = (struct freelist *)addr;
621 #ifdef DIAGNOSTIC
623 * Check for multiple frees. Use a quick check to see if
624 * it looks free before laboriously searching the freelist.
626 if (__predict_false(freep->spare0 == WEIRD_ADDR)) {
627 for (cp = kbp->kb_next; cp;
628 cp = ((struct freelist *)cp)->next) {
629 if (addr != cp)
630 continue;
631 printf("multiply freed item %p\n", addr);
632 #ifdef MALLOCLOG
633 hitmlog(addr);
634 #endif
635 panic("free: duplicated free");
640 * Copy in known text to detect modification after freeing
641 * and to make it look free. Also, save the type being freed
642 * so we can list likely culprit if modification is detected
643 * when the object is reallocated.
645 copysize = size < MAX_COPY ? size : MAX_COPY;
646 end = (int32_t *)&((char *)addr)[copysize];
647 for (lp = (int32_t *)addr; lp < end; lp++)
648 *lp = WEIRD_ADDR;
649 freep->type = ksp;
650 #endif /* DIAGNOSTIC */
651 #ifdef KMEMSTATS
652 kup->ku_freecnt++;
653 if (kup->ku_freecnt >= kbp->kb_elmpercl) {
654 if (kup->ku_freecnt > kbp->kb_elmpercl)
655 panic("free: multiple frees");
656 else if (kbp->kb_totalfree > kbp->kb_highwat)
657 kbp->kb_couldfree++;
659 kbp->kb_totalfree++;
660 ksp->ks_memuse -= size;
661 if (ksp->ks_memuse + size >= ksp->ks_limit &&
662 ksp->ks_memuse < ksp->ks_limit)
663 wakeup((void *)ksp);
664 #ifdef DIAGNOSTIC
665 if (ksp->ks_inuse == 0)
666 panic("free 2: inuse 0, probable double free");
667 #endif
668 ksp->ks_inuse--;
669 #endif
670 if (kbp->kb_next == NULL)
671 kbp->kb_next = addr;
672 else
673 ((struct freelist *)kbp->kb_last)->next = addr;
674 freep->next = NULL;
675 kbp->kb_last = addr;
676 mutex_spin_exit(&malloc_lock);
680 * Change the size of a block of memory.
682 void *
683 kern_realloc(void *curaddr, unsigned long newsize, struct malloc_type *ksp,
684 int flags)
686 struct kmemusage *kup;
687 unsigned long cursize;
688 void *newaddr;
689 #ifdef DIAGNOSTIC
690 long alloc;
691 #endif
694 * realloc() with a NULL pointer is the same as malloc().
696 if (curaddr == NULL)
697 return (malloc(newsize, ksp, flags));
700 * realloc() with zero size is the same as free().
702 if (newsize == 0) {
703 free(curaddr, ksp);
704 return (NULL);
707 #ifdef LOCKDEBUG
708 if ((flags & M_NOWAIT) == 0) {
709 ASSERT_SLEEPABLE();
711 #endif
714 * Find out how large the old allocation was (and do some
715 * sanity checking).
717 kup = btokup(curaddr);
718 cursize = 1 << kup->ku_indx;
720 #ifdef DIAGNOSTIC
722 * Check for returns of data that do not point to the
723 * beginning of the allocation.
725 if (cursize > PAGE_SIZE)
726 alloc = addrmask[BUCKETINDX(PAGE_SIZE)];
727 else
728 alloc = addrmask[kup->ku_indx];
729 if (((u_long)curaddr & alloc) != 0)
730 panic("realloc: "
731 "unaligned addr %p, size %ld, type %s, mask %ld\n",
732 curaddr, cursize, ksp->ks_shortdesc, alloc);
733 #endif /* DIAGNOSTIC */
735 if (cursize > MAXALLOCSAVE)
736 cursize = ctob(kup->ku_pagecnt);
739 * If we already actually have as much as they want, we're done.
741 if (newsize <= cursize)
742 return (curaddr);
745 * Can't satisfy the allocation with the existing block.
746 * Allocate a new one and copy the data.
748 newaddr = malloc(newsize, ksp, flags);
749 if (__predict_false(newaddr == NULL)) {
751 * malloc() failed, because flags included M_NOWAIT.
752 * Return NULL to indicate that failure. The old
753 * pointer is still valid.
755 return (NULL);
757 memcpy(newaddr, curaddr, cursize);
760 * We were successful: free the old allocation and return
761 * the new one.
763 free(curaddr, ksp);
764 return (newaddr);
768 * Roundup size to the actual allocation size.
770 unsigned long
771 malloc_roundup(unsigned long size)
774 if (size > MAXALLOCSAVE)
775 return (roundup(size, PAGE_SIZE));
776 else
777 return (1 << BUCKETINDX(size));
781 * Add a malloc type to the system.
783 void
784 malloc_type_attach(struct malloc_type *type)
787 if (nkmempages == 0)
788 panic("malloc_type_attach: nkmempages == 0");
790 if (type->ks_magic != M_MAGIC)
791 panic("malloc_type_attach: bad magic");
793 #ifdef DIAGNOSTIC
795 struct malloc_type *ksp;
796 for (ksp = kmemstatistics; ksp != NULL; ksp = ksp->ks_next) {
797 if (ksp == type)
798 panic("malloc_type_attach: already on list");
801 #endif
803 #ifdef KMEMSTATS
804 if (type->ks_limit == 0)
805 type->ks_limit = ((u_long)nkmempages << PAGE_SHIFT) * 6U / 10U;
806 #else
807 type->ks_limit = 0;
808 #endif
810 type->ks_next = kmemstatistics;
811 kmemstatistics = type;
815 * Remove a malloc type from the system..
817 void
818 malloc_type_detach(struct malloc_type *type)
820 struct malloc_type *ksp;
822 #ifdef DIAGNOSTIC
823 if (type->ks_magic != M_MAGIC)
824 panic("malloc_type_detach: bad magic");
825 #endif
827 if (type == kmemstatistics)
828 kmemstatistics = type->ks_next;
829 else {
830 for (ksp = kmemstatistics; ksp->ks_next != NULL;
831 ksp = ksp->ks_next) {
832 if (ksp->ks_next == type) {
833 ksp->ks_next = type->ks_next;
834 break;
837 #ifdef DIAGNOSTIC
838 if (ksp->ks_next == NULL)
839 panic("malloc_type_detach: not on list");
840 #endif
842 type->ks_next = NULL;
846 * Set the limit on a malloc type.
848 void
849 malloc_type_setlimit(struct malloc_type *type, u_long limit)
851 #ifdef KMEMSTATS
852 mutex_spin_enter(&malloc_lock);
853 type->ks_limit = limit;
854 mutex_spin_exit(&malloc_lock);
855 #endif
859 * Compute the number of pages that kmem_map will map, that is,
860 * the size of the kernel malloc arena.
862 void
863 kmeminit_nkmempages(void)
865 int npages;
867 if (nkmempages != 0) {
869 * It's already been set (by us being here before, or
870 * by patching or kernel config options), bail out now.
872 return;
875 npages = physmem;
877 if (npages > NKMEMPAGES_MAX)
878 npages = NKMEMPAGES_MAX;
880 if (npages < NKMEMPAGES_MIN)
881 npages = NKMEMPAGES_MIN;
883 nkmempages = npages;
887 * Initialize the kernel memory allocator
889 void
890 kmeminit(void)
892 __link_set_decl(malloc_types, struct malloc_type);
893 struct malloc_type * const *ksp;
894 vaddr_t kmb, kml;
895 #ifdef KMEMSTATS
896 long indx;
897 #endif
899 #if ((MAXALLOCSAVE & (MAXALLOCSAVE - 1)) != 0)
900 ERROR!_kmeminit:_MAXALLOCSAVE_not_power_of_2
901 #endif
902 #if (MAXALLOCSAVE > MINALLOCSIZE * 32768)
903 ERROR!_kmeminit:_MAXALLOCSAVE_too_big
904 #endif
905 #if (MAXALLOCSAVE < NBPG)
906 ERROR!_kmeminit:_MAXALLOCSAVE_too_small
907 #endif
909 if (sizeof(struct freelist) > (1 << MINBUCKET))
910 panic("minbucket too small/struct freelist too big");
912 mutex_init(&malloc_lock, MUTEX_DEFAULT, IPL_VM);
915 * Compute the number of kmem_map pages, if we have not
916 * done so already.
918 kmeminit_nkmempages();
920 kmemusage = (struct kmemusage *) uvm_km_alloc(kernel_map,
921 (vsize_t)(nkmempages * sizeof(struct kmemusage)), 0,
922 UVM_KMF_WIRED|UVM_KMF_ZERO);
923 kmb = 0;
924 kmem_map = uvm_km_suballoc(kernel_map, &kmb,
925 &kml, ((vsize_t)nkmempages << PAGE_SHIFT),
926 VM_MAP_INTRSAFE, false, &kmem_map_store);
927 uvm_km_vacache_init(kmem_map, "kvakmem", 0);
928 kmembase = (char *)kmb;
929 kmemlimit = (char *)kml;
930 #ifdef KMEMSTATS
931 for (indx = 0; indx < MINBUCKET + 16; indx++) {
932 if (1 << indx >= PAGE_SIZE)
933 kmembuckets[indx].kb_elmpercl = 1;
934 else
935 kmembuckets[indx].kb_elmpercl = PAGE_SIZE / (1 << indx);
936 kmembuckets[indx].kb_highwat =
937 5 * kmembuckets[indx].kb_elmpercl;
939 #endif
941 /* Attach all of the statically-linked malloc types. */
942 __link_set_foreach(ksp, malloc_types)
943 malloc_type_attach(*ksp);
945 #ifdef MALLOC_DEBUG
946 debug_malloc_init();
947 #endif
950 #ifdef DDB
951 #include <ddb/db_output.h>
954 * Dump kmem statistics from ddb.
956 * usage: call dump_kmemstats
958 void dump_kmemstats(void);
960 void
961 dump_kmemstats(void)
963 #ifdef KMEMSTATS
964 struct malloc_type *ksp;
966 for (ksp = kmemstatistics; ksp != NULL; ksp = ksp->ks_next) {
967 if (ksp->ks_memuse == 0)
968 continue;
969 db_printf("%s%.*s %ld\n", ksp->ks_shortdesc,
970 (int)(20 - strlen(ksp->ks_shortdesc)),
971 " ",
972 ksp->ks_memuse);
974 #else
975 db_printf("Kmem stats are not being collected.\n");
976 #endif /* KMEMSTATS */
978 #endif /* DDB */
981 #if 0
983 * Diagnostic messages about "Data modified on
984 * freelist" indicate a memory corruption, but
985 * they do not help tracking it down.
986 * This function can be called at various places
987 * to sanity check malloc's freelist and discover
988 * where does the corruption take place.
991 freelist_sanitycheck(void) {
992 int i,j;
993 struct kmembuckets *kbp;
994 struct freelist *freep;
995 int rv = 0;
997 for (i = MINBUCKET; i <= MINBUCKET + 15; i++) {
998 kbp = &kmembuckets[i];
999 freep = (struct freelist *)kbp->kb_next;
1000 j = 0;
1001 while(freep) {
1002 vm_map_lock(kmem_map);
1003 rv = uvm_map_checkprot(kmem_map, (vaddr_t)freep,
1004 (vaddr_t)freep + sizeof(struct freelist),
1005 VM_PROT_WRITE);
1006 vm_map_unlock(kmem_map);
1008 if ((rv == 0) || (*(int *)freep != WEIRD_ADDR)) {
1009 printf("bucket %i, chunck %d at %p modified\n",
1010 i, j, freep);
1011 return 1;
1013 freep = (struct freelist *)freep->next;
1014 j++;
1018 return 0;
1020 #endif