xref: /csrg-svn/sys/kern/kern_malloc.c (revision 52931) 
131422Smckusick /*
249411Skarels  * Copyright (c) 1987, 1991 The Regents of the University of California.
333439Smckusick  * All rights reserved.
431422Smckusick  *
544437Sbostic  * %sccs.include.redist.c%
633439Smckusick  *
7*52931Smckusick  *	@(#)kern_malloc.c	7.31 (Berkeley) 03/13/92
831422Smckusick  */
931422Smckusick 
1031422Smckusick #include "param.h"
1131422Smckusick #include "proc.h"
1231422Smckusick #include "map.h"
1331422Smckusick #include "kernel.h"
1431422Smckusick #include "malloc.h"
1548411Skarels #include "vm/vm.h"
1648411Skarels #include "vm/vm_kern.h"
1731422Smckusick 
1831422Smckusick struct kmembuckets bucket[MINBUCKET + 16];
1931422Smckusick struct kmemstats kmemstats[M_LAST];
2031422Smckusick struct kmemusage *kmemusage;
2146259Skarels char *kmembase, *kmemlimit;
2245154Smckusick char *memname[] = INITKMEMNAMES;
2331422Smckusick 
2450744Smckusick #ifdef DIAGNOSTIC
2531422Smckusick /*
26*52931Smckusick  * This structure provides a set of masks to catch unaligned frees.
2750744Smckusick  */
28*52931Smckusick long addrmask[] = { 0,
2950744Smckusick 	0x00000001, 0x00000003, 0x00000007, 0x0000000f,
3050744Smckusick 	0x0000001f, 0x0000003f, 0x0000007f, 0x000000ff,
3150744Smckusick 	0x000001ff, 0x000003ff, 0x000007ff, 0x00000fff,
3250744Smckusick 	0x00001fff, 0x00003fff, 0x00007fff, 0x0000ffff,
3350744Smckusick };
3450937Smckusick 
3550937Smckusick /*
36*52931Smckusick  * The WEIRD_ADDR is used as known text to copy into free objects so
37*52931Smckusick  * that modifications after frees can be detected.
38*52931Smckusick  */
39*52931Smckusick #define WEIRD_ADDR	0xdeadbeef
40*52931Smckusick #define MAX_COPY	32
41*52931Smckusick 
42*52931Smckusick /*
4350937Smckusick  * Normally the first word of the structure is used to hold the list
4450937Smckusick  * pointer for free objects. However, when running with diagnostics,
4550937Smckusick  * we use the third and fourth fields, so as to catch modifications
4650937Smckusick  * in the most commonly trashed first two words.
4750937Smckusick  */
4850937Smckusick struct freelist {
4950937Smckusick 	long	spare0;
5050937Smckusick 	long	spare1;
5150937Smckusick 	short	type;
5250937Smckusick 	short	spare2;
5350937Smckusick 	caddr_t	next;
5450937Smckusick };
5550937Smckusick #else /* !DIAGNOSTIC */
5650937Smckusick struct freelist {
5750937Smckusick 	caddr_t	next;
5850937Smckusick };
5950744Smckusick #endif /* DIAGNOSTIC */
6050744Smckusick 
6150744Smckusick /*
6231422Smckusick  * Allocate a block of memory
6331422Smckusick  */
6449066Skarels void *
6533497Smckusick malloc(size, type, flags)
6631422Smckusick 	unsigned long size;
6734534Skarels 	int type, flags;
6831422Smckusick {
6931422Smckusick 	register struct kmembuckets *kbp;
7031422Smckusick 	register struct kmemusage *kup;
7150937Smckusick 	register struct freelist *freep;
7234534Skarels 	long indx, npg, alloc, allocsize;
7334534Skarels 	int s;
7446259Skarels 	caddr_t va, cp, savedlist;
7550744Smckusick #ifdef DIAGNOSTIC
76*52931Smckusick 	long *end, *lp;
77*52931Smckusick 	int copysize;
7850937Smckusick 	short savedtype;
7950744Smckusick #endif
8031422Smckusick #ifdef KMEMSTATS
8133438Smckusick 	register struct kmemstats *ksp = &kmemstats[type];
8239732Smckusick 
8339732Smckusick 	if (((unsigned long)type) > M_LAST)
8437478Ssklower 		panic("malloc - bogus type");
8533438Smckusick #endif
8631422Smckusick 
8731422Smckusick 	indx = BUCKETINDX(size);
8831422Smckusick 	kbp = &bucket[indx];
8931422Smckusick 	s = splimp();
9033438Smckusick #ifdef KMEMSTATS
9133613Smckusick 	while (ksp->ks_memuse >= ksp->ks_limit) {
9233438Smckusick 		if (flags & M_NOWAIT) {
9333438Smckusick 			splx(s);
9449066Skarels 			return ((void *) NULL);
9533438Smckusick 		}
9633438Smckusick 		if (ksp->ks_limblocks < 65535)
9733438Smckusick 			ksp->ks_limblocks++;
9845154Smckusick 		tsleep((caddr_t)ksp, PSWP+2, memname[type], 0);
9933438Smckusick 	}
10033438Smckusick #endif
10150744Smckusick #ifdef DIAGNOSTIC
102*52931Smckusick 	copysize = 1 << indx < MAX_COPY ? 1 << indx : MAX_COPY;
10350744Smckusick #endif
10431422Smckusick 	if (kbp->kb_next == NULL) {
10531422Smckusick 		if (size > MAXALLOCSAVE)
10631422Smckusick 			allocsize = roundup(size, CLBYTES);
10731422Smckusick 		else
10831422Smckusick 			allocsize = 1 << indx;
10931422Smckusick 		npg = clrnd(btoc(allocsize));
11046259Skarels 		va = (caddr_t) kmem_malloc(kmem_map, (vm_size_t)ctob(npg),
11146259Skarels 					   !(flags & M_NOWAIT));
11246259Skarels 		if (va == NULL) {
11331422Smckusick 			splx(s);
11449066Skarels 			return ((void *) NULL);
11531422Smckusick 		}
11633438Smckusick #ifdef KMEMSTATS
11731422Smckusick 		kbp->kb_total += kbp->kb_elmpercl;
11831422Smckusick #endif
11931422Smckusick 		kup = btokup(va);
12031422Smckusick 		kup->ku_indx = indx;
12131422Smckusick 		if (allocsize > MAXALLOCSAVE) {
12231422Smckusick 			if (npg > 65535)
12331422Smckusick 				panic("malloc: allocation too large");
12431422Smckusick 			kup->ku_pagecnt = npg;
12533438Smckusick #ifdef KMEMSTATS
12633438Smckusick 			ksp->ks_memuse += allocsize;
12733438Smckusick #endif
12831422Smckusick 			goto out;
12931422Smckusick 		}
13031422Smckusick #ifdef KMEMSTATS
13131422Smckusick 		kup->ku_freecnt = kbp->kb_elmpercl;
13231422Smckusick 		kbp->kb_totalfree += kbp->kb_elmpercl;
13331422Smckusick #endif
13446259Skarels 		/*
13546259Skarels 		 * Just in case we blocked while allocating memory,
13646259Skarels 		 * and someone else also allocated memory for this
13746259Skarels 		 * bucket, don't assume the list is still empty.
13846259Skarels 		 */
13946259Skarels 		savedlist = kbp->kb_next;
14031422Smckusick 		kbp->kb_next = va + (npg * NBPG) - allocsize;
14150744Smckusick 		for (cp = kbp->kb_next; ; cp -= allocsize) {
14250937Smckusick 			freep = (struct freelist *)cp;
14350744Smckusick #ifdef DIAGNOSTIC
14450744Smckusick 			/*
14550744Smckusick 			 * Copy in known text to detect modification
14650744Smckusick 			 * after freeing.
14750744Smckusick 			 */
148*52931Smckusick 			end = (long *)&cp[copysize];
149*52931Smckusick 			for (lp = (long *)cp; lp < end; lp++)
150*52931Smckusick 				*lp = WEIRD_ADDR;
15150937Smckusick 			freep->type = M_FREE;
15250744Smckusick #endif /* DIAGNOSTIC */
15350744Smckusick 			if (cp <= va)
15450744Smckusick 				break;
15550937Smckusick 			freep->next = cp - allocsize;
15650744Smckusick 		}
15750937Smckusick 		freep->next = savedlist;
15831422Smckusick 	}
15931422Smckusick 	va = kbp->kb_next;
16050937Smckusick 	kbp->kb_next = ((struct freelist *)va)->next;
16150744Smckusick #ifdef DIAGNOSTIC
16250937Smckusick 	freep = (struct freelist *)va;
16350937Smckusick 	savedtype = freep->type;
164*52931Smckusick 	freep->type = WEIRD_ADDR >> 16;
165*52931Smckusick 	freep->next = (caddr_t)WEIRD_ADDR;
166*52931Smckusick 	end = (long *)&va[copysize];
167*52931Smckusick 	for (lp = (long *)va; lp < end; lp++) {
168*52931Smckusick 		if (*lp == WEIRD_ADDR)
16952423Storek 			continue;
17050937Smckusick 		printf("%s %d of object 0x%x size %d %s %s (0x%x != 0x%x)\n",
171*52931Smckusick 		    "Data modified on freelist: word", lp - (long *)va,
172*52931Smckusick 		    va, size, "previous type", memname[savedtype], *lp,
173*52931Smckusick 		    WEIRD_ADDR);
174*52931Smckusick 		break;
17550744Smckusick 	}
17650937Smckusick 	freep->spare0 = 0;
17750744Smckusick #endif /* DIAGNOSTIC */
17831422Smckusick #ifdef KMEMSTATS
17931422Smckusick 	kup = btokup(va);
18031422Smckusick 	if (kup->ku_indx != indx)
18131422Smckusick 		panic("malloc: wrong bucket");
18231422Smckusick 	if (kup->ku_freecnt == 0)
18331422Smckusick 		panic("malloc: lost data");
18431422Smckusick 	kup->ku_freecnt--;
18531422Smckusick 	kbp->kb_totalfree--;
18633438Smckusick 	ksp->ks_memuse += 1 << indx;
18731422Smckusick out:
18831422Smckusick 	kbp->kb_calls++;
18931422Smckusick 	ksp->ks_inuse++;
19031422Smckusick 	ksp->ks_calls++;
19133613Smckusick 	if (ksp->ks_memuse > ksp->ks_maxused)
19233613Smckusick 		ksp->ks_maxused = ksp->ks_memuse;
19331422Smckusick #else
19431422Smckusick out:
19531422Smckusick #endif
19631422Smckusick 	splx(s);
19749066Skarels 	return ((void *) va);
19831422Smckusick }
19931422Smckusick 
20031422Smckusick /*
20131422Smckusick  * Free a block of memory allocated by malloc.
20231422Smckusick  */
20333497Smckusick void
20433497Smckusick free(addr, type)
20549066Skarels 	void *addr;
20634534Skarels 	int type;
20731422Smckusick {
20831422Smckusick 	register struct kmembuckets *kbp;
20931422Smckusick 	register struct kmemusage *kup;
21050937Smckusick 	register struct freelist *freep;
21150744Smckusick 	long size;
21234534Skarels 	int s;
21350744Smckusick #ifdef DIAGNOSTIC
21450744Smckusick 	caddr_t cp;
215*52931Smckusick 	long *end, *lp, alloc, copysize;
21650744Smckusick #endif
21733438Smckusick #ifdef KMEMSTATS
21833438Smckusick 	register struct kmemstats *ksp = &kmemstats[type];
21933438Smckusick #endif
22031422Smckusick 
22131422Smckusick 	kup = btokup(addr);
22245000Smckusick 	size = 1 << kup->ku_indx;
22350744Smckusick 	kbp = &bucket[kup->ku_indx];
22450744Smckusick 	s = splimp();
22545000Smckusick #ifdef DIAGNOSTIC
22650744Smckusick 	/*
22750744Smckusick 	 * Check for returns of data that do not point to the
22850744Smckusick 	 * beginning of the allocation.
22950744Smckusick 	 */
23045000Smckusick 	if (size > NBPG * CLSIZE)
23145000Smckusick 		alloc = addrmask[BUCKETINDX(NBPG * CLSIZE)];
23245000Smckusick 	else
23345000Smckusick 		alloc = addrmask[kup->ku_indx];
23452536Smckusick 	if (((u_long)addr & alloc) != 0)
23552536Smckusick 		panic("free: unaligned addr 0x%x, size %d, type %s, mask %d\n",
23652536Smckusick 			addr, size, memname[type], alloc);
23745000Smckusick #endif /* DIAGNOSTIC */
23833613Smckusick 	if (size > MAXALLOCSAVE) {
23946259Skarels 		kmem_free(kmem_map, (vm_offset_t)addr, ctob(kup->ku_pagecnt));
24031422Smckusick #ifdef KMEMSTATS
24133613Smckusick 		size = kup->ku_pagecnt << PGSHIFT;
24233613Smckusick 		ksp->ks_memuse -= size;
24331422Smckusick 		kup->ku_indx = 0;
24431422Smckusick 		kup->ku_pagecnt = 0;
24533613Smckusick 		if (ksp->ks_memuse + size >= ksp->ks_limit &&
24633613Smckusick 		    ksp->ks_memuse < ksp->ks_limit)
24733438Smckusick 			wakeup((caddr_t)ksp);
24833438Smckusick 		ksp->ks_inuse--;
24933497Smckusick 		kbp->kb_total -= 1;
25031422Smckusick #endif
25131422Smckusick 		splx(s);
25231422Smckusick 		return;
25331422Smckusick 	}
25450937Smckusick 	freep = (struct freelist *)addr;
25550744Smckusick #ifdef DIAGNOSTIC
25650744Smckusick 	/*
25750744Smckusick 	 * Check for multiple frees. Use a quick check to see if
25850744Smckusick 	 * it looks free before laboriously searching the freelist.
25950744Smckusick 	 */
26050937Smckusick 	if (freep->spare0 == WEIRD_ADDR) {
261*52931Smckusick 		for (cp = kbp->kb_next; cp; cp = *(caddr_t *)cp) {
262*52931Smckusick 			if (addr != cp)
263*52931Smckusick 				continue;
264*52931Smckusick 			printf("multiply freed item 0x%x\n", addr);
265*52931Smckusick 			panic("free: duplicated free");
26650744Smckusick 		}
26750744Smckusick 	}
26850744Smckusick 	/*
26950744Smckusick 	 * Copy in known text to detect modification after freeing
27050937Smckusick 	 * and to make it look free. Also, save the type being freed
27150937Smckusick 	 * so we can list likely culprit if modification is detected
27250937Smckusick 	 * when the object is reallocated.
27350744Smckusick 	 */
274*52931Smckusick 	copysize = size < MAX_COPY ? size : MAX_COPY;
275*52931Smckusick 	end = (long *)&((caddr_t)addr)[copysize];
276*52931Smckusick 	for (lp = (long *)addr; lp < end; lp++)
277*52931Smckusick 		*lp = WEIRD_ADDR;
27850937Smckusick 	freep->type = type;
27950744Smckusick #endif /* DIAGNOSTIC */
28031422Smckusick #ifdef KMEMSTATS
28131422Smckusick 	kup->ku_freecnt++;
28231422Smckusick 	if (kup->ku_freecnt >= kbp->kb_elmpercl)
28331422Smckusick 		if (kup->ku_freecnt > kbp->kb_elmpercl)
28431422Smckusick 			panic("free: multiple frees");
28531422Smckusick 		else if (kbp->kb_totalfree > kbp->kb_highwat)
28631422Smckusick 			kbp->kb_couldfree++;
28731422Smckusick 	kbp->kb_totalfree++;
28833613Smckusick 	ksp->ks_memuse -= size;
28933613Smckusick 	if (ksp->ks_memuse + size >= ksp->ks_limit &&
29033613Smckusick 	    ksp->ks_memuse < ksp->ks_limit)
29133438Smckusick 		wakeup((caddr_t)ksp);
29233438Smckusick 	ksp->ks_inuse--;
29331422Smckusick #endif
29450937Smckusick 	freep->next = kbp->kb_next;
29531422Smckusick 	kbp->kb_next = addr;
29631422Smckusick 	splx(s);
29731422Smckusick }
29831422Smckusick 
29931422Smckusick /*
30031422Smckusick  * Initialize the kernel memory allocator
30131422Smckusick  */
30231422Smckusick kmeminit()
30331422Smckusick {
30431422Smckusick 	register long indx;
30533497Smckusick 	int npg;
30631422Smckusick 
30734534Skarels #if	((MAXALLOCSAVE & (MAXALLOCSAVE - 1)) != 0)
30834534Skarels 		ERROR!_kmeminit:_MAXALLOCSAVE_not_power_of_2
30934534Skarels #endif
31034534Skarels #if	(MAXALLOCSAVE > MINALLOCSIZE * 32768)
31134534Skarels 		ERROR!_kmeminit:_MAXALLOCSAVE_too_big
31234534Skarels #endif
31334534Skarels #if	(MAXALLOCSAVE < CLBYTES)
31434534Skarels 		ERROR!_kmeminit:_MAXALLOCSAVE_too_small
31534534Skarels #endif
31646259Skarels 	npg = VM_KMEM_SIZE/ NBPG;
31746259Skarels 	kmemusage = (struct kmemusage *) kmem_alloc(kernel_map,
31846259Skarels 		(vm_size_t)(npg * sizeof(struct kmemusage)));
31952423Storek 	kmem_map = kmem_suballoc(kernel_map, (vm_offset_t *)&kmembase,
32052423Storek 		(vm_offset_t *)&kmemlimit, (vm_size_t)(npg * NBPG), FALSE);
32131422Smckusick #ifdef KMEMSTATS
32231422Smckusick 	for (indx = 0; indx < MINBUCKET + 16; indx++) {
32331422Smckusick 		if (1 << indx >= CLBYTES)
32431422Smckusick 			bucket[indx].kb_elmpercl = 1;
32531422Smckusick 		else
32631422Smckusick 			bucket[indx].kb_elmpercl = CLBYTES / (1 << indx);
32731422Smckusick 		bucket[indx].kb_highwat = 5 * bucket[indx].kb_elmpercl;
32831422Smckusick 	}
32931422Smckusick 	for (indx = 0; indx < M_LAST; indx++)
33041950Smckusick 		kmemstats[indx].ks_limit = npg * NBPG * 6 / 10;
33131422Smckusick #endif
33231422Smckusick }
333