1 /* $NetBSD: kern_malloc.c,v 1.47 1999/12/03 21:43:20 ragge Exp $ */ 2 3 /* 4 * Copyright (c) 1996 Christopher G. Demetriou. All rights reserved. 5 * Copyright (c) 1987, 1991, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. All advertising materials mentioning features or use of this software 17 * must display the following acknowledgement: 18 * This product includes software developed by the University of 19 * California, Berkeley and its contributors. 20 * 4. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)kern_malloc.c 8.4 (Berkeley) 5/20/95 37 */ 38 39 #include "opt_lockdebug.h" 40 41 #include <sys/param.h> 42 #include <sys/proc.h> 43 #include <sys/map.h> 44 #include <sys/kernel.h> 45 #include <sys/malloc.h> 46 #include <sys/systm.h> 47 48 #include <vm/vm.h> 49 #include <vm/vm_kern.h> 50 51 #include <uvm/uvm_extern.h> 52 53 static struct vm_map_intrsafe kmem_map_store; 54 vm_map_t kmem_map = NULL; 55 56 #include "opt_kmemstats.h" 57 #include "opt_malloclog.h" 58 59 struct kmembuckets bucket[MINBUCKET + 16]; 60 struct kmemstats kmemstats[M_LAST]; 61 struct kmemusage *kmemusage; 62 char *kmembase, *kmemlimit; 63 const char *memname[] = INITKMEMNAMES; 64 65 #ifdef MALLOCLOG 66 #ifndef MALLOCLOGSIZE 67 #define MALLOCLOGSIZE 100000 68 #endif 69 70 struct malloclog { 71 void *addr; 72 long size; 73 int type; 74 int action; 75 const char *file; 76 long line; 77 } malloclog[MALLOCLOGSIZE]; 78 79 long malloclogptr; 80 81 static void domlog __P((void *a, long size, int type, int action, 82 const char *file, long line)); 83 static void hitmlog __P((void *a)); 84 85 static void 86 domlog(a, size, type, action, file, line) 87 void *a; 88 long size; 89 int type; 90 int action; 91 const char *file; 92 long line; 93 { 94 95 malloclog[malloclogptr].addr = a; 96 malloclog[malloclogptr].size = size; 97 malloclog[malloclogptr].type = type; 98 malloclog[malloclogptr].action = action; 99 malloclog[malloclogptr].file = file; 100 malloclog[malloclogptr].line = line; 101 malloclogptr++; 102 if (malloclogptr >= MALLOCLOGSIZE) 103 malloclogptr = 0; 104 } 105 106 static void 107 hitmlog(a) 108 void *a; 109 { 110 struct malloclog *lp; 111 long l; 112 113 #define PRT \ 114 if (malloclog[l].addr == a && malloclog[l].action) { \ 115 lp = &malloclog[l]; \ 116 printf("malloc log entry %ld:\n", l); \ 117 printf("\taddr = %p\n", lp->addr); \ 118 printf("\tsize = %ld\n", lp->size); \ 119 printf("\ttype = %s\n", memname[lp->type]); \ 120 printf("\taction = %s\n", lp->action == 1 ? "alloc" : "free"); \ 121 printf("\tfile = %s\n", lp->file); \ 122 printf("\tline = %ld\n", lp->line); \ 123 } 124 125 for (l = malloclogptr; l < MALLOCLOGSIZE; l++) 126 PRT 127 128 for (l = 0; l < malloclogptr; l++) 129 PRT 130 } 131 #endif /* MALLOCLOG */ 132 133 #ifdef DIAGNOSTIC 134 /* 135 * This structure provides a set of masks to catch unaligned frees. 136 */ 137 long addrmask[] = { 0, 138 0x00000001, 0x00000003, 0x00000007, 0x0000000f, 139 0x0000001f, 0x0000003f, 0x0000007f, 0x000000ff, 140 0x000001ff, 0x000003ff, 0x000007ff, 0x00000fff, 141 0x00001fff, 0x00003fff, 0x00007fff, 0x0000ffff, 142 }; 143 144 /* 145 * The WEIRD_ADDR is used as known text to copy into free objects so 146 * that modifications after frees can be detected. 147 */ 148 #define WEIRD_ADDR ((unsigned) 0xdeadbeef) 149 #define MAX_COPY 32 150 151 /* 152 * Normally the freelist structure is used only to hold the list pointer 153 * for free objects. However, when running with diagnostics, the first 154 * 8 bytes of the structure is unused except for diagnostic information, 155 * and the free list pointer is at offst 8 in the structure. Since the 156 * first 8 bytes is the portion of the structure most often modified, this 157 * helps to detect memory reuse problems and avoid free list corruption. 158 */ 159 struct freelist { 160 int32_t spare0; 161 int16_t type; 162 int16_t spare1; 163 caddr_t next; 164 }; 165 #else /* !DIAGNOSTIC */ 166 struct freelist { 167 caddr_t next; 168 }; 169 #endif /* DIAGNOSTIC */ 170 171 /* 172 * Allocate a block of memory 173 */ 174 #ifdef MALLOCLOG 175 void * 176 _malloc(size, type, flags, file, line) 177 unsigned long size; 178 int type, flags; 179 const char *file; 180 long line; 181 #else 182 void * 183 malloc(size, type, flags) 184 unsigned long size; 185 int type, flags; 186 #endif /* MALLOCLOG */ 187 { 188 register struct kmembuckets *kbp; 189 register struct kmemusage *kup; 190 register struct freelist *freep; 191 long indx, npg, allocsize; 192 int s; 193 caddr_t va, cp, savedlist; 194 #ifdef DIAGNOSTIC 195 int32_t *end, *lp; 196 int copysize; 197 const char *savedtype; 198 #endif 199 #ifdef KMEMSTATS 200 register struct kmemstats *ksp = &kmemstats[type]; 201 202 if (((unsigned long)type) > M_LAST) 203 panic("malloc - bogus type"); 204 #endif 205 indx = BUCKETINDX(size); 206 kbp = &bucket[indx]; 207 s = splmem(); 208 #ifdef KMEMSTATS 209 while (ksp->ks_memuse >= ksp->ks_limit) { 210 if (flags & M_NOWAIT) { 211 splx(s); 212 return ((void *) NULL); 213 } 214 if (ksp->ks_limblocks < 65535) 215 ksp->ks_limblocks++; 216 tsleep((caddr_t)ksp, PSWP+2, memname[type], 0); 217 } 218 ksp->ks_size |= 1 << indx; 219 #endif 220 #ifdef DIAGNOSTIC 221 copysize = 1 << indx < MAX_COPY ? 1 << indx : MAX_COPY; 222 #endif 223 if (kbp->kb_next == NULL) { 224 kbp->kb_last = NULL; 225 if (size > MAXALLOCSAVE) 226 allocsize = roundup(size, NBPG); 227 else 228 allocsize = 1 << indx; 229 npg = btoc(allocsize); 230 va = (caddr_t) uvm_km_kmemalloc(kmem_map, uvmexp.kmem_object, 231 (vsize_t)ctob(npg), 232 (flags & M_NOWAIT) ? UVM_KMF_NOWAIT : 0); 233 if (va == NULL) { 234 /* 235 * Kmem_malloc() can return NULL, even if it can 236 * wait, if there is no map space avaiable, because 237 * it can't fix that problem. Neither can we, 238 * right now. (We should release pages which 239 * are completely free and which are in buckets 240 * with too many free elements.) 241 */ 242 if ((flags & M_NOWAIT) == 0) 243 panic("malloc: out of space in kmem_map"); 244 splx(s); 245 return ((void *) NULL); 246 } 247 #ifdef KMEMSTATS 248 kbp->kb_total += kbp->kb_elmpercl; 249 #endif 250 kup = btokup(va); 251 kup->ku_indx = indx; 252 if (allocsize > MAXALLOCSAVE) { 253 if (npg > 65535) 254 panic("malloc: allocation too large"); 255 kup->ku_pagecnt = npg; 256 #ifdef KMEMSTATS 257 ksp->ks_memuse += allocsize; 258 #endif 259 goto out; 260 } 261 #ifdef KMEMSTATS 262 kup->ku_freecnt = kbp->kb_elmpercl; 263 kbp->kb_totalfree += kbp->kb_elmpercl; 264 #endif 265 /* 266 * Just in case we blocked while allocating memory, 267 * and someone else also allocated memory for this 268 * bucket, don't assume the list is still empty. 269 */ 270 savedlist = kbp->kb_next; 271 kbp->kb_next = cp = va + (npg * NBPG) - allocsize; 272 for (;;) { 273 freep = (struct freelist *)cp; 274 #ifdef DIAGNOSTIC 275 /* 276 * Copy in known text to detect modification 277 * after freeing. 278 */ 279 end = (int32_t *)&cp[copysize]; 280 for (lp = (int32_t *)cp; lp < end; lp++) 281 *lp = WEIRD_ADDR; 282 freep->type = M_FREE; 283 #endif /* DIAGNOSTIC */ 284 if (cp <= va) 285 break; 286 cp -= allocsize; 287 freep->next = cp; 288 } 289 freep->next = savedlist; 290 if (kbp->kb_last == NULL) 291 kbp->kb_last = (caddr_t)freep; 292 } 293 va = kbp->kb_next; 294 kbp->kb_next = ((struct freelist *)va)->next; 295 #ifdef DIAGNOSTIC 296 freep = (struct freelist *)va; 297 savedtype = (unsigned)freep->type < M_LAST ? 298 memname[freep->type] : "???"; 299 if (kbp->kb_next) { 300 int rv; 301 vaddr_t addr = (vaddr_t)kbp->kb_next; 302 303 vm_map_lock(kmem_map); 304 rv = uvm_map_checkprot(kmem_map, addr, 305 addr + sizeof(struct freelist), 306 VM_PROT_WRITE); 307 vm_map_unlock(kmem_map); 308 309 if (!rv) 310 { 311 printf( 312 "%s %ld of object %p size %ld %s %s (invalid addr %p)\n", 313 "Data modified on freelist: word", 314 (long)((int32_t *)&kbp->kb_next - (int32_t *)kbp), 315 va, size, "previous type", savedtype, kbp->kb_next); 316 #ifdef MALLOCLOG 317 hitmlog(va); 318 #endif 319 kbp->kb_next = NULL; 320 } 321 } 322 323 /* Fill the fields that we've used with WEIRD_ADDR */ 324 #if BYTE_ORDER == BIG_ENDIAN 325 freep->type = WEIRD_ADDR >> 16; 326 #endif 327 #if BYTE_ORDER == LITTLE_ENDIAN 328 freep->type = (short)WEIRD_ADDR; 329 #endif 330 end = (int32_t *)&freep->next + 331 (sizeof(freep->next) / sizeof(int32_t)); 332 for (lp = (int32_t *)&freep->next; lp < end; lp++) 333 *lp = WEIRD_ADDR; 334 335 /* and check that the data hasn't been modified. */ 336 end = (int32_t *)&va[copysize]; 337 for (lp = (int32_t *)va; lp < end; lp++) { 338 if (*lp == WEIRD_ADDR) 339 continue; 340 printf("%s %ld of object %p size %ld %s %s (0x%x != 0x%x)\n", 341 "Data modified on freelist: word", 342 (long)(lp - (int32_t *)va), va, size, "previous type", 343 savedtype, *lp, WEIRD_ADDR); 344 #ifdef MALLOCLOG 345 hitmlog(va); 346 #endif 347 break; 348 } 349 350 freep->spare0 = 0; 351 #endif /* DIAGNOSTIC */ 352 #ifdef KMEMSTATS 353 kup = btokup(va); 354 if (kup->ku_indx != indx) 355 panic("malloc: wrong bucket"); 356 if (kup->ku_freecnt == 0) 357 panic("malloc: lost data"); 358 kup->ku_freecnt--; 359 kbp->kb_totalfree--; 360 ksp->ks_memuse += 1 << indx; 361 out: 362 kbp->kb_calls++; 363 ksp->ks_inuse++; 364 ksp->ks_calls++; 365 if (ksp->ks_memuse > ksp->ks_maxused) 366 ksp->ks_maxused = ksp->ks_memuse; 367 #else 368 out: 369 #endif 370 #ifdef MALLOCLOG 371 domlog(va, size, type, 1, file, line); 372 #endif 373 splx(s); 374 return ((void *) va); 375 } 376 377 /* 378 * Free a block of memory allocated by malloc. 379 */ 380 #ifdef MALLOCLOG 381 void 382 _free(addr, type, file, line) 383 void *addr; 384 int type; 385 const char *file; 386 long line; 387 #else 388 void 389 free(addr, type) 390 void *addr; 391 int type; 392 #endif /* MALLOCLOG */ 393 { 394 register struct kmembuckets *kbp; 395 register struct kmemusage *kup; 396 register struct freelist *freep; 397 long size; 398 int s; 399 #ifdef DIAGNOSTIC 400 caddr_t cp; 401 int32_t *end, *lp; 402 long alloc, copysize; 403 #endif 404 #ifdef KMEMSTATS 405 register struct kmemstats *ksp = &kmemstats[type]; 406 #endif 407 408 kup = btokup(addr); 409 size = 1 << kup->ku_indx; 410 kbp = &bucket[kup->ku_indx]; 411 s = splmem(); 412 #ifdef MALLOCLOG 413 domlog(addr, 0, type, 2, file, line); 414 #endif 415 #ifdef DIAGNOSTIC 416 /* 417 * Check for returns of data that do not point to the 418 * beginning of the allocation. 419 */ 420 if (size > NBPG) 421 alloc = addrmask[BUCKETINDX(NBPG)]; 422 else 423 alloc = addrmask[kup->ku_indx]; 424 if (((u_long)addr & alloc) != 0) 425 panic("free: unaligned addr %p, size %ld, type %s, mask %ld\n", 426 addr, size, memname[type], alloc); 427 #endif /* DIAGNOSTIC */ 428 if (size > MAXALLOCSAVE) { 429 uvm_km_free(kmem_map, (vaddr_t)addr, ctob(kup->ku_pagecnt)); 430 #ifdef KMEMSTATS 431 size = kup->ku_pagecnt << PGSHIFT; 432 ksp->ks_memuse -= size; 433 kup->ku_indx = 0; 434 kup->ku_pagecnt = 0; 435 if (ksp->ks_memuse + size >= ksp->ks_limit && 436 ksp->ks_memuse < ksp->ks_limit) 437 wakeup((caddr_t)ksp); 438 ksp->ks_inuse--; 439 kbp->kb_total -= 1; 440 #endif 441 splx(s); 442 return; 443 } 444 freep = (struct freelist *)addr; 445 #ifdef DIAGNOSTIC 446 /* 447 * Check for multiple frees. Use a quick check to see if 448 * it looks free before laboriously searching the freelist. 449 */ 450 if (freep->spare0 == WEIRD_ADDR) { 451 for (cp = kbp->kb_next; cp; 452 cp = ((struct freelist *)cp)->next) { 453 if (addr != cp) 454 continue; 455 printf("multiply freed item %p\n", addr); 456 #ifdef MALLOCLOG 457 hitmlog(addr); 458 #endif 459 panic("free: duplicated free"); 460 } 461 } 462 #ifdef LOCKDEBUG 463 /* 464 * Check if we're freeing a locked simple lock. 465 */ 466 simple_lock_freecheck(addr, (char *)addr + size); 467 #endif 468 /* 469 * Copy in known text to detect modification after freeing 470 * and to make it look free. Also, save the type being freed 471 * so we can list likely culprit if modification is detected 472 * when the object is reallocated. 473 */ 474 copysize = size < MAX_COPY ? size : MAX_COPY; 475 end = (int32_t *)&((caddr_t)addr)[copysize]; 476 for (lp = (int32_t *)addr; lp < end; lp++) 477 *lp = WEIRD_ADDR; 478 freep->type = type; 479 #endif /* DIAGNOSTIC */ 480 #ifdef KMEMSTATS 481 kup->ku_freecnt++; 482 if (kup->ku_freecnt >= kbp->kb_elmpercl) { 483 if (kup->ku_freecnt > kbp->kb_elmpercl) 484 panic("free: multiple frees"); 485 else if (kbp->kb_totalfree > kbp->kb_highwat) 486 kbp->kb_couldfree++; 487 } 488 kbp->kb_totalfree++; 489 ksp->ks_memuse -= size; 490 if (ksp->ks_memuse + size >= ksp->ks_limit && 491 ksp->ks_memuse < ksp->ks_limit) 492 wakeup((caddr_t)ksp); 493 ksp->ks_inuse--; 494 #endif 495 if (kbp->kb_next == NULL) 496 kbp->kb_next = addr; 497 else 498 ((struct freelist *)kbp->kb_last)->next = addr; 499 freep->next = NULL; 500 kbp->kb_last = addr; 501 splx(s); 502 } 503 504 /* 505 * Change the size of a block of memory. 506 */ 507 void * 508 realloc(curaddr, newsize, type, flags) 509 void *curaddr; 510 unsigned long newsize; 511 int type, flags; 512 { 513 register struct kmemusage *kup; 514 long cursize; 515 void *newaddr; 516 #ifdef DIAGNOSTIC 517 long alloc; 518 #endif 519 520 /* 521 * Realloc() with a NULL pointer is the same as malloc(). 522 */ 523 if (curaddr == NULL) 524 return (malloc(newsize, type, flags)); 525 526 /* 527 * Realloc() with zero size is the same as free(). 528 */ 529 if (newsize == 0) { 530 free(curaddr, type); 531 return (NULL); 532 } 533 534 /* 535 * Find out how large the old allocation was (and do some 536 * sanity checking). 537 */ 538 kup = btokup(curaddr); 539 cursize = 1 << kup->ku_indx; 540 541 #ifdef DIAGNOSTIC 542 /* 543 * Check for returns of data that do not point to the 544 * beginning of the allocation. 545 */ 546 if (cursize > NBPG) 547 alloc = addrmask[BUCKETINDX(NBPG)]; 548 else 549 alloc = addrmask[kup->ku_indx]; 550 if (((u_long)curaddr & alloc) != 0) 551 panic("realloc: unaligned addr %p, size %ld, type %s, mask %ld\n", 552 curaddr, cursize, memname[type], alloc); 553 #endif /* DIAGNOSTIC */ 554 555 if (cursize > MAXALLOCSAVE) 556 cursize = ctob(kup->ku_pagecnt); 557 558 /* 559 * If we already actually have as much as they want, we're done. 560 */ 561 if (newsize <= cursize) 562 return (curaddr); 563 564 /* 565 * Can't satisfy the allocation with the existing block. 566 * Allocate a new one and copy the data. 567 */ 568 newaddr = malloc(newsize, type, flags); 569 if (newaddr == NULL) { 570 /* 571 * Malloc() failed, because flags included M_NOWAIT. 572 * Return NULL to indicate that failure. The old 573 * pointer is still valid. 574 */ 575 return NULL; 576 } 577 memcpy(newaddr, curaddr, cursize); 578 579 /* 580 * We were successful: free the old allocation and return 581 * the new one. 582 */ 583 free(curaddr, type); 584 return (newaddr); 585 } 586 587 /* 588 * Initialize the kernel memory allocator 589 */ 590 void 591 kmeminit() 592 { 593 #ifdef KMEMSTATS 594 register long indx; 595 #endif 596 int npg; 597 598 #if ((MAXALLOCSAVE & (MAXALLOCSAVE - 1)) != 0) 599 ERROR!_kmeminit:_MAXALLOCSAVE_not_power_of_2 600 #endif 601 #if (MAXALLOCSAVE > MINALLOCSIZE * 32768) 602 ERROR!_kmeminit:_MAXALLOCSAVE_too_big 603 #endif 604 #if (MAXALLOCSAVE < NBPG) 605 ERROR!_kmeminit:_MAXALLOCSAVE_too_small 606 #endif 607 608 if (sizeof(struct freelist) > (1 << MINBUCKET)) 609 panic("minbucket too small/struct freelist too big"); 610 611 npg = VM_KMEM_SIZE/ NBPG; 612 kmemusage = (struct kmemusage *) uvm_km_zalloc(kernel_map, 613 (vsize_t)(npg * sizeof(struct kmemusage))); 614 kmem_map = uvm_km_suballoc(kernel_map, (vaddr_t *)&kmembase, 615 (vaddr_t *)&kmemlimit, (vsize_t)(npg * NBPG), 616 VM_MAP_INTRSAFE, FALSE, &kmem_map_store.vmi_map); 617 #ifdef KMEMSTATS 618 for (indx = 0; indx < MINBUCKET + 16; indx++) { 619 if (1 << indx >= NBPG) 620 bucket[indx].kb_elmpercl = 1; 621 else 622 bucket[indx].kb_elmpercl = NBPG / (1 << indx); 623 bucket[indx].kb_highwat = 5 * bucket[indx].kb_elmpercl; 624 } 625 for (indx = 0; indx < M_LAST; indx++) 626 kmemstats[indx].ks_limit = npg * NBPG * 6 / 10; 627 #endif 628 } 629 630 #ifdef DDB 631 #include <ddb/db_output.h> 632 633 /* 634 * Dump kmem statistics from ddb. 635 * 636 * usage: call dump_kmemstats 637 */ 638 void dump_kmemstats __P((void)); 639 640 void 641 dump_kmemstats() 642 { 643 #ifdef KMEMSTATS 644 const char *name; 645 int i; 646 647 for (i = 0; i < M_LAST; i++) { 648 name = memname[i] ? memname[i] : ""; 649 650 db_printf("%2d %s%.*s %ld\n", i, name, 651 (int)(20 - strlen(name)), " ", 652 kmemstats[i].ks_memuse); 653 } 654 #else 655 db_printf("Kmem stats are not being collected.\n"); 656 #endif /* KMEMSTATS */ 657 } 658 #endif /* DDB */ 659