Print this page
11927 Log, or optionally panic, on zero-length kmem allocations
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Jason King <jason.brian.king@gmail.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/os/kmem.c
+++ new/usr/src/uts/common/os/kmem.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved.
23 23 * Copyright (c) 2012, 2017 by Delphix. All rights reserved.
24 24 * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
25 25 * Copyright 2018, Joyent, Inc.
26 26 */
27 27
28 28 /*
29 29 * Kernel memory allocator, as described in the following two papers and a
30 30 * statement about the consolidator:
31 31 *
32 32 * Jeff Bonwick,
33 33 * The Slab Allocator: An Object-Caching Kernel Memory Allocator.
34 34 * Proceedings of the Summer 1994 Usenix Conference.
35 35 * Available as /shared/sac/PSARC/1994/028/materials/kmem.pdf.
36 36 *
37 37 * Jeff Bonwick and Jonathan Adams,
38 38 * Magazines and vmem: Extending the Slab Allocator to Many CPUs and
39 39 * Arbitrary Resources.
40 40 * Proceedings of the 2001 Usenix Conference.
41 41 * Available as /shared/sac/PSARC/2000/550/materials/vmem.pdf.
42 42 *
43 43 * kmem Slab Consolidator Big Theory Statement:
44 44 *
45 45 * 1. Motivation
46 46 *
47 47 * As stated in Bonwick94, slabs provide the following advantages over other
48 48 * allocation structures in terms of memory fragmentation:
49 49 *
50 50 * - Internal fragmentation (per-buffer wasted space) is minimal.
51 51 * - Severe external fragmentation (unused buffers on the free list) is
52 52 * unlikely.
53 53 *
54 54 * Segregating objects by size eliminates one source of external fragmentation,
55 55 * and according to Bonwick:
56 56 *
57 57 * The other reason that slabs reduce external fragmentation is that all
58 58 * objects in a slab are of the same type, so they have the same lifetime
59 59 * distribution. The resulting segregation of short-lived and long-lived
60 60 * objects at slab granularity reduces the likelihood of an entire page being
61 61 * held hostage due to a single long-lived allocation [Barrett93, Hanson90].
62 62 *
63 63 * While unlikely, severe external fragmentation remains possible. Clients that
64 64 * allocate both short- and long-lived objects from the same cache cannot
65 65 * anticipate the distribution of long-lived objects within the allocator's slab
66 66 * implementation. Even a small percentage of long-lived objects distributed
67 67 * randomly across many slabs can lead to a worst case scenario where the client
68 68 * frees the majority of its objects and the system gets back almost none of the
69 69 * slabs. Despite the client doing what it reasonably can to help the system
70 70 * reclaim memory, the allocator cannot shake free enough slabs because of
71 71 * lonely allocations stubbornly hanging on. Although the allocator is in a
72 72 * position to diagnose the fragmentation, there is nothing that the allocator
73 73 * by itself can do about it. It only takes a single allocated object to prevent
74 74 * an entire slab from being reclaimed, and any object handed out by
75 75 * kmem_cache_alloc() is by definition in the client's control. Conversely,
76 76 * although the client is in a position to move a long-lived object, it has no
77 77 * way of knowing if the object is causing fragmentation, and if so, where to
78 78 * move it. A solution necessarily requires further cooperation between the
79 79 * allocator and the client.
80 80 *
81 81 * 2. Move Callback
82 82 *
83 83 * The kmem slab consolidator therefore adds a move callback to the
84 84 * allocator/client interface, improving worst-case external fragmentation in
85 85 * kmem caches that supply a function to move objects from one memory location
86 86 * to another. In a situation of low memory kmem attempts to consolidate all of
87 87 * a cache's slabs at once; otherwise it works slowly to bring external
88 88 * fragmentation within the 1/8 limit guaranteed for internal fragmentation,
89 89 * thereby helping to avoid a low memory situation in the future.
90 90 *
91 91 * The callback has the following signature:
92 92 *
93 93 * kmem_cbrc_t move(void *old, void *new, size_t size, void *user_arg)
94 94 *
95 95 * It supplies the kmem client with two addresses: the allocated object that
96 96 * kmem wants to move and a buffer selected by kmem for the client to use as the
97 97 * copy destination. The callback is kmem's way of saying "Please get off of
98 98 * this buffer and use this one instead." kmem knows where it wants to move the
99 99 * object in order to best reduce fragmentation. All the client needs to know
100 100 * about the second argument (void *new) is that it is an allocated, constructed
101 101 * object ready to take the contents of the old object. When the move function
102 102 * is called, the system is likely to be low on memory, and the new object
103 103 * spares the client from having to worry about allocating memory for the
104 104 * requested move. The third argument supplies the size of the object, in case a
105 105 * single move function handles multiple caches whose objects differ only in
106 106 * size (such as zio_buf_512, zio_buf_1024, etc). Finally, the same optional
107 107 * user argument passed to the constructor, destructor, and reclaim functions is
108 108 * also passed to the move callback.
109 109 *
110 110 * 2.1 Setting the Move Callback
111 111 *
112 112 * The client sets the move callback after creating the cache and before
113 113 * allocating from it:
114 114 *
115 115 * object_cache = kmem_cache_create(...);
116 116 * kmem_cache_set_move(object_cache, object_move);
117 117 *
118 118 * 2.2 Move Callback Return Values
119 119 *
120 120 * Only the client knows about its own data and when is a good time to move it.
121 121 * The client is cooperating with kmem to return unused memory to the system,
122 122 * and kmem respectfully accepts this help at the client's convenience. When
123 123 * asked to move an object, the client can respond with any of the following:
124 124 *
125 125 * typedef enum kmem_cbrc {
126 126 * KMEM_CBRC_YES,
127 127 * KMEM_CBRC_NO,
128 128 * KMEM_CBRC_LATER,
129 129 * KMEM_CBRC_DONT_NEED,
130 130 * KMEM_CBRC_DONT_KNOW
131 131 * } kmem_cbrc_t;
132 132 *
133 133 * The client must not explicitly kmem_cache_free() either of the objects passed
134 134 * to the callback, since kmem wants to free them directly to the slab layer
135 135 * (bypassing the per-CPU magazine layer). The response tells kmem which of the
136 136 * objects to free:
137 137 *
138 138 * YES: (Did it) The client moved the object, so kmem frees the old one.
139 139 * NO: (Never) The client refused, so kmem frees the new object (the
140 140 * unused copy destination). kmem also marks the slab of the old
141 141 * object so as not to bother the client with further callbacks for
142 142 * that object as long as the slab remains on the partial slab list.
143 143 * (The system won't be getting the slab back as long as the
144 144 * immovable object holds it hostage, so there's no point in moving
145 145 * any of its objects.)
146 146 * LATER: The client is using the object and cannot move it now, so kmem
147 147 * frees the new object (the unused copy destination). kmem still
148 148 * attempts to move other objects off the slab, since it expects to
149 149 * succeed in clearing the slab in a later callback. The client
150 150 * should use LATER instead of NO if the object is likely to become
151 151 * movable very soon.
152 152 * DONT_NEED: The client no longer needs the object, so kmem frees the old along
153 153 * with the new object (the unused copy destination). This response
154 154 * is the client's opportunity to be a model citizen and give back as
155 155 * much as it can.
156 156 * DONT_KNOW: The client does not know about the object because
157 157 * a) the client has just allocated the object and not yet put it
158 158 * wherever it expects to find known objects
159 159 * b) the client has removed the object from wherever it expects to
160 160 * find known objects and is about to free it, or
161 161 * c) the client has freed the object.
162 162 * In all these cases (a, b, and c) kmem frees the new object (the
163 163 * unused copy destination). In the first case, the object is in
164 164 * use and the correct action is that for LATER; in the latter two
165 165 * cases, we know that the object is either freed or about to be
166 166 * freed, in which case it is either already in a magazine or about
167 167 * to be in one. In these cases, we know that the object will either
168 168 * be reallocated and reused, or it will end up in a full magazine
169 169 * that will be reaped (thereby liberating the slab). Because it
170 170 * is prohibitively expensive to differentiate these cases, and
171 171 * because the defrag code is executed when we're low on memory
172 172 * (thereby biasing the system to reclaim full magazines) we treat
173 173 * all DONT_KNOW cases as LATER and rely on cache reaping to
174 174 * generally clean up full magazines. While we take the same action
175 175 * for these cases, we maintain their semantic distinction: if
176 176 * defragmentation is not occurring, it is useful to know if this
177 177 * is due to objects in use (LATER) or objects in an unknown state
178 178 * of transition (DONT_KNOW).
179 179 *
180 180 * 2.3 Object States
181 181 *
182 182 * Neither kmem nor the client can be assumed to know the object's whereabouts
183 183 * at the time of the callback. An object belonging to a kmem cache may be in
184 184 * any of the following states:
185 185 *
186 186 * 1. Uninitialized on the slab
187 187 * 2. Allocated from the slab but not constructed (still uninitialized)
188 188 * 3. Allocated from the slab, constructed, but not yet ready for business
189 189 * (not in a valid state for the move callback)
190 190 * 4. In use (valid and known to the client)
191 191 * 5. About to be freed (no longer in a valid state for the move callback)
192 192 * 6. Freed to a magazine (still constructed)
193 193 * 7. Allocated from a magazine, not yet ready for business (not in a valid
194 194 * state for the move callback), and about to return to state #4
195 195 * 8. Deconstructed on a magazine that is about to be freed
196 196 * 9. Freed to the slab
197 197 *
198 198 * Since the move callback may be called at any time while the object is in any
199 199 * of the above states (except state #1), the client needs a safe way to
200 200 * determine whether or not it knows about the object. Specifically, the client
201 201 * needs to know whether or not the object is in state #4, the only state in
202 202 * which a move is valid. If the object is in any other state, the client should
203 203 * immediately return KMEM_CBRC_DONT_KNOW, since it is unsafe to access any of
204 204 * the object's fields.
205 205 *
206 206 * Note that although an object may be in state #4 when kmem initiates the move
207 207 * request, the object may no longer be in that state by the time kmem actually
208 208 * calls the move function. Not only does the client free objects
209 209 * asynchronously, kmem itself puts move requests on a queue where thay are
210 210 * pending until kmem processes them from another context. Also, objects freed
211 211 * to a magazine appear allocated from the point of view of the slab layer, so
212 212 * kmem may even initiate requests for objects in a state other than state #4.
213 213 *
214 214 * 2.3.1 Magazine Layer
215 215 *
216 216 * An important insight revealed by the states listed above is that the magazine
217 217 * layer is populated only by kmem_cache_free(). Magazines of constructed
218 218 * objects are never populated directly from the slab layer (which contains raw,
219 219 * unconstructed objects). Whenever an allocation request cannot be satisfied
220 220 * from the magazine layer, the magazines are bypassed and the request is
221 221 * satisfied from the slab layer (creating a new slab if necessary). kmem calls
222 222 * the object constructor only when allocating from the slab layer, and only in
223 223 * response to kmem_cache_alloc() or to prepare the destination buffer passed in
224 224 * the move callback. kmem does not preconstruct objects in anticipation of
225 225 * kmem_cache_alloc().
226 226 *
227 227 * 2.3.2 Object Constructor and Destructor
228 228 *
229 229 * If the client supplies a destructor, it must be valid to call the destructor
230 230 * on a newly created object (immediately after the constructor).
231 231 *
232 232 * 2.4 Recognizing Known Objects
233 233 *
234 234 * There is a simple test to determine safely whether or not the client knows
235 235 * about a given object in the move callback. It relies on the fact that kmem
236 236 * guarantees that the object of the move callback has only been touched by the
237 237 * client itself or else by kmem. kmem does this by ensuring that none of the
238 238 * cache's slabs are freed to the virtual memory (VM) subsystem while a move
239 239 * callback is pending. When the last object on a slab is freed, if there is a
240 240 * pending move, kmem puts the slab on a per-cache dead list and defers freeing
241 241 * slabs on that list until all pending callbacks are completed. That way,
242 242 * clients can be certain that the object of a move callback is in one of the
243 243 * states listed above, making it possible to distinguish known objects (in
244 244 * state #4) using the two low order bits of any pointer member (with the
245 245 * exception of 'char *' or 'short *' which may not be 4-byte aligned on some
246 246 * platforms).
247 247 *
248 248 * The test works as long as the client always transitions objects from state #4
249 249 * (known, in use) to state #5 (about to be freed, invalid) by setting the low
250 250 * order bit of the client-designated pointer member. Since kmem only writes
251 251 * invalid memory patterns, such as 0xbaddcafe to uninitialized memory and
252 252 * 0xdeadbeef to freed memory, any scribbling on the object done by kmem is
253 253 * guaranteed to set at least one of the two low order bits. Therefore, given an
254 254 * object with a back pointer to a 'container_t *o_container', the client can
255 255 * test
256 256 *
257 257 * container_t *container = object->o_container;
258 258 * if ((uintptr_t)container & 0x3) {
259 259 * return (KMEM_CBRC_DONT_KNOW);
260 260 * }
261 261 *
262 262 * Typically, an object will have a pointer to some structure with a list or
263 263 * hash where objects from the cache are kept while in use. Assuming that the
264 264 * client has some way of knowing that the container structure is valid and will
265 265 * not go away during the move, and assuming that the structure includes a lock
266 266 * to protect whatever collection is used, then the client would continue as
267 267 * follows:
268 268 *
269 269 * // Ensure that the container structure does not go away.
270 270 * if (container_hold(container) == 0) {
271 271 * return (KMEM_CBRC_DONT_KNOW);
272 272 * }
273 273 * mutex_enter(&container->c_objects_lock);
274 274 * if (container != object->o_container) {
275 275 * mutex_exit(&container->c_objects_lock);
276 276 * container_rele(container);
277 277 * return (KMEM_CBRC_DONT_KNOW);
278 278 * }
279 279 *
280 280 * At this point the client knows that the object cannot be freed as long as
281 281 * c_objects_lock is held. Note that after acquiring the lock, the client must
282 282 * recheck the o_container pointer in case the object was removed just before
283 283 * acquiring the lock.
284 284 *
285 285 * When the client is about to free an object, it must first remove that object
286 286 * from the list, hash, or other structure where it is kept. At that time, to
287 287 * mark the object so it can be distinguished from the remaining, known objects,
288 288 * the client sets the designated low order bit:
289 289 *
290 290 * mutex_enter(&container->c_objects_lock);
291 291 * object->o_container = (void *)((uintptr_t)object->o_container | 0x1);
292 292 * list_remove(&container->c_objects, object);
293 293 * mutex_exit(&container->c_objects_lock);
294 294 *
295 295 * In the common case, the object is freed to the magazine layer, where it may
296 296 * be reused on a subsequent allocation without the overhead of calling the
297 297 * constructor. While in the magazine it appears allocated from the point of
298 298 * view of the slab layer, making it a candidate for the move callback. Most
299 299 * objects unrecognized by the client in the move callback fall into this
300 300 * category and are cheaply distinguished from known objects by the test
301 301 * described earlier. Because searching magazines is prohibitively expensive
302 302 * for kmem, clients that do not mark freed objects (and therefore return
303 303 * KMEM_CBRC_DONT_KNOW for large numbers of objects) may find defragmentation
304 304 * efficacy reduced.
305 305 *
306 306 * Invalidating the designated pointer member before freeing the object marks
307 307 * the object to be avoided in the callback, and conversely, assigning a valid
308 308 * value to the designated pointer member after allocating the object makes the
309 309 * object fair game for the callback:
310 310 *
311 311 * ... allocate object ...
312 312 * ... set any initial state not set by the constructor ...
313 313 *
314 314 * mutex_enter(&container->c_objects_lock);
315 315 * list_insert_tail(&container->c_objects, object);
316 316 * membar_producer();
317 317 * object->o_container = container;
318 318 * mutex_exit(&container->c_objects_lock);
319 319 *
320 320 * Note that everything else must be valid before setting o_container makes the
321 321 * object fair game for the move callback. The membar_producer() call ensures
322 322 * that all the object's state is written to memory before setting the pointer
323 323 * that transitions the object from state #3 or #7 (allocated, constructed, not
324 324 * yet in use) to state #4 (in use, valid). That's important because the move
325 325 * function has to check the validity of the pointer before it can safely
326 326 * acquire the lock protecting the collection where it expects to find known
327 327 * objects.
328 328 *
329 329 * This method of distinguishing known objects observes the usual symmetry:
330 330 * invalidating the designated pointer is the first thing the client does before
331 331 * freeing the object, and setting the designated pointer is the last thing the
332 332 * client does after allocating the object. Of course, the client is not
333 333 * required to use this method. Fundamentally, how the client recognizes known
334 334 * objects is completely up to the client, but this method is recommended as an
335 335 * efficient and safe way to take advantage of the guarantees made by kmem. If
336 336 * the entire object is arbitrary data without any markable bits from a suitable
337 337 * pointer member, then the client must find some other method, such as
338 338 * searching a hash table of known objects.
339 339 *
340 340 * 2.5 Preventing Objects From Moving
341 341 *
342 342 * Besides a way to distinguish known objects, the other thing that the client
343 343 * needs is a strategy to ensure that an object will not move while the client
344 344 * is actively using it. The details of satisfying this requirement tend to be
345 345 * highly cache-specific. It might seem that the same rules that let a client
346 346 * remove an object safely should also decide when an object can be moved
347 347 * safely. However, any object state that makes a removal attempt invalid is
348 348 * likely to be long-lasting for objects that the client does not expect to
349 349 * remove. kmem knows nothing about the object state and is equally likely (from
350 350 * the client's point of view) to request a move for any object in the cache,
351 351 * whether prepared for removal or not. Even a low percentage of objects stuck
352 352 * in place by unremovability will defeat the consolidator if the stuck objects
353 353 * are the same long-lived allocations likely to hold slabs hostage.
354 354 * Fundamentally, the consolidator is not aimed at common cases. Severe external
355 355 * fragmentation is a worst case scenario manifested as sparsely allocated
356 356 * slabs, by definition a low percentage of the cache's objects. When deciding
357 357 * what makes an object movable, keep in mind the goal of the consolidator: to
358 358 * bring worst-case external fragmentation within the limits guaranteed for
359 359 * internal fragmentation. Removability is a poor criterion if it is likely to
360 360 * exclude more than an insignificant percentage of objects for long periods of
361 361 * time.
362 362 *
363 363 * A tricky general solution exists, and it has the advantage of letting you
364 364 * move any object at almost any moment, practically eliminating the likelihood
365 365 * that an object can hold a slab hostage. However, if there is a cache-specific
366 366 * way to ensure that an object is not actively in use in the vast majority of
367 367 * cases, a simpler solution that leverages this cache-specific knowledge is
368 368 * preferred.
369 369 *
370 370 * 2.5.1 Cache-Specific Solution
371 371 *
372 372 * As an example of a cache-specific solution, the ZFS znode cache takes
373 373 * advantage of the fact that the vast majority of znodes are only being
374 374 * referenced from the DNLC. (A typical case might be a few hundred in active
375 375 * use and a hundred thousand in the DNLC.) In the move callback, after the ZFS
376 376 * client has established that it recognizes the znode and can access its fields
377 377 * safely (using the method described earlier), it then tests whether the znode
378 378 * is referenced by anything other than the DNLC. If so, it assumes that the
379 379 * znode may be in active use and is unsafe to move, so it drops its locks and
380 380 * returns KMEM_CBRC_LATER. The advantage of this strategy is that everywhere
381 381 * else znodes are used, no change is needed to protect against the possibility
382 382 * of the znode moving. The disadvantage is that it remains possible for an
383 383 * application to hold a znode slab hostage with an open file descriptor.
384 384 * However, this case ought to be rare and the consolidator has a way to deal
385 385 * with it: If the client responds KMEM_CBRC_LATER repeatedly for the same
386 386 * object, kmem eventually stops believing it and treats the slab as if the
387 387 * client had responded KMEM_CBRC_NO. Having marked the hostage slab, kmem can
388 388 * then focus on getting it off of the partial slab list by allocating rather
389 389 * than freeing all of its objects. (Either way of getting a slab off the
390 390 * free list reduces fragmentation.)
391 391 *
392 392 * 2.5.2 General Solution
393 393 *
394 394 * The general solution, on the other hand, requires an explicit hold everywhere
395 395 * the object is used to prevent it from moving. To keep the client locking
396 396 * strategy as uncomplicated as possible, kmem guarantees the simplifying
397 397 * assumption that move callbacks are sequential, even across multiple caches.
398 398 * Internally, a global queue processed by a single thread supports all caches
399 399 * implementing the callback function. No matter how many caches supply a move
400 400 * function, the consolidator never moves more than one object at a time, so the
401 401 * client does not have to worry about tricky lock ordering involving several
402 402 * related objects from different kmem caches.
403 403 *
404 404 * The general solution implements the explicit hold as a read-write lock, which
405 405 * allows multiple readers to access an object from the cache simultaneously
406 406 * while a single writer is excluded from moving it. A single rwlock for the
407 407 * entire cache would lock out all threads from using any of the cache's objects
408 408 * even though only a single object is being moved, so to reduce contention,
409 409 * the client can fan out the single rwlock into an array of rwlocks hashed by
410 410 * the object address, making it probable that moving one object will not
411 411 * prevent other threads from using a different object. The rwlock cannot be a
412 412 * member of the object itself, because the possibility of the object moving
413 413 * makes it unsafe to access any of the object's fields until the lock is
414 414 * acquired.
415 415 *
416 416 * Assuming a small, fixed number of locks, it's possible that multiple objects
417 417 * will hash to the same lock. A thread that needs to use multiple objects in
418 418 * the same function may acquire the same lock multiple times. Since rwlocks are
419 419 * reentrant for readers, and since there is never more than a single writer at
420 420 * a time (assuming that the client acquires the lock as a writer only when
421 421 * moving an object inside the callback), there would seem to be no problem.
422 422 * However, a client locking multiple objects in the same function must handle
423 423 * one case of potential deadlock: Assume that thread A needs to prevent both
424 424 * object 1 and object 2 from moving, and thread B, the callback, meanwhile
425 425 * tries to move object 3. It's possible, if objects 1, 2, and 3 all hash to the
426 426 * same lock, that thread A will acquire the lock for object 1 as a reader
427 427 * before thread B sets the lock's write-wanted bit, preventing thread A from
428 428 * reacquiring the lock for object 2 as a reader. Unable to make forward
429 429 * progress, thread A will never release the lock for object 1, resulting in
430 430 * deadlock.
431 431 *
432 432 * There are two ways of avoiding the deadlock just described. The first is to
433 433 * use rw_tryenter() rather than rw_enter() in the callback function when
434 434 * attempting to acquire the lock as a writer. If tryenter discovers that the
435 435 * same object (or another object hashed to the same lock) is already in use, it
436 436 * aborts the callback and returns KMEM_CBRC_LATER. The second way is to use
437 437 * rprwlock_t (declared in common/fs/zfs/sys/rprwlock.h) instead of rwlock_t,
438 438 * since it allows a thread to acquire the lock as a reader in spite of a
439 439 * waiting writer. This second approach insists on moving the object now, no
440 440 * matter how many readers the move function must wait for in order to do so,
441 441 * and could delay the completion of the callback indefinitely (blocking
442 442 * callbacks to other clients). In practice, a less insistent callback using
443 443 * rw_tryenter() returns KMEM_CBRC_LATER infrequently enough that there seems
444 444 * little reason to use anything else.
445 445 *
446 446 * Avoiding deadlock is not the only problem that an implementation using an
447 447 * explicit hold needs to solve. Locking the object in the first place (to
448 448 * prevent it from moving) remains a problem, since the object could move
449 449 * between the time you obtain a pointer to the object and the time you acquire
450 450 * the rwlock hashed to that pointer value. Therefore the client needs to
451 451 * recheck the value of the pointer after acquiring the lock, drop the lock if
452 452 * the value has changed, and try again. This requires a level of indirection:
453 453 * something that points to the object rather than the object itself, that the
454 454 * client can access safely while attempting to acquire the lock. (The object
455 455 * itself cannot be referenced safely because it can move at any time.)
456 456 * The following lock-acquisition function takes whatever is safe to reference
457 457 * (arg), follows its pointer to the object (using function f), and tries as
458 458 * often as necessary to acquire the hashed lock and verify that the object
459 459 * still has not moved:
460 460 *
461 461 * object_t *
462 462 * object_hold(object_f f, void *arg)
463 463 * {
464 464 * object_t *op;
465 465 *
466 466 * op = f(arg);
467 467 * if (op == NULL) {
468 468 * return (NULL);
469 469 * }
470 470 *
471 471 * rw_enter(OBJECT_RWLOCK(op), RW_READER);
472 472 * while (op != f(arg)) {
473 473 * rw_exit(OBJECT_RWLOCK(op));
474 474 * op = f(arg);
475 475 * if (op == NULL) {
476 476 * break;
477 477 * }
478 478 * rw_enter(OBJECT_RWLOCK(op), RW_READER);
479 479 * }
480 480 *
481 481 * return (op);
482 482 * }
483 483 *
484 484 * The OBJECT_RWLOCK macro hashes the object address to obtain the rwlock. The
485 485 * lock reacquisition loop, while necessary, almost never executes. The function
486 486 * pointer f (used to obtain the object pointer from arg) has the following type
487 487 * definition:
488 488 *
489 489 * typedef object_t *(*object_f)(void *arg);
490 490 *
491 491 * An object_f implementation is likely to be as simple as accessing a structure
492 492 * member:
493 493 *
494 494 * object_t *
495 495 * s_object(void *arg)
496 496 * {
497 497 * something_t *sp = arg;
498 498 * return (sp->s_object);
499 499 * }
500 500 *
501 501 * The flexibility of a function pointer allows the path to the object to be
502 502 * arbitrarily complex and also supports the notion that depending on where you
503 503 * are using the object, you may need to get it from someplace different.
504 504 *
505 505 * The function that releases the explicit hold is simpler because it does not
506 506 * have to worry about the object moving:
507 507 *
508 508 * void
509 509 * object_rele(object_t *op)
510 510 * {
511 511 * rw_exit(OBJECT_RWLOCK(op));
512 512 * }
513 513 *
514 514 * The caller is spared these details so that obtaining and releasing an
515 515 * explicit hold feels like a simple mutex_enter()/mutex_exit() pair. The caller
516 516 * of object_hold() only needs to know that the returned object pointer is valid
517 517 * if not NULL and that the object will not move until released.
518 518 *
519 519 * Although object_hold() prevents an object from moving, it does not prevent it
520 520 * from being freed. The caller must take measures before calling object_hold()
521 521 * (afterwards is too late) to ensure that the held object cannot be freed. The
522 522 * caller must do so without accessing the unsafe object reference, so any lock
523 523 * or reference count used to ensure the continued existence of the object must
524 524 * live outside the object itself.
525 525 *
526 526 * Obtaining a new object is a special case where an explicit hold is impossible
527 527 * for the caller. Any function that returns a newly allocated object (either as
528 528 * a return value, or as an in-out paramter) must return it already held; after
529 529 * the caller gets it is too late, since the object cannot be safely accessed
530 530 * without the level of indirection described earlier. The following
531 531 * object_alloc() example uses the same code shown earlier to transition a new
532 532 * object into the state of being recognized (by the client) as a known object.
533 533 * The function must acquire the hold (rw_enter) before that state transition
534 534 * makes the object movable:
535 535 *
536 536 * static object_t *
537 537 * object_alloc(container_t *container)
538 538 * {
539 539 * object_t *object = kmem_cache_alloc(object_cache, 0);
540 540 * ... set any initial state not set by the constructor ...
541 541 * rw_enter(OBJECT_RWLOCK(object), RW_READER);
542 542 * mutex_enter(&container->c_objects_lock);
543 543 * list_insert_tail(&container->c_objects, object);
544 544 * membar_producer();
545 545 * object->o_container = container;
546 546 * mutex_exit(&container->c_objects_lock);
547 547 * return (object);
548 548 * }
549 549 *
550 550 * Functions that implicitly acquire an object hold (any function that calls
551 551 * object_alloc() to supply an object for the caller) need to be carefully noted
552 552 * so that the matching object_rele() is not neglected. Otherwise, leaked holds
553 553 * prevent all objects hashed to the affected rwlocks from ever being moved.
554 554 *
555 555 * The pointer to a held object can be hashed to the holding rwlock even after
556 556 * the object has been freed. Although it is possible to release the hold
557 557 * after freeing the object, you may decide to release the hold implicitly in
558 558 * whatever function frees the object, so as to release the hold as soon as
559 559 * possible, and for the sake of symmetry with the function that implicitly
560 560 * acquires the hold when it allocates the object. Here, object_free() releases
561 561 * the hold acquired by object_alloc(). Its implicit object_rele() forms a
562 562 * matching pair with object_hold():
563 563 *
564 564 * void
565 565 * object_free(object_t *object)
566 566 * {
567 567 * container_t *container;
568 568 *
569 569 * ASSERT(object_held(object));
570 570 * container = object->o_container;
571 571 * mutex_enter(&container->c_objects_lock);
572 572 * object->o_container =
573 573 * (void *)((uintptr_t)object->o_container | 0x1);
574 574 * list_remove(&container->c_objects, object);
575 575 * mutex_exit(&container->c_objects_lock);
576 576 * object_rele(object);
577 577 * kmem_cache_free(object_cache, object);
578 578 * }
579 579 *
580 580 * Note that object_free() cannot safely accept an object pointer as an argument
581 581 * unless the object is already held. Any function that calls object_free()
582 582 * needs to be carefully noted since it similarly forms a matching pair with
583 583 * object_hold().
584 584 *
585 585 * To complete the picture, the following callback function implements the
586 586 * general solution by moving objects only if they are currently unheld:
587 587 *
588 588 * static kmem_cbrc_t
589 589 * object_move(void *buf, void *newbuf, size_t size, void *arg)
590 590 * {
591 591 * object_t *op = buf, *np = newbuf;
592 592 * container_t *container;
593 593 *
594 594 * container = op->o_container;
595 595 * if ((uintptr_t)container & 0x3) {
596 596 * return (KMEM_CBRC_DONT_KNOW);
597 597 * }
598 598 *
599 599 * // Ensure that the container structure does not go away.
600 600 * if (container_hold(container) == 0) {
601 601 * return (KMEM_CBRC_DONT_KNOW);
602 602 * }
603 603 *
604 604 * mutex_enter(&container->c_objects_lock);
605 605 * if (container != op->o_container) {
606 606 * mutex_exit(&container->c_objects_lock);
607 607 * container_rele(container);
608 608 * return (KMEM_CBRC_DONT_KNOW);
609 609 * }
610 610 *
611 611 * if (rw_tryenter(OBJECT_RWLOCK(op), RW_WRITER) == 0) {
612 612 * mutex_exit(&container->c_objects_lock);
613 613 * container_rele(container);
614 614 * return (KMEM_CBRC_LATER);
615 615 * }
616 616 *
617 617 * object_move_impl(op, np); // critical section
618 618 * rw_exit(OBJECT_RWLOCK(op));
619 619 *
620 620 * op->o_container = (void *)((uintptr_t)op->o_container | 0x1);
621 621 * list_link_replace(&op->o_link_node, &np->o_link_node);
622 622 * mutex_exit(&container->c_objects_lock);
623 623 * container_rele(container);
624 624 * return (KMEM_CBRC_YES);
625 625 * }
626 626 *
627 627 * Note that object_move() must invalidate the designated o_container pointer of
628 628 * the old object in the same way that object_free() does, since kmem will free
629 629 * the object in response to the KMEM_CBRC_YES return value.
630 630 *
631 631 * The lock order in object_move() differs from object_alloc(), which locks
632 632 * OBJECT_RWLOCK first and &container->c_objects_lock second, but as long as the
633 633 * callback uses rw_tryenter() (preventing the deadlock described earlier), it's
634 634 * not a problem. Holding the lock on the object list in the example above
635 635 * through the entire callback not only prevents the object from going away, it
636 636 * also allows you to lock the list elsewhere and know that none of its elements
637 637 * will move during iteration.
638 638 *
639 639 * Adding an explicit hold everywhere an object from the cache is used is tricky
640 640 * and involves much more change to client code than a cache-specific solution
641 641 * that leverages existing state to decide whether or not an object is
642 642 * movable. However, this approach has the advantage that no object remains
643 643 * immovable for any significant length of time, making it extremely unlikely
644 644 * that long-lived allocations can continue holding slabs hostage; and it works
645 645 * for any cache.
646 646 *
647 647 * 3. Consolidator Implementation
648 648 *
649 649 * Once the client supplies a move function that a) recognizes known objects and
650 650 * b) avoids moving objects that are actively in use, the remaining work is up
651 651 * to the consolidator to decide which objects to move and when to issue
652 652 * callbacks.
653 653 *
654 654 * The consolidator relies on the fact that a cache's slabs are ordered by
655 655 * usage. Each slab has a fixed number of objects. Depending on the slab's
656 656 * "color" (the offset of the first object from the beginning of the slab;
657 657 * offsets are staggered to mitigate false sharing of cache lines) it is either
658 658 * the maximum number of objects per slab determined at cache creation time or
659 659 * else the number closest to the maximum that fits within the space remaining
660 660 * after the initial offset. A completely allocated slab may contribute some
661 661 * internal fragmentation (per-slab overhead) but no external fragmentation, so
662 662 * it is of no interest to the consolidator. At the other extreme, slabs whose
663 663 * objects have all been freed to the slab are released to the virtual memory
664 664 * (VM) subsystem (objects freed to magazines are still allocated as far as the
665 665 * slab is concerned). External fragmentation exists when there are slabs
666 666 * somewhere between these extremes. A partial slab has at least one but not all
667 667 * of its objects allocated. The more partial slabs, and the fewer allocated
668 668 * objects on each of them, the higher the fragmentation. Hence the
669 669 * consolidator's overall strategy is to reduce the number of partial slabs by
670 670 * moving allocated objects from the least allocated slabs to the most allocated
671 671 * slabs.
672 672 *
673 673 * Partial slabs are kept in an AVL tree ordered by usage. Completely allocated
674 674 * slabs are kept separately in an unordered list. Since the majority of slabs
675 675 * tend to be completely allocated (a typical unfragmented cache may have
676 676 * thousands of complete slabs and only a single partial slab), separating
677 677 * complete slabs improves the efficiency of partial slab ordering, since the
678 678 * complete slabs do not affect the depth or balance of the AVL tree. This
679 679 * ordered sequence of partial slabs acts as a "free list" supplying objects for
680 680 * allocation requests.
681 681 *
682 682 * Objects are always allocated from the first partial slab in the free list,
683 683 * where the allocation is most likely to eliminate a partial slab (by
684 684 * completely allocating it). Conversely, when a single object from a completely
685 685 * allocated slab is freed to the slab, that slab is added to the front of the
686 686 * free list. Since most free list activity involves highly allocated slabs
687 687 * coming and going at the front of the list, slabs tend naturally toward the
688 688 * ideal order: highly allocated at the front, sparsely allocated at the back.
689 689 * Slabs with few allocated objects are likely to become completely free if they
690 690 * keep a safe distance away from the front of the free list. Slab misorders
691 691 * interfere with the natural tendency of slabs to become completely free or
692 692 * completely allocated. For example, a slab with a single allocated object
693 693 * needs only a single free to escape the cache; its natural desire is
694 694 * frustrated when it finds itself at the front of the list where a second
695 695 * allocation happens just before the free could have released it. Another slab
696 696 * with all but one object allocated might have supplied the buffer instead, so
697 697 * that both (as opposed to neither) of the slabs would have been taken off the
698 698 * free list.
699 699 *
700 700 * Although slabs tend naturally toward the ideal order, misorders allowed by a
701 701 * simple list implementation defeat the consolidator's strategy of merging
702 702 * least- and most-allocated slabs. Without an AVL tree to guarantee order, kmem
703 703 * needs another way to fix misorders to optimize its callback strategy. One
704 704 * approach is to periodically scan a limited number of slabs, advancing a
705 705 * marker to hold the current scan position, and to move extreme misorders to
706 706 * the front or back of the free list and to the front or back of the current
707 707 * scan range. By making consecutive scan ranges overlap by one slab, the least
708 708 * allocated slab in the current range can be carried along from the end of one
709 709 * scan to the start of the next.
710 710 *
711 711 * Maintaining partial slabs in an AVL tree relieves kmem of this additional
712 712 * task, however. Since most of the cache's activity is in the magazine layer,
713 713 * and allocations from the slab layer represent only a startup cost, the
714 714 * overhead of maintaining a balanced tree is not a significant concern compared
715 715 * to the opportunity of reducing complexity by eliminating the partial slab
716 716 * scanner just described. The overhead of an AVL tree is minimized by
717 717 * maintaining only partial slabs in the tree and keeping completely allocated
718 718 * slabs separately in a list. To avoid increasing the size of the slab
719 719 * structure the AVL linkage pointers are reused for the slab's list linkage,
720 720 * since the slab will always be either partial or complete, never stored both
721 721 * ways at the same time. To further minimize the overhead of the AVL tree the
722 722 * compare function that orders partial slabs by usage divides the range of
723 723 * allocated object counts into bins such that counts within the same bin are
724 724 * considered equal. Binning partial slabs makes it less likely that allocating
725 725 * or freeing a single object will change the slab's order, requiring a tree
726 726 * reinsertion (an avl_remove() followed by an avl_add(), both potentially
727 727 * requiring some rebalancing of the tree). Allocation counts closest to
728 728 * completely free and completely allocated are left unbinned (finely sorted) to
729 729 * better support the consolidator's strategy of merging slabs at either
730 730 * extreme.
731 731 *
732 732 * 3.1 Assessing Fragmentation and Selecting Candidate Slabs
733 733 *
734 734 * The consolidator piggybacks on the kmem maintenance thread and is called on
735 735 * the same interval as kmem_cache_update(), once per cache every fifteen
736 736 * seconds. kmem maintains a running count of unallocated objects in the slab
737 737 * layer (cache_bufslab). The consolidator checks whether that number exceeds
738 738 * 12.5% (1/8) of the total objects in the cache (cache_buftotal), and whether
739 739 * there is a significant number of slabs in the cache (arbitrarily a minimum
740 740 * 101 total slabs). Unused objects that have fallen out of the magazine layer's
741 741 * working set are included in the assessment, and magazines in the depot are
742 742 * reaped if those objects would lift cache_bufslab above the fragmentation
743 743 * threshold. Once the consolidator decides that a cache is fragmented, it looks
744 744 * for a candidate slab to reclaim, starting at the end of the partial slab free
745 745 * list and scanning backwards. At first the consolidator is choosy: only a slab
746 746 * with fewer than 12.5% (1/8) of its objects allocated qualifies (or else a
747 747 * single allocated object, regardless of percentage). If there is difficulty
748 748 * finding a candidate slab, kmem raises the allocation threshold incrementally,
749 749 * up to a maximum 87.5% (7/8), so that eventually the consolidator will reduce
750 750 * external fragmentation (unused objects on the free list) below 12.5% (1/8),
751 751 * even in the worst case of every slab in the cache being almost 7/8 allocated.
752 752 * The threshold can also be lowered incrementally when candidate slabs are easy
753 753 * to find, and the threshold is reset to the minimum 1/8 as soon as the cache
754 754 * is no longer fragmented.
755 755 *
756 756 * 3.2 Generating Callbacks
757 757 *
758 758 * Once an eligible slab is chosen, a callback is generated for every allocated
759 759 * object on the slab, in the hope that the client will move everything off the
760 760 * slab and make it reclaimable. Objects selected as move destinations are
761 761 * chosen from slabs at the front of the free list. Assuming slabs in the ideal
762 762 * order (most allocated at the front, least allocated at the back) and a
763 763 * cooperative client, the consolidator will succeed in removing slabs from both
764 764 * ends of the free list, completely allocating on the one hand and completely
765 765 * freeing on the other. Objects selected as move destinations are allocated in
766 766 * the kmem maintenance thread where move requests are enqueued. A separate
767 767 * callback thread removes pending callbacks from the queue and calls the
768 768 * client. The separate thread ensures that client code (the move function) does
769 769 * not interfere with internal kmem maintenance tasks. A map of pending
770 770 * callbacks keyed by object address (the object to be moved) is checked to
771 771 * ensure that duplicate callbacks are not generated for the same object.
772 772 * Allocating the move destination (the object to move to) prevents subsequent
773 773 * callbacks from selecting the same destination as an earlier pending callback.
774 774 *
775 775 * Move requests can also be generated by kmem_cache_reap() when the system is
776 776 * desperate for memory and by kmem_cache_move_notify(), called by the client to
777 777 * notify kmem that a move refused earlier with KMEM_CBRC_LATER is now possible.
778 778 * The map of pending callbacks is protected by the same lock that protects the
779 779 * slab layer.
780 780 *
781 781 * When the system is desperate for memory, kmem does not bother to determine
782 782 * whether or not the cache exceeds the fragmentation threshold, but tries to
783 783 * consolidate as many slabs as possible. Normally, the consolidator chews
784 784 * slowly, one sparsely allocated slab at a time during each maintenance
785 785 * interval that the cache is fragmented. When desperate, the consolidator
786 786 * starts at the last partial slab and enqueues callbacks for every allocated
787 787 * object on every partial slab, working backwards until it reaches the first
788 788 * partial slab. The first partial slab, meanwhile, advances in pace with the
789 789 * consolidator as allocations to supply move destinations for the enqueued
790 790 * callbacks use up the highly allocated slabs at the front of the free list.
791 791 * Ideally, the overgrown free list collapses like an accordion, starting at
792 792 * both ends and ending at the center with a single partial slab.
793 793 *
794 794 * 3.3 Client Responses
795 795 *
796 796 * When the client returns KMEM_CBRC_NO in response to the move callback, kmem
797 797 * marks the slab that supplied the stuck object non-reclaimable and moves it to
798 798 * front of the free list. The slab remains marked as long as it remains on the
799 799 * free list, and it appears more allocated to the partial slab compare function
800 800 * than any unmarked slab, no matter how many of its objects are allocated.
801 801 * Since even one immovable object ties up the entire slab, the goal is to
802 802 * completely allocate any slab that cannot be completely freed. kmem does not
803 803 * bother generating callbacks to move objects from a marked slab unless the
804 804 * system is desperate.
805 805 *
806 806 * When the client responds KMEM_CBRC_LATER, kmem increments a count for the
807 807 * slab. If the client responds LATER too many times, kmem disbelieves and
808 808 * treats the response as a NO. The count is cleared when the slab is taken off
809 809 * the partial slab list or when the client moves one of the slab's objects.
810 810 *
811 811 * 4. Observability
812 812 *
813 813 * A kmem cache's external fragmentation is best observed with 'mdb -k' using
814 814 * the ::kmem_slabs dcmd. For a complete description of the command, enter
815 815 * '::help kmem_slabs' at the mdb prompt.
816 816 */
817 817
818 818 #include <sys/kmem_impl.h>
819 819 #include <sys/vmem_impl.h>
820 820 #include <sys/param.h>
821 821 #include <sys/sysmacros.h>
822 822 #include <sys/vm.h>
823 823 #include <sys/proc.h>
824 824 #include <sys/tuneable.h>
825 825 #include <sys/systm.h>
826 826 #include <sys/cmn_err.h>
827 827 #include <sys/debug.h>
828 828 #include <sys/sdt.h>
829 829 #include <sys/mutex.h>
830 830 #include <sys/bitmap.h>
831 831 #include <sys/atomic.h>
832 832 #include <sys/kobj.h>
833 833 #include <sys/disp.h>
834 834 #include <vm/seg_kmem.h>
835 835 #include <sys/log.h>
836 836 #include <sys/callb.h>
837 837 #include <sys/taskq.h>
838 838 #include <sys/modctl.h>
839 839 #include <sys/reboot.h>
840 840 #include <sys/id32.h>
841 841 #include <sys/zone.h>
842 842 #include <sys/netstack.h>
843 843 #ifdef DEBUG
844 844 #include <sys/random.h>
845 845 #endif
846 846
847 847 extern void streams_msg_init(void);
848 848 extern int segkp_fromheap;
849 849 extern void segkp_cache_free(void);
850 850 extern int callout_init_done;
851 851
852 852 struct kmem_cache_kstat {
853 853 kstat_named_t kmc_buf_size;
854 854 kstat_named_t kmc_align;
855 855 kstat_named_t kmc_chunk_size;
856 856 kstat_named_t kmc_slab_size;
857 857 kstat_named_t kmc_alloc;
858 858 kstat_named_t kmc_alloc_fail;
859 859 kstat_named_t kmc_free;
860 860 kstat_named_t kmc_depot_alloc;
861 861 kstat_named_t kmc_depot_free;
862 862 kstat_named_t kmc_depot_contention;
863 863 kstat_named_t kmc_slab_alloc;
864 864 kstat_named_t kmc_slab_free;
865 865 kstat_named_t kmc_buf_constructed;
866 866 kstat_named_t kmc_buf_avail;
867 867 kstat_named_t kmc_buf_inuse;
868 868 kstat_named_t kmc_buf_total;
869 869 kstat_named_t kmc_buf_max;
870 870 kstat_named_t kmc_slab_create;
871 871 kstat_named_t kmc_slab_destroy;
872 872 kstat_named_t kmc_vmem_source;
873 873 kstat_named_t kmc_hash_size;
874 874 kstat_named_t kmc_hash_lookup_depth;
875 875 kstat_named_t kmc_hash_rescale;
876 876 kstat_named_t kmc_full_magazines;
877 877 kstat_named_t kmc_empty_magazines;
878 878 kstat_named_t kmc_magazine_size;
879 879 kstat_named_t kmc_reap; /* number of kmem_cache_reap() calls */
880 880 kstat_named_t kmc_defrag; /* attempts to defrag all partial slabs */
881 881 kstat_named_t kmc_scan; /* attempts to defrag one partial slab */
882 882 kstat_named_t kmc_move_callbacks; /* sum of yes, no, later, dn, dk */
883 883 kstat_named_t kmc_move_yes;
884 884 kstat_named_t kmc_move_no;
885 885 kstat_named_t kmc_move_later;
886 886 kstat_named_t kmc_move_dont_need;
887 887 kstat_named_t kmc_move_dont_know; /* obj unrecognized by client ... */
888 888 kstat_named_t kmc_move_hunt_found; /* ... but found in mag layer */
889 889 kstat_named_t kmc_move_slabs_freed; /* slabs freed by consolidator */
890 890 kstat_named_t kmc_move_reclaimable; /* buffers, if consolidator ran */
891 891 } kmem_cache_kstat = {
892 892 { "buf_size", KSTAT_DATA_UINT64 },
893 893 { "align", KSTAT_DATA_UINT64 },
894 894 { "chunk_size", KSTAT_DATA_UINT64 },
895 895 { "slab_size", KSTAT_DATA_UINT64 },
896 896 { "alloc", KSTAT_DATA_UINT64 },
897 897 { "alloc_fail", KSTAT_DATA_UINT64 },
898 898 { "free", KSTAT_DATA_UINT64 },
899 899 { "depot_alloc", KSTAT_DATA_UINT64 },
900 900 { "depot_free", KSTAT_DATA_UINT64 },
901 901 { "depot_contention", KSTAT_DATA_UINT64 },
902 902 { "slab_alloc", KSTAT_DATA_UINT64 },
903 903 { "slab_free", KSTAT_DATA_UINT64 },
904 904 { "buf_constructed", KSTAT_DATA_UINT64 },
905 905 { "buf_avail", KSTAT_DATA_UINT64 },
906 906 { "buf_inuse", KSTAT_DATA_UINT64 },
907 907 { "buf_total", KSTAT_DATA_UINT64 },
908 908 { "buf_max", KSTAT_DATA_UINT64 },
909 909 { "slab_create", KSTAT_DATA_UINT64 },
910 910 { "slab_destroy", KSTAT_DATA_UINT64 },
911 911 { "vmem_source", KSTAT_DATA_UINT64 },
912 912 { "hash_size", KSTAT_DATA_UINT64 },
913 913 { "hash_lookup_depth", KSTAT_DATA_UINT64 },
914 914 { "hash_rescale", KSTAT_DATA_UINT64 },
915 915 { "full_magazines", KSTAT_DATA_UINT64 },
916 916 { "empty_magazines", KSTAT_DATA_UINT64 },
917 917 { "magazine_size", KSTAT_DATA_UINT64 },
918 918 { "reap", KSTAT_DATA_UINT64 },
919 919 { "defrag", KSTAT_DATA_UINT64 },
920 920 { "scan", KSTAT_DATA_UINT64 },
921 921 { "move_callbacks", KSTAT_DATA_UINT64 },
922 922 { "move_yes", KSTAT_DATA_UINT64 },
923 923 { "move_no", KSTAT_DATA_UINT64 },
924 924 { "move_later", KSTAT_DATA_UINT64 },
925 925 { "move_dont_need", KSTAT_DATA_UINT64 },
926 926 { "move_dont_know", KSTAT_DATA_UINT64 },
927 927 { "move_hunt_found", KSTAT_DATA_UINT64 },
928 928 { "move_slabs_freed", KSTAT_DATA_UINT64 },
929 929 { "move_reclaimable", KSTAT_DATA_UINT64 },
930 930 };
931 931
932 932 static kmutex_t kmem_cache_kstat_lock;
933 933
934 934 /*
935 935 * The default set of caches to back kmem_alloc().
936 936 * These sizes should be reevaluated periodically.
937 937 *
938 938 * We want allocations that are multiples of the coherency granularity
939 939 * (64 bytes) to be satisfied from a cache which is a multiple of 64
940 940 * bytes, so that it will be 64-byte aligned. For all multiples of 64,
941 941 * the next kmem_cache_size greater than or equal to it must be a
942 942 * multiple of 64.
943 943 *
944 944 * We split the table into two sections: size <= 4k and size > 4k. This
945 945 * saves a lot of space and cache footprint in our cache tables.
946 946 */
947 947 static const int kmem_alloc_sizes[] = {
948 948 1 * 8,
949 949 2 * 8,
950 950 3 * 8,
951 951 4 * 8, 5 * 8, 6 * 8, 7 * 8,
952 952 4 * 16, 5 * 16, 6 * 16, 7 * 16,
953 953 4 * 32, 5 * 32, 6 * 32, 7 * 32,
954 954 4 * 64, 5 * 64, 6 * 64, 7 * 64,
955 955 4 * 128, 5 * 128, 6 * 128, 7 * 128,
956 956 P2ALIGN(8192 / 7, 64),
957 957 P2ALIGN(8192 / 6, 64),
958 958 P2ALIGN(8192 / 5, 64),
959 959 P2ALIGN(8192 / 4, 64),
960 960 P2ALIGN(8192 / 3, 64),
961 961 P2ALIGN(8192 / 2, 64),
962 962 };
963 963
964 964 static const int kmem_big_alloc_sizes[] = {
965 965 2 * 4096, 3 * 4096,
966 966 2 * 8192, 3 * 8192,
967 967 4 * 8192, 5 * 8192, 6 * 8192, 7 * 8192,
968 968 8 * 8192, 9 * 8192, 10 * 8192, 11 * 8192,
969 969 12 * 8192, 13 * 8192, 14 * 8192, 15 * 8192,
970 970 16 * 8192
971 971 };
972 972
973 973 #define KMEM_MAXBUF 4096
974 974 #define KMEM_BIG_MAXBUF_32BIT 32768
975 975 #define KMEM_BIG_MAXBUF 131072
976 976
977 977 #define KMEM_BIG_MULTIPLE 4096 /* big_alloc_sizes must be a multiple */
978 978 #define KMEM_BIG_SHIFT 12 /* lg(KMEM_BIG_MULTIPLE) */
979 979
980 980 static kmem_cache_t *kmem_alloc_table[KMEM_MAXBUF >> KMEM_ALIGN_SHIFT];
981 981 static kmem_cache_t *kmem_big_alloc_table[KMEM_BIG_MAXBUF >> KMEM_BIG_SHIFT];
982 982
983 983 #define KMEM_ALLOC_TABLE_MAX (KMEM_MAXBUF >> KMEM_ALIGN_SHIFT)
984 984 static size_t kmem_big_alloc_table_max = 0; /* # of filled elements */
985 985
986 986 static kmem_magtype_t kmem_magtype[] = {
987 987 { 1, 8, 3200, 65536 },
988 988 { 3, 16, 256, 32768 },
989 989 { 7, 32, 64, 16384 },
990 990 { 15, 64, 0, 8192 },
991 991 { 31, 64, 0, 4096 },
992 992 { 47, 64, 0, 2048 },
993 993 { 63, 64, 0, 1024 },
994 994 { 95, 64, 0, 512 },
995 995 { 143, 64, 0, 0 },
996 996 };
997 997
998 998 static uint32_t kmem_reaping;
999 999 static uint32_t kmem_reaping_idspace;
1000 1000
1001 1001 /*
1002 1002 * kmem tunables
1003 1003 */
|
↓ open down ↓ |
1003 lines elided |
↑ open up ↑ |
1004 1004 clock_t kmem_reap_interval; /* cache reaping rate [15 * HZ ticks] */
1005 1005 int kmem_depot_contention = 3; /* max failed tryenters per real interval */
1006 1006 pgcnt_t kmem_reapahead = 0; /* start reaping N pages before pageout */
1007 1007 int kmem_panic = 1; /* whether to panic on error */
1008 1008 int kmem_logging = 1; /* kmem_log_enter() override */
1009 1009 uint32_t kmem_mtbf = 0; /* mean time between failures [default: off] */
1010 1010 size_t kmem_transaction_log_size; /* transaction log size [2% of memory] */
1011 1011 size_t kmem_content_log_size; /* content log size [2% of memory] */
1012 1012 size_t kmem_failure_log_size; /* failure log [4 pages per CPU] */
1013 1013 size_t kmem_slab_log_size; /* slab create log [4 pages per CPU] */
1014 +size_t kmem_zerosized_log_size; /* zero-sized log [4 pages per CPU] */
1014 1015 size_t kmem_content_maxsave = 256; /* KMF_CONTENTS max bytes to log */
1015 1016 size_t kmem_lite_minsize = 0; /* minimum buffer size for KMF_LITE */
1016 1017 size_t kmem_lite_maxalign = 1024; /* maximum buffer alignment for KMF_LITE */
1017 1018 int kmem_lite_pcs = 4; /* number of PCs to store in KMF_LITE mode */
1018 1019 size_t kmem_maxverify; /* maximum bytes to inspect in debug routines */
1019 1020 size_t kmem_minfirewall; /* hardware-enforced redzone threshold */
1020 1021
1022 +#ifdef DEBUG
1023 +int kmem_warn_zerosized = 1; /* whether to warn on zero-sized KM_SLEEP */
1024 +#else
1025 +int kmem_warn_zerosized = 0; /* whether to warn on zero-sized KM_SLEEP */
1026 +#endif
1027 +
1028 +int kmem_panic_zerosized = 0; /* whether to panic on zero-sized KM_SLEEP */
1029 +
1021 1030 #ifdef _LP64
1022 1031 size_t kmem_max_cached = KMEM_BIG_MAXBUF; /* maximum kmem_alloc cache */
1023 1032 #else
1024 1033 size_t kmem_max_cached = KMEM_BIG_MAXBUF_32BIT; /* maximum kmem_alloc cache */
1025 1034 #endif
1026 1035
1027 1036 #ifdef DEBUG
1028 1037 int kmem_flags = KMF_AUDIT | KMF_DEADBEEF | KMF_REDZONE | KMF_CONTENTS;
1029 1038 #else
1030 1039 int kmem_flags = 0;
1031 1040 #endif
1032 1041 int kmem_ready;
1033 1042
1034 1043 static kmem_cache_t *kmem_slab_cache;
1035 1044 static kmem_cache_t *kmem_bufctl_cache;
1036 1045 static kmem_cache_t *kmem_bufctl_audit_cache;
1037 1046
1038 1047 static kmutex_t kmem_cache_lock; /* inter-cache linkage only */
1039 1048 static list_t kmem_caches;
1040 1049
1041 1050 static taskq_t *kmem_taskq;
1042 1051 static kmutex_t kmem_flags_lock;
1043 1052 static vmem_t *kmem_metadata_arena;
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
1044 1053 static vmem_t *kmem_msb_arena; /* arena for metadata caches */
1045 1054 static vmem_t *kmem_cache_arena;
1046 1055 static vmem_t *kmem_hash_arena;
1047 1056 static vmem_t *kmem_log_arena;
1048 1057 static vmem_t *kmem_oversize_arena;
1049 1058 static vmem_t *kmem_va_arena;
1050 1059 static vmem_t *kmem_default_arena;
1051 1060 static vmem_t *kmem_firewall_va_arena;
1052 1061 static vmem_t *kmem_firewall_arena;
1053 1062
1063 +static int kmem_zerosized; /* # of zero-sized allocs */
1064 +
1054 1065 /*
1055 1066 * kmem slab consolidator thresholds (tunables)
1056 1067 */
1057 1068 size_t kmem_frag_minslabs = 101; /* minimum total slabs */
1058 1069 size_t kmem_frag_numer = 1; /* free buffers (numerator) */
1059 1070 size_t kmem_frag_denom = KMEM_VOID_FRACTION; /* buffers (denominator) */
1060 1071 /*
1061 1072 * Maximum number of slabs from which to move buffers during a single
1062 1073 * maintenance interval while the system is not low on memory.
1063 1074 */
1064 1075 size_t kmem_reclaim_max_slabs = 1;
1065 1076 /*
1066 1077 * Number of slabs to scan backwards from the end of the partial slab list
1067 1078 * when searching for buffers to relocate.
1068 1079 */
1069 1080 size_t kmem_reclaim_scan_range = 12;
1070 1081
1071 1082 /* consolidator knobs */
1072 1083 boolean_t kmem_move_noreap;
1073 1084 boolean_t kmem_move_blocked;
1074 1085 boolean_t kmem_move_fulltilt;
1075 1086 boolean_t kmem_move_any_partial;
1076 1087
1077 1088 #ifdef DEBUG
1078 1089 /*
1079 1090 * kmem consolidator debug tunables:
1080 1091 * Ensure code coverage by occasionally running the consolidator even when the
1081 1092 * caches are not fragmented (they may never be). These intervals are mean time
1082 1093 * in cache maintenance intervals (kmem_cache_update).
1083 1094 */
1084 1095 uint32_t kmem_mtb_move = 60; /* defrag 1 slab (~15min) */
1085 1096 uint32_t kmem_mtb_reap = 1800; /* defrag all slabs (~7.5hrs) */
1086 1097 #endif /* DEBUG */
1087 1098
1088 1099 static kmem_cache_t *kmem_defrag_cache;
1089 1100 static kmem_cache_t *kmem_move_cache;
1090 1101 static taskq_t *kmem_move_taskq;
|
↓ open down ↓ |
27 lines elided |
↑ open up ↑ |
1091 1102
1092 1103 static void kmem_cache_scan(kmem_cache_t *);
1093 1104 static void kmem_cache_defrag(kmem_cache_t *);
1094 1105 static void kmem_slab_prefill(kmem_cache_t *, kmem_slab_t *);
1095 1106
1096 1107
1097 1108 kmem_log_header_t *kmem_transaction_log;
1098 1109 kmem_log_header_t *kmem_content_log;
1099 1110 kmem_log_header_t *kmem_failure_log;
1100 1111 kmem_log_header_t *kmem_slab_log;
1112 +kmem_log_header_t *kmem_zerosized_log;
1101 1113
1102 1114 static int kmem_lite_count; /* # of PCs in kmem_buftag_lite_t */
1103 1115
1104 1116 #define KMEM_BUFTAG_LITE_ENTER(bt, count, caller) \
1105 1117 if ((count) > 0) { \
1106 1118 pc_t *_s = ((kmem_buftag_lite_t *)(bt))->bt_history; \
1107 1119 pc_t *_e; \
1108 1120 /* memmove() the old entries down one notch */ \
1109 1121 for (_e = &_s[(count) - 1]; _e > _s; _e--) \
1110 1122 *_e = *(_e - 1); \
1111 1123 *_s = (uintptr_t)(caller); \
1112 1124 }
1113 1125
1114 1126 #define KMERR_MODIFIED 0 /* buffer modified while on freelist */
1115 1127 #define KMERR_REDZONE 1 /* redzone violation (write past end of buf) */
1116 1128 #define KMERR_DUPFREE 2 /* freed a buffer twice */
1117 1129 #define KMERR_BADADDR 3 /* freed a bad (unallocated) address */
1118 1130 #define KMERR_BADBUFTAG 4 /* buftag corrupted */
1119 1131 #define KMERR_BADBUFCTL 5 /* bufctl corrupted */
1120 1132 #define KMERR_BADCACHE 6 /* freed a buffer to the wrong cache */
1121 1133 #define KMERR_BADSIZE 7 /* alloc size != free size */
1122 1134 #define KMERR_BADBASE 8 /* buffer base address wrong */
1123 1135
1124 1136 struct {
1125 1137 hrtime_t kmp_timestamp; /* timestamp of panic */
1126 1138 int kmp_error; /* type of kmem error */
1127 1139 void *kmp_buffer; /* buffer that induced panic */
1128 1140 void *kmp_realbuf; /* real start address for buffer */
1129 1141 kmem_cache_t *kmp_cache; /* buffer's cache according to client */
1130 1142 kmem_cache_t *kmp_realcache; /* actual cache containing buffer */
1131 1143 kmem_slab_t *kmp_slab; /* slab accoring to kmem_findslab() */
1132 1144 kmem_bufctl_t *kmp_bufctl; /* bufctl */
1133 1145 } kmem_panic_info;
1134 1146
1135 1147
1136 1148 static void
1137 1149 copy_pattern(uint64_t pattern, void *buf_arg, size_t size)
1138 1150 {
1139 1151 uint64_t *bufend = (uint64_t *)((char *)buf_arg + size);
1140 1152 uint64_t *buf = buf_arg;
1141 1153
1142 1154 while (buf < bufend)
1143 1155 *buf++ = pattern;
1144 1156 }
1145 1157
1146 1158 static void *
1147 1159 verify_pattern(uint64_t pattern, void *buf_arg, size_t size)
1148 1160 {
1149 1161 uint64_t *bufend = (uint64_t *)((char *)buf_arg + size);
1150 1162 uint64_t *buf;
1151 1163
1152 1164 for (buf = buf_arg; buf < bufend; buf++)
1153 1165 if (*buf != pattern)
1154 1166 return (buf);
1155 1167 return (NULL);
1156 1168 }
1157 1169
1158 1170 static void *
1159 1171 verify_and_copy_pattern(uint64_t old, uint64_t new, void *buf_arg, size_t size)
1160 1172 {
1161 1173 uint64_t *bufend = (uint64_t *)((char *)buf_arg + size);
1162 1174 uint64_t *buf;
1163 1175
1164 1176 for (buf = buf_arg; buf < bufend; buf++) {
1165 1177 if (*buf != old) {
1166 1178 copy_pattern(old, buf_arg,
1167 1179 (char *)buf - (char *)buf_arg);
1168 1180 return (buf);
1169 1181 }
1170 1182 *buf = new;
1171 1183 }
1172 1184
1173 1185 return (NULL);
1174 1186 }
1175 1187
1176 1188 static void
1177 1189 kmem_cache_applyall(void (*func)(kmem_cache_t *), taskq_t *tq, int tqflag)
1178 1190 {
1179 1191 kmem_cache_t *cp;
1180 1192
1181 1193 mutex_enter(&kmem_cache_lock);
1182 1194 for (cp = list_head(&kmem_caches); cp != NULL;
1183 1195 cp = list_next(&kmem_caches, cp))
1184 1196 if (tq != NULL)
1185 1197 (void) taskq_dispatch(tq, (task_func_t *)func, cp,
1186 1198 tqflag);
1187 1199 else
1188 1200 func(cp);
1189 1201 mutex_exit(&kmem_cache_lock);
1190 1202 }
1191 1203
1192 1204 static void
1193 1205 kmem_cache_applyall_id(void (*func)(kmem_cache_t *), taskq_t *tq, int tqflag)
1194 1206 {
1195 1207 kmem_cache_t *cp;
1196 1208
1197 1209 mutex_enter(&kmem_cache_lock);
1198 1210 for (cp = list_head(&kmem_caches); cp != NULL;
1199 1211 cp = list_next(&kmem_caches, cp)) {
1200 1212 if (!(cp->cache_cflags & KMC_IDENTIFIER))
1201 1213 continue;
1202 1214 if (tq != NULL)
1203 1215 (void) taskq_dispatch(tq, (task_func_t *)func, cp,
1204 1216 tqflag);
1205 1217 else
1206 1218 func(cp);
1207 1219 }
1208 1220 mutex_exit(&kmem_cache_lock);
1209 1221 }
1210 1222
1211 1223 /*
1212 1224 * Debugging support. Given a buffer address, find its slab.
1213 1225 */
1214 1226 static kmem_slab_t *
1215 1227 kmem_findslab(kmem_cache_t *cp, void *buf)
1216 1228 {
1217 1229 kmem_slab_t *sp;
1218 1230
1219 1231 mutex_enter(&cp->cache_lock);
1220 1232 for (sp = list_head(&cp->cache_complete_slabs); sp != NULL;
1221 1233 sp = list_next(&cp->cache_complete_slabs, sp)) {
1222 1234 if (KMEM_SLAB_MEMBER(sp, buf)) {
1223 1235 mutex_exit(&cp->cache_lock);
1224 1236 return (sp);
1225 1237 }
1226 1238 }
1227 1239 for (sp = avl_first(&cp->cache_partial_slabs); sp != NULL;
1228 1240 sp = AVL_NEXT(&cp->cache_partial_slabs, sp)) {
1229 1241 if (KMEM_SLAB_MEMBER(sp, buf)) {
1230 1242 mutex_exit(&cp->cache_lock);
1231 1243 return (sp);
1232 1244 }
1233 1245 }
1234 1246 mutex_exit(&cp->cache_lock);
1235 1247
1236 1248 return (NULL);
1237 1249 }
1238 1250
1239 1251 static void
1240 1252 kmem_error(int error, kmem_cache_t *cparg, void *bufarg)
1241 1253 {
1242 1254 kmem_buftag_t *btp = NULL;
1243 1255 kmem_bufctl_t *bcp = NULL;
1244 1256 kmem_cache_t *cp = cparg;
1245 1257 kmem_slab_t *sp;
1246 1258 uint64_t *off;
1247 1259 void *buf = bufarg;
1248 1260
1249 1261 kmem_logging = 0; /* stop logging when a bad thing happens */
1250 1262
1251 1263 kmem_panic_info.kmp_timestamp = gethrtime();
1252 1264
1253 1265 sp = kmem_findslab(cp, buf);
1254 1266 if (sp == NULL) {
1255 1267 for (cp = list_tail(&kmem_caches); cp != NULL;
1256 1268 cp = list_prev(&kmem_caches, cp)) {
1257 1269 if ((sp = kmem_findslab(cp, buf)) != NULL)
1258 1270 break;
1259 1271 }
1260 1272 }
1261 1273
1262 1274 if (sp == NULL) {
1263 1275 cp = NULL;
1264 1276 error = KMERR_BADADDR;
1265 1277 } else {
1266 1278 if (cp != cparg)
1267 1279 error = KMERR_BADCACHE;
1268 1280 else
1269 1281 buf = (char *)bufarg - ((uintptr_t)bufarg -
1270 1282 (uintptr_t)sp->slab_base) % cp->cache_chunksize;
1271 1283 if (buf != bufarg)
1272 1284 error = KMERR_BADBASE;
1273 1285 if (cp->cache_flags & KMF_BUFTAG)
1274 1286 btp = KMEM_BUFTAG(cp, buf);
1275 1287 if (cp->cache_flags & KMF_HASH) {
1276 1288 mutex_enter(&cp->cache_lock);
1277 1289 for (bcp = *KMEM_HASH(cp, buf); bcp; bcp = bcp->bc_next)
1278 1290 if (bcp->bc_addr == buf)
1279 1291 break;
1280 1292 mutex_exit(&cp->cache_lock);
1281 1293 if (bcp == NULL && btp != NULL)
1282 1294 bcp = btp->bt_bufctl;
1283 1295 if (kmem_findslab(cp->cache_bufctl_cache, bcp) ==
1284 1296 NULL || P2PHASE((uintptr_t)bcp, KMEM_ALIGN) ||
1285 1297 bcp->bc_addr != buf) {
1286 1298 error = KMERR_BADBUFCTL;
1287 1299 bcp = NULL;
1288 1300 }
1289 1301 }
1290 1302 }
1291 1303
1292 1304 kmem_panic_info.kmp_error = error;
1293 1305 kmem_panic_info.kmp_buffer = bufarg;
1294 1306 kmem_panic_info.kmp_realbuf = buf;
1295 1307 kmem_panic_info.kmp_cache = cparg;
1296 1308 kmem_panic_info.kmp_realcache = cp;
1297 1309 kmem_panic_info.kmp_slab = sp;
1298 1310 kmem_panic_info.kmp_bufctl = bcp;
1299 1311
1300 1312 printf("kernel memory allocator: ");
1301 1313
1302 1314 switch (error) {
1303 1315
1304 1316 case KMERR_MODIFIED:
1305 1317 printf("buffer modified after being freed\n");
1306 1318 off = verify_pattern(KMEM_FREE_PATTERN, buf, cp->cache_verify);
1307 1319 if (off == NULL) /* shouldn't happen */
1308 1320 off = buf;
1309 1321 printf("modification occurred at offset 0x%lx "
1310 1322 "(0x%llx replaced by 0x%llx)\n",
1311 1323 (uintptr_t)off - (uintptr_t)buf,
1312 1324 (longlong_t)KMEM_FREE_PATTERN, (longlong_t)*off);
1313 1325 break;
1314 1326
1315 1327 case KMERR_REDZONE:
1316 1328 printf("redzone violation: write past end of buffer\n");
1317 1329 break;
1318 1330
1319 1331 case KMERR_BADADDR:
1320 1332 printf("invalid free: buffer not in cache\n");
1321 1333 break;
1322 1334
1323 1335 case KMERR_DUPFREE:
1324 1336 printf("duplicate free: buffer freed twice\n");
1325 1337 break;
1326 1338
1327 1339 case KMERR_BADBUFTAG:
1328 1340 printf("boundary tag corrupted\n");
1329 1341 printf("bcp ^ bxstat = %lx, should be %lx\n",
1330 1342 (intptr_t)btp->bt_bufctl ^ btp->bt_bxstat,
1331 1343 KMEM_BUFTAG_FREE);
1332 1344 break;
1333 1345
1334 1346 case KMERR_BADBUFCTL:
1335 1347 printf("bufctl corrupted\n");
1336 1348 break;
1337 1349
1338 1350 case KMERR_BADCACHE:
1339 1351 printf("buffer freed to wrong cache\n");
1340 1352 printf("buffer was allocated from %s,\n", cp->cache_name);
1341 1353 printf("caller attempting free to %s.\n", cparg->cache_name);
1342 1354 break;
1343 1355
1344 1356 case KMERR_BADSIZE:
1345 1357 printf("bad free: free size (%u) != alloc size (%u)\n",
1346 1358 KMEM_SIZE_DECODE(((uint32_t *)btp)[0]),
1347 1359 KMEM_SIZE_DECODE(((uint32_t *)btp)[1]));
1348 1360 break;
1349 1361
1350 1362 case KMERR_BADBASE:
1351 1363 printf("bad free: free address (%p) != alloc address (%p)\n",
1352 1364 bufarg, buf);
1353 1365 break;
1354 1366 }
1355 1367
1356 1368 printf("buffer=%p bufctl=%p cache: %s\n",
1357 1369 bufarg, (void *)bcp, cparg->cache_name);
1358 1370
1359 1371 if (bcp != NULL && (cp->cache_flags & KMF_AUDIT) &&
1360 1372 error != KMERR_BADBUFCTL) {
1361 1373 int d;
1362 1374 timestruc_t ts;
1363 1375 kmem_bufctl_audit_t *bcap = (kmem_bufctl_audit_t *)bcp;
1364 1376
1365 1377 hrt2ts(kmem_panic_info.kmp_timestamp - bcap->bc_timestamp, &ts);
1366 1378 printf("previous transaction on buffer %p:\n", buf);
1367 1379 printf("thread=%p time=T-%ld.%09ld slab=%p cache: %s\n",
1368 1380 (void *)bcap->bc_thread, ts.tv_sec, ts.tv_nsec,
1369 1381 (void *)sp, cp->cache_name);
1370 1382 for (d = 0; d < MIN(bcap->bc_depth, KMEM_STACK_DEPTH); d++) {
1371 1383 ulong_t off;
1372 1384 char *sym = kobj_getsymname(bcap->bc_stack[d], &off);
1373 1385 printf("%s+%lx\n", sym ? sym : "?", off);
1374 1386 }
1375 1387 }
1376 1388 if (kmem_panic > 0)
1377 1389 panic("kernel heap corruption detected");
1378 1390 if (kmem_panic == 0)
1379 1391 debug_enter(NULL);
1380 1392 kmem_logging = 1; /* resume logging */
1381 1393 }
1382 1394
1383 1395 static kmem_log_header_t *
1384 1396 kmem_log_init(size_t logsize)
1385 1397 {
1386 1398 kmem_log_header_t *lhp;
1387 1399 int nchunks = 4 * max_ncpus;
1388 1400 size_t lhsize = (size_t)&((kmem_log_header_t *)0)->lh_cpu[max_ncpus];
1389 1401 int i;
1390 1402
1391 1403 /*
1392 1404 * Make sure that lhp->lh_cpu[] is nicely aligned
1393 1405 * to prevent false sharing of cache lines.
1394 1406 */
1395 1407 lhsize = P2ROUNDUP(lhsize, KMEM_ALIGN);
1396 1408 lhp = vmem_xalloc(kmem_log_arena, lhsize, 64, P2NPHASE(lhsize, 64), 0,
1397 1409 NULL, NULL, VM_SLEEP);
1398 1410 bzero(lhp, lhsize);
1399 1411
1400 1412 mutex_init(&lhp->lh_lock, NULL, MUTEX_DEFAULT, NULL);
1401 1413 lhp->lh_nchunks = nchunks;
1402 1414 lhp->lh_chunksize = P2ROUNDUP(logsize / nchunks + 1, PAGESIZE);
1403 1415 lhp->lh_base = vmem_alloc(kmem_log_arena,
1404 1416 lhp->lh_chunksize * nchunks, VM_SLEEP);
1405 1417 lhp->lh_free = vmem_alloc(kmem_log_arena,
1406 1418 nchunks * sizeof (int), VM_SLEEP);
1407 1419 bzero(lhp->lh_base, lhp->lh_chunksize * nchunks);
1408 1420
1409 1421 for (i = 0; i < max_ncpus; i++) {
1410 1422 kmem_cpu_log_header_t *clhp = &lhp->lh_cpu[i];
1411 1423 mutex_init(&clhp->clh_lock, NULL, MUTEX_DEFAULT, NULL);
1412 1424 clhp->clh_chunk = i;
1413 1425 }
1414 1426
1415 1427 for (i = max_ncpus; i < nchunks; i++)
1416 1428 lhp->lh_free[i] = i;
1417 1429
1418 1430 lhp->lh_head = max_ncpus;
1419 1431 lhp->lh_tail = 0;
1420 1432
1421 1433 return (lhp);
1422 1434 }
1423 1435
1424 1436 static void *
1425 1437 kmem_log_enter(kmem_log_header_t *lhp, void *data, size_t size)
1426 1438 {
1427 1439 void *logspace;
1428 1440 kmem_cpu_log_header_t *clhp;
1429 1441
1430 1442 if (lhp == NULL || kmem_logging == 0 || panicstr)
1431 1443 return (NULL);
1432 1444
1433 1445 clhp = &lhp->lh_cpu[CPU->cpu_seqid];
1434 1446
1435 1447 mutex_enter(&clhp->clh_lock);
1436 1448 clhp->clh_hits++;
1437 1449 if (size > clhp->clh_avail) {
1438 1450 mutex_enter(&lhp->lh_lock);
1439 1451 lhp->lh_hits++;
1440 1452 lhp->lh_free[lhp->lh_tail] = clhp->clh_chunk;
1441 1453 lhp->lh_tail = (lhp->lh_tail + 1) % lhp->lh_nchunks;
1442 1454 clhp->clh_chunk = lhp->lh_free[lhp->lh_head];
1443 1455 lhp->lh_head = (lhp->lh_head + 1) % lhp->lh_nchunks;
1444 1456 clhp->clh_current = lhp->lh_base +
1445 1457 clhp->clh_chunk * lhp->lh_chunksize;
1446 1458 clhp->clh_avail = lhp->lh_chunksize;
1447 1459 if (size > lhp->lh_chunksize)
1448 1460 size = lhp->lh_chunksize;
1449 1461 mutex_exit(&lhp->lh_lock);
1450 1462 }
1451 1463 logspace = clhp->clh_current;
1452 1464 clhp->clh_current += size;
1453 1465 clhp->clh_avail -= size;
1454 1466 bcopy(data, logspace, size);
1455 1467 mutex_exit(&clhp->clh_lock);
1456 1468 return (logspace);
1457 1469 }
1458 1470
1459 1471 #define KMEM_AUDIT(lp, cp, bcp) \
1460 1472 { \
1461 1473 kmem_bufctl_audit_t *_bcp = (kmem_bufctl_audit_t *)(bcp); \
1462 1474 _bcp->bc_timestamp = gethrtime(); \
1463 1475 _bcp->bc_thread = curthread; \
1464 1476 _bcp->bc_depth = getpcstack(_bcp->bc_stack, KMEM_STACK_DEPTH); \
1465 1477 _bcp->bc_lastlog = kmem_log_enter((lp), _bcp, sizeof (*_bcp)); \
1466 1478 }
1467 1479
1468 1480 static void
1469 1481 kmem_log_event(kmem_log_header_t *lp, kmem_cache_t *cp,
1470 1482 kmem_slab_t *sp, void *addr)
1471 1483 {
1472 1484 kmem_bufctl_audit_t bca;
1473 1485
1474 1486 bzero(&bca, sizeof (kmem_bufctl_audit_t));
1475 1487 bca.bc_addr = addr;
1476 1488 bca.bc_slab = sp;
1477 1489 bca.bc_cache = cp;
1478 1490 KMEM_AUDIT(lp, cp, &bca);
1479 1491 }
1480 1492
1481 1493 /*
1482 1494 * Create a new slab for cache cp.
1483 1495 */
1484 1496 static kmem_slab_t *
1485 1497 kmem_slab_create(kmem_cache_t *cp, int kmflag)
1486 1498 {
1487 1499 size_t slabsize = cp->cache_slabsize;
1488 1500 size_t chunksize = cp->cache_chunksize;
1489 1501 int cache_flags = cp->cache_flags;
1490 1502 size_t color, chunks;
1491 1503 char *buf, *slab;
1492 1504 kmem_slab_t *sp;
1493 1505 kmem_bufctl_t *bcp;
1494 1506 vmem_t *vmp = cp->cache_arena;
1495 1507
1496 1508 ASSERT(MUTEX_NOT_HELD(&cp->cache_lock));
1497 1509
1498 1510 color = cp->cache_color + cp->cache_align;
1499 1511 if (color > cp->cache_maxcolor)
1500 1512 color = cp->cache_mincolor;
1501 1513 cp->cache_color = color;
1502 1514
1503 1515 slab = vmem_alloc(vmp, slabsize, kmflag & KM_VMFLAGS);
1504 1516
1505 1517 if (slab == NULL)
1506 1518 goto vmem_alloc_failure;
1507 1519
1508 1520 ASSERT(P2PHASE((uintptr_t)slab, vmp->vm_quantum) == 0);
1509 1521
1510 1522 /*
1511 1523 * Reverify what was already checked in kmem_cache_set_move(), since the
1512 1524 * consolidator depends (for correctness) on slabs being initialized
1513 1525 * with the 0xbaddcafe memory pattern (setting a low order bit usable by
1514 1526 * clients to distinguish uninitialized memory from known objects).
1515 1527 */
1516 1528 ASSERT((cp->cache_move == NULL) || !(cp->cache_cflags & KMC_NOTOUCH));
1517 1529 if (!(cp->cache_cflags & KMC_NOTOUCH))
1518 1530 copy_pattern(KMEM_UNINITIALIZED_PATTERN, slab, slabsize);
1519 1531
1520 1532 if (cache_flags & KMF_HASH) {
1521 1533 if ((sp = kmem_cache_alloc(kmem_slab_cache, kmflag)) == NULL)
1522 1534 goto slab_alloc_failure;
1523 1535 chunks = (slabsize - color) / chunksize;
1524 1536 } else {
1525 1537 sp = KMEM_SLAB(cp, slab);
1526 1538 chunks = (slabsize - sizeof (kmem_slab_t) - color) / chunksize;
1527 1539 }
1528 1540
1529 1541 sp->slab_cache = cp;
1530 1542 sp->slab_head = NULL;
1531 1543 sp->slab_refcnt = 0;
1532 1544 sp->slab_base = buf = slab + color;
1533 1545 sp->slab_chunks = chunks;
1534 1546 sp->slab_stuck_offset = (uint32_t)-1;
1535 1547 sp->slab_later_count = 0;
1536 1548 sp->slab_flags = 0;
1537 1549
1538 1550 ASSERT(chunks > 0);
1539 1551 while (chunks-- != 0) {
1540 1552 if (cache_flags & KMF_HASH) {
1541 1553 bcp = kmem_cache_alloc(cp->cache_bufctl_cache, kmflag);
1542 1554 if (bcp == NULL)
1543 1555 goto bufctl_alloc_failure;
1544 1556 if (cache_flags & KMF_AUDIT) {
1545 1557 kmem_bufctl_audit_t *bcap =
1546 1558 (kmem_bufctl_audit_t *)bcp;
1547 1559 bzero(bcap, sizeof (kmem_bufctl_audit_t));
1548 1560 bcap->bc_cache = cp;
1549 1561 }
1550 1562 bcp->bc_addr = buf;
1551 1563 bcp->bc_slab = sp;
1552 1564 } else {
1553 1565 bcp = KMEM_BUFCTL(cp, buf);
1554 1566 }
1555 1567 if (cache_flags & KMF_BUFTAG) {
1556 1568 kmem_buftag_t *btp = KMEM_BUFTAG(cp, buf);
1557 1569 btp->bt_redzone = KMEM_REDZONE_PATTERN;
1558 1570 btp->bt_bufctl = bcp;
1559 1571 btp->bt_bxstat = (intptr_t)bcp ^ KMEM_BUFTAG_FREE;
1560 1572 if (cache_flags & KMF_DEADBEEF) {
1561 1573 copy_pattern(KMEM_FREE_PATTERN, buf,
1562 1574 cp->cache_verify);
1563 1575 }
1564 1576 }
1565 1577 bcp->bc_next = sp->slab_head;
1566 1578 sp->slab_head = bcp;
1567 1579 buf += chunksize;
1568 1580 }
1569 1581
1570 1582 kmem_log_event(kmem_slab_log, cp, sp, slab);
1571 1583
1572 1584 return (sp);
1573 1585
1574 1586 bufctl_alloc_failure:
1575 1587
1576 1588 while ((bcp = sp->slab_head) != NULL) {
1577 1589 sp->slab_head = bcp->bc_next;
1578 1590 kmem_cache_free(cp->cache_bufctl_cache, bcp);
1579 1591 }
1580 1592 kmem_cache_free(kmem_slab_cache, sp);
1581 1593
1582 1594 slab_alloc_failure:
1583 1595
1584 1596 vmem_free(vmp, slab, slabsize);
1585 1597
1586 1598 vmem_alloc_failure:
1587 1599
1588 1600 kmem_log_event(kmem_failure_log, cp, NULL, NULL);
1589 1601 atomic_inc_64(&cp->cache_alloc_fail);
1590 1602
1591 1603 return (NULL);
1592 1604 }
1593 1605
1594 1606 /*
1595 1607 * Destroy a slab.
1596 1608 */
1597 1609 static void
1598 1610 kmem_slab_destroy(kmem_cache_t *cp, kmem_slab_t *sp)
1599 1611 {
1600 1612 vmem_t *vmp = cp->cache_arena;
1601 1613 void *slab = (void *)P2ALIGN((uintptr_t)sp->slab_base, vmp->vm_quantum);
1602 1614
1603 1615 ASSERT(MUTEX_NOT_HELD(&cp->cache_lock));
1604 1616 ASSERT(sp->slab_refcnt == 0);
1605 1617
1606 1618 if (cp->cache_flags & KMF_HASH) {
1607 1619 kmem_bufctl_t *bcp;
1608 1620 while ((bcp = sp->slab_head) != NULL) {
1609 1621 sp->slab_head = bcp->bc_next;
1610 1622 kmem_cache_free(cp->cache_bufctl_cache, bcp);
1611 1623 }
1612 1624 kmem_cache_free(kmem_slab_cache, sp);
1613 1625 }
1614 1626 vmem_free(vmp, slab, cp->cache_slabsize);
1615 1627 }
1616 1628
1617 1629 static void *
1618 1630 kmem_slab_alloc_impl(kmem_cache_t *cp, kmem_slab_t *sp, boolean_t prefill)
1619 1631 {
1620 1632 kmem_bufctl_t *bcp, **hash_bucket;
1621 1633 void *buf;
1622 1634 boolean_t new_slab = (sp->slab_refcnt == 0);
1623 1635
1624 1636 ASSERT(MUTEX_HELD(&cp->cache_lock));
1625 1637 /*
1626 1638 * kmem_slab_alloc() drops cache_lock when it creates a new slab, so we
1627 1639 * can't ASSERT(avl_is_empty(&cp->cache_partial_slabs)) here when the
1628 1640 * slab is newly created.
1629 1641 */
1630 1642 ASSERT(new_slab || (KMEM_SLAB_IS_PARTIAL(sp) &&
1631 1643 (sp == avl_first(&cp->cache_partial_slabs))));
1632 1644 ASSERT(sp->slab_cache == cp);
1633 1645
1634 1646 cp->cache_slab_alloc++;
1635 1647 cp->cache_bufslab--;
1636 1648 sp->slab_refcnt++;
1637 1649
1638 1650 bcp = sp->slab_head;
1639 1651 sp->slab_head = bcp->bc_next;
1640 1652
1641 1653 if (cp->cache_flags & KMF_HASH) {
1642 1654 /*
1643 1655 * Add buffer to allocated-address hash table.
1644 1656 */
1645 1657 buf = bcp->bc_addr;
1646 1658 hash_bucket = KMEM_HASH(cp, buf);
1647 1659 bcp->bc_next = *hash_bucket;
1648 1660 *hash_bucket = bcp;
1649 1661 if ((cp->cache_flags & (KMF_AUDIT | KMF_BUFTAG)) == KMF_AUDIT) {
1650 1662 KMEM_AUDIT(kmem_transaction_log, cp, bcp);
1651 1663 }
1652 1664 } else {
1653 1665 buf = KMEM_BUF(cp, bcp);
1654 1666 }
1655 1667
1656 1668 ASSERT(KMEM_SLAB_MEMBER(sp, buf));
1657 1669
1658 1670 if (sp->slab_head == NULL) {
1659 1671 ASSERT(KMEM_SLAB_IS_ALL_USED(sp));
1660 1672 if (new_slab) {
1661 1673 ASSERT(sp->slab_chunks == 1);
1662 1674 } else {
1663 1675 ASSERT(sp->slab_chunks > 1); /* the slab was partial */
1664 1676 avl_remove(&cp->cache_partial_slabs, sp);
1665 1677 sp->slab_later_count = 0; /* clear history */
1666 1678 sp->slab_flags &= ~KMEM_SLAB_NOMOVE;
1667 1679 sp->slab_stuck_offset = (uint32_t)-1;
1668 1680 }
1669 1681 list_insert_head(&cp->cache_complete_slabs, sp);
1670 1682 cp->cache_complete_slab_count++;
1671 1683 return (buf);
1672 1684 }
1673 1685
1674 1686 ASSERT(KMEM_SLAB_IS_PARTIAL(sp));
1675 1687 /*
1676 1688 * Peek to see if the magazine layer is enabled before
1677 1689 * we prefill. We're not holding the cpu cache lock,
1678 1690 * so the peek could be wrong, but there's no harm in it.
1679 1691 */
1680 1692 if (new_slab && prefill && (cp->cache_flags & KMF_PREFILL) &&
1681 1693 (KMEM_CPU_CACHE(cp)->cc_magsize != 0)) {
1682 1694 kmem_slab_prefill(cp, sp);
1683 1695 return (buf);
1684 1696 }
1685 1697
1686 1698 if (new_slab) {
1687 1699 avl_add(&cp->cache_partial_slabs, sp);
1688 1700 return (buf);
1689 1701 }
1690 1702
1691 1703 /*
1692 1704 * The slab is now more allocated than it was, so the
1693 1705 * order remains unchanged.
1694 1706 */
1695 1707 ASSERT(!avl_update(&cp->cache_partial_slabs, sp));
1696 1708 return (buf);
1697 1709 }
1698 1710
1699 1711 /*
1700 1712 * Allocate a raw (unconstructed) buffer from cp's slab layer.
1701 1713 */
1702 1714 static void *
1703 1715 kmem_slab_alloc(kmem_cache_t *cp, int kmflag)
1704 1716 {
1705 1717 kmem_slab_t *sp;
1706 1718 void *buf;
1707 1719 boolean_t test_destructor;
1708 1720
1709 1721 mutex_enter(&cp->cache_lock);
1710 1722 test_destructor = (cp->cache_slab_alloc == 0);
1711 1723 sp = avl_first(&cp->cache_partial_slabs);
1712 1724 if (sp == NULL) {
1713 1725 ASSERT(cp->cache_bufslab == 0);
1714 1726
1715 1727 /*
1716 1728 * The freelist is empty. Create a new slab.
1717 1729 */
1718 1730 mutex_exit(&cp->cache_lock);
1719 1731 if ((sp = kmem_slab_create(cp, kmflag)) == NULL) {
1720 1732 return (NULL);
1721 1733 }
1722 1734 mutex_enter(&cp->cache_lock);
1723 1735 cp->cache_slab_create++;
1724 1736 if ((cp->cache_buftotal += sp->slab_chunks) > cp->cache_bufmax)
1725 1737 cp->cache_bufmax = cp->cache_buftotal;
1726 1738 cp->cache_bufslab += sp->slab_chunks;
1727 1739 }
1728 1740
1729 1741 buf = kmem_slab_alloc_impl(cp, sp, B_TRUE);
1730 1742 ASSERT((cp->cache_slab_create - cp->cache_slab_destroy) ==
1731 1743 (cp->cache_complete_slab_count +
1732 1744 avl_numnodes(&cp->cache_partial_slabs) +
1733 1745 (cp->cache_defrag == NULL ? 0 : cp->cache_defrag->kmd_deadcount)));
1734 1746 mutex_exit(&cp->cache_lock);
1735 1747
1736 1748 if (test_destructor && cp->cache_destructor != NULL) {
1737 1749 /*
1738 1750 * On the first kmem_slab_alloc(), assert that it is valid to
1739 1751 * call the destructor on a newly constructed object without any
1740 1752 * client involvement.
1741 1753 */
1742 1754 if ((cp->cache_constructor == NULL) ||
1743 1755 cp->cache_constructor(buf, cp->cache_private,
1744 1756 kmflag) == 0) {
1745 1757 cp->cache_destructor(buf, cp->cache_private);
1746 1758 }
1747 1759 copy_pattern(KMEM_UNINITIALIZED_PATTERN, buf,
1748 1760 cp->cache_bufsize);
1749 1761 if (cp->cache_flags & KMF_DEADBEEF) {
1750 1762 copy_pattern(KMEM_FREE_PATTERN, buf, cp->cache_verify);
1751 1763 }
1752 1764 }
1753 1765
1754 1766 return (buf);
1755 1767 }
1756 1768
1757 1769 static void kmem_slab_move_yes(kmem_cache_t *, kmem_slab_t *, void *);
1758 1770
1759 1771 /*
1760 1772 * Free a raw (unconstructed) buffer to cp's slab layer.
1761 1773 */
1762 1774 static void
1763 1775 kmem_slab_free(kmem_cache_t *cp, void *buf)
1764 1776 {
1765 1777 kmem_slab_t *sp;
1766 1778 kmem_bufctl_t *bcp, **prev_bcpp;
1767 1779
1768 1780 ASSERT(buf != NULL);
1769 1781
1770 1782 mutex_enter(&cp->cache_lock);
1771 1783 cp->cache_slab_free++;
1772 1784
1773 1785 if (cp->cache_flags & KMF_HASH) {
1774 1786 /*
1775 1787 * Look up buffer in allocated-address hash table.
1776 1788 */
1777 1789 prev_bcpp = KMEM_HASH(cp, buf);
1778 1790 while ((bcp = *prev_bcpp) != NULL) {
1779 1791 if (bcp->bc_addr == buf) {
1780 1792 *prev_bcpp = bcp->bc_next;
1781 1793 sp = bcp->bc_slab;
1782 1794 break;
1783 1795 }
1784 1796 cp->cache_lookup_depth++;
1785 1797 prev_bcpp = &bcp->bc_next;
1786 1798 }
1787 1799 } else {
1788 1800 bcp = KMEM_BUFCTL(cp, buf);
1789 1801 sp = KMEM_SLAB(cp, buf);
1790 1802 }
1791 1803
1792 1804 if (bcp == NULL || sp->slab_cache != cp || !KMEM_SLAB_MEMBER(sp, buf)) {
1793 1805 mutex_exit(&cp->cache_lock);
1794 1806 kmem_error(KMERR_BADADDR, cp, buf);
1795 1807 return;
1796 1808 }
1797 1809
1798 1810 if (KMEM_SLAB_OFFSET(sp, buf) == sp->slab_stuck_offset) {
1799 1811 /*
1800 1812 * If this is the buffer that prevented the consolidator from
1801 1813 * clearing the slab, we can reset the slab flags now that the
1802 1814 * buffer is freed. (It makes sense to do this in
1803 1815 * kmem_cache_free(), where the client gives up ownership of the
1804 1816 * buffer, but on the hot path the test is too expensive.)
1805 1817 */
1806 1818 kmem_slab_move_yes(cp, sp, buf);
1807 1819 }
1808 1820
1809 1821 if ((cp->cache_flags & (KMF_AUDIT | KMF_BUFTAG)) == KMF_AUDIT) {
1810 1822 if (cp->cache_flags & KMF_CONTENTS)
1811 1823 ((kmem_bufctl_audit_t *)bcp)->bc_contents =
1812 1824 kmem_log_enter(kmem_content_log, buf,
1813 1825 cp->cache_contents);
1814 1826 KMEM_AUDIT(kmem_transaction_log, cp, bcp);
1815 1827 }
1816 1828
1817 1829 bcp->bc_next = sp->slab_head;
1818 1830 sp->slab_head = bcp;
1819 1831
1820 1832 cp->cache_bufslab++;
1821 1833 ASSERT(sp->slab_refcnt >= 1);
1822 1834
1823 1835 if (--sp->slab_refcnt == 0) {
1824 1836 /*
1825 1837 * There are no outstanding allocations from this slab,
1826 1838 * so we can reclaim the memory.
1827 1839 */
1828 1840 if (sp->slab_chunks == 1) {
1829 1841 list_remove(&cp->cache_complete_slabs, sp);
1830 1842 cp->cache_complete_slab_count--;
1831 1843 } else {
1832 1844 avl_remove(&cp->cache_partial_slabs, sp);
1833 1845 }
1834 1846
1835 1847 cp->cache_buftotal -= sp->slab_chunks;
1836 1848 cp->cache_bufslab -= sp->slab_chunks;
1837 1849 /*
1838 1850 * Defer releasing the slab to the virtual memory subsystem
1839 1851 * while there is a pending move callback, since we guarantee
1840 1852 * that buffers passed to the move callback have only been
1841 1853 * touched by kmem or by the client itself. Since the memory
1842 1854 * patterns baddcafe (uninitialized) and deadbeef (freed) both
1843 1855 * set at least one of the two lowest order bits, the client can
1844 1856 * test those bits in the move callback to determine whether or
1845 1857 * not it knows about the buffer (assuming that the client also
1846 1858 * sets one of those low order bits whenever it frees a buffer).
1847 1859 */
1848 1860 if (cp->cache_defrag == NULL ||
1849 1861 (avl_is_empty(&cp->cache_defrag->kmd_moves_pending) &&
1850 1862 !(sp->slab_flags & KMEM_SLAB_MOVE_PENDING))) {
1851 1863 cp->cache_slab_destroy++;
1852 1864 mutex_exit(&cp->cache_lock);
1853 1865 kmem_slab_destroy(cp, sp);
1854 1866 } else {
1855 1867 list_t *deadlist = &cp->cache_defrag->kmd_deadlist;
1856 1868 /*
1857 1869 * Slabs are inserted at both ends of the deadlist to
1858 1870 * distinguish between slabs freed while move callbacks
1859 1871 * are pending (list head) and a slab freed while the
1860 1872 * lock is dropped in kmem_move_buffers() (list tail) so
1861 1873 * that in both cases slab_destroy() is called from the
1862 1874 * right context.
1863 1875 */
1864 1876 if (sp->slab_flags & KMEM_SLAB_MOVE_PENDING) {
1865 1877 list_insert_tail(deadlist, sp);
1866 1878 } else {
1867 1879 list_insert_head(deadlist, sp);
1868 1880 }
1869 1881 cp->cache_defrag->kmd_deadcount++;
1870 1882 mutex_exit(&cp->cache_lock);
1871 1883 }
1872 1884 return;
1873 1885 }
1874 1886
1875 1887 if (bcp->bc_next == NULL) {
1876 1888 /* Transition the slab from completely allocated to partial. */
1877 1889 ASSERT(sp->slab_refcnt == (sp->slab_chunks - 1));
1878 1890 ASSERT(sp->slab_chunks > 1);
1879 1891 list_remove(&cp->cache_complete_slabs, sp);
1880 1892 cp->cache_complete_slab_count--;
1881 1893 avl_add(&cp->cache_partial_slabs, sp);
1882 1894 } else {
1883 1895 (void) avl_update_gt(&cp->cache_partial_slabs, sp);
1884 1896 }
1885 1897
1886 1898 ASSERT((cp->cache_slab_create - cp->cache_slab_destroy) ==
1887 1899 (cp->cache_complete_slab_count +
1888 1900 avl_numnodes(&cp->cache_partial_slabs) +
1889 1901 (cp->cache_defrag == NULL ? 0 : cp->cache_defrag->kmd_deadcount)));
1890 1902 mutex_exit(&cp->cache_lock);
1891 1903 }
1892 1904
1893 1905 /*
1894 1906 * Return -1 if kmem_error, 1 if constructor fails, 0 if successful.
1895 1907 */
1896 1908 static int
1897 1909 kmem_cache_alloc_debug(kmem_cache_t *cp, void *buf, int kmflag, int construct,
1898 1910 caddr_t caller)
1899 1911 {
1900 1912 kmem_buftag_t *btp = KMEM_BUFTAG(cp, buf);
1901 1913 kmem_bufctl_audit_t *bcp = (kmem_bufctl_audit_t *)btp->bt_bufctl;
1902 1914 uint32_t mtbf;
1903 1915
1904 1916 if (btp->bt_bxstat != ((intptr_t)bcp ^ KMEM_BUFTAG_FREE)) {
1905 1917 kmem_error(KMERR_BADBUFTAG, cp, buf);
1906 1918 return (-1);
1907 1919 }
1908 1920
1909 1921 btp->bt_bxstat = (intptr_t)bcp ^ KMEM_BUFTAG_ALLOC;
1910 1922
1911 1923 if ((cp->cache_flags & KMF_HASH) && bcp->bc_addr != buf) {
1912 1924 kmem_error(KMERR_BADBUFCTL, cp, buf);
1913 1925 return (-1);
1914 1926 }
1915 1927
1916 1928 if (cp->cache_flags & KMF_DEADBEEF) {
1917 1929 if (!construct && (cp->cache_flags & KMF_LITE)) {
1918 1930 if (*(uint64_t *)buf != KMEM_FREE_PATTERN) {
1919 1931 kmem_error(KMERR_MODIFIED, cp, buf);
1920 1932 return (-1);
1921 1933 }
1922 1934 if (cp->cache_constructor != NULL)
1923 1935 *(uint64_t *)buf = btp->bt_redzone;
1924 1936 else
1925 1937 *(uint64_t *)buf = KMEM_UNINITIALIZED_PATTERN;
1926 1938 } else {
1927 1939 construct = 1;
1928 1940 if (verify_and_copy_pattern(KMEM_FREE_PATTERN,
1929 1941 KMEM_UNINITIALIZED_PATTERN, buf,
1930 1942 cp->cache_verify)) {
1931 1943 kmem_error(KMERR_MODIFIED, cp, buf);
1932 1944 return (-1);
1933 1945 }
1934 1946 }
1935 1947 }
1936 1948 btp->bt_redzone = KMEM_REDZONE_PATTERN;
1937 1949
1938 1950 if ((mtbf = kmem_mtbf | cp->cache_mtbf) != 0 &&
1939 1951 gethrtime() % mtbf == 0 &&
1940 1952 (kmflag & (KM_NOSLEEP | KM_PANIC)) == KM_NOSLEEP) {
1941 1953 kmem_log_event(kmem_failure_log, cp, NULL, NULL);
1942 1954 if (!construct && cp->cache_destructor != NULL)
1943 1955 cp->cache_destructor(buf, cp->cache_private);
1944 1956 } else {
1945 1957 mtbf = 0;
1946 1958 }
1947 1959
1948 1960 if (mtbf || (construct && cp->cache_constructor != NULL &&
1949 1961 cp->cache_constructor(buf, cp->cache_private, kmflag) != 0)) {
1950 1962 atomic_inc_64(&cp->cache_alloc_fail);
1951 1963 btp->bt_bxstat = (intptr_t)bcp ^ KMEM_BUFTAG_FREE;
1952 1964 if (cp->cache_flags & KMF_DEADBEEF)
1953 1965 copy_pattern(KMEM_FREE_PATTERN, buf, cp->cache_verify);
1954 1966 kmem_slab_free(cp, buf);
1955 1967 return (1);
1956 1968 }
1957 1969
1958 1970 if (cp->cache_flags & KMF_AUDIT) {
1959 1971 KMEM_AUDIT(kmem_transaction_log, cp, bcp);
1960 1972 }
1961 1973
1962 1974 if ((cp->cache_flags & KMF_LITE) &&
1963 1975 !(cp->cache_cflags & KMC_KMEM_ALLOC)) {
1964 1976 KMEM_BUFTAG_LITE_ENTER(btp, kmem_lite_count, caller);
1965 1977 }
1966 1978
1967 1979 return (0);
1968 1980 }
1969 1981
1970 1982 static int
1971 1983 kmem_cache_free_debug(kmem_cache_t *cp, void *buf, caddr_t caller)
1972 1984 {
1973 1985 kmem_buftag_t *btp = KMEM_BUFTAG(cp, buf);
1974 1986 kmem_bufctl_audit_t *bcp = (kmem_bufctl_audit_t *)btp->bt_bufctl;
1975 1987 kmem_slab_t *sp;
1976 1988
1977 1989 if (btp->bt_bxstat != ((intptr_t)bcp ^ KMEM_BUFTAG_ALLOC)) {
1978 1990 if (btp->bt_bxstat == ((intptr_t)bcp ^ KMEM_BUFTAG_FREE)) {
1979 1991 kmem_error(KMERR_DUPFREE, cp, buf);
1980 1992 return (-1);
1981 1993 }
1982 1994 sp = kmem_findslab(cp, buf);
1983 1995 if (sp == NULL || sp->slab_cache != cp)
1984 1996 kmem_error(KMERR_BADADDR, cp, buf);
1985 1997 else
1986 1998 kmem_error(KMERR_REDZONE, cp, buf);
1987 1999 return (-1);
1988 2000 }
1989 2001
1990 2002 btp->bt_bxstat = (intptr_t)bcp ^ KMEM_BUFTAG_FREE;
1991 2003
1992 2004 if ((cp->cache_flags & KMF_HASH) && bcp->bc_addr != buf) {
1993 2005 kmem_error(KMERR_BADBUFCTL, cp, buf);
1994 2006 return (-1);
1995 2007 }
1996 2008
1997 2009 if (btp->bt_redzone != KMEM_REDZONE_PATTERN) {
1998 2010 kmem_error(KMERR_REDZONE, cp, buf);
1999 2011 return (-1);
2000 2012 }
2001 2013
2002 2014 if (cp->cache_flags & KMF_AUDIT) {
2003 2015 if (cp->cache_flags & KMF_CONTENTS)
2004 2016 bcp->bc_contents = kmem_log_enter(kmem_content_log,
2005 2017 buf, cp->cache_contents);
2006 2018 KMEM_AUDIT(kmem_transaction_log, cp, bcp);
2007 2019 }
2008 2020
2009 2021 if ((cp->cache_flags & KMF_LITE) &&
2010 2022 !(cp->cache_cflags & KMC_KMEM_ALLOC)) {
2011 2023 KMEM_BUFTAG_LITE_ENTER(btp, kmem_lite_count, caller);
2012 2024 }
2013 2025
2014 2026 if (cp->cache_flags & KMF_DEADBEEF) {
2015 2027 if (cp->cache_flags & KMF_LITE)
2016 2028 btp->bt_redzone = *(uint64_t *)buf;
2017 2029 else if (cp->cache_destructor != NULL)
2018 2030 cp->cache_destructor(buf, cp->cache_private);
2019 2031
2020 2032 copy_pattern(KMEM_FREE_PATTERN, buf, cp->cache_verify);
2021 2033 }
2022 2034
2023 2035 return (0);
2024 2036 }
2025 2037
2026 2038 /*
2027 2039 * Free each object in magazine mp to cp's slab layer, and free mp itself.
2028 2040 */
2029 2041 static void
2030 2042 kmem_magazine_destroy(kmem_cache_t *cp, kmem_magazine_t *mp, int nrounds)
2031 2043 {
2032 2044 int round;
2033 2045
2034 2046 ASSERT(!list_link_active(&cp->cache_link) ||
2035 2047 taskq_member(kmem_taskq, curthread));
2036 2048
2037 2049 for (round = 0; round < nrounds; round++) {
2038 2050 void *buf = mp->mag_round[round];
2039 2051
2040 2052 if (cp->cache_flags & KMF_DEADBEEF) {
2041 2053 if (verify_pattern(KMEM_FREE_PATTERN, buf,
2042 2054 cp->cache_verify) != NULL) {
2043 2055 kmem_error(KMERR_MODIFIED, cp, buf);
2044 2056 continue;
2045 2057 }
2046 2058 if ((cp->cache_flags & KMF_LITE) &&
2047 2059 cp->cache_destructor != NULL) {
2048 2060 kmem_buftag_t *btp = KMEM_BUFTAG(cp, buf);
2049 2061 *(uint64_t *)buf = btp->bt_redzone;
2050 2062 cp->cache_destructor(buf, cp->cache_private);
2051 2063 *(uint64_t *)buf = KMEM_FREE_PATTERN;
2052 2064 }
2053 2065 } else if (cp->cache_destructor != NULL) {
2054 2066 cp->cache_destructor(buf, cp->cache_private);
2055 2067 }
2056 2068
2057 2069 kmem_slab_free(cp, buf);
2058 2070 }
2059 2071 ASSERT(KMEM_MAGAZINE_VALID(cp, mp));
2060 2072 kmem_cache_free(cp->cache_magtype->mt_cache, mp);
2061 2073 }
2062 2074
2063 2075 /*
2064 2076 * Allocate a magazine from the depot.
2065 2077 */
2066 2078 static kmem_magazine_t *
2067 2079 kmem_depot_alloc(kmem_cache_t *cp, kmem_maglist_t *mlp)
2068 2080 {
2069 2081 kmem_magazine_t *mp;
2070 2082
2071 2083 /*
2072 2084 * If we can't get the depot lock without contention,
2073 2085 * update our contention count. We use the depot
2074 2086 * contention rate to determine whether we need to
2075 2087 * increase the magazine size for better scalability.
2076 2088 */
2077 2089 if (!mutex_tryenter(&cp->cache_depot_lock)) {
2078 2090 mutex_enter(&cp->cache_depot_lock);
2079 2091 cp->cache_depot_contention++;
2080 2092 }
2081 2093
2082 2094 if ((mp = mlp->ml_list) != NULL) {
2083 2095 ASSERT(KMEM_MAGAZINE_VALID(cp, mp));
2084 2096 mlp->ml_list = mp->mag_next;
2085 2097 if (--mlp->ml_total < mlp->ml_min)
2086 2098 mlp->ml_min = mlp->ml_total;
2087 2099 mlp->ml_alloc++;
2088 2100 }
2089 2101
2090 2102 mutex_exit(&cp->cache_depot_lock);
2091 2103
2092 2104 return (mp);
2093 2105 }
2094 2106
2095 2107 /*
2096 2108 * Free a magazine to the depot.
2097 2109 */
2098 2110 static void
2099 2111 kmem_depot_free(kmem_cache_t *cp, kmem_maglist_t *mlp, kmem_magazine_t *mp)
2100 2112 {
2101 2113 mutex_enter(&cp->cache_depot_lock);
2102 2114 ASSERT(KMEM_MAGAZINE_VALID(cp, mp));
2103 2115 mp->mag_next = mlp->ml_list;
2104 2116 mlp->ml_list = mp;
2105 2117 mlp->ml_total++;
2106 2118 mutex_exit(&cp->cache_depot_lock);
2107 2119 }
2108 2120
2109 2121 /*
2110 2122 * Update the working set statistics for cp's depot.
2111 2123 */
2112 2124 static void
2113 2125 kmem_depot_ws_update(kmem_cache_t *cp)
2114 2126 {
2115 2127 mutex_enter(&cp->cache_depot_lock);
2116 2128 cp->cache_full.ml_reaplimit = cp->cache_full.ml_min;
2117 2129 cp->cache_full.ml_min = cp->cache_full.ml_total;
2118 2130 cp->cache_empty.ml_reaplimit = cp->cache_empty.ml_min;
2119 2131 cp->cache_empty.ml_min = cp->cache_empty.ml_total;
2120 2132 mutex_exit(&cp->cache_depot_lock);
2121 2133 }
2122 2134
2123 2135 /*
2124 2136 * Set the working set statistics for cp's depot to zero. (Everything is
2125 2137 * eligible for reaping.)
2126 2138 */
2127 2139 static void
2128 2140 kmem_depot_ws_zero(kmem_cache_t *cp)
2129 2141 {
2130 2142 mutex_enter(&cp->cache_depot_lock);
2131 2143 cp->cache_full.ml_reaplimit = cp->cache_full.ml_total;
2132 2144 cp->cache_full.ml_min = cp->cache_full.ml_total;
2133 2145 cp->cache_empty.ml_reaplimit = cp->cache_empty.ml_total;
2134 2146 cp->cache_empty.ml_min = cp->cache_empty.ml_total;
2135 2147 mutex_exit(&cp->cache_depot_lock);
2136 2148 }
2137 2149
2138 2150 /*
2139 2151 * The number of bytes to reap before we call kpreempt(). The default (1MB)
2140 2152 * causes us to preempt reaping up to hundreds of times per second. Using a
2141 2153 * larger value (1GB) causes this to have virtually no effect.
2142 2154 */
2143 2155 size_t kmem_reap_preempt_bytes = 1024 * 1024;
2144 2156
2145 2157 /*
2146 2158 * Reap all magazines that have fallen out of the depot's working set.
2147 2159 */
2148 2160 static void
2149 2161 kmem_depot_ws_reap(kmem_cache_t *cp)
2150 2162 {
2151 2163 size_t bytes = 0;
2152 2164 long reap;
2153 2165 kmem_magazine_t *mp;
2154 2166
2155 2167 ASSERT(!list_link_active(&cp->cache_link) ||
2156 2168 taskq_member(kmem_taskq, curthread));
2157 2169
2158 2170 reap = MIN(cp->cache_full.ml_reaplimit, cp->cache_full.ml_min);
2159 2171 while (reap-- &&
2160 2172 (mp = kmem_depot_alloc(cp, &cp->cache_full)) != NULL) {
2161 2173 kmem_magazine_destroy(cp, mp, cp->cache_magtype->mt_magsize);
2162 2174 bytes += cp->cache_magtype->mt_magsize * cp->cache_bufsize;
2163 2175 if (bytes > kmem_reap_preempt_bytes) {
2164 2176 kpreempt(KPREEMPT_SYNC);
2165 2177 bytes = 0;
2166 2178 }
2167 2179 }
2168 2180
2169 2181 reap = MIN(cp->cache_empty.ml_reaplimit, cp->cache_empty.ml_min);
2170 2182 while (reap-- &&
2171 2183 (mp = kmem_depot_alloc(cp, &cp->cache_empty)) != NULL) {
2172 2184 kmem_magazine_destroy(cp, mp, 0);
2173 2185 bytes += cp->cache_magtype->mt_magsize * cp->cache_bufsize;
2174 2186 if (bytes > kmem_reap_preempt_bytes) {
2175 2187 kpreempt(KPREEMPT_SYNC);
2176 2188 bytes = 0;
2177 2189 }
2178 2190 }
2179 2191 }
2180 2192
2181 2193 static void
2182 2194 kmem_cpu_reload(kmem_cpu_cache_t *ccp, kmem_magazine_t *mp, int rounds)
2183 2195 {
2184 2196 ASSERT((ccp->cc_loaded == NULL && ccp->cc_rounds == -1) ||
2185 2197 (ccp->cc_loaded && ccp->cc_rounds + rounds == ccp->cc_magsize));
2186 2198 ASSERT(ccp->cc_magsize > 0);
2187 2199
2188 2200 ccp->cc_ploaded = ccp->cc_loaded;
2189 2201 ccp->cc_prounds = ccp->cc_rounds;
2190 2202 ccp->cc_loaded = mp;
2191 2203 ccp->cc_rounds = rounds;
2192 2204 }
2193 2205
2194 2206 /*
2195 2207 * Intercept kmem alloc/free calls during crash dump in order to avoid
2196 2208 * changing kmem state while memory is being saved to the dump device.
2197 2209 * Otherwise, ::kmem_verify will report "corrupt buffers". Note that
2198 2210 * there are no locks because only one CPU calls kmem during a crash
2199 2211 * dump. To enable this feature, first create the associated vmem
2200 2212 * arena with VMC_DUMPSAFE.
2201 2213 */
2202 2214 static void *kmem_dump_start; /* start of pre-reserved heap */
2203 2215 static void *kmem_dump_end; /* end of heap area */
2204 2216 static void *kmem_dump_curr; /* current free heap pointer */
2205 2217 static size_t kmem_dump_size; /* size of heap area */
2206 2218
2207 2219 /* append to each buf created in the pre-reserved heap */
2208 2220 typedef struct kmem_dumpctl {
2209 2221 void *kdc_next; /* cache dump free list linkage */
2210 2222 } kmem_dumpctl_t;
2211 2223
2212 2224 #define KMEM_DUMPCTL(cp, buf) \
2213 2225 ((kmem_dumpctl_t *)P2ROUNDUP((uintptr_t)(buf) + (cp)->cache_bufsize, \
2214 2226 sizeof (void *)))
2215 2227
2216 2228 /* set non zero for full report */
2217 2229 uint_t kmem_dump_verbose = 0;
2218 2230
2219 2231 /* stats for overize heap */
2220 2232 uint_t kmem_dump_oversize_allocs = 0;
2221 2233 uint_t kmem_dump_oversize_max = 0;
2222 2234
2223 2235 static void
2224 2236 kmem_dumppr(char **pp, char *e, const char *format, ...)
2225 2237 {
2226 2238 char *p = *pp;
2227 2239
2228 2240 if (p < e) {
2229 2241 int n;
2230 2242 va_list ap;
2231 2243
2232 2244 va_start(ap, format);
2233 2245 n = vsnprintf(p, e - p, format, ap);
2234 2246 va_end(ap);
2235 2247 *pp = p + n;
2236 2248 }
2237 2249 }
2238 2250
2239 2251 /*
2240 2252 * Called when dumpadm(1M) configures dump parameters.
2241 2253 */
2242 2254 void
2243 2255 kmem_dump_init(size_t size)
2244 2256 {
2245 2257 /* Our caller ensures size is always set. */
2246 2258 ASSERT3U(size, >, 0);
2247 2259
2248 2260 if (kmem_dump_start != NULL)
2249 2261 kmem_free(kmem_dump_start, kmem_dump_size);
2250 2262
2251 2263 kmem_dump_start = kmem_alloc(size, KM_SLEEP);
2252 2264 kmem_dump_size = size;
2253 2265 kmem_dump_curr = kmem_dump_start;
2254 2266 kmem_dump_end = (void *)((char *)kmem_dump_start + size);
2255 2267 copy_pattern(KMEM_UNINITIALIZED_PATTERN, kmem_dump_start, size);
2256 2268 }
2257 2269
2258 2270 /*
2259 2271 * Set flag for each kmem_cache_t if is safe to use alternate dump
2260 2272 * memory. Called just before panic crash dump starts. Set the flag
2261 2273 * for the calling CPU.
2262 2274 */
2263 2275 void
2264 2276 kmem_dump_begin(void)
2265 2277 {
2266 2278 kmem_cache_t *cp;
2267 2279
2268 2280 ASSERT(panicstr != NULL);
2269 2281
2270 2282 for (cp = list_head(&kmem_caches); cp != NULL;
2271 2283 cp = list_next(&kmem_caches, cp)) {
2272 2284 kmem_cpu_cache_t *ccp = KMEM_CPU_CACHE(cp);
2273 2285
2274 2286 if (cp->cache_arena->vm_cflags & VMC_DUMPSAFE) {
2275 2287 cp->cache_flags |= KMF_DUMPDIVERT;
2276 2288 ccp->cc_flags |= KMF_DUMPDIVERT;
2277 2289 ccp->cc_dump_rounds = ccp->cc_rounds;
2278 2290 ccp->cc_dump_prounds = ccp->cc_prounds;
2279 2291 ccp->cc_rounds = ccp->cc_prounds = -1;
2280 2292 } else {
2281 2293 cp->cache_flags |= KMF_DUMPUNSAFE;
2282 2294 ccp->cc_flags |= KMF_DUMPUNSAFE;
2283 2295 }
2284 2296 }
2285 2297 }
2286 2298
2287 2299 /*
2288 2300 * finished dump intercept
2289 2301 * print any warnings on the console
2290 2302 * return verbose information to dumpsys() in the given buffer
2291 2303 */
2292 2304 size_t
2293 2305 kmem_dump_finish(char *buf, size_t size)
2294 2306 {
2295 2307 int percent = 0;
2296 2308 size_t used;
2297 2309 char *e = buf + size;
2298 2310 char *p = buf;
2299 2311
2300 2312 if (kmem_dump_curr == kmem_dump_end) {
2301 2313 cmn_err(CE_WARN, "exceeded kmem_dump space of %lu "
2302 2314 "bytes: kmem state in dump may be inconsistent",
2303 2315 kmem_dump_size);
2304 2316 }
2305 2317
2306 2318 if (kmem_dump_verbose == 0)
2307 2319 return (0);
2308 2320
2309 2321 used = (char *)kmem_dump_curr - (char *)kmem_dump_start;
2310 2322 percent = (used * 100) / kmem_dump_size;
2311 2323
2312 2324 kmem_dumppr(&p, e, "%% heap used,%d\n", percent);
2313 2325 kmem_dumppr(&p, e, "used bytes,%ld\n", used);
2314 2326 kmem_dumppr(&p, e, "heap size,%ld\n", kmem_dump_size);
2315 2327 kmem_dumppr(&p, e, "Oversize allocs,%d\n",
2316 2328 kmem_dump_oversize_allocs);
2317 2329 kmem_dumppr(&p, e, "Oversize max size,%ld\n",
2318 2330 kmem_dump_oversize_max);
2319 2331
2320 2332 /* return buffer size used */
2321 2333 if (p < e)
2322 2334 bzero(p, e - p);
2323 2335 return (p - buf);
2324 2336 }
2325 2337
2326 2338 /*
2327 2339 * Allocate a constructed object from alternate dump memory.
2328 2340 */
2329 2341 void *
2330 2342 kmem_cache_alloc_dump(kmem_cache_t *cp, int kmflag)
2331 2343 {
2332 2344 void *buf;
2333 2345 void *curr;
2334 2346 char *bufend;
2335 2347
2336 2348 /* return a constructed object */
2337 2349 if ((buf = cp->cache_dump.kd_freelist) != NULL) {
2338 2350 cp->cache_dump.kd_freelist = KMEM_DUMPCTL(cp, buf)->kdc_next;
2339 2351 return (buf);
2340 2352 }
2341 2353
2342 2354 /* create a new constructed object */
2343 2355 curr = kmem_dump_curr;
2344 2356 buf = (void *)P2ROUNDUP((uintptr_t)curr, cp->cache_align);
2345 2357 bufend = (char *)KMEM_DUMPCTL(cp, buf) + sizeof (kmem_dumpctl_t);
2346 2358
2347 2359 /* hat layer objects cannot cross a page boundary */
2348 2360 if (cp->cache_align < PAGESIZE) {
2349 2361 char *page = (char *)P2ROUNDUP((uintptr_t)buf, PAGESIZE);
2350 2362 if (bufend > page) {
2351 2363 bufend += page - (char *)buf;
2352 2364 buf = (void *)page;
2353 2365 }
2354 2366 }
2355 2367
2356 2368 /* fall back to normal alloc if reserved area is used up */
2357 2369 if (bufend > (char *)kmem_dump_end) {
2358 2370 kmem_dump_curr = kmem_dump_end;
2359 2371 cp->cache_dump.kd_alloc_fails++;
2360 2372 return (NULL);
2361 2373 }
2362 2374
2363 2375 /*
2364 2376 * Must advance curr pointer before calling a constructor that
2365 2377 * may also allocate memory.
2366 2378 */
2367 2379 kmem_dump_curr = bufend;
2368 2380
2369 2381 /* run constructor */
2370 2382 if (cp->cache_constructor != NULL &&
2371 2383 cp->cache_constructor(buf, cp->cache_private, kmflag)
2372 2384 != 0) {
2373 2385 #ifdef DEBUG
2374 2386 printf("name='%s' cache=0x%p: kmem cache constructor failed\n",
2375 2387 cp->cache_name, (void *)cp);
2376 2388 #endif
2377 2389 /* reset curr pointer iff no allocs were done */
2378 2390 if (kmem_dump_curr == bufend)
2379 2391 kmem_dump_curr = curr;
2380 2392
2381 2393 cp->cache_dump.kd_alloc_fails++;
2382 2394 /* fall back to normal alloc if the constructor fails */
2383 2395 return (NULL);
2384 2396 }
2385 2397
2386 2398 return (buf);
2387 2399 }
2388 2400
2389 2401 /*
2390 2402 * Free a constructed object in alternate dump memory.
2391 2403 */
2392 2404 int
2393 2405 kmem_cache_free_dump(kmem_cache_t *cp, void *buf)
2394 2406 {
2395 2407 /* save constructed buffers for next time */
2396 2408 if ((char *)buf >= (char *)kmem_dump_start &&
2397 2409 (char *)buf < (char *)kmem_dump_end) {
2398 2410 KMEM_DUMPCTL(cp, buf)->kdc_next = cp->cache_dump.kd_freelist;
2399 2411 cp->cache_dump.kd_freelist = buf;
2400 2412 return (0);
2401 2413 }
2402 2414
2403 2415 /* just drop buffers that were allocated before dump started */
2404 2416 if (kmem_dump_curr < kmem_dump_end)
2405 2417 return (0);
2406 2418
2407 2419 /* fall back to normal free if reserved area is used up */
2408 2420 return (1);
2409 2421 }
2410 2422
2411 2423 /*
2412 2424 * Allocate a constructed object from cache cp.
2413 2425 */
2414 2426 void *
2415 2427 kmem_cache_alloc(kmem_cache_t *cp, int kmflag)
2416 2428 {
2417 2429 kmem_cpu_cache_t *ccp = KMEM_CPU_CACHE(cp);
2418 2430 kmem_magazine_t *fmp;
2419 2431 void *buf;
2420 2432
2421 2433 mutex_enter(&ccp->cc_lock);
2422 2434 for (;;) {
2423 2435 /*
2424 2436 * If there's an object available in the current CPU's
2425 2437 * loaded magazine, just take it and return.
2426 2438 */
2427 2439 if (ccp->cc_rounds > 0) {
2428 2440 buf = ccp->cc_loaded->mag_round[--ccp->cc_rounds];
2429 2441 ccp->cc_alloc++;
2430 2442 mutex_exit(&ccp->cc_lock);
2431 2443 if (ccp->cc_flags & (KMF_BUFTAG | KMF_DUMPUNSAFE)) {
2432 2444 if (ccp->cc_flags & KMF_DUMPUNSAFE) {
2433 2445 ASSERT(!(ccp->cc_flags &
2434 2446 KMF_DUMPDIVERT));
2435 2447 cp->cache_dump.kd_unsafe++;
2436 2448 }
2437 2449 if ((ccp->cc_flags & KMF_BUFTAG) &&
2438 2450 kmem_cache_alloc_debug(cp, buf, kmflag, 0,
2439 2451 caller()) != 0) {
2440 2452 if (kmflag & KM_NOSLEEP)
2441 2453 return (NULL);
2442 2454 mutex_enter(&ccp->cc_lock);
2443 2455 continue;
2444 2456 }
2445 2457 }
2446 2458 return (buf);
2447 2459 }
2448 2460
2449 2461 /*
2450 2462 * The loaded magazine is empty. If the previously loaded
2451 2463 * magazine was full, exchange them and try again.
2452 2464 */
2453 2465 if (ccp->cc_prounds > 0) {
2454 2466 kmem_cpu_reload(ccp, ccp->cc_ploaded, ccp->cc_prounds);
2455 2467 continue;
2456 2468 }
2457 2469
2458 2470 /*
2459 2471 * Return an alternate buffer at dump time to preserve
2460 2472 * the heap.
2461 2473 */
2462 2474 if (ccp->cc_flags & (KMF_DUMPDIVERT | KMF_DUMPUNSAFE)) {
2463 2475 if (ccp->cc_flags & KMF_DUMPUNSAFE) {
2464 2476 ASSERT(!(ccp->cc_flags & KMF_DUMPDIVERT));
2465 2477 /* log it so that we can warn about it */
2466 2478 cp->cache_dump.kd_unsafe++;
2467 2479 } else {
2468 2480 if ((buf = kmem_cache_alloc_dump(cp, kmflag)) !=
2469 2481 NULL) {
2470 2482 mutex_exit(&ccp->cc_lock);
2471 2483 return (buf);
2472 2484 }
2473 2485 break; /* fall back to slab layer */
2474 2486 }
2475 2487 }
2476 2488
2477 2489 /*
2478 2490 * If the magazine layer is disabled, break out now.
2479 2491 */
2480 2492 if (ccp->cc_magsize == 0)
2481 2493 break;
2482 2494
2483 2495 /*
2484 2496 * Try to get a full magazine from the depot.
2485 2497 */
2486 2498 fmp = kmem_depot_alloc(cp, &cp->cache_full);
2487 2499 if (fmp != NULL) {
2488 2500 if (ccp->cc_ploaded != NULL)
2489 2501 kmem_depot_free(cp, &cp->cache_empty,
2490 2502 ccp->cc_ploaded);
2491 2503 kmem_cpu_reload(ccp, fmp, ccp->cc_magsize);
2492 2504 continue;
2493 2505 }
2494 2506
2495 2507 /*
2496 2508 * There are no full magazines in the depot,
2497 2509 * so fall through to the slab layer.
2498 2510 */
2499 2511 break;
2500 2512 }
2501 2513 mutex_exit(&ccp->cc_lock);
2502 2514
2503 2515 /*
2504 2516 * We couldn't allocate a constructed object from the magazine layer,
2505 2517 * so get a raw buffer from the slab layer and apply its constructor.
2506 2518 */
2507 2519 buf = kmem_slab_alloc(cp, kmflag);
2508 2520
2509 2521 if (buf == NULL)
2510 2522 return (NULL);
2511 2523
2512 2524 if (cp->cache_flags & KMF_BUFTAG) {
2513 2525 /*
2514 2526 * Make kmem_cache_alloc_debug() apply the constructor for us.
2515 2527 */
2516 2528 int rc = kmem_cache_alloc_debug(cp, buf, kmflag, 1, caller());
2517 2529 if (rc != 0) {
2518 2530 if (kmflag & KM_NOSLEEP)
2519 2531 return (NULL);
2520 2532 /*
2521 2533 * kmem_cache_alloc_debug() detected corruption
2522 2534 * but didn't panic (kmem_panic <= 0). We should not be
2523 2535 * here because the constructor failed (indicated by a
2524 2536 * return code of 1). Try again.
2525 2537 */
2526 2538 ASSERT(rc == -1);
2527 2539 return (kmem_cache_alloc(cp, kmflag));
2528 2540 }
2529 2541 return (buf);
2530 2542 }
2531 2543
2532 2544 if (cp->cache_constructor != NULL &&
2533 2545 cp->cache_constructor(buf, cp->cache_private, kmflag) != 0) {
2534 2546 atomic_inc_64(&cp->cache_alloc_fail);
2535 2547 kmem_slab_free(cp, buf);
2536 2548 return (NULL);
2537 2549 }
2538 2550
2539 2551 return (buf);
2540 2552 }
2541 2553
2542 2554 /*
2543 2555 * The freed argument tells whether or not kmem_cache_free_debug() has already
2544 2556 * been called so that we can avoid the duplicate free error. For example, a
2545 2557 * buffer on a magazine has already been freed by the client but is still
2546 2558 * constructed.
2547 2559 */
2548 2560 static void
2549 2561 kmem_slab_free_constructed(kmem_cache_t *cp, void *buf, boolean_t freed)
2550 2562 {
2551 2563 if (!freed && (cp->cache_flags & KMF_BUFTAG))
2552 2564 if (kmem_cache_free_debug(cp, buf, caller()) == -1)
2553 2565 return;
2554 2566
2555 2567 /*
2556 2568 * Note that if KMF_DEADBEEF is in effect and KMF_LITE is not,
2557 2569 * kmem_cache_free_debug() will have already applied the destructor.
2558 2570 */
2559 2571 if ((cp->cache_flags & (KMF_DEADBEEF | KMF_LITE)) != KMF_DEADBEEF &&
2560 2572 cp->cache_destructor != NULL) {
2561 2573 if (cp->cache_flags & KMF_DEADBEEF) { /* KMF_LITE implied */
2562 2574 kmem_buftag_t *btp = KMEM_BUFTAG(cp, buf);
2563 2575 *(uint64_t *)buf = btp->bt_redzone;
2564 2576 cp->cache_destructor(buf, cp->cache_private);
2565 2577 *(uint64_t *)buf = KMEM_FREE_PATTERN;
2566 2578 } else {
2567 2579 cp->cache_destructor(buf, cp->cache_private);
2568 2580 }
2569 2581 }
2570 2582
2571 2583 kmem_slab_free(cp, buf);
2572 2584 }
2573 2585
2574 2586 /*
2575 2587 * Used when there's no room to free a buffer to the per-CPU cache.
2576 2588 * Drops and re-acquires &ccp->cc_lock, and returns non-zero if the
2577 2589 * caller should try freeing to the per-CPU cache again.
2578 2590 * Note that we don't directly install the magazine in the cpu cache,
2579 2591 * since its state may have changed wildly while the lock was dropped.
2580 2592 */
2581 2593 static int
2582 2594 kmem_cpucache_magazine_alloc(kmem_cpu_cache_t *ccp, kmem_cache_t *cp)
2583 2595 {
2584 2596 kmem_magazine_t *emp;
2585 2597 kmem_magtype_t *mtp;
2586 2598
2587 2599 ASSERT(MUTEX_HELD(&ccp->cc_lock));
2588 2600 ASSERT(((uint_t)ccp->cc_rounds == ccp->cc_magsize ||
2589 2601 ((uint_t)ccp->cc_rounds == -1)) &&
2590 2602 ((uint_t)ccp->cc_prounds == ccp->cc_magsize ||
2591 2603 ((uint_t)ccp->cc_prounds == -1)));
2592 2604
2593 2605 emp = kmem_depot_alloc(cp, &cp->cache_empty);
2594 2606 if (emp != NULL) {
2595 2607 if (ccp->cc_ploaded != NULL)
2596 2608 kmem_depot_free(cp, &cp->cache_full,
2597 2609 ccp->cc_ploaded);
2598 2610 kmem_cpu_reload(ccp, emp, 0);
2599 2611 return (1);
2600 2612 }
2601 2613 /*
2602 2614 * There are no empty magazines in the depot,
2603 2615 * so try to allocate a new one. We must drop all locks
2604 2616 * across kmem_cache_alloc() because lower layers may
2605 2617 * attempt to allocate from this cache.
2606 2618 */
2607 2619 mtp = cp->cache_magtype;
2608 2620 mutex_exit(&ccp->cc_lock);
2609 2621 emp = kmem_cache_alloc(mtp->mt_cache, KM_NOSLEEP);
2610 2622 mutex_enter(&ccp->cc_lock);
2611 2623
2612 2624 if (emp != NULL) {
2613 2625 /*
2614 2626 * We successfully allocated an empty magazine.
2615 2627 * However, we had to drop ccp->cc_lock to do it,
2616 2628 * so the cache's magazine size may have changed.
2617 2629 * If so, free the magazine and try again.
2618 2630 */
2619 2631 if (ccp->cc_magsize != mtp->mt_magsize) {
2620 2632 mutex_exit(&ccp->cc_lock);
2621 2633 kmem_cache_free(mtp->mt_cache, emp);
2622 2634 mutex_enter(&ccp->cc_lock);
2623 2635 return (1);
2624 2636 }
2625 2637
2626 2638 /*
2627 2639 * We got a magazine of the right size. Add it to
2628 2640 * the depot and try the whole dance again.
2629 2641 */
2630 2642 kmem_depot_free(cp, &cp->cache_empty, emp);
2631 2643 return (1);
2632 2644 }
2633 2645
2634 2646 /*
2635 2647 * We couldn't allocate an empty magazine,
2636 2648 * so fall through to the slab layer.
2637 2649 */
2638 2650 return (0);
2639 2651 }
2640 2652
2641 2653 /*
2642 2654 * Free a constructed object to cache cp.
2643 2655 */
2644 2656 void
2645 2657 kmem_cache_free(kmem_cache_t *cp, void *buf)
2646 2658 {
2647 2659 kmem_cpu_cache_t *ccp = KMEM_CPU_CACHE(cp);
2648 2660
2649 2661 /*
2650 2662 * The client must not free either of the buffers passed to the move
2651 2663 * callback function.
2652 2664 */
2653 2665 ASSERT(cp->cache_defrag == NULL ||
2654 2666 cp->cache_defrag->kmd_thread != curthread ||
2655 2667 (buf != cp->cache_defrag->kmd_from_buf &&
2656 2668 buf != cp->cache_defrag->kmd_to_buf));
2657 2669
2658 2670 if (ccp->cc_flags & (KMF_BUFTAG | KMF_DUMPDIVERT | KMF_DUMPUNSAFE)) {
2659 2671 if (ccp->cc_flags & KMF_DUMPUNSAFE) {
2660 2672 ASSERT(!(ccp->cc_flags & KMF_DUMPDIVERT));
2661 2673 /* log it so that we can warn about it */
2662 2674 cp->cache_dump.kd_unsafe++;
2663 2675 } else if (KMEM_DUMPCC(ccp) && !kmem_cache_free_dump(cp, buf)) {
2664 2676 return;
2665 2677 }
2666 2678 if (ccp->cc_flags & KMF_BUFTAG) {
2667 2679 if (kmem_cache_free_debug(cp, buf, caller()) == -1)
2668 2680 return;
2669 2681 }
2670 2682 }
2671 2683
2672 2684 mutex_enter(&ccp->cc_lock);
2673 2685 /*
2674 2686 * Any changes to this logic should be reflected in kmem_slab_prefill()
2675 2687 */
2676 2688 for (;;) {
2677 2689 /*
2678 2690 * If there's a slot available in the current CPU's
2679 2691 * loaded magazine, just put the object there and return.
2680 2692 */
2681 2693 if ((uint_t)ccp->cc_rounds < ccp->cc_magsize) {
2682 2694 ccp->cc_loaded->mag_round[ccp->cc_rounds++] = buf;
2683 2695 ccp->cc_free++;
2684 2696 mutex_exit(&ccp->cc_lock);
2685 2697 return;
2686 2698 }
2687 2699
2688 2700 /*
2689 2701 * The loaded magazine is full. If the previously loaded
2690 2702 * magazine was empty, exchange them and try again.
2691 2703 */
2692 2704 if (ccp->cc_prounds == 0) {
2693 2705 kmem_cpu_reload(ccp, ccp->cc_ploaded, ccp->cc_prounds);
2694 2706 continue;
2695 2707 }
2696 2708
2697 2709 /*
2698 2710 * If the magazine layer is disabled, break out now.
2699 2711 */
2700 2712 if (ccp->cc_magsize == 0)
2701 2713 break;
2702 2714
2703 2715 if (!kmem_cpucache_magazine_alloc(ccp, cp)) {
2704 2716 /*
2705 2717 * We couldn't free our constructed object to the
2706 2718 * magazine layer, so apply its destructor and free it
2707 2719 * to the slab layer.
2708 2720 */
2709 2721 break;
2710 2722 }
2711 2723 }
2712 2724 mutex_exit(&ccp->cc_lock);
2713 2725 kmem_slab_free_constructed(cp, buf, B_TRUE);
2714 2726 }
2715 2727
2716 2728 static void
2717 2729 kmem_slab_prefill(kmem_cache_t *cp, kmem_slab_t *sp)
2718 2730 {
2719 2731 kmem_cpu_cache_t *ccp = KMEM_CPU_CACHE(cp);
2720 2732 int cache_flags = cp->cache_flags;
2721 2733
2722 2734 kmem_bufctl_t *next, *head;
2723 2735 size_t nbufs;
2724 2736
2725 2737 /*
2726 2738 * Completely allocate the newly created slab and put the pre-allocated
2727 2739 * buffers in magazines. Any of the buffers that cannot be put in
2728 2740 * magazines must be returned to the slab.
2729 2741 */
2730 2742 ASSERT(MUTEX_HELD(&cp->cache_lock));
2731 2743 ASSERT((cache_flags & (KMF_PREFILL|KMF_BUFTAG)) == KMF_PREFILL);
2732 2744 ASSERT(cp->cache_constructor == NULL);
2733 2745 ASSERT(sp->slab_cache == cp);
2734 2746 ASSERT(sp->slab_refcnt == 1);
2735 2747 ASSERT(sp->slab_head != NULL && sp->slab_chunks > sp->slab_refcnt);
2736 2748 ASSERT(avl_find(&cp->cache_partial_slabs, sp, NULL) == NULL);
2737 2749
2738 2750 head = sp->slab_head;
2739 2751 nbufs = (sp->slab_chunks - sp->slab_refcnt);
2740 2752 sp->slab_head = NULL;
2741 2753 sp->slab_refcnt += nbufs;
2742 2754 cp->cache_bufslab -= nbufs;
2743 2755 cp->cache_slab_alloc += nbufs;
2744 2756 list_insert_head(&cp->cache_complete_slabs, sp);
2745 2757 cp->cache_complete_slab_count++;
2746 2758 mutex_exit(&cp->cache_lock);
2747 2759 mutex_enter(&ccp->cc_lock);
2748 2760
2749 2761 while (head != NULL) {
2750 2762 void *buf = KMEM_BUF(cp, head);
2751 2763 /*
2752 2764 * If there's a slot available in the current CPU's
2753 2765 * loaded magazine, just put the object there and
2754 2766 * continue.
2755 2767 */
2756 2768 if ((uint_t)ccp->cc_rounds < ccp->cc_magsize) {
2757 2769 ccp->cc_loaded->mag_round[ccp->cc_rounds++] =
2758 2770 buf;
2759 2771 ccp->cc_free++;
2760 2772 nbufs--;
2761 2773 head = head->bc_next;
2762 2774 continue;
2763 2775 }
2764 2776
2765 2777 /*
2766 2778 * The loaded magazine is full. If the previously
2767 2779 * loaded magazine was empty, exchange them and try
2768 2780 * again.
2769 2781 */
2770 2782 if (ccp->cc_prounds == 0) {
2771 2783 kmem_cpu_reload(ccp, ccp->cc_ploaded,
2772 2784 ccp->cc_prounds);
2773 2785 continue;
2774 2786 }
2775 2787
2776 2788 /*
2777 2789 * If the magazine layer is disabled, break out now.
2778 2790 */
2779 2791
2780 2792 if (ccp->cc_magsize == 0) {
2781 2793 break;
2782 2794 }
2783 2795
2784 2796 if (!kmem_cpucache_magazine_alloc(ccp, cp))
2785 2797 break;
2786 2798 }
2787 2799 mutex_exit(&ccp->cc_lock);
2788 2800 if (nbufs != 0) {
2789 2801 ASSERT(head != NULL);
2790 2802
2791 2803 /*
2792 2804 * If there was a failure, return remaining objects to
2793 2805 * the slab
2794 2806 */
2795 2807 while (head != NULL) {
2796 2808 ASSERT(nbufs != 0);
2797 2809 next = head->bc_next;
2798 2810 head->bc_next = NULL;
2799 2811 kmem_slab_free(cp, KMEM_BUF(cp, head));
2800 2812 head = next;
2801 2813 nbufs--;
2802 2814 }
2803 2815 }
2804 2816 ASSERT(head == NULL);
2805 2817 ASSERT(nbufs == 0);
2806 2818 mutex_enter(&cp->cache_lock);
2807 2819 }
2808 2820
2809 2821 void *
2810 2822 kmem_zalloc(size_t size, int kmflag)
2811 2823 {
2812 2824 size_t index;
2813 2825 void *buf;
2814 2826
2815 2827 if ((index = ((size - 1) >> KMEM_ALIGN_SHIFT)) < KMEM_ALLOC_TABLE_MAX) {
2816 2828 kmem_cache_t *cp = kmem_alloc_table[index];
2817 2829 buf = kmem_cache_alloc(cp, kmflag);
2818 2830 if (buf != NULL) {
2819 2831 if ((cp->cache_flags & KMF_BUFTAG) && !KMEM_DUMP(cp)) {
2820 2832 kmem_buftag_t *btp = KMEM_BUFTAG(cp, buf);
2821 2833 ((uint8_t *)buf)[size] = KMEM_REDZONE_BYTE;
2822 2834 ((uint32_t *)btp)[1] = KMEM_SIZE_ENCODE(size);
2823 2835
2824 2836 if (cp->cache_flags & KMF_LITE) {
2825 2837 KMEM_BUFTAG_LITE_ENTER(btp,
2826 2838 kmem_lite_count, caller());
2827 2839 }
2828 2840 }
2829 2841 bzero(buf, size);
2830 2842 }
2831 2843 } else {
2832 2844 buf = kmem_alloc(size, kmflag);
2833 2845 if (buf != NULL)
2834 2846 bzero(buf, size);
2835 2847 }
2836 2848 return (buf);
2837 2849 }
2838 2850
2839 2851 void *
2840 2852 kmem_alloc(size_t size, int kmflag)
2841 2853 {
2842 2854 size_t index;
2843 2855 kmem_cache_t *cp;
2844 2856 void *buf;
2845 2857
|
↓ open down ↓ |
1735 lines elided |
↑ open up ↑ |
2846 2858 if ((index = ((size - 1) >> KMEM_ALIGN_SHIFT)) < KMEM_ALLOC_TABLE_MAX) {
2847 2859 cp = kmem_alloc_table[index];
2848 2860 /* fall through to kmem_cache_alloc() */
2849 2861
2850 2862 } else if ((index = ((size - 1) >> KMEM_BIG_SHIFT)) <
2851 2863 kmem_big_alloc_table_max) {
2852 2864 cp = kmem_big_alloc_table[index];
2853 2865 /* fall through to kmem_cache_alloc() */
2854 2866
2855 2867 } else {
2856 - if (size == 0)
2868 + if (size == 0) {
2869 + if (kmflag != KM_SLEEP && !(kmflag & KM_PANIC))
2870 + return (NULL);
2871 +
2872 + /*
2873 + * If this is a sleeping allocation or one that has
2874 + * been specified to panic on allocation failure, we
2875 + * consider it to be deprecated behavior to allocate
2876 + * 0 bytes. If we have been configured to panic under
2877 + * this condition, we panic; if to warn, we warn -- and
2878 + * regardless, we log to the kmem_zerosized_log that
2879 + * that this condition has occurred (which gives us
2880 + * enough information to be able to debug it).
2881 + */
2882 + if (kmem_panic && kmem_panic_zerosized)
2883 + panic("attempted to kmem_alloc() size of 0");
2884 +
2885 + if (kmem_warn_zerosized) {
2886 + cmn_err(CE_WARN, "kmem_alloc(): sleeping "
2887 + "allocation with size of 0; "
2888 + "see kmem_zerosized_log for details");
2889 + }
2890 +
2891 + kmem_log_event(kmem_zerosized_log, NULL, NULL, NULL);
2892 +
2857 2893 return (NULL);
2894 + }
2858 2895
2859 2896 buf = vmem_alloc(kmem_oversize_arena, size,
2860 2897 kmflag & KM_VMFLAGS);
2861 2898 if (buf == NULL)
2862 2899 kmem_log_event(kmem_failure_log, NULL, NULL,
2863 2900 (void *)size);
2864 2901 else if (KMEM_DUMP(kmem_slab_cache)) {
2865 2902 /* stats for dump intercept */
2866 2903 kmem_dump_oversize_allocs++;
2867 2904 if (size > kmem_dump_oversize_max)
2868 2905 kmem_dump_oversize_max = size;
2869 2906 }
2870 2907 return (buf);
2871 2908 }
2872 2909
2873 2910 buf = kmem_cache_alloc(cp, kmflag);
2874 2911 if ((cp->cache_flags & KMF_BUFTAG) && !KMEM_DUMP(cp) && buf != NULL) {
2875 2912 kmem_buftag_t *btp = KMEM_BUFTAG(cp, buf);
2876 2913 ((uint8_t *)buf)[size] = KMEM_REDZONE_BYTE;
2877 2914 ((uint32_t *)btp)[1] = KMEM_SIZE_ENCODE(size);
2878 2915
2879 2916 if (cp->cache_flags & KMF_LITE) {
2880 2917 KMEM_BUFTAG_LITE_ENTER(btp, kmem_lite_count, caller());
2881 2918 }
2882 2919 }
2883 2920 return (buf);
2884 2921 }
2885 2922
2886 2923 void
2887 2924 kmem_free(void *buf, size_t size)
2888 2925 {
2889 2926 size_t index;
2890 2927 kmem_cache_t *cp;
2891 2928
2892 2929 if ((index = (size - 1) >> KMEM_ALIGN_SHIFT) < KMEM_ALLOC_TABLE_MAX) {
2893 2930 cp = kmem_alloc_table[index];
2894 2931 /* fall through to kmem_cache_free() */
2895 2932
2896 2933 } else if ((index = ((size - 1) >> KMEM_BIG_SHIFT)) <
2897 2934 kmem_big_alloc_table_max) {
2898 2935 cp = kmem_big_alloc_table[index];
2899 2936 /* fall through to kmem_cache_free() */
2900 2937
2901 2938 } else {
2902 2939 EQUIV(buf == NULL, size == 0);
2903 2940 if (buf == NULL && size == 0)
2904 2941 return;
2905 2942 vmem_free(kmem_oversize_arena, buf, size);
2906 2943 return;
2907 2944 }
2908 2945
2909 2946 if ((cp->cache_flags & KMF_BUFTAG) && !KMEM_DUMP(cp)) {
2910 2947 kmem_buftag_t *btp = KMEM_BUFTAG(cp, buf);
2911 2948 uint32_t *ip = (uint32_t *)btp;
2912 2949 if (ip[1] != KMEM_SIZE_ENCODE(size)) {
2913 2950 if (*(uint64_t *)buf == KMEM_FREE_PATTERN) {
2914 2951 kmem_error(KMERR_DUPFREE, cp, buf);
2915 2952 return;
2916 2953 }
2917 2954 if (KMEM_SIZE_VALID(ip[1])) {
2918 2955 ip[0] = KMEM_SIZE_ENCODE(size);
2919 2956 kmem_error(KMERR_BADSIZE, cp, buf);
2920 2957 } else {
2921 2958 kmem_error(KMERR_REDZONE, cp, buf);
2922 2959 }
2923 2960 return;
2924 2961 }
2925 2962 if (((uint8_t *)buf)[size] != KMEM_REDZONE_BYTE) {
2926 2963 kmem_error(KMERR_REDZONE, cp, buf);
2927 2964 return;
2928 2965 }
2929 2966 btp->bt_redzone = KMEM_REDZONE_PATTERN;
2930 2967 if (cp->cache_flags & KMF_LITE) {
2931 2968 KMEM_BUFTAG_LITE_ENTER(btp, kmem_lite_count,
2932 2969 caller());
2933 2970 }
2934 2971 }
2935 2972 kmem_cache_free(cp, buf);
2936 2973 }
2937 2974
2938 2975 void *
2939 2976 kmem_firewall_va_alloc(vmem_t *vmp, size_t size, int vmflag)
2940 2977 {
2941 2978 size_t realsize = size + vmp->vm_quantum;
2942 2979 void *addr;
2943 2980
2944 2981 /*
2945 2982 * Annoying edge case: if 'size' is just shy of ULONG_MAX, adding
2946 2983 * vm_quantum will cause integer wraparound. Check for this, and
2947 2984 * blow off the firewall page in this case. Note that such a
2948 2985 * giant allocation (the entire kernel address space) can never
2949 2986 * be satisfied, so it will either fail immediately (VM_NOSLEEP)
2950 2987 * or sleep forever (VM_SLEEP). Thus, there is no need for a
2951 2988 * corresponding check in kmem_firewall_va_free().
2952 2989 */
2953 2990 if (realsize < size)
2954 2991 realsize = size;
2955 2992
2956 2993 /*
2957 2994 * While boot still owns resource management, make sure that this
2958 2995 * redzone virtual address allocation is properly accounted for in
2959 2996 * OBPs "virtual-memory" "available" lists because we're
2960 2997 * effectively claiming them for a red zone. If we don't do this,
2961 2998 * the available lists become too fragmented and too large for the
2962 2999 * current boot/kernel memory list interface.
2963 3000 */
2964 3001 addr = vmem_alloc(vmp, realsize, vmflag | VM_NEXTFIT);
2965 3002
2966 3003 if (addr != NULL && kvseg.s_base == NULL && realsize != size)
2967 3004 (void) boot_virt_alloc((char *)addr + size, vmp->vm_quantum);
2968 3005
2969 3006 return (addr);
2970 3007 }
2971 3008
2972 3009 void
2973 3010 kmem_firewall_va_free(vmem_t *vmp, void *addr, size_t size)
2974 3011 {
2975 3012 ASSERT((kvseg.s_base == NULL ?
2976 3013 va_to_pfn((char *)addr + size) :
2977 3014 hat_getpfnum(kas.a_hat, (caddr_t)addr + size)) == PFN_INVALID);
2978 3015
2979 3016 vmem_free(vmp, addr, size + vmp->vm_quantum);
2980 3017 }
2981 3018
2982 3019 /*
2983 3020 * Try to allocate at least `size' bytes of memory without sleeping or
2984 3021 * panicking. Return actual allocated size in `asize'. If allocation failed,
2985 3022 * try final allocation with sleep or panic allowed.
2986 3023 */
2987 3024 void *
2988 3025 kmem_alloc_tryhard(size_t size, size_t *asize, int kmflag)
2989 3026 {
2990 3027 void *p;
2991 3028
2992 3029 *asize = P2ROUNDUP(size, KMEM_ALIGN);
2993 3030 do {
2994 3031 p = kmem_alloc(*asize, (kmflag | KM_NOSLEEP) & ~KM_PANIC);
2995 3032 if (p != NULL)
2996 3033 return (p);
2997 3034 *asize += KMEM_ALIGN;
2998 3035 } while (*asize <= PAGESIZE);
2999 3036
3000 3037 *asize = P2ROUNDUP(size, KMEM_ALIGN);
3001 3038 return (kmem_alloc(*asize, kmflag));
3002 3039 }
3003 3040
3004 3041 /*
3005 3042 * Reclaim all unused memory from a cache.
3006 3043 */
3007 3044 static void
3008 3045 kmem_cache_reap(kmem_cache_t *cp)
3009 3046 {
3010 3047 ASSERT(taskq_member(kmem_taskq, curthread));
3011 3048 cp->cache_reap++;
3012 3049
3013 3050 /*
3014 3051 * Ask the cache's owner to free some memory if possible.
3015 3052 * The idea is to handle things like the inode cache, which
3016 3053 * typically sits on a bunch of memory that it doesn't truly
3017 3054 * *need*. Reclaim policy is entirely up to the owner; this
3018 3055 * callback is just an advisory plea for help.
3019 3056 */
3020 3057 if (cp->cache_reclaim != NULL) {
3021 3058 long delta;
3022 3059
3023 3060 /*
3024 3061 * Reclaimed memory should be reapable (not included in the
3025 3062 * depot's working set).
3026 3063 */
3027 3064 delta = cp->cache_full.ml_total;
3028 3065 cp->cache_reclaim(cp->cache_private);
3029 3066 delta = cp->cache_full.ml_total - delta;
3030 3067 if (delta > 0) {
3031 3068 mutex_enter(&cp->cache_depot_lock);
3032 3069 cp->cache_full.ml_reaplimit += delta;
3033 3070 cp->cache_full.ml_min += delta;
3034 3071 mutex_exit(&cp->cache_depot_lock);
3035 3072 }
3036 3073 }
3037 3074
3038 3075 kmem_depot_ws_reap(cp);
3039 3076
3040 3077 if (cp->cache_defrag != NULL && !kmem_move_noreap) {
3041 3078 kmem_cache_defrag(cp);
3042 3079 }
3043 3080 }
3044 3081
3045 3082 static void
3046 3083 kmem_reap_timeout(void *flag_arg)
3047 3084 {
3048 3085 uint32_t *flag = (uint32_t *)flag_arg;
3049 3086
3050 3087 ASSERT(flag == &kmem_reaping || flag == &kmem_reaping_idspace);
3051 3088 *flag = 0;
3052 3089 }
3053 3090
3054 3091 static void
3055 3092 kmem_reap_done(void *flag)
3056 3093 {
3057 3094 if (!callout_init_done) {
3058 3095 /* can't schedule a timeout at this point */
3059 3096 kmem_reap_timeout(flag);
3060 3097 } else {
3061 3098 (void) timeout(kmem_reap_timeout, flag, kmem_reap_interval);
3062 3099 }
3063 3100 }
3064 3101
3065 3102 static void
3066 3103 kmem_reap_start(void *flag)
3067 3104 {
3068 3105 ASSERT(flag == &kmem_reaping || flag == &kmem_reaping_idspace);
3069 3106
3070 3107 if (flag == &kmem_reaping) {
3071 3108 kmem_cache_applyall(kmem_cache_reap, kmem_taskq, TQ_NOSLEEP);
3072 3109 /*
3073 3110 * if we have segkp under heap, reap segkp cache.
3074 3111 */
3075 3112 if (segkp_fromheap)
3076 3113 segkp_cache_free();
3077 3114 }
3078 3115 else
3079 3116 kmem_cache_applyall_id(kmem_cache_reap, kmem_taskq, TQ_NOSLEEP);
3080 3117
3081 3118 /*
3082 3119 * We use taskq_dispatch() to schedule a timeout to clear
3083 3120 * the flag so that kmem_reap() becomes self-throttling:
3084 3121 * we won't reap again until the current reap completes *and*
3085 3122 * at least kmem_reap_interval ticks have elapsed.
3086 3123 */
3087 3124 if (taskq_dispatch(kmem_taskq, kmem_reap_done, flag, TQ_NOSLEEP) ==
3088 3125 TASKQID_INVALID)
3089 3126 kmem_reap_done(flag);
3090 3127 }
3091 3128
3092 3129 static void
3093 3130 kmem_reap_common(void *flag_arg)
3094 3131 {
3095 3132 uint32_t *flag = (uint32_t *)flag_arg;
3096 3133
3097 3134 if (MUTEX_HELD(&kmem_cache_lock) || kmem_taskq == NULL ||
3098 3135 atomic_cas_32(flag, 0, 1) != 0)
3099 3136 return;
3100 3137
3101 3138 /*
3102 3139 * It may not be kosher to do memory allocation when a reap is called
3103 3140 * (for example, if vmem_populate() is in the call chain). So we
3104 3141 * start the reap going with a TQ_NOALLOC dispatch. If the dispatch
3105 3142 * fails, we reset the flag, and the next reap will try again.
3106 3143 */
3107 3144 if (taskq_dispatch(kmem_taskq, kmem_reap_start, flag, TQ_NOALLOC) ==
3108 3145 TASKQID_INVALID)
3109 3146 *flag = 0;
3110 3147 }
3111 3148
3112 3149 /*
3113 3150 * Reclaim all unused memory from all caches. Called from the VM system
3114 3151 * when memory gets tight.
3115 3152 */
3116 3153 void
3117 3154 kmem_reap(void)
3118 3155 {
3119 3156 kmem_reap_common(&kmem_reaping);
3120 3157 }
3121 3158
3122 3159 /*
3123 3160 * Reclaim all unused memory from identifier arenas, called when a vmem
3124 3161 * arena not back by memory is exhausted. Since reaping memory-backed caches
3125 3162 * cannot help with identifier exhaustion, we avoid both a large amount of
3126 3163 * work and unwanted side-effects from reclaim callbacks.
3127 3164 */
3128 3165 void
3129 3166 kmem_reap_idspace(void)
3130 3167 {
3131 3168 kmem_reap_common(&kmem_reaping_idspace);
3132 3169 }
3133 3170
3134 3171 /*
3135 3172 * Purge all magazines from a cache and set its magazine limit to zero.
3136 3173 * All calls are serialized by the kmem_taskq lock, except for the final
3137 3174 * call from kmem_cache_destroy().
3138 3175 */
3139 3176 static void
3140 3177 kmem_cache_magazine_purge(kmem_cache_t *cp)
3141 3178 {
3142 3179 kmem_cpu_cache_t *ccp;
3143 3180 kmem_magazine_t *mp, *pmp;
3144 3181 int rounds, prounds, cpu_seqid;
3145 3182
3146 3183 ASSERT(!list_link_active(&cp->cache_link) ||
3147 3184 taskq_member(kmem_taskq, curthread));
3148 3185 ASSERT(MUTEX_NOT_HELD(&cp->cache_lock));
3149 3186
3150 3187 for (cpu_seqid = 0; cpu_seqid < max_ncpus; cpu_seqid++) {
3151 3188 ccp = &cp->cache_cpu[cpu_seqid];
3152 3189
3153 3190 mutex_enter(&ccp->cc_lock);
3154 3191 mp = ccp->cc_loaded;
3155 3192 pmp = ccp->cc_ploaded;
3156 3193 rounds = ccp->cc_rounds;
3157 3194 prounds = ccp->cc_prounds;
3158 3195 ccp->cc_loaded = NULL;
3159 3196 ccp->cc_ploaded = NULL;
3160 3197 ccp->cc_rounds = -1;
3161 3198 ccp->cc_prounds = -1;
3162 3199 ccp->cc_magsize = 0;
3163 3200 mutex_exit(&ccp->cc_lock);
3164 3201
3165 3202 if (mp)
3166 3203 kmem_magazine_destroy(cp, mp, rounds);
3167 3204 if (pmp)
3168 3205 kmem_magazine_destroy(cp, pmp, prounds);
3169 3206 }
3170 3207
3171 3208 kmem_depot_ws_zero(cp);
3172 3209 kmem_depot_ws_reap(cp);
3173 3210 }
3174 3211
3175 3212 /*
3176 3213 * Enable per-cpu magazines on a cache.
3177 3214 */
3178 3215 static void
3179 3216 kmem_cache_magazine_enable(kmem_cache_t *cp)
3180 3217 {
3181 3218 int cpu_seqid;
3182 3219
3183 3220 if (cp->cache_flags & KMF_NOMAGAZINE)
3184 3221 return;
3185 3222
3186 3223 for (cpu_seqid = 0; cpu_seqid < max_ncpus; cpu_seqid++) {
3187 3224 kmem_cpu_cache_t *ccp = &cp->cache_cpu[cpu_seqid];
3188 3225 mutex_enter(&ccp->cc_lock);
3189 3226 ccp->cc_magsize = cp->cache_magtype->mt_magsize;
3190 3227 mutex_exit(&ccp->cc_lock);
3191 3228 }
3192 3229
3193 3230 }
3194 3231
3195 3232 /*
3196 3233 * Allow our caller to determine if there are running reaps.
3197 3234 *
3198 3235 * This call is very conservative and may return B_TRUE even when
3199 3236 * reaping activity isn't active. If it returns B_FALSE, then reaping
3200 3237 * activity is definitely inactive.
3201 3238 */
3202 3239 boolean_t
3203 3240 kmem_cache_reap_active(void)
3204 3241 {
3205 3242 return (!taskq_empty(kmem_taskq));
3206 3243 }
3207 3244
3208 3245 /*
3209 3246 * Reap (almost) everything soon.
3210 3247 *
3211 3248 * Note: this does not wait for the reap-tasks to complete. Caller
3212 3249 * should use kmem_cache_reap_active() (above) and/or moderation to
3213 3250 * avoid scheduling too many reap-tasks.
3214 3251 */
3215 3252 void
3216 3253 kmem_cache_reap_soon(kmem_cache_t *cp)
3217 3254 {
3218 3255 ASSERT(list_link_active(&cp->cache_link));
3219 3256
3220 3257 kmem_depot_ws_zero(cp);
3221 3258
3222 3259 (void) taskq_dispatch(kmem_taskq,
3223 3260 (task_func_t *)kmem_depot_ws_reap, cp, TQ_SLEEP);
3224 3261 }
3225 3262
3226 3263 /*
3227 3264 * Recompute a cache's magazine size. The trade-off is that larger magazines
3228 3265 * provide a higher transfer rate with the depot, while smaller magazines
3229 3266 * reduce memory consumption. Magazine resizing is an expensive operation;
3230 3267 * it should not be done frequently.
3231 3268 *
3232 3269 * Changes to the magazine size are serialized by the kmem_taskq lock.
3233 3270 *
3234 3271 * Note: at present this only grows the magazine size. It might be useful
3235 3272 * to allow shrinkage too.
3236 3273 */
3237 3274 static void
3238 3275 kmem_cache_magazine_resize(kmem_cache_t *cp)
3239 3276 {
3240 3277 kmem_magtype_t *mtp = cp->cache_magtype;
3241 3278
3242 3279 ASSERT(taskq_member(kmem_taskq, curthread));
3243 3280
3244 3281 if (cp->cache_chunksize < mtp->mt_maxbuf) {
3245 3282 kmem_cache_magazine_purge(cp);
3246 3283 mutex_enter(&cp->cache_depot_lock);
3247 3284 cp->cache_magtype = ++mtp;
3248 3285 cp->cache_depot_contention_prev =
3249 3286 cp->cache_depot_contention + INT_MAX;
3250 3287 mutex_exit(&cp->cache_depot_lock);
3251 3288 kmem_cache_magazine_enable(cp);
3252 3289 }
3253 3290 }
3254 3291
3255 3292 /*
3256 3293 * Rescale a cache's hash table, so that the table size is roughly the
3257 3294 * cache size. We want the average lookup time to be extremely small.
3258 3295 */
3259 3296 static void
3260 3297 kmem_hash_rescale(kmem_cache_t *cp)
3261 3298 {
3262 3299 kmem_bufctl_t **old_table, **new_table, *bcp;
3263 3300 size_t old_size, new_size, h;
3264 3301
3265 3302 ASSERT(taskq_member(kmem_taskq, curthread));
3266 3303
3267 3304 new_size = MAX(KMEM_HASH_INITIAL,
3268 3305 1 << (highbit(3 * cp->cache_buftotal + 4) - 2));
3269 3306 old_size = cp->cache_hash_mask + 1;
3270 3307
3271 3308 if ((old_size >> 1) <= new_size && new_size <= (old_size << 1))
3272 3309 return;
3273 3310
3274 3311 new_table = vmem_alloc(kmem_hash_arena, new_size * sizeof (void *),
3275 3312 VM_NOSLEEP);
3276 3313 if (new_table == NULL)
3277 3314 return;
3278 3315 bzero(new_table, new_size * sizeof (void *));
3279 3316
3280 3317 mutex_enter(&cp->cache_lock);
3281 3318
3282 3319 old_size = cp->cache_hash_mask + 1;
3283 3320 old_table = cp->cache_hash_table;
3284 3321
3285 3322 cp->cache_hash_mask = new_size - 1;
3286 3323 cp->cache_hash_table = new_table;
3287 3324 cp->cache_rescale++;
3288 3325
3289 3326 for (h = 0; h < old_size; h++) {
3290 3327 bcp = old_table[h];
3291 3328 while (bcp != NULL) {
3292 3329 void *addr = bcp->bc_addr;
3293 3330 kmem_bufctl_t *next_bcp = bcp->bc_next;
3294 3331 kmem_bufctl_t **hash_bucket = KMEM_HASH(cp, addr);
3295 3332 bcp->bc_next = *hash_bucket;
3296 3333 *hash_bucket = bcp;
3297 3334 bcp = next_bcp;
3298 3335 }
3299 3336 }
3300 3337
3301 3338 mutex_exit(&cp->cache_lock);
3302 3339
3303 3340 vmem_free(kmem_hash_arena, old_table, old_size * sizeof (void *));
3304 3341 }
3305 3342
3306 3343 /*
3307 3344 * Perform periodic maintenance on a cache: hash rescaling, depot working-set
3308 3345 * update, magazine resizing, and slab consolidation.
3309 3346 */
3310 3347 static void
3311 3348 kmem_cache_update(kmem_cache_t *cp)
3312 3349 {
3313 3350 int need_hash_rescale = 0;
3314 3351 int need_magazine_resize = 0;
3315 3352
3316 3353 ASSERT(MUTEX_HELD(&kmem_cache_lock));
3317 3354
3318 3355 /*
3319 3356 * If the cache has become much larger or smaller than its hash table,
3320 3357 * fire off a request to rescale the hash table.
3321 3358 */
3322 3359 mutex_enter(&cp->cache_lock);
3323 3360
3324 3361 if ((cp->cache_flags & KMF_HASH) &&
3325 3362 (cp->cache_buftotal > (cp->cache_hash_mask << 1) ||
3326 3363 (cp->cache_buftotal < (cp->cache_hash_mask >> 1) &&
3327 3364 cp->cache_hash_mask > KMEM_HASH_INITIAL)))
3328 3365 need_hash_rescale = 1;
3329 3366
3330 3367 mutex_exit(&cp->cache_lock);
3331 3368
3332 3369 /*
3333 3370 * Update the depot working set statistics.
3334 3371 */
3335 3372 kmem_depot_ws_update(cp);
3336 3373
3337 3374 /*
3338 3375 * If there's a lot of contention in the depot,
3339 3376 * increase the magazine size.
3340 3377 */
3341 3378 mutex_enter(&cp->cache_depot_lock);
3342 3379
3343 3380 if (cp->cache_chunksize < cp->cache_magtype->mt_maxbuf &&
3344 3381 (int)(cp->cache_depot_contention -
3345 3382 cp->cache_depot_contention_prev) > kmem_depot_contention)
3346 3383 need_magazine_resize = 1;
3347 3384
3348 3385 cp->cache_depot_contention_prev = cp->cache_depot_contention;
3349 3386
3350 3387 mutex_exit(&cp->cache_depot_lock);
3351 3388
3352 3389 if (need_hash_rescale)
3353 3390 (void) taskq_dispatch(kmem_taskq,
3354 3391 (task_func_t *)kmem_hash_rescale, cp, TQ_NOSLEEP);
3355 3392
3356 3393 if (need_magazine_resize)
3357 3394 (void) taskq_dispatch(kmem_taskq,
3358 3395 (task_func_t *)kmem_cache_magazine_resize, cp, TQ_NOSLEEP);
3359 3396
3360 3397 if (cp->cache_defrag != NULL)
3361 3398 (void) taskq_dispatch(kmem_taskq,
3362 3399 (task_func_t *)kmem_cache_scan, cp, TQ_NOSLEEP);
3363 3400 }
3364 3401
3365 3402 static void kmem_update(void *);
3366 3403
3367 3404 static void
3368 3405 kmem_update_timeout(void *dummy)
3369 3406 {
3370 3407 (void) timeout(kmem_update, dummy, kmem_reap_interval);
3371 3408 }
3372 3409
3373 3410 static void
3374 3411 kmem_update(void *dummy)
3375 3412 {
3376 3413 kmem_cache_applyall(kmem_cache_update, NULL, TQ_NOSLEEP);
3377 3414
3378 3415 /*
3379 3416 * We use taskq_dispatch() to reschedule the timeout so that
3380 3417 * kmem_update() becomes self-throttling: it won't schedule
3381 3418 * new tasks until all previous tasks have completed.
3382 3419 */
3383 3420 if (taskq_dispatch(kmem_taskq, kmem_update_timeout, dummy, TQ_NOSLEEP)
3384 3421 == TASKQID_INVALID)
3385 3422 kmem_update_timeout(NULL);
3386 3423 }
3387 3424
3388 3425 static int
3389 3426 kmem_cache_kstat_update(kstat_t *ksp, int rw)
3390 3427 {
3391 3428 struct kmem_cache_kstat *kmcp = &kmem_cache_kstat;
3392 3429 kmem_cache_t *cp = ksp->ks_private;
3393 3430 uint64_t cpu_buf_avail;
3394 3431 uint64_t buf_avail = 0;
3395 3432 int cpu_seqid;
3396 3433 long reap;
3397 3434
3398 3435 ASSERT(MUTEX_HELD(&kmem_cache_kstat_lock));
3399 3436
3400 3437 if (rw == KSTAT_WRITE)
3401 3438 return (EACCES);
3402 3439
3403 3440 mutex_enter(&cp->cache_lock);
3404 3441
3405 3442 kmcp->kmc_alloc_fail.value.ui64 = cp->cache_alloc_fail;
3406 3443 kmcp->kmc_alloc.value.ui64 = cp->cache_slab_alloc;
3407 3444 kmcp->kmc_free.value.ui64 = cp->cache_slab_free;
3408 3445 kmcp->kmc_slab_alloc.value.ui64 = cp->cache_slab_alloc;
3409 3446 kmcp->kmc_slab_free.value.ui64 = cp->cache_slab_free;
3410 3447
3411 3448 for (cpu_seqid = 0; cpu_seqid < max_ncpus; cpu_seqid++) {
3412 3449 kmem_cpu_cache_t *ccp = &cp->cache_cpu[cpu_seqid];
3413 3450
3414 3451 mutex_enter(&ccp->cc_lock);
3415 3452
3416 3453 cpu_buf_avail = 0;
3417 3454 if (ccp->cc_rounds > 0)
3418 3455 cpu_buf_avail += ccp->cc_rounds;
3419 3456 if (ccp->cc_prounds > 0)
3420 3457 cpu_buf_avail += ccp->cc_prounds;
3421 3458
3422 3459 kmcp->kmc_alloc.value.ui64 += ccp->cc_alloc;
3423 3460 kmcp->kmc_free.value.ui64 += ccp->cc_free;
3424 3461 buf_avail += cpu_buf_avail;
3425 3462
3426 3463 mutex_exit(&ccp->cc_lock);
3427 3464 }
3428 3465
3429 3466 mutex_enter(&cp->cache_depot_lock);
3430 3467
3431 3468 kmcp->kmc_depot_alloc.value.ui64 = cp->cache_full.ml_alloc;
3432 3469 kmcp->kmc_depot_free.value.ui64 = cp->cache_empty.ml_alloc;
3433 3470 kmcp->kmc_depot_contention.value.ui64 = cp->cache_depot_contention;
3434 3471 kmcp->kmc_full_magazines.value.ui64 = cp->cache_full.ml_total;
3435 3472 kmcp->kmc_empty_magazines.value.ui64 = cp->cache_empty.ml_total;
3436 3473 kmcp->kmc_magazine_size.value.ui64 =
3437 3474 (cp->cache_flags & KMF_NOMAGAZINE) ?
3438 3475 0 : cp->cache_magtype->mt_magsize;
3439 3476
3440 3477 kmcp->kmc_alloc.value.ui64 += cp->cache_full.ml_alloc;
3441 3478 kmcp->kmc_free.value.ui64 += cp->cache_empty.ml_alloc;
3442 3479 buf_avail += cp->cache_full.ml_total * cp->cache_magtype->mt_magsize;
3443 3480
3444 3481 reap = MIN(cp->cache_full.ml_reaplimit, cp->cache_full.ml_min);
3445 3482 reap = MIN(reap, cp->cache_full.ml_total);
3446 3483
3447 3484 mutex_exit(&cp->cache_depot_lock);
3448 3485
3449 3486 kmcp->kmc_buf_size.value.ui64 = cp->cache_bufsize;
3450 3487 kmcp->kmc_align.value.ui64 = cp->cache_align;
3451 3488 kmcp->kmc_chunk_size.value.ui64 = cp->cache_chunksize;
3452 3489 kmcp->kmc_slab_size.value.ui64 = cp->cache_slabsize;
3453 3490 kmcp->kmc_buf_constructed.value.ui64 = buf_avail;
3454 3491 buf_avail += cp->cache_bufslab;
3455 3492 kmcp->kmc_buf_avail.value.ui64 = buf_avail;
3456 3493 kmcp->kmc_buf_inuse.value.ui64 = cp->cache_buftotal - buf_avail;
3457 3494 kmcp->kmc_buf_total.value.ui64 = cp->cache_buftotal;
3458 3495 kmcp->kmc_buf_max.value.ui64 = cp->cache_bufmax;
3459 3496 kmcp->kmc_slab_create.value.ui64 = cp->cache_slab_create;
3460 3497 kmcp->kmc_slab_destroy.value.ui64 = cp->cache_slab_destroy;
3461 3498 kmcp->kmc_hash_size.value.ui64 = (cp->cache_flags & KMF_HASH) ?
3462 3499 cp->cache_hash_mask + 1 : 0;
3463 3500 kmcp->kmc_hash_lookup_depth.value.ui64 = cp->cache_lookup_depth;
3464 3501 kmcp->kmc_hash_rescale.value.ui64 = cp->cache_rescale;
3465 3502 kmcp->kmc_vmem_source.value.ui64 = cp->cache_arena->vm_id;
3466 3503 kmcp->kmc_reap.value.ui64 = cp->cache_reap;
3467 3504
3468 3505 if (cp->cache_defrag == NULL) {
3469 3506 kmcp->kmc_move_callbacks.value.ui64 = 0;
3470 3507 kmcp->kmc_move_yes.value.ui64 = 0;
3471 3508 kmcp->kmc_move_no.value.ui64 = 0;
3472 3509 kmcp->kmc_move_later.value.ui64 = 0;
3473 3510 kmcp->kmc_move_dont_need.value.ui64 = 0;
3474 3511 kmcp->kmc_move_dont_know.value.ui64 = 0;
3475 3512 kmcp->kmc_move_hunt_found.value.ui64 = 0;
3476 3513 kmcp->kmc_move_slabs_freed.value.ui64 = 0;
3477 3514 kmcp->kmc_defrag.value.ui64 = 0;
3478 3515 kmcp->kmc_scan.value.ui64 = 0;
3479 3516 kmcp->kmc_move_reclaimable.value.ui64 = 0;
3480 3517 } else {
3481 3518 int64_t reclaimable;
3482 3519
3483 3520 kmem_defrag_t *kd = cp->cache_defrag;
3484 3521 kmcp->kmc_move_callbacks.value.ui64 = kd->kmd_callbacks;
3485 3522 kmcp->kmc_move_yes.value.ui64 = kd->kmd_yes;
3486 3523 kmcp->kmc_move_no.value.ui64 = kd->kmd_no;
3487 3524 kmcp->kmc_move_later.value.ui64 = kd->kmd_later;
3488 3525 kmcp->kmc_move_dont_need.value.ui64 = kd->kmd_dont_need;
3489 3526 kmcp->kmc_move_dont_know.value.ui64 = kd->kmd_dont_know;
3490 3527 kmcp->kmc_move_hunt_found.value.ui64 = 0;
3491 3528 kmcp->kmc_move_slabs_freed.value.ui64 = kd->kmd_slabs_freed;
3492 3529 kmcp->kmc_defrag.value.ui64 = kd->kmd_defrags;
3493 3530 kmcp->kmc_scan.value.ui64 = kd->kmd_scans;
3494 3531
3495 3532 reclaimable = cp->cache_bufslab - (cp->cache_maxchunks - 1);
3496 3533 reclaimable = MAX(reclaimable, 0);
3497 3534 reclaimable += ((uint64_t)reap * cp->cache_magtype->mt_magsize);
3498 3535 kmcp->kmc_move_reclaimable.value.ui64 = reclaimable;
3499 3536 }
3500 3537
3501 3538 mutex_exit(&cp->cache_lock);
3502 3539 return (0);
3503 3540 }
3504 3541
3505 3542 /*
3506 3543 * Return a named statistic about a particular cache.
3507 3544 * This shouldn't be called very often, so it's currently designed for
3508 3545 * simplicity (leverages existing kstat support) rather than efficiency.
3509 3546 */
3510 3547 uint64_t
3511 3548 kmem_cache_stat(kmem_cache_t *cp, char *name)
3512 3549 {
3513 3550 int i;
3514 3551 kstat_t *ksp = cp->cache_kstat;
3515 3552 kstat_named_t *knp = (kstat_named_t *)&kmem_cache_kstat;
3516 3553 uint64_t value = 0;
3517 3554
3518 3555 if (ksp != NULL) {
3519 3556 mutex_enter(&kmem_cache_kstat_lock);
3520 3557 (void) kmem_cache_kstat_update(ksp, KSTAT_READ);
3521 3558 for (i = 0; i < ksp->ks_ndata; i++) {
3522 3559 if (strcmp(knp[i].name, name) == 0) {
3523 3560 value = knp[i].value.ui64;
3524 3561 break;
3525 3562 }
3526 3563 }
3527 3564 mutex_exit(&kmem_cache_kstat_lock);
3528 3565 }
3529 3566 return (value);
3530 3567 }
3531 3568
3532 3569 /*
3533 3570 * Return an estimate of currently available kernel heap memory.
3534 3571 * On 32-bit systems, physical memory may exceed virtual memory,
3535 3572 * we just truncate the result at 1GB.
3536 3573 */
3537 3574 size_t
3538 3575 kmem_avail(void)
3539 3576 {
3540 3577 spgcnt_t rmem = availrmem - tune.t_minarmem;
3541 3578 spgcnt_t fmem = freemem - minfree;
3542 3579
3543 3580 return ((size_t)ptob(MIN(MAX(MIN(rmem, fmem), 0),
3544 3581 1 << (30 - PAGESHIFT))));
3545 3582 }
3546 3583
3547 3584 /*
3548 3585 * Return the maximum amount of memory that is (in theory) allocatable
3549 3586 * from the heap. This may be used as an estimate only since there
3550 3587 * is no guarentee this space will still be available when an allocation
3551 3588 * request is made, nor that the space may be allocated in one big request
3552 3589 * due to kernel heap fragmentation.
3553 3590 */
3554 3591 size_t
3555 3592 kmem_maxavail(void)
3556 3593 {
3557 3594 spgcnt_t pmem = availrmem - tune.t_minarmem;
3558 3595 spgcnt_t vmem = btop(vmem_size(heap_arena, VMEM_FREE));
3559 3596
3560 3597 return ((size_t)ptob(MAX(MIN(pmem, vmem), 0)));
3561 3598 }
3562 3599
3563 3600 /*
3564 3601 * Indicate whether memory-intensive kmem debugging is enabled.
3565 3602 */
3566 3603 int
3567 3604 kmem_debugging(void)
3568 3605 {
3569 3606 return (kmem_flags & (KMF_AUDIT | KMF_REDZONE));
3570 3607 }
3571 3608
3572 3609 /* binning function, sorts finely at the two extremes */
3573 3610 #define KMEM_PARTIAL_SLAB_WEIGHT(sp, binshift) \
3574 3611 ((((sp)->slab_refcnt <= (binshift)) || \
3575 3612 (((sp)->slab_chunks - (sp)->slab_refcnt) <= (binshift))) \
3576 3613 ? -(sp)->slab_refcnt \
3577 3614 : -((binshift) + ((sp)->slab_refcnt >> (binshift))))
3578 3615
3579 3616 /*
3580 3617 * Minimizing the number of partial slabs on the freelist minimizes
3581 3618 * fragmentation (the ratio of unused buffers held by the slab layer). There are
3582 3619 * two ways to get a slab off of the freelist: 1) free all the buffers on the
3583 3620 * slab, and 2) allocate all the buffers on the slab. It follows that we want
3584 3621 * the most-used slabs at the front of the list where they have the best chance
3585 3622 * of being completely allocated, and the least-used slabs at a safe distance
3586 3623 * from the front to improve the odds that the few remaining buffers will all be
3587 3624 * freed before another allocation can tie up the slab. For that reason a slab
3588 3625 * with a higher slab_refcnt sorts less than than a slab with a lower
3589 3626 * slab_refcnt.
3590 3627 *
3591 3628 * However, if a slab has at least one buffer that is deemed unfreeable, we
3592 3629 * would rather have that slab at the front of the list regardless of
3593 3630 * slab_refcnt, since even one unfreeable buffer makes the entire slab
3594 3631 * unfreeable. If the client returns KMEM_CBRC_NO in response to a cache_move()
3595 3632 * callback, the slab is marked unfreeable for as long as it remains on the
3596 3633 * freelist.
3597 3634 */
3598 3635 static int
3599 3636 kmem_partial_slab_cmp(const void *p0, const void *p1)
3600 3637 {
3601 3638 const kmem_cache_t *cp;
3602 3639 const kmem_slab_t *s0 = p0;
3603 3640 const kmem_slab_t *s1 = p1;
3604 3641 int w0, w1;
3605 3642 size_t binshift;
3606 3643
3607 3644 ASSERT(KMEM_SLAB_IS_PARTIAL(s0));
3608 3645 ASSERT(KMEM_SLAB_IS_PARTIAL(s1));
3609 3646 ASSERT(s0->slab_cache == s1->slab_cache);
3610 3647 cp = s1->slab_cache;
3611 3648 ASSERT(MUTEX_HELD(&cp->cache_lock));
3612 3649 binshift = cp->cache_partial_binshift;
3613 3650
3614 3651 /* weight of first slab */
3615 3652 w0 = KMEM_PARTIAL_SLAB_WEIGHT(s0, binshift);
3616 3653 if (s0->slab_flags & KMEM_SLAB_NOMOVE) {
3617 3654 w0 -= cp->cache_maxchunks;
3618 3655 }
3619 3656
3620 3657 /* weight of second slab */
3621 3658 w1 = KMEM_PARTIAL_SLAB_WEIGHT(s1, binshift);
3622 3659 if (s1->slab_flags & KMEM_SLAB_NOMOVE) {
3623 3660 w1 -= cp->cache_maxchunks;
3624 3661 }
3625 3662
3626 3663 if (w0 < w1)
3627 3664 return (-1);
3628 3665 if (w0 > w1)
3629 3666 return (1);
3630 3667
3631 3668 /* compare pointer values */
3632 3669 if ((uintptr_t)s0 < (uintptr_t)s1)
3633 3670 return (-1);
3634 3671 if ((uintptr_t)s0 > (uintptr_t)s1)
3635 3672 return (1);
3636 3673
3637 3674 return (0);
3638 3675 }
3639 3676
3640 3677 /*
3641 3678 * It must be valid to call the destructor (if any) on a newly created object.
3642 3679 * That is, the constructor (if any) must leave the object in a valid state for
3643 3680 * the destructor.
3644 3681 */
3645 3682 kmem_cache_t *
3646 3683 kmem_cache_create(
3647 3684 char *name, /* descriptive name for this cache */
3648 3685 size_t bufsize, /* size of the objects it manages */
3649 3686 size_t align, /* required object alignment */
3650 3687 int (*constructor)(void *, void *, int), /* object constructor */
3651 3688 void (*destructor)(void *, void *), /* object destructor */
3652 3689 void (*reclaim)(void *), /* memory reclaim callback */
3653 3690 void *private, /* pass-thru arg for constr/destr/reclaim */
3654 3691 vmem_t *vmp, /* vmem source for slab allocation */
3655 3692 int cflags) /* cache creation flags */
3656 3693 {
3657 3694 int cpu_seqid;
3658 3695 size_t chunksize;
3659 3696 kmem_cache_t *cp;
3660 3697 kmem_magtype_t *mtp;
3661 3698 size_t csize = KMEM_CACHE_SIZE(max_ncpus);
3662 3699
3663 3700 #ifdef DEBUG
3664 3701 /*
3665 3702 * Cache names should conform to the rules for valid C identifiers
3666 3703 */
3667 3704 if (!strident_valid(name)) {
3668 3705 cmn_err(CE_CONT,
3669 3706 "kmem_cache_create: '%s' is an invalid cache name\n"
3670 3707 "cache names must conform to the rules for "
3671 3708 "C identifiers\n", name);
3672 3709 }
3673 3710 #endif /* DEBUG */
3674 3711
3675 3712 if (vmp == NULL)
3676 3713 vmp = kmem_default_arena;
3677 3714
3678 3715 /*
3679 3716 * If this kmem cache has an identifier vmem arena as its source, mark
3680 3717 * it such to allow kmem_reap_idspace().
3681 3718 */
3682 3719 ASSERT(!(cflags & KMC_IDENTIFIER)); /* consumer should not set this */
3683 3720 if (vmp->vm_cflags & VMC_IDENTIFIER)
3684 3721 cflags |= KMC_IDENTIFIER;
3685 3722
3686 3723 /*
3687 3724 * Get a kmem_cache structure. We arrange that cp->cache_cpu[]
3688 3725 * is aligned on a KMEM_CPU_CACHE_SIZE boundary to prevent
3689 3726 * false sharing of per-CPU data.
3690 3727 */
3691 3728 cp = vmem_xalloc(kmem_cache_arena, csize, KMEM_CPU_CACHE_SIZE,
3692 3729 P2NPHASE(csize, KMEM_CPU_CACHE_SIZE), 0, NULL, NULL, VM_SLEEP);
3693 3730 bzero(cp, csize);
3694 3731 list_link_init(&cp->cache_link);
3695 3732
3696 3733 if (align == 0)
3697 3734 align = KMEM_ALIGN;
3698 3735
3699 3736 /*
3700 3737 * If we're not at least KMEM_ALIGN aligned, we can't use free
3701 3738 * memory to hold bufctl information (because we can't safely
3702 3739 * perform word loads and stores on it).
3703 3740 */
3704 3741 if (align < KMEM_ALIGN)
3705 3742 cflags |= KMC_NOTOUCH;
3706 3743
3707 3744 if (!ISP2(align) || align > vmp->vm_quantum)
3708 3745 panic("kmem_cache_create: bad alignment %lu", align);
3709 3746
3710 3747 mutex_enter(&kmem_flags_lock);
3711 3748 if (kmem_flags & KMF_RANDOMIZE)
3712 3749 kmem_flags = (((kmem_flags | ~KMF_RANDOM) + 1) & KMF_RANDOM) |
3713 3750 KMF_RANDOMIZE;
3714 3751 cp->cache_flags = (kmem_flags | cflags) & KMF_DEBUG;
3715 3752 mutex_exit(&kmem_flags_lock);
3716 3753
3717 3754 /*
3718 3755 * Make sure all the various flags are reasonable.
3719 3756 */
3720 3757 ASSERT(!(cflags & KMC_NOHASH) || !(cflags & KMC_NOTOUCH));
3721 3758
3722 3759 if (cp->cache_flags & KMF_LITE) {
3723 3760 if (bufsize >= kmem_lite_minsize &&
3724 3761 align <= kmem_lite_maxalign &&
3725 3762 P2PHASE(bufsize, kmem_lite_maxalign) != 0) {
3726 3763 cp->cache_flags |= KMF_BUFTAG;
3727 3764 cp->cache_flags &= ~(KMF_AUDIT | KMF_FIREWALL);
3728 3765 } else {
3729 3766 cp->cache_flags &= ~KMF_DEBUG;
3730 3767 }
3731 3768 }
3732 3769
3733 3770 if (cp->cache_flags & KMF_DEADBEEF)
3734 3771 cp->cache_flags |= KMF_REDZONE;
3735 3772
3736 3773 if ((cflags & KMC_QCACHE) && (cp->cache_flags & KMF_AUDIT))
3737 3774 cp->cache_flags |= KMF_NOMAGAZINE;
3738 3775
3739 3776 if (cflags & KMC_NODEBUG)
3740 3777 cp->cache_flags &= ~KMF_DEBUG;
3741 3778
3742 3779 if (cflags & KMC_NOTOUCH)
3743 3780 cp->cache_flags &= ~KMF_TOUCH;
3744 3781
3745 3782 if (cflags & KMC_PREFILL)
3746 3783 cp->cache_flags |= KMF_PREFILL;
3747 3784
3748 3785 if (cflags & KMC_NOHASH)
3749 3786 cp->cache_flags &= ~(KMF_AUDIT | KMF_FIREWALL);
3750 3787
3751 3788 if (cflags & KMC_NOMAGAZINE)
3752 3789 cp->cache_flags |= KMF_NOMAGAZINE;
3753 3790
3754 3791 if ((cp->cache_flags & KMF_AUDIT) && !(cflags & KMC_NOTOUCH))
3755 3792 cp->cache_flags |= KMF_REDZONE;
3756 3793
3757 3794 if (!(cp->cache_flags & KMF_AUDIT))
3758 3795 cp->cache_flags &= ~KMF_CONTENTS;
3759 3796
3760 3797 if ((cp->cache_flags & KMF_BUFTAG) && bufsize >= kmem_minfirewall &&
3761 3798 !(cp->cache_flags & KMF_LITE) && !(cflags & KMC_NOHASH))
3762 3799 cp->cache_flags |= KMF_FIREWALL;
3763 3800
3764 3801 if (vmp != kmem_default_arena || kmem_firewall_arena == NULL)
3765 3802 cp->cache_flags &= ~KMF_FIREWALL;
3766 3803
3767 3804 if (cp->cache_flags & KMF_FIREWALL) {
3768 3805 cp->cache_flags &= ~KMF_BUFTAG;
3769 3806 cp->cache_flags |= KMF_NOMAGAZINE;
3770 3807 ASSERT(vmp == kmem_default_arena);
3771 3808 vmp = kmem_firewall_arena;
3772 3809 }
3773 3810
3774 3811 /*
3775 3812 * Set cache properties.
3776 3813 */
3777 3814 (void) strncpy(cp->cache_name, name, KMEM_CACHE_NAMELEN);
3778 3815 strident_canon(cp->cache_name, KMEM_CACHE_NAMELEN + 1);
3779 3816 cp->cache_bufsize = bufsize;
3780 3817 cp->cache_align = align;
3781 3818 cp->cache_constructor = constructor;
3782 3819 cp->cache_destructor = destructor;
3783 3820 cp->cache_reclaim = reclaim;
3784 3821 cp->cache_private = private;
3785 3822 cp->cache_arena = vmp;
3786 3823 cp->cache_cflags = cflags;
3787 3824
3788 3825 /*
3789 3826 * Determine the chunk size.
3790 3827 */
3791 3828 chunksize = bufsize;
3792 3829
3793 3830 if (align >= KMEM_ALIGN) {
3794 3831 chunksize = P2ROUNDUP(chunksize, KMEM_ALIGN);
3795 3832 cp->cache_bufctl = chunksize - KMEM_ALIGN;
3796 3833 }
3797 3834
3798 3835 if (cp->cache_flags & KMF_BUFTAG) {
3799 3836 cp->cache_bufctl = chunksize;
3800 3837 cp->cache_buftag = chunksize;
3801 3838 if (cp->cache_flags & KMF_LITE)
3802 3839 chunksize += KMEM_BUFTAG_LITE_SIZE(kmem_lite_count);
3803 3840 else
3804 3841 chunksize += sizeof (kmem_buftag_t);
3805 3842 }
3806 3843
3807 3844 if (cp->cache_flags & KMF_DEADBEEF) {
3808 3845 cp->cache_verify = MIN(cp->cache_buftag, kmem_maxverify);
3809 3846 if (cp->cache_flags & KMF_LITE)
3810 3847 cp->cache_verify = sizeof (uint64_t);
3811 3848 }
3812 3849
3813 3850 cp->cache_contents = MIN(cp->cache_bufctl, kmem_content_maxsave);
3814 3851
3815 3852 cp->cache_chunksize = chunksize = P2ROUNDUP(chunksize, align);
3816 3853
3817 3854 /*
3818 3855 * Now that we know the chunk size, determine the optimal slab size.
3819 3856 */
3820 3857 if (vmp == kmem_firewall_arena) {
3821 3858 cp->cache_slabsize = P2ROUNDUP(chunksize, vmp->vm_quantum);
3822 3859 cp->cache_mincolor = cp->cache_slabsize - chunksize;
3823 3860 cp->cache_maxcolor = cp->cache_mincolor;
3824 3861 cp->cache_flags |= KMF_HASH;
3825 3862 ASSERT(!(cp->cache_flags & KMF_BUFTAG));
3826 3863 } else if ((cflags & KMC_NOHASH) || (!(cflags & KMC_NOTOUCH) &&
3827 3864 !(cp->cache_flags & KMF_AUDIT) &&
3828 3865 chunksize < vmp->vm_quantum / KMEM_VOID_FRACTION)) {
3829 3866 cp->cache_slabsize = vmp->vm_quantum;
3830 3867 cp->cache_mincolor = 0;
3831 3868 cp->cache_maxcolor =
3832 3869 (cp->cache_slabsize - sizeof (kmem_slab_t)) % chunksize;
3833 3870 ASSERT(chunksize + sizeof (kmem_slab_t) <= cp->cache_slabsize);
3834 3871 ASSERT(!(cp->cache_flags & KMF_AUDIT));
3835 3872 } else {
3836 3873 size_t chunks, bestfit, waste, slabsize;
3837 3874 size_t minwaste = LONG_MAX;
3838 3875
3839 3876 for (chunks = 1; chunks <= KMEM_VOID_FRACTION; chunks++) {
3840 3877 slabsize = P2ROUNDUP(chunksize * chunks,
3841 3878 vmp->vm_quantum);
3842 3879 chunks = slabsize / chunksize;
3843 3880 waste = (slabsize % chunksize) / chunks;
3844 3881 if (waste < minwaste) {
3845 3882 minwaste = waste;
3846 3883 bestfit = slabsize;
3847 3884 }
3848 3885 }
3849 3886 if (cflags & KMC_QCACHE)
3850 3887 bestfit = VMEM_QCACHE_SLABSIZE(vmp->vm_qcache_max);
3851 3888 cp->cache_slabsize = bestfit;
3852 3889 cp->cache_mincolor = 0;
3853 3890 cp->cache_maxcolor = bestfit % chunksize;
3854 3891 cp->cache_flags |= KMF_HASH;
3855 3892 }
3856 3893
3857 3894 cp->cache_maxchunks = (cp->cache_slabsize / cp->cache_chunksize);
3858 3895 cp->cache_partial_binshift = highbit(cp->cache_maxchunks / 16) + 1;
3859 3896
3860 3897 /*
3861 3898 * Disallowing prefill when either the DEBUG or HASH flag is set or when
3862 3899 * there is a constructor avoids some tricky issues with debug setup
3863 3900 * that may be revisited later. We cannot allow prefill in a
3864 3901 * metadata cache because of potential recursion.
3865 3902 */
3866 3903 if (vmp == kmem_msb_arena ||
3867 3904 cp->cache_flags & (KMF_HASH | KMF_BUFTAG) ||
3868 3905 cp->cache_constructor != NULL)
3869 3906 cp->cache_flags &= ~KMF_PREFILL;
3870 3907
3871 3908 if (cp->cache_flags & KMF_HASH) {
3872 3909 ASSERT(!(cflags & KMC_NOHASH));
3873 3910 cp->cache_bufctl_cache = (cp->cache_flags & KMF_AUDIT) ?
3874 3911 kmem_bufctl_audit_cache : kmem_bufctl_cache;
3875 3912 }
3876 3913
3877 3914 if (cp->cache_maxcolor >= vmp->vm_quantum)
3878 3915 cp->cache_maxcolor = vmp->vm_quantum - 1;
3879 3916
3880 3917 cp->cache_color = cp->cache_mincolor;
3881 3918
3882 3919 /*
3883 3920 * Initialize the rest of the slab layer.
3884 3921 */
3885 3922 mutex_init(&cp->cache_lock, NULL, MUTEX_DEFAULT, NULL);
3886 3923
3887 3924 avl_create(&cp->cache_partial_slabs, kmem_partial_slab_cmp,
3888 3925 sizeof (kmem_slab_t), offsetof(kmem_slab_t, slab_link));
3889 3926 /* LINTED: E_TRUE_LOGICAL_EXPR */
3890 3927 ASSERT(sizeof (list_node_t) <= sizeof (avl_node_t));
3891 3928 /* reuse partial slab AVL linkage for complete slab list linkage */
3892 3929 list_create(&cp->cache_complete_slabs,
3893 3930 sizeof (kmem_slab_t), offsetof(kmem_slab_t, slab_link));
3894 3931
3895 3932 if (cp->cache_flags & KMF_HASH) {
3896 3933 cp->cache_hash_table = vmem_alloc(kmem_hash_arena,
3897 3934 KMEM_HASH_INITIAL * sizeof (void *), VM_SLEEP);
3898 3935 bzero(cp->cache_hash_table,
3899 3936 KMEM_HASH_INITIAL * sizeof (void *));
3900 3937 cp->cache_hash_mask = KMEM_HASH_INITIAL - 1;
3901 3938 cp->cache_hash_shift = highbit((ulong_t)chunksize) - 1;
3902 3939 }
3903 3940
3904 3941 /*
3905 3942 * Initialize the depot.
3906 3943 */
3907 3944 mutex_init(&cp->cache_depot_lock, NULL, MUTEX_DEFAULT, NULL);
3908 3945
3909 3946 for (mtp = kmem_magtype; chunksize <= mtp->mt_minbuf; mtp++)
3910 3947 continue;
3911 3948
3912 3949 cp->cache_magtype = mtp;
3913 3950
3914 3951 /*
3915 3952 * Initialize the CPU layer.
3916 3953 */
3917 3954 for (cpu_seqid = 0; cpu_seqid < max_ncpus; cpu_seqid++) {
3918 3955 kmem_cpu_cache_t *ccp = &cp->cache_cpu[cpu_seqid];
3919 3956 mutex_init(&ccp->cc_lock, NULL, MUTEX_DEFAULT, NULL);
3920 3957 ccp->cc_flags = cp->cache_flags;
3921 3958 ccp->cc_rounds = -1;
3922 3959 ccp->cc_prounds = -1;
3923 3960 }
3924 3961
3925 3962 /*
3926 3963 * Create the cache's kstats.
3927 3964 */
3928 3965 if ((cp->cache_kstat = kstat_create("unix", 0, cp->cache_name,
3929 3966 "kmem_cache", KSTAT_TYPE_NAMED,
3930 3967 sizeof (kmem_cache_kstat) / sizeof (kstat_named_t),
3931 3968 KSTAT_FLAG_VIRTUAL)) != NULL) {
3932 3969 cp->cache_kstat->ks_data = &kmem_cache_kstat;
3933 3970 cp->cache_kstat->ks_update = kmem_cache_kstat_update;
3934 3971 cp->cache_kstat->ks_private = cp;
3935 3972 cp->cache_kstat->ks_lock = &kmem_cache_kstat_lock;
3936 3973 kstat_install(cp->cache_kstat);
3937 3974 }
3938 3975
3939 3976 /*
3940 3977 * Add the cache to the global list. This makes it visible
3941 3978 * to kmem_update(), so the cache must be ready for business.
3942 3979 */
3943 3980 mutex_enter(&kmem_cache_lock);
3944 3981 list_insert_tail(&kmem_caches, cp);
3945 3982 mutex_exit(&kmem_cache_lock);
3946 3983
3947 3984 if (kmem_ready)
3948 3985 kmem_cache_magazine_enable(cp);
3949 3986
3950 3987 return (cp);
3951 3988 }
3952 3989
3953 3990 static int
3954 3991 kmem_move_cmp(const void *buf, const void *p)
3955 3992 {
3956 3993 const kmem_move_t *kmm = p;
3957 3994 uintptr_t v1 = (uintptr_t)buf;
3958 3995 uintptr_t v2 = (uintptr_t)kmm->kmm_from_buf;
3959 3996 return (v1 < v2 ? -1 : (v1 > v2 ? 1 : 0));
3960 3997 }
3961 3998
3962 3999 static void
3963 4000 kmem_reset_reclaim_threshold(kmem_defrag_t *kmd)
3964 4001 {
3965 4002 kmd->kmd_reclaim_numer = 1;
3966 4003 }
3967 4004
3968 4005 /*
3969 4006 * Initially, when choosing candidate slabs for buffers to move, we want to be
3970 4007 * very selective and take only slabs that are less than
3971 4008 * (1 / KMEM_VOID_FRACTION) allocated. If we have difficulty finding candidate
3972 4009 * slabs, then we raise the allocation ceiling incrementally. The reclaim
3973 4010 * threshold is reset to (1 / KMEM_VOID_FRACTION) as soon as the cache is no
3974 4011 * longer fragmented.
3975 4012 */
3976 4013 static void
3977 4014 kmem_adjust_reclaim_threshold(kmem_defrag_t *kmd, int direction)
3978 4015 {
3979 4016 if (direction > 0) {
3980 4017 /* make it easier to find a candidate slab */
3981 4018 if (kmd->kmd_reclaim_numer < (KMEM_VOID_FRACTION - 1)) {
3982 4019 kmd->kmd_reclaim_numer++;
3983 4020 }
3984 4021 } else {
3985 4022 /* be more selective */
3986 4023 if (kmd->kmd_reclaim_numer > 1) {
3987 4024 kmd->kmd_reclaim_numer--;
3988 4025 }
3989 4026 }
3990 4027 }
3991 4028
3992 4029 void
3993 4030 kmem_cache_set_move(kmem_cache_t *cp,
3994 4031 kmem_cbrc_t (*move)(void *, void *, size_t, void *))
3995 4032 {
3996 4033 kmem_defrag_t *defrag;
3997 4034
3998 4035 ASSERT(move != NULL);
3999 4036 /*
4000 4037 * The consolidator does not support NOTOUCH caches because kmem cannot
4001 4038 * initialize their slabs with the 0xbaddcafe memory pattern, which sets
4002 4039 * a low order bit usable by clients to distinguish uninitialized memory
4003 4040 * from known objects (see kmem_slab_create).
4004 4041 */
4005 4042 ASSERT(!(cp->cache_cflags & KMC_NOTOUCH));
4006 4043 ASSERT(!(cp->cache_cflags & KMC_IDENTIFIER));
4007 4044
4008 4045 /*
4009 4046 * We should not be holding anyone's cache lock when calling
4010 4047 * kmem_cache_alloc(), so allocate in all cases before acquiring the
4011 4048 * lock.
4012 4049 */
4013 4050 defrag = kmem_cache_alloc(kmem_defrag_cache, KM_SLEEP);
4014 4051
4015 4052 mutex_enter(&cp->cache_lock);
4016 4053
4017 4054 if (KMEM_IS_MOVABLE(cp)) {
4018 4055 if (cp->cache_move == NULL) {
4019 4056 ASSERT(cp->cache_slab_alloc == 0);
4020 4057
4021 4058 cp->cache_defrag = defrag;
4022 4059 defrag = NULL; /* nothing to free */
4023 4060 bzero(cp->cache_defrag, sizeof (kmem_defrag_t));
4024 4061 avl_create(&cp->cache_defrag->kmd_moves_pending,
4025 4062 kmem_move_cmp, sizeof (kmem_move_t),
4026 4063 offsetof(kmem_move_t, kmm_entry));
4027 4064 /* LINTED: E_TRUE_LOGICAL_EXPR */
4028 4065 ASSERT(sizeof (list_node_t) <= sizeof (avl_node_t));
4029 4066 /* reuse the slab's AVL linkage for deadlist linkage */
4030 4067 list_create(&cp->cache_defrag->kmd_deadlist,
4031 4068 sizeof (kmem_slab_t),
4032 4069 offsetof(kmem_slab_t, slab_link));
4033 4070 kmem_reset_reclaim_threshold(cp->cache_defrag);
4034 4071 }
4035 4072 cp->cache_move = move;
4036 4073 }
4037 4074
4038 4075 mutex_exit(&cp->cache_lock);
4039 4076
4040 4077 if (defrag != NULL) {
4041 4078 kmem_cache_free(kmem_defrag_cache, defrag); /* unused */
4042 4079 }
4043 4080 }
4044 4081
4045 4082 void
4046 4083 kmem_cache_destroy(kmem_cache_t *cp)
4047 4084 {
4048 4085 int cpu_seqid;
4049 4086
4050 4087 /*
4051 4088 * Remove the cache from the global cache list so that no one else
4052 4089 * can schedule tasks on its behalf, wait for any pending tasks to
4053 4090 * complete, purge the cache, and then destroy it.
4054 4091 */
4055 4092 mutex_enter(&kmem_cache_lock);
4056 4093 list_remove(&kmem_caches, cp);
4057 4094 mutex_exit(&kmem_cache_lock);
4058 4095
4059 4096 if (kmem_taskq != NULL)
4060 4097 taskq_wait(kmem_taskq);
4061 4098
4062 4099 if (kmem_move_taskq != NULL && cp->cache_defrag != NULL)
4063 4100 taskq_wait(kmem_move_taskq);
4064 4101
4065 4102 kmem_cache_magazine_purge(cp);
4066 4103
4067 4104 mutex_enter(&cp->cache_lock);
4068 4105 if (cp->cache_buftotal != 0)
4069 4106 cmn_err(CE_WARN, "kmem_cache_destroy: '%s' (%p) not empty",
4070 4107 cp->cache_name, (void *)cp);
4071 4108 if (cp->cache_defrag != NULL) {
4072 4109 avl_destroy(&cp->cache_defrag->kmd_moves_pending);
4073 4110 list_destroy(&cp->cache_defrag->kmd_deadlist);
4074 4111 kmem_cache_free(kmem_defrag_cache, cp->cache_defrag);
4075 4112 cp->cache_defrag = NULL;
4076 4113 }
4077 4114 /*
4078 4115 * The cache is now dead. There should be no further activity. We
4079 4116 * enforce this by setting land mines in the constructor, destructor,
4080 4117 * reclaim, and move routines that induce a kernel text fault if
4081 4118 * invoked.
4082 4119 */
4083 4120 cp->cache_constructor = (int (*)(void *, void *, int))1;
4084 4121 cp->cache_destructor = (void (*)(void *, void *))2;
4085 4122 cp->cache_reclaim = (void (*)(void *))3;
4086 4123 cp->cache_move = (kmem_cbrc_t (*)(void *, void *, size_t, void *))4;
4087 4124 mutex_exit(&cp->cache_lock);
4088 4125
4089 4126 kstat_delete(cp->cache_kstat);
4090 4127
4091 4128 if (cp->cache_hash_table != NULL)
4092 4129 vmem_free(kmem_hash_arena, cp->cache_hash_table,
4093 4130 (cp->cache_hash_mask + 1) * sizeof (void *));
4094 4131
4095 4132 for (cpu_seqid = 0; cpu_seqid < max_ncpus; cpu_seqid++)
4096 4133 mutex_destroy(&cp->cache_cpu[cpu_seqid].cc_lock);
4097 4134
4098 4135 mutex_destroy(&cp->cache_depot_lock);
4099 4136 mutex_destroy(&cp->cache_lock);
4100 4137
4101 4138 vmem_free(kmem_cache_arena, cp, KMEM_CACHE_SIZE(max_ncpus));
4102 4139 }
4103 4140
4104 4141 /*ARGSUSED*/
4105 4142 static int
4106 4143 kmem_cpu_setup(cpu_setup_t what, int id, void *arg)
4107 4144 {
4108 4145 ASSERT(MUTEX_HELD(&cpu_lock));
4109 4146 if (what == CPU_UNCONFIG) {
4110 4147 kmem_cache_applyall(kmem_cache_magazine_purge,
4111 4148 kmem_taskq, TQ_SLEEP);
4112 4149 kmem_cache_applyall(kmem_cache_magazine_enable,
4113 4150 kmem_taskq, TQ_SLEEP);
4114 4151 }
4115 4152 return (0);
4116 4153 }
4117 4154
4118 4155 static void
4119 4156 kmem_alloc_caches_create(const int *array, size_t count,
4120 4157 kmem_cache_t **alloc_table, size_t maxbuf, uint_t shift)
4121 4158 {
4122 4159 char name[KMEM_CACHE_NAMELEN + 1];
4123 4160 size_t table_unit = (1 << shift); /* range of one alloc_table entry */
4124 4161 size_t size = table_unit;
4125 4162 int i;
4126 4163
4127 4164 for (i = 0; i < count; i++) {
4128 4165 size_t cache_size = array[i];
4129 4166 size_t align = KMEM_ALIGN;
4130 4167 kmem_cache_t *cp;
4131 4168
4132 4169 /* if the table has an entry for maxbuf, we're done */
4133 4170 if (size > maxbuf)
4134 4171 break;
4135 4172
4136 4173 /* cache size must be a multiple of the table unit */
4137 4174 ASSERT(P2PHASE(cache_size, table_unit) == 0);
4138 4175
4139 4176 /*
4140 4177 * If they allocate a multiple of the coherency granularity,
4141 4178 * they get a coherency-granularity-aligned address.
4142 4179 */
4143 4180 if (IS_P2ALIGNED(cache_size, 64))
4144 4181 align = 64;
4145 4182 if (IS_P2ALIGNED(cache_size, PAGESIZE))
4146 4183 align = PAGESIZE;
4147 4184 (void) snprintf(name, sizeof (name),
4148 4185 "kmem_alloc_%lu", cache_size);
4149 4186 cp = kmem_cache_create(name, cache_size, align,
4150 4187 NULL, NULL, NULL, NULL, NULL, KMC_KMEM_ALLOC);
4151 4188
4152 4189 while (size <= cache_size) {
4153 4190 alloc_table[(size - 1) >> shift] = cp;
4154 4191 size += table_unit;
4155 4192 }
4156 4193 }
4157 4194
4158 4195 ASSERT(size > maxbuf); /* i.e. maxbuf <= max(cache_size) */
4159 4196 }
4160 4197
4161 4198 static void
4162 4199 kmem_cache_init(int pass, int use_large_pages)
4163 4200 {
4164 4201 int i;
4165 4202 size_t maxbuf;
4166 4203 kmem_magtype_t *mtp;
4167 4204
4168 4205 for (i = 0; i < sizeof (kmem_magtype) / sizeof (*mtp); i++) {
4169 4206 char name[KMEM_CACHE_NAMELEN + 1];
4170 4207
4171 4208 mtp = &kmem_magtype[i];
4172 4209 (void) sprintf(name, "kmem_magazine_%d", mtp->mt_magsize);
4173 4210 mtp->mt_cache = kmem_cache_create(name,
4174 4211 (mtp->mt_magsize + 1) * sizeof (void *),
4175 4212 mtp->mt_align, NULL, NULL, NULL, NULL,
4176 4213 kmem_msb_arena, KMC_NOHASH);
4177 4214 }
4178 4215
4179 4216 kmem_slab_cache = kmem_cache_create("kmem_slab_cache",
4180 4217 sizeof (kmem_slab_t), 0, NULL, NULL, NULL, NULL,
4181 4218 kmem_msb_arena, KMC_NOHASH);
4182 4219
4183 4220 kmem_bufctl_cache = kmem_cache_create("kmem_bufctl_cache",
4184 4221 sizeof (kmem_bufctl_t), 0, NULL, NULL, NULL, NULL,
4185 4222 kmem_msb_arena, KMC_NOHASH);
4186 4223
4187 4224 kmem_bufctl_audit_cache = kmem_cache_create("kmem_bufctl_audit_cache",
4188 4225 sizeof (kmem_bufctl_audit_t), 0, NULL, NULL, NULL, NULL,
4189 4226 kmem_msb_arena, KMC_NOHASH);
4190 4227
4191 4228 if (pass == 2) {
4192 4229 kmem_va_arena = vmem_create("kmem_va",
4193 4230 NULL, 0, PAGESIZE,
4194 4231 vmem_alloc, vmem_free, heap_arena,
4195 4232 8 * PAGESIZE, VM_SLEEP);
4196 4233
4197 4234 if (use_large_pages) {
4198 4235 kmem_default_arena = vmem_xcreate("kmem_default",
4199 4236 NULL, 0, PAGESIZE,
4200 4237 segkmem_alloc_lp, segkmem_free_lp, kmem_va_arena,
4201 4238 0, VMC_DUMPSAFE | VM_SLEEP);
4202 4239 } else {
4203 4240 kmem_default_arena = vmem_create("kmem_default",
4204 4241 NULL, 0, PAGESIZE,
4205 4242 segkmem_alloc, segkmem_free, kmem_va_arena,
4206 4243 0, VMC_DUMPSAFE | VM_SLEEP);
4207 4244 }
4208 4245
4209 4246 /* Figure out what our maximum cache size is */
4210 4247 maxbuf = kmem_max_cached;
4211 4248 if (maxbuf <= KMEM_MAXBUF) {
4212 4249 maxbuf = 0;
4213 4250 kmem_max_cached = KMEM_MAXBUF;
4214 4251 } else {
4215 4252 size_t size = 0;
4216 4253 size_t max =
4217 4254 sizeof (kmem_big_alloc_sizes) / sizeof (int);
4218 4255 /*
4219 4256 * Round maxbuf up to an existing cache size. If maxbuf
4220 4257 * is larger than the largest cache, we truncate it to
4221 4258 * the largest cache's size.
4222 4259 */
4223 4260 for (i = 0; i < max; i++) {
4224 4261 size = kmem_big_alloc_sizes[i];
4225 4262 if (maxbuf <= size)
4226 4263 break;
4227 4264 }
4228 4265 kmem_max_cached = maxbuf = size;
4229 4266 }
4230 4267
4231 4268 /*
4232 4269 * The big alloc table may not be completely overwritten, so
4233 4270 * we clear out any stale cache pointers from the first pass.
4234 4271 */
4235 4272 bzero(kmem_big_alloc_table, sizeof (kmem_big_alloc_table));
4236 4273 } else {
4237 4274 /*
4238 4275 * During the first pass, the kmem_alloc_* caches
4239 4276 * are treated as metadata.
4240 4277 */
4241 4278 kmem_default_arena = kmem_msb_arena;
4242 4279 maxbuf = KMEM_BIG_MAXBUF_32BIT;
4243 4280 }
4244 4281
4245 4282 /*
4246 4283 * Set up the default caches to back kmem_alloc()
4247 4284 */
4248 4285 kmem_alloc_caches_create(
4249 4286 kmem_alloc_sizes, sizeof (kmem_alloc_sizes) / sizeof (int),
4250 4287 kmem_alloc_table, KMEM_MAXBUF, KMEM_ALIGN_SHIFT);
4251 4288
4252 4289 kmem_alloc_caches_create(
4253 4290 kmem_big_alloc_sizes, sizeof (kmem_big_alloc_sizes) / sizeof (int),
4254 4291 kmem_big_alloc_table, maxbuf, KMEM_BIG_SHIFT);
4255 4292
4256 4293 kmem_big_alloc_table_max = maxbuf >> KMEM_BIG_SHIFT;
4257 4294 }
4258 4295
4259 4296 void
4260 4297 kmem_init(void)
4261 4298 {
4262 4299 kmem_cache_t *cp;
4263 4300 int old_kmem_flags = kmem_flags;
4264 4301 int use_large_pages = 0;
4265 4302 size_t maxverify, minfirewall;
4266 4303
4267 4304 kstat_init();
4268 4305
4269 4306 /*
4270 4307 * Don't do firewalled allocations if the heap is less than 1TB
4271 4308 * (i.e. on a 32-bit kernel)
4272 4309 * The resulting VM_NEXTFIT allocations would create too much
4273 4310 * fragmentation in a small heap.
4274 4311 */
4275 4312 #if defined(_LP64)
4276 4313 maxverify = minfirewall = PAGESIZE / 2;
4277 4314 #else
4278 4315 maxverify = minfirewall = ULONG_MAX;
4279 4316 #endif
4280 4317
4281 4318 /* LINTED */
4282 4319 ASSERT(sizeof (kmem_cpu_cache_t) == KMEM_CPU_CACHE_SIZE);
4283 4320
4284 4321 list_create(&kmem_caches, sizeof (kmem_cache_t),
4285 4322 offsetof(kmem_cache_t, cache_link));
4286 4323
4287 4324 kmem_metadata_arena = vmem_create("kmem_metadata", NULL, 0, PAGESIZE,
4288 4325 vmem_alloc, vmem_free, heap_arena, 8 * PAGESIZE,
4289 4326 VM_SLEEP | VMC_NO_QCACHE);
4290 4327
4291 4328 kmem_msb_arena = vmem_create("kmem_msb", NULL, 0,
4292 4329 PAGESIZE, segkmem_alloc, segkmem_free, kmem_metadata_arena, 0,
4293 4330 VMC_DUMPSAFE | VM_SLEEP);
4294 4331
4295 4332 kmem_cache_arena = vmem_create("kmem_cache", NULL, 0, KMEM_ALIGN,
4296 4333 segkmem_alloc, segkmem_free, kmem_metadata_arena, 0, VM_SLEEP);
4297 4334
4298 4335 kmem_hash_arena = vmem_create("kmem_hash", NULL, 0, KMEM_ALIGN,
4299 4336 segkmem_alloc, segkmem_free, kmem_metadata_arena, 0, VM_SLEEP);
4300 4337
4301 4338 kmem_log_arena = vmem_create("kmem_log", NULL, 0, KMEM_ALIGN,
4302 4339 segkmem_alloc, segkmem_free, heap_arena, 0, VM_SLEEP);
4303 4340
4304 4341 kmem_firewall_va_arena = vmem_create("kmem_firewall_va",
4305 4342 NULL, 0, PAGESIZE,
4306 4343 kmem_firewall_va_alloc, kmem_firewall_va_free, heap_arena,
4307 4344 0, VM_SLEEP);
4308 4345
4309 4346 kmem_firewall_arena = vmem_create("kmem_firewall", NULL, 0, PAGESIZE,
4310 4347 segkmem_alloc, segkmem_free, kmem_firewall_va_arena, 0,
4311 4348 VMC_DUMPSAFE | VM_SLEEP);
4312 4349
4313 4350 /* temporary oversize arena for mod_read_system_file */
4314 4351 kmem_oversize_arena = vmem_create("kmem_oversize", NULL, 0, PAGESIZE,
4315 4352 segkmem_alloc, segkmem_free, heap_arena, 0, VM_SLEEP);
4316 4353
4317 4354 kmem_reap_interval = 15 * hz;
4318 4355
4319 4356 /*
4320 4357 * Read /etc/system. This is a chicken-and-egg problem because
4321 4358 * kmem_flags may be set in /etc/system, but mod_read_system_file()
4322 4359 * needs to use the allocator. The simplest solution is to create
4323 4360 * all the standard kmem caches, read /etc/system, destroy all the
4324 4361 * caches we just created, and then create them all again in light
4325 4362 * of the (possibly) new kmem_flags and other kmem tunables.
4326 4363 */
4327 4364 kmem_cache_init(1, 0);
4328 4365
4329 4366 mod_read_system_file(boothowto & RB_ASKNAME);
4330 4367
4331 4368 while ((cp = list_tail(&kmem_caches)) != NULL)
4332 4369 kmem_cache_destroy(cp);
4333 4370
4334 4371 vmem_destroy(kmem_oversize_arena);
4335 4372
4336 4373 if (old_kmem_flags & KMF_STICKY)
4337 4374 kmem_flags = old_kmem_flags;
4338 4375
4339 4376 if (!(kmem_flags & KMF_AUDIT))
4340 4377 vmem_seg_size = offsetof(vmem_seg_t, vs_thread);
4341 4378
4342 4379 if (kmem_maxverify == 0)
4343 4380 kmem_maxverify = maxverify;
4344 4381
4345 4382 if (kmem_minfirewall == 0)
4346 4383 kmem_minfirewall = minfirewall;
4347 4384
4348 4385 /*
4349 4386 * give segkmem a chance to figure out if we are using large pages
4350 4387 * for the kernel heap
4351 4388 */
4352 4389 use_large_pages = segkmem_lpsetup();
4353 4390
4354 4391 /*
4355 4392 * To protect against corruption, we keep the actual number of callers
4356 4393 * KMF_LITE records seperate from the tunable. We arbitrarily clamp
4357 4394 * to 16, since the overhead for small buffers quickly gets out of
4358 4395 * hand.
4359 4396 *
4360 4397 * The real limit would depend on the needs of the largest KMC_NOHASH
4361 4398 * cache.
4362 4399 */
4363 4400 kmem_lite_count = MIN(MAX(0, kmem_lite_pcs), 16);
4364 4401 kmem_lite_pcs = kmem_lite_count;
4365 4402
4366 4403 /*
4367 4404 * Normally, we firewall oversized allocations when possible, but
4368 4405 * if we are using large pages for kernel memory, and we don't have
4369 4406 * any non-LITE debugging flags set, we want to allocate oversized
4370 4407 * buffers from large pages, and so skip the firewalling.
4371 4408 */
4372 4409 if (use_large_pages &&
4373 4410 ((kmem_flags & KMF_LITE) || !(kmem_flags & KMF_DEBUG))) {
4374 4411 kmem_oversize_arena = vmem_xcreate("kmem_oversize", NULL, 0,
4375 4412 PAGESIZE, segkmem_alloc_lp, segkmem_free_lp, heap_arena,
4376 4413 0, VMC_DUMPSAFE | VM_SLEEP);
4377 4414 } else {
4378 4415 kmem_oversize_arena = vmem_create("kmem_oversize",
4379 4416 NULL, 0, PAGESIZE,
4380 4417 segkmem_alloc, segkmem_free, kmem_minfirewall < ULONG_MAX?
4381 4418 kmem_firewall_va_arena : heap_arena, 0, VMC_DUMPSAFE |
4382 4419 VM_SLEEP);
4383 4420 }
4384 4421
4385 4422 kmem_cache_init(2, use_large_pages);
4386 4423
4387 4424 if (kmem_flags & (KMF_AUDIT | KMF_RANDOMIZE)) {
4388 4425 if (kmem_transaction_log_size == 0)
4389 4426 kmem_transaction_log_size = kmem_maxavail() / 50;
|
↓ open down ↓ |
1522 lines elided |
↑ open up ↑ |
4390 4427 kmem_transaction_log = kmem_log_init(kmem_transaction_log_size);
4391 4428 }
4392 4429
4393 4430 if (kmem_flags & (KMF_CONTENTS | KMF_RANDOMIZE)) {
4394 4431 if (kmem_content_log_size == 0)
4395 4432 kmem_content_log_size = kmem_maxavail() / 50;
4396 4433 kmem_content_log = kmem_log_init(kmem_content_log_size);
4397 4434 }
4398 4435
4399 4436 kmem_failure_log = kmem_log_init(kmem_failure_log_size);
4400 -
4401 4437 kmem_slab_log = kmem_log_init(kmem_slab_log_size);
4438 + kmem_zerosized_log = kmem_log_init(kmem_zerosized_log_size);
4402 4439
4403 4440 /*
4404 4441 * Initialize STREAMS message caches so allocb() is available.
4405 4442 * This allows us to initialize the logging framework (cmn_err(9F),
4406 4443 * strlog(9F), etc) so we can start recording messages.
4407 4444 */
4408 4445 streams_msg_init();
4409 4446
4410 4447 /*
4411 4448 * Initialize the ZSD framework in Zones so modules loaded henceforth
4412 4449 * can register their callbacks.
4413 4450 */
4414 4451 zone_zsd_init();
4415 4452
4416 4453 log_init();
4417 4454 taskq_init();
4418 4455
4419 4456 /*
4420 4457 * Warn about invalid or dangerous values of kmem_flags.
4421 4458 * Always warn about unsupported values.
4422 4459 */
4423 4460 if (((kmem_flags & ~(KMF_AUDIT | KMF_DEADBEEF | KMF_REDZONE |
4424 4461 KMF_CONTENTS | KMF_LITE)) != 0) ||
4425 4462 ((kmem_flags & KMF_LITE) && kmem_flags != KMF_LITE))
4426 4463 cmn_err(CE_WARN, "kmem_flags set to unsupported value 0x%x. "
4427 4464 "See the Solaris Tunable Parameters Reference Manual.",
4428 4465 kmem_flags);
4429 4466
4430 4467 #ifdef DEBUG
4431 4468 if ((kmem_flags & KMF_DEBUG) == 0)
4432 4469 cmn_err(CE_NOTE, "kmem debugging disabled.");
4433 4470 #else
4434 4471 /*
4435 4472 * For non-debug kernels, the only "normal" flags are 0, KMF_LITE,
4436 4473 * KMF_REDZONE, and KMF_CONTENTS (the last because it is only enabled
4437 4474 * if KMF_AUDIT is set). We should warn the user about the performance
4438 4475 * penalty of KMF_AUDIT or KMF_DEADBEEF if they are set and KMF_LITE
4439 4476 * isn't set (since that disables AUDIT).
4440 4477 */
4441 4478 if (!(kmem_flags & KMF_LITE) &&
4442 4479 (kmem_flags & (KMF_AUDIT | KMF_DEADBEEF)) != 0)
4443 4480 cmn_err(CE_WARN, "High-overhead kmem debugging features "
4444 4481 "enabled (kmem_flags = 0x%x). Performance degradation "
4445 4482 "and large memory overhead possible. See the Solaris "
4446 4483 "Tunable Parameters Reference Manual.", kmem_flags);
4447 4484 #endif /* not DEBUG */
4448 4485
4449 4486 kmem_cache_applyall(kmem_cache_magazine_enable, NULL, TQ_SLEEP);
4450 4487
4451 4488 kmem_ready = 1;
4452 4489
4453 4490 /*
4454 4491 * Initialize the platform-specific aligned/DMA memory allocator.
4455 4492 */
4456 4493 ka_init();
4457 4494
4458 4495 /*
4459 4496 * Initialize 32-bit ID cache.
4460 4497 */
4461 4498 id32_init();
4462 4499
4463 4500 /*
4464 4501 * Initialize the networking stack so modules loaded can
4465 4502 * register their callbacks.
4466 4503 */
4467 4504 netstack_init();
4468 4505 }
4469 4506
4470 4507 static void
4471 4508 kmem_move_init(void)
4472 4509 {
4473 4510 kmem_defrag_cache = kmem_cache_create("kmem_defrag_cache",
4474 4511 sizeof (kmem_defrag_t), 0, NULL, NULL, NULL, NULL,
4475 4512 kmem_msb_arena, KMC_NOHASH);
4476 4513 kmem_move_cache = kmem_cache_create("kmem_move_cache",
4477 4514 sizeof (kmem_move_t), 0, NULL, NULL, NULL, NULL,
4478 4515 kmem_msb_arena, KMC_NOHASH);
4479 4516
4480 4517 /*
4481 4518 * kmem guarantees that move callbacks are sequential and that even
4482 4519 * across multiple caches no two moves ever execute simultaneously.
4483 4520 * Move callbacks are processed on a separate taskq so that client code
4484 4521 * does not interfere with internal maintenance tasks.
4485 4522 */
4486 4523 kmem_move_taskq = taskq_create_instance("kmem_move_taskq", 0, 1,
4487 4524 minclsyspri, 100, INT_MAX, TASKQ_PREPOPULATE);
4488 4525 }
4489 4526
4490 4527 void
4491 4528 kmem_thread_init(void)
4492 4529 {
4493 4530 kmem_move_init();
4494 4531 kmem_taskq = taskq_create_instance("kmem_taskq", 0, 1, minclsyspri,
4495 4532 300, INT_MAX, TASKQ_PREPOPULATE);
4496 4533 }
4497 4534
4498 4535 void
4499 4536 kmem_mp_init(void)
4500 4537 {
4501 4538 mutex_enter(&cpu_lock);
4502 4539 register_cpu_setup_func(kmem_cpu_setup, NULL);
4503 4540 mutex_exit(&cpu_lock);
4504 4541
4505 4542 kmem_update_timeout(NULL);
4506 4543
4507 4544 taskq_mp_init();
4508 4545 }
4509 4546
4510 4547 /*
4511 4548 * Return the slab of the allocated buffer, or NULL if the buffer is not
4512 4549 * allocated. This function may be called with a known slab address to determine
4513 4550 * whether or not the buffer is allocated, or with a NULL slab address to obtain
4514 4551 * an allocated buffer's slab.
4515 4552 */
4516 4553 static kmem_slab_t *
4517 4554 kmem_slab_allocated(kmem_cache_t *cp, kmem_slab_t *sp, void *buf)
4518 4555 {
4519 4556 kmem_bufctl_t *bcp, *bufbcp;
4520 4557
4521 4558 ASSERT(MUTEX_HELD(&cp->cache_lock));
4522 4559 ASSERT(sp == NULL || KMEM_SLAB_MEMBER(sp, buf));
4523 4560
4524 4561 if (cp->cache_flags & KMF_HASH) {
4525 4562 for (bcp = *KMEM_HASH(cp, buf);
4526 4563 (bcp != NULL) && (bcp->bc_addr != buf);
4527 4564 bcp = bcp->bc_next) {
4528 4565 continue;
4529 4566 }
4530 4567 ASSERT(sp != NULL && bcp != NULL ? sp == bcp->bc_slab : 1);
4531 4568 return (bcp == NULL ? NULL : bcp->bc_slab);
4532 4569 }
4533 4570
4534 4571 if (sp == NULL) {
4535 4572 sp = KMEM_SLAB(cp, buf);
4536 4573 }
4537 4574 bufbcp = KMEM_BUFCTL(cp, buf);
4538 4575 for (bcp = sp->slab_head;
4539 4576 (bcp != NULL) && (bcp != bufbcp);
4540 4577 bcp = bcp->bc_next) {
4541 4578 continue;
4542 4579 }
4543 4580 return (bcp == NULL ? sp : NULL);
4544 4581 }
4545 4582
4546 4583 static boolean_t
4547 4584 kmem_slab_is_reclaimable(kmem_cache_t *cp, kmem_slab_t *sp, int flags)
4548 4585 {
4549 4586 long refcnt = sp->slab_refcnt;
4550 4587
4551 4588 ASSERT(cp->cache_defrag != NULL);
4552 4589
4553 4590 /*
4554 4591 * For code coverage we want to be able to move an object within the
4555 4592 * same slab (the only partial slab) even if allocating the destination
4556 4593 * buffer resulted in a completely allocated slab.
4557 4594 */
4558 4595 if (flags & KMM_DEBUG) {
4559 4596 return ((flags & KMM_DESPERATE) ||
4560 4597 ((sp->slab_flags & KMEM_SLAB_NOMOVE) == 0));
4561 4598 }
4562 4599
4563 4600 /* If we're desperate, we don't care if the client said NO. */
4564 4601 if (flags & KMM_DESPERATE) {
4565 4602 return (refcnt < sp->slab_chunks); /* any partial */
4566 4603 }
4567 4604
4568 4605 if (sp->slab_flags & KMEM_SLAB_NOMOVE) {
4569 4606 return (B_FALSE);
4570 4607 }
4571 4608
4572 4609 if ((refcnt == 1) || kmem_move_any_partial) {
4573 4610 return (refcnt < sp->slab_chunks);
4574 4611 }
4575 4612
4576 4613 /*
4577 4614 * The reclaim threshold is adjusted at each kmem_cache_scan() so that
4578 4615 * slabs with a progressively higher percentage of used buffers can be
4579 4616 * reclaimed until the cache as a whole is no longer fragmented.
4580 4617 *
4581 4618 * sp->slab_refcnt kmd_reclaim_numer
4582 4619 * --------------- < ------------------
4583 4620 * sp->slab_chunks KMEM_VOID_FRACTION
4584 4621 */
4585 4622 return ((refcnt * KMEM_VOID_FRACTION) <
4586 4623 (sp->slab_chunks * cp->cache_defrag->kmd_reclaim_numer));
4587 4624 }
4588 4625
4589 4626 /*
4590 4627 * May be called from the kmem_move_taskq, from kmem_cache_move_notify_task(),
4591 4628 * or when the buffer is freed.
4592 4629 */
4593 4630 static void
4594 4631 kmem_slab_move_yes(kmem_cache_t *cp, kmem_slab_t *sp, void *from_buf)
4595 4632 {
4596 4633 ASSERT(MUTEX_HELD(&cp->cache_lock));
4597 4634 ASSERT(KMEM_SLAB_MEMBER(sp, from_buf));
4598 4635
4599 4636 if (!KMEM_SLAB_IS_PARTIAL(sp)) {
4600 4637 return;
4601 4638 }
4602 4639
4603 4640 if (sp->slab_flags & KMEM_SLAB_NOMOVE) {
4604 4641 if (KMEM_SLAB_OFFSET(sp, from_buf) == sp->slab_stuck_offset) {
4605 4642 avl_remove(&cp->cache_partial_slabs, sp);
4606 4643 sp->slab_flags &= ~KMEM_SLAB_NOMOVE;
4607 4644 sp->slab_stuck_offset = (uint32_t)-1;
4608 4645 avl_add(&cp->cache_partial_slabs, sp);
4609 4646 }
4610 4647 } else {
4611 4648 sp->slab_later_count = 0;
4612 4649 sp->slab_stuck_offset = (uint32_t)-1;
4613 4650 }
4614 4651 }
4615 4652
4616 4653 static void
4617 4654 kmem_slab_move_no(kmem_cache_t *cp, kmem_slab_t *sp, void *from_buf)
4618 4655 {
4619 4656 ASSERT(taskq_member(kmem_move_taskq, curthread));
4620 4657 ASSERT(MUTEX_HELD(&cp->cache_lock));
4621 4658 ASSERT(KMEM_SLAB_MEMBER(sp, from_buf));
4622 4659
4623 4660 if (!KMEM_SLAB_IS_PARTIAL(sp)) {
4624 4661 return;
4625 4662 }
4626 4663
4627 4664 avl_remove(&cp->cache_partial_slabs, sp);
4628 4665 sp->slab_later_count = 0;
4629 4666 sp->slab_flags |= KMEM_SLAB_NOMOVE;
4630 4667 sp->slab_stuck_offset = KMEM_SLAB_OFFSET(sp, from_buf);
4631 4668 avl_add(&cp->cache_partial_slabs, sp);
4632 4669 }
4633 4670
4634 4671 static void kmem_move_end(kmem_cache_t *, kmem_move_t *);
4635 4672
4636 4673 /*
4637 4674 * The move callback takes two buffer addresses, the buffer to be moved, and a
4638 4675 * newly allocated and constructed buffer selected by kmem as the destination.
4639 4676 * It also takes the size of the buffer and an optional user argument specified
4640 4677 * at cache creation time. kmem guarantees that the buffer to be moved has not
4641 4678 * been unmapped by the virtual memory subsystem. Beyond that, it cannot
4642 4679 * guarantee the present whereabouts of the buffer to be moved, so it is up to
4643 4680 * the client to safely determine whether or not it is still using the buffer.
4644 4681 * The client must not free either of the buffers passed to the move callback,
4645 4682 * since kmem wants to free them directly to the slab layer. The client response
4646 4683 * tells kmem which of the two buffers to free:
4647 4684 *
4648 4685 * YES kmem frees the old buffer (the move was successful)
4649 4686 * NO kmem frees the new buffer, marks the slab of the old buffer
4650 4687 * non-reclaimable to avoid bothering the client again
4651 4688 * LATER kmem frees the new buffer, increments slab_later_count
4652 4689 * DONT_KNOW kmem frees the new buffer
4653 4690 * DONT_NEED kmem frees both the old buffer and the new buffer
4654 4691 *
4655 4692 * The pending callback argument now being processed contains both of the
4656 4693 * buffers (old and new) passed to the move callback function, the slab of the
4657 4694 * old buffer, and flags related to the move request, such as whether or not the
4658 4695 * system was desperate for memory.
4659 4696 *
4660 4697 * Slabs are not freed while there is a pending callback, but instead are kept
4661 4698 * on a deadlist, which is drained after the last callback completes. This means
4662 4699 * that slabs are safe to access until kmem_move_end(), no matter how many of
4663 4700 * their buffers have been freed. Once slab_refcnt reaches zero, it stays at
4664 4701 * zero for as long as the slab remains on the deadlist and until the slab is
4665 4702 * freed.
4666 4703 */
4667 4704 static void
4668 4705 kmem_move_buffer(kmem_move_t *callback)
4669 4706 {
4670 4707 kmem_cbrc_t response;
4671 4708 kmem_slab_t *sp = callback->kmm_from_slab;
4672 4709 kmem_cache_t *cp = sp->slab_cache;
4673 4710 boolean_t free_on_slab;
4674 4711
4675 4712 ASSERT(taskq_member(kmem_move_taskq, curthread));
4676 4713 ASSERT(MUTEX_NOT_HELD(&cp->cache_lock));
4677 4714 ASSERT(KMEM_SLAB_MEMBER(sp, callback->kmm_from_buf));
4678 4715
4679 4716 /*
4680 4717 * The number of allocated buffers on the slab may have changed since we
4681 4718 * last checked the slab's reclaimability (when the pending move was
4682 4719 * enqueued), or the client may have responded NO when asked to move
4683 4720 * another buffer on the same slab.
4684 4721 */
4685 4722 if (!kmem_slab_is_reclaimable(cp, sp, callback->kmm_flags)) {
4686 4723 kmem_slab_free(cp, callback->kmm_to_buf);
4687 4724 kmem_move_end(cp, callback);
4688 4725 return;
4689 4726 }
4690 4727
4691 4728 /*
4692 4729 * Checking the slab layer is easy, so we might as well do that here
4693 4730 * in case we can avoid bothering the client.
4694 4731 */
4695 4732 mutex_enter(&cp->cache_lock);
4696 4733 free_on_slab = (kmem_slab_allocated(cp, sp,
4697 4734 callback->kmm_from_buf) == NULL);
4698 4735 mutex_exit(&cp->cache_lock);
4699 4736
4700 4737 if (free_on_slab) {
4701 4738 kmem_slab_free(cp, callback->kmm_to_buf);
4702 4739 kmem_move_end(cp, callback);
4703 4740 return;
4704 4741 }
4705 4742
4706 4743 if (cp->cache_flags & KMF_BUFTAG) {
4707 4744 /*
4708 4745 * Make kmem_cache_alloc_debug() apply the constructor for us.
4709 4746 */
4710 4747 if (kmem_cache_alloc_debug(cp, callback->kmm_to_buf,
4711 4748 KM_NOSLEEP, 1, caller()) != 0) {
4712 4749 kmem_move_end(cp, callback);
4713 4750 return;
4714 4751 }
4715 4752 } else if (cp->cache_constructor != NULL &&
4716 4753 cp->cache_constructor(callback->kmm_to_buf, cp->cache_private,
4717 4754 KM_NOSLEEP) != 0) {
4718 4755 atomic_inc_64(&cp->cache_alloc_fail);
4719 4756 kmem_slab_free(cp, callback->kmm_to_buf);
4720 4757 kmem_move_end(cp, callback);
4721 4758 return;
4722 4759 }
4723 4760
4724 4761 cp->cache_defrag->kmd_callbacks++;
4725 4762 cp->cache_defrag->kmd_thread = curthread;
4726 4763 cp->cache_defrag->kmd_from_buf = callback->kmm_from_buf;
4727 4764 cp->cache_defrag->kmd_to_buf = callback->kmm_to_buf;
4728 4765 DTRACE_PROBE2(kmem__move__start, kmem_cache_t *, cp, kmem_move_t *,
4729 4766 callback);
4730 4767
4731 4768 response = cp->cache_move(callback->kmm_from_buf,
4732 4769 callback->kmm_to_buf, cp->cache_bufsize, cp->cache_private);
4733 4770
4734 4771 DTRACE_PROBE3(kmem__move__end, kmem_cache_t *, cp, kmem_move_t *,
4735 4772 callback, kmem_cbrc_t, response);
4736 4773 cp->cache_defrag->kmd_thread = NULL;
4737 4774 cp->cache_defrag->kmd_from_buf = NULL;
4738 4775 cp->cache_defrag->kmd_to_buf = NULL;
4739 4776
4740 4777 if (response == KMEM_CBRC_YES) {
4741 4778 cp->cache_defrag->kmd_yes++;
4742 4779 kmem_slab_free_constructed(cp, callback->kmm_from_buf, B_FALSE);
4743 4780 /* slab safe to access until kmem_move_end() */
4744 4781 if (sp->slab_refcnt == 0)
4745 4782 cp->cache_defrag->kmd_slabs_freed++;
4746 4783 mutex_enter(&cp->cache_lock);
4747 4784 kmem_slab_move_yes(cp, sp, callback->kmm_from_buf);
4748 4785 mutex_exit(&cp->cache_lock);
4749 4786 kmem_move_end(cp, callback);
4750 4787 return;
4751 4788 }
4752 4789
4753 4790 switch (response) {
4754 4791 case KMEM_CBRC_NO:
4755 4792 cp->cache_defrag->kmd_no++;
4756 4793 mutex_enter(&cp->cache_lock);
4757 4794 kmem_slab_move_no(cp, sp, callback->kmm_from_buf);
4758 4795 mutex_exit(&cp->cache_lock);
4759 4796 break;
4760 4797 case KMEM_CBRC_LATER:
4761 4798 cp->cache_defrag->kmd_later++;
4762 4799 mutex_enter(&cp->cache_lock);
4763 4800 if (!KMEM_SLAB_IS_PARTIAL(sp)) {
4764 4801 mutex_exit(&cp->cache_lock);
4765 4802 break;
4766 4803 }
4767 4804
4768 4805 if (++sp->slab_later_count >= KMEM_DISBELIEF) {
4769 4806 kmem_slab_move_no(cp, sp, callback->kmm_from_buf);
4770 4807 } else if (!(sp->slab_flags & KMEM_SLAB_NOMOVE)) {
4771 4808 sp->slab_stuck_offset = KMEM_SLAB_OFFSET(sp,
4772 4809 callback->kmm_from_buf);
4773 4810 }
4774 4811 mutex_exit(&cp->cache_lock);
4775 4812 break;
4776 4813 case KMEM_CBRC_DONT_NEED:
4777 4814 cp->cache_defrag->kmd_dont_need++;
4778 4815 kmem_slab_free_constructed(cp, callback->kmm_from_buf, B_FALSE);
4779 4816 if (sp->slab_refcnt == 0)
4780 4817 cp->cache_defrag->kmd_slabs_freed++;
4781 4818 mutex_enter(&cp->cache_lock);
4782 4819 kmem_slab_move_yes(cp, sp, callback->kmm_from_buf);
4783 4820 mutex_exit(&cp->cache_lock);
4784 4821 break;
4785 4822 case KMEM_CBRC_DONT_KNOW:
4786 4823 /*
4787 4824 * If we don't know if we can move this buffer or not, we'll
4788 4825 * just assume that we can't: if the buffer is in fact free,
4789 4826 * then it is sitting in one of the per-CPU magazines or in
4790 4827 * a full magazine in the depot layer. Either way, because
4791 4828 * defrag is induced in the same logic that reaps a cache,
4792 4829 * it's likely that full magazines will be returned to the
4793 4830 * system soon (thereby accomplishing what we're trying to
4794 4831 * accomplish here: return those magazines to their slabs).
4795 4832 * Given this, any work that we might do now to locate a buffer
4796 4833 * in a magazine is wasted (and expensive!) work; we bump
4797 4834 * a counter in this case and otherwise assume that we can't
4798 4835 * move it.
4799 4836 */
4800 4837 cp->cache_defrag->kmd_dont_know++;
4801 4838 break;
4802 4839 default:
4803 4840 panic("'%s' (%p) unexpected move callback response %d\n",
4804 4841 cp->cache_name, (void *)cp, response);
4805 4842 }
4806 4843
4807 4844 kmem_slab_free_constructed(cp, callback->kmm_to_buf, B_FALSE);
4808 4845 kmem_move_end(cp, callback);
4809 4846 }
4810 4847
4811 4848 /* Return B_FALSE if there is insufficient memory for the move request. */
4812 4849 static boolean_t
4813 4850 kmem_move_begin(kmem_cache_t *cp, kmem_slab_t *sp, void *buf, int flags)
4814 4851 {
4815 4852 void *to_buf;
4816 4853 avl_index_t index;
4817 4854 kmem_move_t *callback, *pending;
4818 4855 ulong_t n;
4819 4856
4820 4857 ASSERT(taskq_member(kmem_taskq, curthread));
4821 4858 ASSERT(MUTEX_NOT_HELD(&cp->cache_lock));
4822 4859 ASSERT(sp->slab_flags & KMEM_SLAB_MOVE_PENDING);
4823 4860
4824 4861 callback = kmem_cache_alloc(kmem_move_cache, KM_NOSLEEP);
4825 4862
4826 4863 if (callback == NULL)
4827 4864 return (B_FALSE);
4828 4865
4829 4866 callback->kmm_from_slab = sp;
4830 4867 callback->kmm_from_buf = buf;
4831 4868 callback->kmm_flags = flags;
4832 4869
4833 4870 mutex_enter(&cp->cache_lock);
4834 4871
4835 4872 n = avl_numnodes(&cp->cache_partial_slabs);
4836 4873 if ((n == 0) || ((n == 1) && !(flags & KMM_DEBUG))) {
4837 4874 mutex_exit(&cp->cache_lock);
4838 4875 kmem_cache_free(kmem_move_cache, callback);
4839 4876 return (B_TRUE); /* there is no need for the move request */
4840 4877 }
4841 4878
4842 4879 pending = avl_find(&cp->cache_defrag->kmd_moves_pending, buf, &index);
4843 4880 if (pending != NULL) {
4844 4881 /*
4845 4882 * If the move is already pending and we're desperate now,
4846 4883 * update the move flags.
4847 4884 */
4848 4885 if (flags & KMM_DESPERATE) {
4849 4886 pending->kmm_flags |= KMM_DESPERATE;
4850 4887 }
4851 4888 mutex_exit(&cp->cache_lock);
4852 4889 kmem_cache_free(kmem_move_cache, callback);
4853 4890 return (B_TRUE);
4854 4891 }
4855 4892
4856 4893 to_buf = kmem_slab_alloc_impl(cp, avl_first(&cp->cache_partial_slabs),
4857 4894 B_FALSE);
4858 4895 callback->kmm_to_buf = to_buf;
4859 4896 avl_insert(&cp->cache_defrag->kmd_moves_pending, callback, index);
4860 4897
4861 4898 mutex_exit(&cp->cache_lock);
4862 4899
4863 4900 if (taskq_dispatch(kmem_move_taskq, (task_func_t *)kmem_move_buffer,
4864 4901 callback, TQ_NOSLEEP) == TASKQID_INVALID) {
4865 4902 mutex_enter(&cp->cache_lock);
4866 4903 avl_remove(&cp->cache_defrag->kmd_moves_pending, callback);
4867 4904 mutex_exit(&cp->cache_lock);
4868 4905 kmem_slab_free(cp, to_buf);
4869 4906 kmem_cache_free(kmem_move_cache, callback);
4870 4907 return (B_FALSE);
4871 4908 }
4872 4909
4873 4910 return (B_TRUE);
4874 4911 }
4875 4912
4876 4913 static void
4877 4914 kmem_move_end(kmem_cache_t *cp, kmem_move_t *callback)
4878 4915 {
4879 4916 avl_index_t index;
4880 4917
4881 4918 ASSERT(cp->cache_defrag != NULL);
4882 4919 ASSERT(taskq_member(kmem_move_taskq, curthread));
4883 4920 ASSERT(MUTEX_NOT_HELD(&cp->cache_lock));
4884 4921
4885 4922 mutex_enter(&cp->cache_lock);
4886 4923 VERIFY(avl_find(&cp->cache_defrag->kmd_moves_pending,
4887 4924 callback->kmm_from_buf, &index) != NULL);
4888 4925 avl_remove(&cp->cache_defrag->kmd_moves_pending, callback);
4889 4926 if (avl_is_empty(&cp->cache_defrag->kmd_moves_pending)) {
4890 4927 list_t *deadlist = &cp->cache_defrag->kmd_deadlist;
4891 4928 kmem_slab_t *sp;
4892 4929
4893 4930 /*
4894 4931 * The last pending move completed. Release all slabs from the
4895 4932 * front of the dead list except for any slab at the tail that
4896 4933 * needs to be released from the context of kmem_move_buffers().
4897 4934 * kmem deferred unmapping the buffers on these slabs in order
4898 4935 * to guarantee that buffers passed to the move callback have
4899 4936 * been touched only by kmem or by the client itself.
4900 4937 */
4901 4938 while ((sp = list_remove_head(deadlist)) != NULL) {
4902 4939 if (sp->slab_flags & KMEM_SLAB_MOVE_PENDING) {
4903 4940 list_insert_tail(deadlist, sp);
4904 4941 break;
4905 4942 }
4906 4943 cp->cache_defrag->kmd_deadcount--;
4907 4944 cp->cache_slab_destroy++;
4908 4945 mutex_exit(&cp->cache_lock);
4909 4946 kmem_slab_destroy(cp, sp);
4910 4947 mutex_enter(&cp->cache_lock);
4911 4948 }
4912 4949 }
4913 4950 mutex_exit(&cp->cache_lock);
4914 4951 kmem_cache_free(kmem_move_cache, callback);
4915 4952 }
4916 4953
4917 4954 /*
4918 4955 * Move buffers from least used slabs first by scanning backwards from the end
4919 4956 * of the partial slab list. Scan at most max_scan candidate slabs and move
4920 4957 * buffers from at most max_slabs slabs (0 for all partial slabs in both cases).
4921 4958 * If desperate to reclaim memory, move buffers from any partial slab, otherwise
4922 4959 * skip slabs with a ratio of allocated buffers at or above the current
4923 4960 * threshold. Return the number of unskipped slabs (at most max_slabs, -1 if the
4924 4961 * scan is aborted) so that the caller can adjust the reclaimability threshold
4925 4962 * depending on how many reclaimable slabs it finds.
4926 4963 *
4927 4964 * kmem_move_buffers() drops and reacquires cache_lock every time it issues a
4928 4965 * move request, since it is not valid for kmem_move_begin() to call
4929 4966 * kmem_cache_alloc() or taskq_dispatch() with cache_lock held.
4930 4967 */
4931 4968 static int
4932 4969 kmem_move_buffers(kmem_cache_t *cp, size_t max_scan, size_t max_slabs,
4933 4970 int flags)
4934 4971 {
4935 4972 kmem_slab_t *sp;
4936 4973 void *buf;
4937 4974 int i, j; /* slab index, buffer index */
4938 4975 int s; /* reclaimable slabs */
4939 4976 int b; /* allocated (movable) buffers on reclaimable slab */
4940 4977 boolean_t success;
4941 4978 int refcnt;
4942 4979 int nomove;
4943 4980
4944 4981 ASSERT(taskq_member(kmem_taskq, curthread));
4945 4982 ASSERT(MUTEX_HELD(&cp->cache_lock));
4946 4983 ASSERT(kmem_move_cache != NULL);
4947 4984 ASSERT(cp->cache_move != NULL && cp->cache_defrag != NULL);
4948 4985 ASSERT((flags & KMM_DEBUG) ? !avl_is_empty(&cp->cache_partial_slabs) :
4949 4986 avl_numnodes(&cp->cache_partial_slabs) > 1);
4950 4987
4951 4988 if (kmem_move_blocked) {
4952 4989 return (0);
4953 4990 }
4954 4991
4955 4992 if (kmem_move_fulltilt) {
4956 4993 flags |= KMM_DESPERATE;
4957 4994 }
4958 4995
4959 4996 if (max_scan == 0 || (flags & KMM_DESPERATE)) {
4960 4997 /*
4961 4998 * Scan as many slabs as needed to find the desired number of
4962 4999 * candidate slabs.
4963 5000 */
4964 5001 max_scan = (size_t)-1;
4965 5002 }
4966 5003
4967 5004 if (max_slabs == 0 || (flags & KMM_DESPERATE)) {
4968 5005 /* Find as many candidate slabs as possible. */
4969 5006 max_slabs = (size_t)-1;
4970 5007 }
4971 5008
4972 5009 sp = avl_last(&cp->cache_partial_slabs);
4973 5010 ASSERT(KMEM_SLAB_IS_PARTIAL(sp));
4974 5011 for (i = 0, s = 0; (i < max_scan) && (s < max_slabs) && (sp != NULL) &&
4975 5012 ((sp != avl_first(&cp->cache_partial_slabs)) ||
4976 5013 (flags & KMM_DEBUG));
4977 5014 sp = AVL_PREV(&cp->cache_partial_slabs, sp), i++) {
4978 5015
4979 5016 if (!kmem_slab_is_reclaimable(cp, sp, flags)) {
4980 5017 continue;
4981 5018 }
4982 5019 s++;
4983 5020
4984 5021 /* Look for allocated buffers to move. */
4985 5022 for (j = 0, b = 0, buf = sp->slab_base;
4986 5023 (j < sp->slab_chunks) && (b < sp->slab_refcnt);
4987 5024 buf = (((char *)buf) + cp->cache_chunksize), j++) {
4988 5025
4989 5026 if (kmem_slab_allocated(cp, sp, buf) == NULL) {
4990 5027 continue;
4991 5028 }
4992 5029
4993 5030 b++;
4994 5031
4995 5032 /*
4996 5033 * Prevent the slab from being destroyed while we drop
4997 5034 * cache_lock and while the pending move is not yet
4998 5035 * registered. Flag the pending move while
4999 5036 * kmd_moves_pending may still be empty, since we can't
5000 5037 * yet rely on a non-zero pending move count to prevent
5001 5038 * the slab from being destroyed.
5002 5039 */
5003 5040 ASSERT(!(sp->slab_flags & KMEM_SLAB_MOVE_PENDING));
5004 5041 sp->slab_flags |= KMEM_SLAB_MOVE_PENDING;
5005 5042 /*
5006 5043 * Recheck refcnt and nomove after reacquiring the lock,
5007 5044 * since these control the order of partial slabs, and
5008 5045 * we want to know if we can pick up the scan where we
5009 5046 * left off.
5010 5047 */
5011 5048 refcnt = sp->slab_refcnt;
5012 5049 nomove = (sp->slab_flags & KMEM_SLAB_NOMOVE);
5013 5050 mutex_exit(&cp->cache_lock);
5014 5051
5015 5052 success = kmem_move_begin(cp, sp, buf, flags);
5016 5053
5017 5054 /*
5018 5055 * Now, before the lock is reacquired, kmem could
5019 5056 * process all pending move requests and purge the
5020 5057 * deadlist, so that upon reacquiring the lock, sp has
5021 5058 * been remapped. Or, the client may free all the
5022 5059 * objects on the slab while the pending moves are still
5023 5060 * on the taskq. Therefore, the KMEM_SLAB_MOVE_PENDING
5024 5061 * flag causes the slab to be put at the end of the
5025 5062 * deadlist and prevents it from being destroyed, since
5026 5063 * we plan to destroy it here after reacquiring the
5027 5064 * lock.
5028 5065 */
5029 5066 mutex_enter(&cp->cache_lock);
5030 5067 ASSERT(sp->slab_flags & KMEM_SLAB_MOVE_PENDING);
5031 5068 sp->slab_flags &= ~KMEM_SLAB_MOVE_PENDING;
5032 5069
5033 5070 if (sp->slab_refcnt == 0) {
5034 5071 list_t *deadlist =
5035 5072 &cp->cache_defrag->kmd_deadlist;
5036 5073 list_remove(deadlist, sp);
5037 5074
5038 5075 if (!avl_is_empty(
5039 5076 &cp->cache_defrag->kmd_moves_pending)) {
5040 5077 /*
5041 5078 * A pending move makes it unsafe to
5042 5079 * destroy the slab, because even though
5043 5080 * the move is no longer needed, the
5044 5081 * context where that is determined
5045 5082 * requires the slab to exist.
5046 5083 * Fortunately, a pending move also
5047 5084 * means we don't need to destroy the
5048 5085 * slab here, since it will get
5049 5086 * destroyed along with any other slabs
5050 5087 * on the deadlist after the last
5051 5088 * pending move completes.
5052 5089 */
5053 5090 list_insert_head(deadlist, sp);
5054 5091 return (-1);
5055 5092 }
5056 5093
5057 5094 /*
5058 5095 * Destroy the slab now if it was completely
5059 5096 * freed while we dropped cache_lock and there
5060 5097 * are no pending moves. Since slab_refcnt
5061 5098 * cannot change once it reaches zero, no new
5062 5099 * pending moves from that slab are possible.
5063 5100 */
5064 5101 cp->cache_defrag->kmd_deadcount--;
5065 5102 cp->cache_slab_destroy++;
5066 5103 mutex_exit(&cp->cache_lock);
5067 5104 kmem_slab_destroy(cp, sp);
5068 5105 mutex_enter(&cp->cache_lock);
5069 5106 /*
5070 5107 * Since we can't pick up the scan where we left
5071 5108 * off, abort the scan and say nothing about the
5072 5109 * number of reclaimable slabs.
5073 5110 */
5074 5111 return (-1);
5075 5112 }
5076 5113
5077 5114 if (!success) {
5078 5115 /*
5079 5116 * Abort the scan if there is not enough memory
5080 5117 * for the request and say nothing about the
5081 5118 * number of reclaimable slabs.
5082 5119 */
5083 5120 return (-1);
5084 5121 }
5085 5122
5086 5123 /*
5087 5124 * The slab's position changed while the lock was
5088 5125 * dropped, so we don't know where we are in the
5089 5126 * sequence any more.
5090 5127 */
5091 5128 if (sp->slab_refcnt != refcnt) {
5092 5129 /*
5093 5130 * If this is a KMM_DEBUG move, the slab_refcnt
5094 5131 * may have changed because we allocated a
5095 5132 * destination buffer on the same slab. In that
5096 5133 * case, we're not interested in counting it.
5097 5134 */
5098 5135 return (-1);
5099 5136 }
5100 5137 if ((sp->slab_flags & KMEM_SLAB_NOMOVE) != nomove)
5101 5138 return (-1);
5102 5139
5103 5140 /*
5104 5141 * Generating a move request allocates a destination
5105 5142 * buffer from the slab layer, bumping the first partial
5106 5143 * slab if it is completely allocated. If the current
5107 5144 * slab becomes the first partial slab as a result, we
5108 5145 * can't continue to scan backwards.
5109 5146 *
5110 5147 * If this is a KMM_DEBUG move and we allocated the
5111 5148 * destination buffer from the last partial slab, then
5112 5149 * the buffer we're moving is on the same slab and our
5113 5150 * slab_refcnt has changed, causing us to return before
5114 5151 * reaching here if there are no partial slabs left.
5115 5152 */
5116 5153 ASSERT(!avl_is_empty(&cp->cache_partial_slabs));
5117 5154 if (sp == avl_first(&cp->cache_partial_slabs)) {
5118 5155 /*
5119 5156 * We're not interested in a second KMM_DEBUG
5120 5157 * move.
5121 5158 */
5122 5159 goto end_scan;
5123 5160 }
5124 5161 }
5125 5162 }
5126 5163 end_scan:
5127 5164
5128 5165 return (s);
5129 5166 }
5130 5167
5131 5168 typedef struct kmem_move_notify_args {
5132 5169 kmem_cache_t *kmna_cache;
5133 5170 void *kmna_buf;
5134 5171 } kmem_move_notify_args_t;
5135 5172
5136 5173 static void
5137 5174 kmem_cache_move_notify_task(void *arg)
5138 5175 {
5139 5176 kmem_move_notify_args_t *args = arg;
5140 5177 kmem_cache_t *cp = args->kmna_cache;
5141 5178 void *buf = args->kmna_buf;
5142 5179 kmem_slab_t *sp;
5143 5180
5144 5181 ASSERT(taskq_member(kmem_taskq, curthread));
5145 5182 ASSERT(list_link_active(&cp->cache_link));
5146 5183
5147 5184 kmem_free(args, sizeof (kmem_move_notify_args_t));
5148 5185 mutex_enter(&cp->cache_lock);
5149 5186 sp = kmem_slab_allocated(cp, NULL, buf);
5150 5187
5151 5188 /* Ignore the notification if the buffer is no longer allocated. */
5152 5189 if (sp == NULL) {
5153 5190 mutex_exit(&cp->cache_lock);
5154 5191 return;
5155 5192 }
5156 5193
5157 5194 /* Ignore the notification if there's no reason to move the buffer. */
5158 5195 if (avl_numnodes(&cp->cache_partial_slabs) > 1) {
5159 5196 /*
5160 5197 * So far the notification is not ignored. Ignore the
5161 5198 * notification if the slab is not marked by an earlier refusal
5162 5199 * to move a buffer.
5163 5200 */
5164 5201 if (!(sp->slab_flags & KMEM_SLAB_NOMOVE) &&
5165 5202 (sp->slab_later_count == 0)) {
5166 5203 mutex_exit(&cp->cache_lock);
5167 5204 return;
5168 5205 }
5169 5206
5170 5207 kmem_slab_move_yes(cp, sp, buf);
5171 5208 ASSERT(!(sp->slab_flags & KMEM_SLAB_MOVE_PENDING));
5172 5209 sp->slab_flags |= KMEM_SLAB_MOVE_PENDING;
5173 5210 mutex_exit(&cp->cache_lock);
5174 5211 /* see kmem_move_buffers() about dropping the lock */
5175 5212 (void) kmem_move_begin(cp, sp, buf, KMM_NOTIFY);
5176 5213 mutex_enter(&cp->cache_lock);
5177 5214 ASSERT(sp->slab_flags & KMEM_SLAB_MOVE_PENDING);
5178 5215 sp->slab_flags &= ~KMEM_SLAB_MOVE_PENDING;
5179 5216 if (sp->slab_refcnt == 0) {
5180 5217 list_t *deadlist = &cp->cache_defrag->kmd_deadlist;
5181 5218 list_remove(deadlist, sp);
5182 5219
5183 5220 if (!avl_is_empty(
5184 5221 &cp->cache_defrag->kmd_moves_pending)) {
5185 5222 list_insert_head(deadlist, sp);
5186 5223 mutex_exit(&cp->cache_lock);
5187 5224 return;
5188 5225 }
5189 5226
5190 5227 cp->cache_defrag->kmd_deadcount--;
5191 5228 cp->cache_slab_destroy++;
5192 5229 mutex_exit(&cp->cache_lock);
5193 5230 kmem_slab_destroy(cp, sp);
5194 5231 return;
5195 5232 }
5196 5233 } else {
5197 5234 kmem_slab_move_yes(cp, sp, buf);
5198 5235 }
5199 5236 mutex_exit(&cp->cache_lock);
5200 5237 }
5201 5238
5202 5239 void
5203 5240 kmem_cache_move_notify(kmem_cache_t *cp, void *buf)
5204 5241 {
5205 5242 kmem_move_notify_args_t *args;
5206 5243
5207 5244 args = kmem_alloc(sizeof (kmem_move_notify_args_t), KM_NOSLEEP);
5208 5245 if (args != NULL) {
5209 5246 args->kmna_cache = cp;
5210 5247 args->kmna_buf = buf;
5211 5248 if (taskq_dispatch(kmem_taskq,
5212 5249 (task_func_t *)kmem_cache_move_notify_task, args,
5213 5250 TQ_NOSLEEP) == TASKQID_INVALID)
5214 5251 kmem_free(args, sizeof (kmem_move_notify_args_t));
5215 5252 }
5216 5253 }
5217 5254
5218 5255 static void
5219 5256 kmem_cache_defrag(kmem_cache_t *cp)
5220 5257 {
5221 5258 size_t n;
5222 5259
5223 5260 ASSERT(cp->cache_defrag != NULL);
5224 5261
5225 5262 mutex_enter(&cp->cache_lock);
5226 5263 n = avl_numnodes(&cp->cache_partial_slabs);
5227 5264 if (n > 1) {
5228 5265 /* kmem_move_buffers() drops and reacquires cache_lock */
5229 5266 cp->cache_defrag->kmd_defrags++;
5230 5267 (void) kmem_move_buffers(cp, n, 0, KMM_DESPERATE);
5231 5268 }
5232 5269 mutex_exit(&cp->cache_lock);
5233 5270 }
5234 5271
5235 5272 /* Is this cache above the fragmentation threshold? */
5236 5273 static boolean_t
5237 5274 kmem_cache_frag_threshold(kmem_cache_t *cp, uint64_t nfree)
5238 5275 {
5239 5276 /*
5240 5277 * nfree kmem_frag_numer
5241 5278 * ------------------ > ---------------
5242 5279 * cp->cache_buftotal kmem_frag_denom
5243 5280 */
5244 5281 return ((nfree * kmem_frag_denom) >
5245 5282 (cp->cache_buftotal * kmem_frag_numer));
5246 5283 }
5247 5284
5248 5285 static boolean_t
5249 5286 kmem_cache_is_fragmented(kmem_cache_t *cp, boolean_t *doreap)
5250 5287 {
5251 5288 boolean_t fragmented;
5252 5289 uint64_t nfree;
5253 5290
5254 5291 ASSERT(MUTEX_HELD(&cp->cache_lock));
5255 5292 *doreap = B_FALSE;
5256 5293
5257 5294 if (kmem_move_fulltilt) {
5258 5295 if (avl_numnodes(&cp->cache_partial_slabs) > 1) {
5259 5296 return (B_TRUE);
5260 5297 }
5261 5298 } else {
5262 5299 if ((cp->cache_complete_slab_count + avl_numnodes(
5263 5300 &cp->cache_partial_slabs)) < kmem_frag_minslabs) {
5264 5301 return (B_FALSE);
5265 5302 }
5266 5303 }
5267 5304
5268 5305 nfree = cp->cache_bufslab;
5269 5306 fragmented = ((avl_numnodes(&cp->cache_partial_slabs) > 1) &&
5270 5307 kmem_cache_frag_threshold(cp, nfree));
5271 5308
5272 5309 /*
5273 5310 * Free buffers in the magazine layer appear allocated from the point of
5274 5311 * view of the slab layer. We want to know if the slab layer would
5275 5312 * appear fragmented if we included free buffers from magazines that
5276 5313 * have fallen out of the working set.
5277 5314 */
5278 5315 if (!fragmented) {
5279 5316 long reap;
5280 5317
5281 5318 mutex_enter(&cp->cache_depot_lock);
5282 5319 reap = MIN(cp->cache_full.ml_reaplimit, cp->cache_full.ml_min);
5283 5320 reap = MIN(reap, cp->cache_full.ml_total);
5284 5321 mutex_exit(&cp->cache_depot_lock);
5285 5322
5286 5323 nfree += ((uint64_t)reap * cp->cache_magtype->mt_magsize);
5287 5324 if (kmem_cache_frag_threshold(cp, nfree)) {
5288 5325 *doreap = B_TRUE;
5289 5326 }
5290 5327 }
5291 5328
5292 5329 return (fragmented);
5293 5330 }
5294 5331
5295 5332 /* Called periodically from kmem_taskq */
5296 5333 static void
5297 5334 kmem_cache_scan(kmem_cache_t *cp)
5298 5335 {
5299 5336 boolean_t reap = B_FALSE;
5300 5337 kmem_defrag_t *kmd;
5301 5338
5302 5339 ASSERT(taskq_member(kmem_taskq, curthread));
5303 5340
5304 5341 mutex_enter(&cp->cache_lock);
5305 5342
5306 5343 kmd = cp->cache_defrag;
5307 5344 if (kmd->kmd_consolidate > 0) {
5308 5345 kmd->kmd_consolidate--;
5309 5346 mutex_exit(&cp->cache_lock);
5310 5347 kmem_cache_reap(cp);
5311 5348 return;
5312 5349 }
5313 5350
5314 5351 if (kmem_cache_is_fragmented(cp, &reap)) {
5315 5352 size_t slabs_found;
5316 5353
5317 5354 /*
5318 5355 * Consolidate reclaimable slabs from the end of the partial
5319 5356 * slab list (scan at most kmem_reclaim_scan_range slabs to find
5320 5357 * reclaimable slabs). Keep track of how many candidate slabs we
5321 5358 * looked for and how many we actually found so we can adjust
5322 5359 * the definition of a candidate slab if we're having trouble
5323 5360 * finding them.
5324 5361 *
5325 5362 * kmem_move_buffers() drops and reacquires cache_lock.
5326 5363 */
5327 5364 kmd->kmd_scans++;
5328 5365 slabs_found = kmem_move_buffers(cp, kmem_reclaim_scan_range,
5329 5366 kmem_reclaim_max_slabs, 0);
5330 5367 if (slabs_found >= 0) {
5331 5368 kmd->kmd_slabs_sought += kmem_reclaim_max_slabs;
5332 5369 kmd->kmd_slabs_found += slabs_found;
5333 5370 }
5334 5371
5335 5372 if (++kmd->kmd_tries >= kmem_reclaim_scan_range) {
5336 5373 kmd->kmd_tries = 0;
5337 5374
5338 5375 /*
5339 5376 * If we had difficulty finding candidate slabs in
5340 5377 * previous scans, adjust the threshold so that
5341 5378 * candidates are easier to find.
5342 5379 */
5343 5380 if (kmd->kmd_slabs_found == kmd->kmd_slabs_sought) {
5344 5381 kmem_adjust_reclaim_threshold(kmd, -1);
5345 5382 } else if ((kmd->kmd_slabs_found * 2) <
5346 5383 kmd->kmd_slabs_sought) {
5347 5384 kmem_adjust_reclaim_threshold(kmd, 1);
5348 5385 }
5349 5386 kmd->kmd_slabs_sought = 0;
5350 5387 kmd->kmd_slabs_found = 0;
5351 5388 }
5352 5389 } else {
5353 5390 kmem_reset_reclaim_threshold(cp->cache_defrag);
5354 5391 #ifdef DEBUG
5355 5392 if (!avl_is_empty(&cp->cache_partial_slabs)) {
5356 5393 /*
5357 5394 * In a debug kernel we want the consolidator to
5358 5395 * run occasionally even when there is plenty of
5359 5396 * memory.
5360 5397 */
5361 5398 uint16_t debug_rand;
5362 5399
5363 5400 (void) random_get_bytes((uint8_t *)&debug_rand, 2);
5364 5401 if (!kmem_move_noreap &&
5365 5402 ((debug_rand % kmem_mtb_reap) == 0)) {
5366 5403 mutex_exit(&cp->cache_lock);
5367 5404 kmem_cache_reap(cp);
5368 5405 return;
5369 5406 } else if ((debug_rand % kmem_mtb_move) == 0) {
5370 5407 kmd->kmd_scans++;
5371 5408 (void) kmem_move_buffers(cp,
5372 5409 kmem_reclaim_scan_range, 1, KMM_DEBUG);
5373 5410 }
5374 5411 }
5375 5412 #endif /* DEBUG */
5376 5413 }
5377 5414
5378 5415 mutex_exit(&cp->cache_lock);
5379 5416
5380 5417 if (reap)
5381 5418 kmem_depot_ws_reap(cp);
5382 5419 }
|
↓ open down ↓ |
971 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX