131422Smckusick /* 249411Skarels * Copyright (c) 1987, 1991 The Regents of the University of California. 333439Smckusick * All rights reserved. 431422Smckusick * 544437Sbostic * %sccs.include.redist.c% 633439Smckusick * 7*53632Smckusick * @(#)kern_malloc.c 7.33 (Berkeley) 05/20/92 831422Smckusick */ 931422Smckusick 1031422Smckusick #include "param.h" 1131422Smckusick #include "proc.h" 1231422Smckusick #include "map.h" 1331422Smckusick #include "kernel.h" 1431422Smckusick #include "malloc.h" 1548411Skarels #include "vm/vm.h" 1648411Skarels #include "vm/vm_kern.h" 1731422Smckusick 1831422Smckusick struct kmembuckets bucket[MINBUCKET + 16]; 1931422Smckusick struct kmemstats kmemstats[M_LAST]; 2031422Smckusick struct kmemusage *kmemusage; 2146259Skarels char *kmembase, *kmemlimit; 2245154Smckusick char *memname[] = INITKMEMNAMES; 2331422Smckusick 2450744Smckusick #ifdef DIAGNOSTIC 2531422Smckusick /* 2652931Smckusick * This structure provides a set of masks to catch unaligned frees. 2750744Smckusick */ 2852931Smckusick long addrmask[] = { 0, 2950744Smckusick 0x00000001, 0x00000003, 0x00000007, 0x0000000f, 3050744Smckusick 0x0000001f, 0x0000003f, 0x0000007f, 0x000000ff, 3150744Smckusick 0x000001ff, 0x000003ff, 0x000007ff, 0x00000fff, 3250744Smckusick 0x00001fff, 0x00003fff, 0x00007fff, 0x0000ffff, 3350744Smckusick }; 3450937Smckusick 3550937Smckusick /* 3652931Smckusick * The WEIRD_ADDR is used as known text to copy into free objects so 3752931Smckusick * that modifications after frees can be detected. 3852931Smckusick */ 3952931Smckusick #define WEIRD_ADDR 0xdeadbeef 4052931Smckusick #define MAX_COPY 32 4152931Smckusick 4252931Smckusick /* 4350937Smckusick * Normally the first word of the structure is used to hold the list 4450937Smckusick * pointer for free objects. However, when running with diagnostics, 4550937Smckusick * we use the third and fourth fields, so as to catch modifications 4650937Smckusick * in the most commonly trashed first two words. 4750937Smckusick */ 4850937Smckusick struct freelist { 4950937Smckusick long spare0; 50*53632Smckusick short type; 5150937Smckusick long spare1; 5250937Smckusick caddr_t next; 5350937Smckusick }; 5450937Smckusick #else /* !DIAGNOSTIC */ 5550937Smckusick struct freelist { 5650937Smckusick caddr_t next; 5750937Smckusick }; 5850744Smckusick #endif /* DIAGNOSTIC */ 5950744Smckusick 6050744Smckusick /* 6131422Smckusick * Allocate a block of memory 6231422Smckusick */ 6349066Skarels void * 6433497Smckusick malloc(size, type, flags) 6531422Smckusick unsigned long size; 6634534Skarels int type, flags; 6731422Smckusick { 6831422Smckusick register struct kmembuckets *kbp; 6931422Smckusick register struct kmemusage *kup; 7050937Smckusick register struct freelist *freep; 7134534Skarels long indx, npg, alloc, allocsize; 7234534Skarels int s; 7346259Skarels caddr_t va, cp, savedlist; 7450744Smckusick #ifdef DIAGNOSTIC 7552931Smckusick long *end, *lp; 7652931Smckusick int copysize; 7752943Sralph char *savedtype; 7850744Smckusick #endif 7931422Smckusick #ifdef KMEMSTATS 8033438Smckusick register struct kmemstats *ksp = &kmemstats[type]; 8139732Smckusick 8239732Smckusick if (((unsigned long)type) > M_LAST) 8337478Ssklower panic("malloc - bogus type"); 8433438Smckusick #endif 8531422Smckusick indx = BUCKETINDX(size); 8631422Smckusick kbp = &bucket[indx]; 8731422Smckusick s = splimp(); 8833438Smckusick #ifdef KMEMSTATS 8933613Smckusick while (ksp->ks_memuse >= ksp->ks_limit) { 9033438Smckusick if (flags & M_NOWAIT) { 9133438Smckusick splx(s); 9249066Skarels return ((void *) NULL); 9333438Smckusick } 9433438Smckusick if (ksp->ks_limblocks < 65535) 9533438Smckusick ksp->ks_limblocks++; 9645154Smckusick tsleep((caddr_t)ksp, PSWP+2, memname[type], 0); 9733438Smckusick } 9833438Smckusick #endif 9950744Smckusick #ifdef DIAGNOSTIC 10052931Smckusick copysize = 1 << indx < MAX_COPY ? 1 << indx : MAX_COPY; 10150744Smckusick #endif 10231422Smckusick if (kbp->kb_next == NULL) { 10331422Smckusick if (size > MAXALLOCSAVE) 10431422Smckusick allocsize = roundup(size, CLBYTES); 10531422Smckusick else 10631422Smckusick allocsize = 1 << indx; 10731422Smckusick npg = clrnd(btoc(allocsize)); 10846259Skarels va = (caddr_t) kmem_malloc(kmem_map, (vm_size_t)ctob(npg), 10946259Skarels !(flags & M_NOWAIT)); 11046259Skarels if (va == NULL) { 11131422Smckusick splx(s); 11249066Skarels return ((void *) NULL); 11331422Smckusick } 11433438Smckusick #ifdef KMEMSTATS 11531422Smckusick kbp->kb_total += kbp->kb_elmpercl; 11631422Smckusick #endif 11731422Smckusick kup = btokup(va); 11831422Smckusick kup->ku_indx = indx; 11931422Smckusick if (allocsize > MAXALLOCSAVE) { 12031422Smckusick if (npg > 65535) 12131422Smckusick panic("malloc: allocation too large"); 12231422Smckusick kup->ku_pagecnt = npg; 12333438Smckusick #ifdef KMEMSTATS 12433438Smckusick ksp->ks_memuse += allocsize; 12533438Smckusick #endif 12631422Smckusick goto out; 12731422Smckusick } 12831422Smckusick #ifdef KMEMSTATS 12931422Smckusick kup->ku_freecnt = kbp->kb_elmpercl; 13031422Smckusick kbp->kb_totalfree += kbp->kb_elmpercl; 13131422Smckusick #endif 13246259Skarels /* 13346259Skarels * Just in case we blocked while allocating memory, 13446259Skarels * and someone else also allocated memory for this 13546259Skarels * bucket, don't assume the list is still empty. 13646259Skarels */ 13746259Skarels savedlist = kbp->kb_next; 13852943Sralph kbp->kb_next = cp = va + (npg * NBPG) - allocsize; 13952943Sralph for (;;) { 14050937Smckusick freep = (struct freelist *)cp; 14150744Smckusick #ifdef DIAGNOSTIC 14250744Smckusick /* 14350744Smckusick * Copy in known text to detect modification 14450744Smckusick * after freeing. 14550744Smckusick */ 14652931Smckusick end = (long *)&cp[copysize]; 14752931Smckusick for (lp = (long *)cp; lp < end; lp++) 14852931Smckusick *lp = WEIRD_ADDR; 14950937Smckusick freep->type = M_FREE; 15050744Smckusick #endif /* DIAGNOSTIC */ 15150744Smckusick if (cp <= va) 15250744Smckusick break; 15352943Sralph cp -= allocsize; 15452943Sralph freep->next = cp; 15550744Smckusick } 15650937Smckusick freep->next = savedlist; 15731422Smckusick } 15831422Smckusick va = kbp->kb_next; 15950937Smckusick kbp->kb_next = ((struct freelist *)va)->next; 16050744Smckusick #ifdef DIAGNOSTIC 16150937Smckusick freep = (struct freelist *)va; 16252943Sralph savedtype = (unsigned)freep->type < M_LAST ? 16352943Sralph memname[freep->type] : "???"; 16452943Sralph #if BYTE_ORDER == BIG_ENDIAN 16552931Smckusick freep->type = WEIRD_ADDR >> 16; 16652943Sralph #endif 16752943Sralph #if BYTE_ORDER == LITTLE_ENDIAN 16852943Sralph freep->type = WEIRD_ADDR; 16952943Sralph #endif 170*53632Smckusick if (((long)(&freep->next)) & 0x2) 171*53632Smckusick freep->next = (caddr_t)((WEIRD_ADDR >> 16)|(WEIRD_ADDR << 16)); 172*53632Smckusick else 173*53632Smckusick freep->next = (caddr_t)WEIRD_ADDR; 17452931Smckusick end = (long *)&va[copysize]; 17552931Smckusick for (lp = (long *)va; lp < end; lp++) { 17652931Smckusick if (*lp == WEIRD_ADDR) 17752423Storek continue; 17850937Smckusick printf("%s %d of object 0x%x size %d %s %s (0x%x != 0x%x)\n", 17952943Sralph "Data modified on freelist: word", lp - (long *)va, 18052943Sralph va, size, "previous type", savedtype, *lp, WEIRD_ADDR); 18152931Smckusick break; 18250744Smckusick } 18350937Smckusick freep->spare0 = 0; 18450744Smckusick #endif /* DIAGNOSTIC */ 18531422Smckusick #ifdef KMEMSTATS 18631422Smckusick kup = btokup(va); 18731422Smckusick if (kup->ku_indx != indx) 18831422Smckusick panic("malloc: wrong bucket"); 18931422Smckusick if (kup->ku_freecnt == 0) 19031422Smckusick panic("malloc: lost data"); 19131422Smckusick kup->ku_freecnt--; 19231422Smckusick kbp->kb_totalfree--; 19333438Smckusick ksp->ks_memuse += 1 << indx; 19431422Smckusick out: 19531422Smckusick kbp->kb_calls++; 19631422Smckusick ksp->ks_inuse++; 19731422Smckusick ksp->ks_calls++; 19833613Smckusick if (ksp->ks_memuse > ksp->ks_maxused) 19933613Smckusick ksp->ks_maxused = ksp->ks_memuse; 20031422Smckusick #else 20131422Smckusick out: 20231422Smckusick #endif 20331422Smckusick splx(s); 20449066Skarels return ((void *) va); 20531422Smckusick } 20631422Smckusick 20731422Smckusick /* 20831422Smckusick * Free a block of memory allocated by malloc. 20931422Smckusick */ 21033497Smckusick void 21133497Smckusick free(addr, type) 21249066Skarels void *addr; 21334534Skarels int type; 21431422Smckusick { 21531422Smckusick register struct kmembuckets *kbp; 21631422Smckusick register struct kmemusage *kup; 21750937Smckusick register struct freelist *freep; 21850744Smckusick long size; 21934534Skarels int s; 22050744Smckusick #ifdef DIAGNOSTIC 22150744Smckusick caddr_t cp; 22252931Smckusick long *end, *lp, alloc, copysize; 22350744Smckusick #endif 22433438Smckusick #ifdef KMEMSTATS 22533438Smckusick register struct kmemstats *ksp = &kmemstats[type]; 22633438Smckusick #endif 22731422Smckusick 22831422Smckusick kup = btokup(addr); 22945000Smckusick size = 1 << kup->ku_indx; 23050744Smckusick kbp = &bucket[kup->ku_indx]; 23150744Smckusick s = splimp(); 23245000Smckusick #ifdef DIAGNOSTIC 23350744Smckusick /* 23450744Smckusick * Check for returns of data that do not point to the 23550744Smckusick * beginning of the allocation. 23650744Smckusick */ 23745000Smckusick if (size > NBPG * CLSIZE) 23845000Smckusick alloc = addrmask[BUCKETINDX(NBPG * CLSIZE)]; 23945000Smckusick else 24045000Smckusick alloc = addrmask[kup->ku_indx]; 24152536Smckusick if (((u_long)addr & alloc) != 0) 24252536Smckusick panic("free: unaligned addr 0x%x, size %d, type %s, mask %d\n", 24352536Smckusick addr, size, memname[type], alloc); 24445000Smckusick #endif /* DIAGNOSTIC */ 24533613Smckusick if (size > MAXALLOCSAVE) { 24646259Skarels kmem_free(kmem_map, (vm_offset_t)addr, ctob(kup->ku_pagecnt)); 24731422Smckusick #ifdef KMEMSTATS 24833613Smckusick size = kup->ku_pagecnt << PGSHIFT; 24933613Smckusick ksp->ks_memuse -= size; 25031422Smckusick kup->ku_indx = 0; 25131422Smckusick kup->ku_pagecnt = 0; 25233613Smckusick if (ksp->ks_memuse + size >= ksp->ks_limit && 25333613Smckusick ksp->ks_memuse < ksp->ks_limit) 25433438Smckusick wakeup((caddr_t)ksp); 25533438Smckusick ksp->ks_inuse--; 25633497Smckusick kbp->kb_total -= 1; 25731422Smckusick #endif 25831422Smckusick splx(s); 25931422Smckusick return; 26031422Smckusick } 26150937Smckusick freep = (struct freelist *)addr; 26250744Smckusick #ifdef DIAGNOSTIC 26350744Smckusick /* 26450744Smckusick * Check for multiple frees. Use a quick check to see if 26550744Smckusick * it looks free before laboriously searching the freelist. 26650744Smckusick */ 26750937Smckusick if (freep->spare0 == WEIRD_ADDR) { 26852931Smckusick for (cp = kbp->kb_next; cp; cp = *(caddr_t *)cp) { 26952931Smckusick if (addr != cp) 27052931Smckusick continue; 27152931Smckusick printf("multiply freed item 0x%x\n", addr); 27252931Smckusick panic("free: duplicated free"); 27350744Smckusick } 27450744Smckusick } 27550744Smckusick /* 27650744Smckusick * Copy in known text to detect modification after freeing 27750937Smckusick * and to make it look free. Also, save the type being freed 27850937Smckusick * so we can list likely culprit if modification is detected 27950937Smckusick * when the object is reallocated. 28050744Smckusick */ 28152931Smckusick copysize = size < MAX_COPY ? size : MAX_COPY; 28252931Smckusick end = (long *)&((caddr_t)addr)[copysize]; 28352931Smckusick for (lp = (long *)addr; lp < end; lp++) 28452931Smckusick *lp = WEIRD_ADDR; 28550937Smckusick freep->type = type; 28650744Smckusick #endif /* DIAGNOSTIC */ 28731422Smckusick #ifdef KMEMSTATS 28831422Smckusick kup->ku_freecnt++; 28931422Smckusick if (kup->ku_freecnt >= kbp->kb_elmpercl) 29031422Smckusick if (kup->ku_freecnt > kbp->kb_elmpercl) 29131422Smckusick panic("free: multiple frees"); 29231422Smckusick else if (kbp->kb_totalfree > kbp->kb_highwat) 29331422Smckusick kbp->kb_couldfree++; 29431422Smckusick kbp->kb_totalfree++; 29533613Smckusick ksp->ks_memuse -= size; 29633613Smckusick if (ksp->ks_memuse + size >= ksp->ks_limit && 29733613Smckusick ksp->ks_memuse < ksp->ks_limit) 29833438Smckusick wakeup((caddr_t)ksp); 29933438Smckusick ksp->ks_inuse--; 30031422Smckusick #endif 30150937Smckusick freep->next = kbp->kb_next; 30231422Smckusick kbp->kb_next = addr; 30331422Smckusick splx(s); 30431422Smckusick } 30531422Smckusick 30631422Smckusick /* 30731422Smckusick * Initialize the kernel memory allocator 30831422Smckusick */ 30931422Smckusick kmeminit() 31031422Smckusick { 31131422Smckusick register long indx; 31233497Smckusick int npg; 31331422Smckusick 31434534Skarels #if ((MAXALLOCSAVE & (MAXALLOCSAVE - 1)) != 0) 31534534Skarels ERROR!_kmeminit:_MAXALLOCSAVE_not_power_of_2 31634534Skarels #endif 31734534Skarels #if (MAXALLOCSAVE > MINALLOCSIZE * 32768) 31834534Skarels ERROR!_kmeminit:_MAXALLOCSAVE_too_big 31934534Skarels #endif 32034534Skarels #if (MAXALLOCSAVE < CLBYTES) 32134534Skarels ERROR!_kmeminit:_MAXALLOCSAVE_too_small 32234534Skarels #endif 32346259Skarels npg = VM_KMEM_SIZE/ NBPG; 32446259Skarels kmemusage = (struct kmemusage *) kmem_alloc(kernel_map, 32546259Skarels (vm_size_t)(npg * sizeof(struct kmemusage))); 32652423Storek kmem_map = kmem_suballoc(kernel_map, (vm_offset_t *)&kmembase, 32752423Storek (vm_offset_t *)&kmemlimit, (vm_size_t)(npg * NBPG), FALSE); 32831422Smckusick #ifdef KMEMSTATS 32931422Smckusick for (indx = 0; indx < MINBUCKET + 16; indx++) { 33031422Smckusick if (1 << indx >= CLBYTES) 33131422Smckusick bucket[indx].kb_elmpercl = 1; 33231422Smckusick else 33331422Smckusick bucket[indx].kb_elmpercl = CLBYTES / (1 << indx); 33431422Smckusick bucket[indx].kb_highwat = 5 * bucket[indx].kb_elmpercl; 33531422Smckusick } 33631422Smckusick for (indx = 0; indx < M_LAST; indx++) 33741950Smckusick kmemstats[indx].ks_limit = npg * NBPG * 6 / 10; 33831422Smckusick #endif 33931422Smckusick } 340