Print this page
9525 kmem_dump_size is a corrupting influence
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/os/kmem.c
+++ new/usr/src/uts/common/os/kmem.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved.
23 23 * Copyright (c) 2012, 2017 by Delphix. All rights reserved.
24 24 * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
25 25 * Copyright 2018, Joyent, Inc.
26 26 */
27 27
28 28 /*
29 29 * Kernel memory allocator, as described in the following two papers and a
30 30 * statement about the consolidator:
31 31 *
32 32 * Jeff Bonwick,
33 33 * The Slab Allocator: An Object-Caching Kernel Memory Allocator.
34 34 * Proceedings of the Summer 1994 Usenix Conference.
35 35 * Available as /shared/sac/PSARC/1994/028/materials/kmem.pdf.
36 36 *
37 37 * Jeff Bonwick and Jonathan Adams,
38 38 * Magazines and vmem: Extending the Slab Allocator to Many CPUs and
39 39 * Arbitrary Resources.
40 40 * Proceedings of the 2001 Usenix Conference.
41 41 * Available as /shared/sac/PSARC/2000/550/materials/vmem.pdf.
42 42 *
43 43 * kmem Slab Consolidator Big Theory Statement:
44 44 *
45 45 * 1. Motivation
46 46 *
47 47 * As stated in Bonwick94, slabs provide the following advantages over other
48 48 * allocation structures in terms of memory fragmentation:
49 49 *
50 50 * - Internal fragmentation (per-buffer wasted space) is minimal.
51 51 * - Severe external fragmentation (unused buffers on the free list) is
52 52 * unlikely.
53 53 *
54 54 * Segregating objects by size eliminates one source of external fragmentation,
55 55 * and according to Bonwick:
56 56 *
57 57 * The other reason that slabs reduce external fragmentation is that all
58 58 * objects in a slab are of the same type, so they have the same lifetime
59 59 * distribution. The resulting segregation of short-lived and long-lived
60 60 * objects at slab granularity reduces the likelihood of an entire page being
61 61 * held hostage due to a single long-lived allocation [Barrett93, Hanson90].
62 62 *
63 63 * While unlikely, severe external fragmentation remains possible. Clients that
64 64 * allocate both short- and long-lived objects from the same cache cannot
65 65 * anticipate the distribution of long-lived objects within the allocator's slab
66 66 * implementation. Even a small percentage of long-lived objects distributed
67 67 * randomly across many slabs can lead to a worst case scenario where the client
68 68 * frees the majority of its objects and the system gets back almost none of the
69 69 * slabs. Despite the client doing what it reasonably can to help the system
70 70 * reclaim memory, the allocator cannot shake free enough slabs because of
71 71 * lonely allocations stubbornly hanging on. Although the allocator is in a
72 72 * position to diagnose the fragmentation, there is nothing that the allocator
73 73 * by itself can do about it. It only takes a single allocated object to prevent
74 74 * an entire slab from being reclaimed, and any object handed out by
75 75 * kmem_cache_alloc() is by definition in the client's control. Conversely,
76 76 * although the client is in a position to move a long-lived object, it has no
77 77 * way of knowing if the object is causing fragmentation, and if so, where to
78 78 * move it. A solution necessarily requires further cooperation between the
79 79 * allocator and the client.
80 80 *
81 81 * 2. Move Callback
82 82 *
83 83 * The kmem slab consolidator therefore adds a move callback to the
84 84 * allocator/client interface, improving worst-case external fragmentation in
85 85 * kmem caches that supply a function to move objects from one memory location
86 86 * to another. In a situation of low memory kmem attempts to consolidate all of
87 87 * a cache's slabs at once; otherwise it works slowly to bring external
88 88 * fragmentation within the 1/8 limit guaranteed for internal fragmentation,
89 89 * thereby helping to avoid a low memory situation in the future.
90 90 *
91 91 * The callback has the following signature:
92 92 *
93 93 * kmem_cbrc_t move(void *old, void *new, size_t size, void *user_arg)
94 94 *
95 95 * It supplies the kmem client with two addresses: the allocated object that
96 96 * kmem wants to move and a buffer selected by kmem for the client to use as the
97 97 * copy destination. The callback is kmem's way of saying "Please get off of
98 98 * this buffer and use this one instead." kmem knows where it wants to move the
99 99 * object in order to best reduce fragmentation. All the client needs to know
100 100 * about the second argument (void *new) is that it is an allocated, constructed
101 101 * object ready to take the contents of the old object. When the move function
102 102 * is called, the system is likely to be low on memory, and the new object
103 103 * spares the client from having to worry about allocating memory for the
104 104 * requested move. The third argument supplies the size of the object, in case a
105 105 * single move function handles multiple caches whose objects differ only in
106 106 * size (such as zio_buf_512, zio_buf_1024, etc). Finally, the same optional
107 107 * user argument passed to the constructor, destructor, and reclaim functions is
108 108 * also passed to the move callback.
109 109 *
110 110 * 2.1 Setting the Move Callback
111 111 *
112 112 * The client sets the move callback after creating the cache and before
113 113 * allocating from it:
114 114 *
115 115 * object_cache = kmem_cache_create(...);
116 116 * kmem_cache_set_move(object_cache, object_move);
117 117 *
118 118 * 2.2 Move Callback Return Values
119 119 *
120 120 * Only the client knows about its own data and when is a good time to move it.
121 121 * The client is cooperating with kmem to return unused memory to the system,
122 122 * and kmem respectfully accepts this help at the client's convenience. When
123 123 * asked to move an object, the client can respond with any of the following:
124 124 *
125 125 * typedef enum kmem_cbrc {
126 126 * KMEM_CBRC_YES,
127 127 * KMEM_CBRC_NO,
128 128 * KMEM_CBRC_LATER,
129 129 * KMEM_CBRC_DONT_NEED,
130 130 * KMEM_CBRC_DONT_KNOW
131 131 * } kmem_cbrc_t;
132 132 *
133 133 * The client must not explicitly kmem_cache_free() either of the objects passed
134 134 * to the callback, since kmem wants to free them directly to the slab layer
135 135 * (bypassing the per-CPU magazine layer). The response tells kmem which of the
136 136 * objects to free:
137 137 *
138 138 * YES: (Did it) The client moved the object, so kmem frees the old one.
139 139 * NO: (Never) The client refused, so kmem frees the new object (the
140 140 * unused copy destination). kmem also marks the slab of the old
141 141 * object so as not to bother the client with further callbacks for
142 142 * that object as long as the slab remains on the partial slab list.
143 143 * (The system won't be getting the slab back as long as the
144 144 * immovable object holds it hostage, so there's no point in moving
145 145 * any of its objects.)
146 146 * LATER: The client is using the object and cannot move it now, so kmem
147 147 * frees the new object (the unused copy destination). kmem still
148 148 * attempts to move other objects off the slab, since it expects to
149 149 * succeed in clearing the slab in a later callback. The client
150 150 * should use LATER instead of NO if the object is likely to become
151 151 * movable very soon.
152 152 * DONT_NEED: The client no longer needs the object, so kmem frees the old along
153 153 * with the new object (the unused copy destination). This response
154 154 * is the client's opportunity to be a model citizen and give back as
155 155 * much as it can.
156 156 * DONT_KNOW: The client does not know about the object because
157 157 * a) the client has just allocated the object and not yet put it
158 158 * wherever it expects to find known objects
159 159 * b) the client has removed the object from wherever it expects to
160 160 * find known objects and is about to free it, or
161 161 * c) the client has freed the object.
162 162 * In all these cases (a, b, and c) kmem frees the new object (the
163 163 * unused copy destination). In the first case, the object is in
164 164 * use and the correct action is that for LATER; in the latter two
165 165 * cases, we know that the object is either freed or about to be
166 166 * freed, in which case it is either already in a magazine or about
167 167 * to be in one. In these cases, we know that the object will either
168 168 * be reallocated and reused, or it will end up in a full magazine
169 169 * that will be reaped (thereby liberating the slab). Because it
170 170 * is prohibitively expensive to differentiate these cases, and
171 171 * because the defrag code is executed when we're low on memory
172 172 * (thereby biasing the system to reclaim full magazines) we treat
173 173 * all DONT_KNOW cases as LATER and rely on cache reaping to
174 174 * generally clean up full magazines. While we take the same action
175 175 * for these cases, we maintain their semantic distinction: if
176 176 * defragmentation is not occurring, it is useful to know if this
177 177 * is due to objects in use (LATER) or objects in an unknown state
178 178 * of transition (DONT_KNOW).
179 179 *
180 180 * 2.3 Object States
181 181 *
182 182 * Neither kmem nor the client can be assumed to know the object's whereabouts
183 183 * at the time of the callback. An object belonging to a kmem cache may be in
184 184 * any of the following states:
185 185 *
186 186 * 1. Uninitialized on the slab
187 187 * 2. Allocated from the slab but not constructed (still uninitialized)
188 188 * 3. Allocated from the slab, constructed, but not yet ready for business
189 189 * (not in a valid state for the move callback)
190 190 * 4. In use (valid and known to the client)
191 191 * 5. About to be freed (no longer in a valid state for the move callback)
192 192 * 6. Freed to a magazine (still constructed)
193 193 * 7. Allocated from a magazine, not yet ready for business (not in a valid
194 194 * state for the move callback), and about to return to state #4
195 195 * 8. Deconstructed on a magazine that is about to be freed
196 196 * 9. Freed to the slab
197 197 *
198 198 * Since the move callback may be called at any time while the object is in any
199 199 * of the above states (except state #1), the client needs a safe way to
200 200 * determine whether or not it knows about the object. Specifically, the client
201 201 * needs to know whether or not the object is in state #4, the only state in
202 202 * which a move is valid. If the object is in any other state, the client should
203 203 * immediately return KMEM_CBRC_DONT_KNOW, since it is unsafe to access any of
204 204 * the object's fields.
205 205 *
206 206 * Note that although an object may be in state #4 when kmem initiates the move
207 207 * request, the object may no longer be in that state by the time kmem actually
208 208 * calls the move function. Not only does the client free objects
209 209 * asynchronously, kmem itself puts move requests on a queue where thay are
210 210 * pending until kmem processes them from another context. Also, objects freed
211 211 * to a magazine appear allocated from the point of view of the slab layer, so
212 212 * kmem may even initiate requests for objects in a state other than state #4.
213 213 *
214 214 * 2.3.1 Magazine Layer
215 215 *
216 216 * An important insight revealed by the states listed above is that the magazine
217 217 * layer is populated only by kmem_cache_free(). Magazines of constructed
218 218 * objects are never populated directly from the slab layer (which contains raw,
219 219 * unconstructed objects). Whenever an allocation request cannot be satisfied
220 220 * from the magazine layer, the magazines are bypassed and the request is
221 221 * satisfied from the slab layer (creating a new slab if necessary). kmem calls
222 222 * the object constructor only when allocating from the slab layer, and only in
223 223 * response to kmem_cache_alloc() or to prepare the destination buffer passed in
224 224 * the move callback. kmem does not preconstruct objects in anticipation of
225 225 * kmem_cache_alloc().
226 226 *
227 227 * 2.3.2 Object Constructor and Destructor
228 228 *
229 229 * If the client supplies a destructor, it must be valid to call the destructor
230 230 * on a newly created object (immediately after the constructor).
231 231 *
232 232 * 2.4 Recognizing Known Objects
233 233 *
234 234 * There is a simple test to determine safely whether or not the client knows
235 235 * about a given object in the move callback. It relies on the fact that kmem
236 236 * guarantees that the object of the move callback has only been touched by the
237 237 * client itself or else by kmem. kmem does this by ensuring that none of the
238 238 * cache's slabs are freed to the virtual memory (VM) subsystem while a move
239 239 * callback is pending. When the last object on a slab is freed, if there is a
240 240 * pending move, kmem puts the slab on a per-cache dead list and defers freeing
241 241 * slabs on that list until all pending callbacks are completed. That way,
242 242 * clients can be certain that the object of a move callback is in one of the
243 243 * states listed above, making it possible to distinguish known objects (in
244 244 * state #4) using the two low order bits of any pointer member (with the
245 245 * exception of 'char *' or 'short *' which may not be 4-byte aligned on some
246 246 * platforms).
247 247 *
248 248 * The test works as long as the client always transitions objects from state #4
249 249 * (known, in use) to state #5 (about to be freed, invalid) by setting the low
250 250 * order bit of the client-designated pointer member. Since kmem only writes
251 251 * invalid memory patterns, such as 0xbaddcafe to uninitialized memory and
252 252 * 0xdeadbeef to freed memory, any scribbling on the object done by kmem is
253 253 * guaranteed to set at least one of the two low order bits. Therefore, given an
254 254 * object with a back pointer to a 'container_t *o_container', the client can
255 255 * test
256 256 *
257 257 * container_t *container = object->o_container;
258 258 * if ((uintptr_t)container & 0x3) {
259 259 * return (KMEM_CBRC_DONT_KNOW);
260 260 * }
261 261 *
262 262 * Typically, an object will have a pointer to some structure with a list or
263 263 * hash where objects from the cache are kept while in use. Assuming that the
264 264 * client has some way of knowing that the container structure is valid and will
265 265 * not go away during the move, and assuming that the structure includes a lock
266 266 * to protect whatever collection is used, then the client would continue as
267 267 * follows:
268 268 *
269 269 * // Ensure that the container structure does not go away.
270 270 * if (container_hold(container) == 0) {
271 271 * return (KMEM_CBRC_DONT_KNOW);
272 272 * }
273 273 * mutex_enter(&container->c_objects_lock);
274 274 * if (container != object->o_container) {
275 275 * mutex_exit(&container->c_objects_lock);
276 276 * container_rele(container);
277 277 * return (KMEM_CBRC_DONT_KNOW);
278 278 * }
279 279 *
280 280 * At this point the client knows that the object cannot be freed as long as
281 281 * c_objects_lock is held. Note that after acquiring the lock, the client must
282 282 * recheck the o_container pointer in case the object was removed just before
283 283 * acquiring the lock.
284 284 *
285 285 * When the client is about to free an object, it must first remove that object
286 286 * from the list, hash, or other structure where it is kept. At that time, to
287 287 * mark the object so it can be distinguished from the remaining, known objects,
288 288 * the client sets the designated low order bit:
289 289 *
290 290 * mutex_enter(&container->c_objects_lock);
291 291 * object->o_container = (void *)((uintptr_t)object->o_container | 0x1);
292 292 * list_remove(&container->c_objects, object);
293 293 * mutex_exit(&container->c_objects_lock);
294 294 *
295 295 * In the common case, the object is freed to the magazine layer, where it may
296 296 * be reused on a subsequent allocation without the overhead of calling the
297 297 * constructor. While in the magazine it appears allocated from the point of
298 298 * view of the slab layer, making it a candidate for the move callback. Most
299 299 * objects unrecognized by the client in the move callback fall into this
300 300 * category and are cheaply distinguished from known objects by the test
301 301 * described earlier. Because searching magazines is prohibitively expensive
302 302 * for kmem, clients that do not mark freed objects (and therefore return
303 303 * KMEM_CBRC_DONT_KNOW for large numbers of objects) may find defragmentation
304 304 * efficacy reduced.
305 305 *
306 306 * Invalidating the designated pointer member before freeing the object marks
307 307 * the object to be avoided in the callback, and conversely, assigning a valid
308 308 * value to the designated pointer member after allocating the object makes the
309 309 * object fair game for the callback:
310 310 *
311 311 * ... allocate object ...
312 312 * ... set any initial state not set by the constructor ...
313 313 *
314 314 * mutex_enter(&container->c_objects_lock);
315 315 * list_insert_tail(&container->c_objects, object);
316 316 * membar_producer();
317 317 * object->o_container = container;
318 318 * mutex_exit(&container->c_objects_lock);
319 319 *
320 320 * Note that everything else must be valid before setting o_container makes the
321 321 * object fair game for the move callback. The membar_producer() call ensures
322 322 * that all the object's state is written to memory before setting the pointer
323 323 * that transitions the object from state #3 or #7 (allocated, constructed, not
324 324 * yet in use) to state #4 (in use, valid). That's important because the move
325 325 * function has to check the validity of the pointer before it can safely
326 326 * acquire the lock protecting the collection where it expects to find known
327 327 * objects.
328 328 *
329 329 * This method of distinguishing known objects observes the usual symmetry:
330 330 * invalidating the designated pointer is the first thing the client does before
331 331 * freeing the object, and setting the designated pointer is the last thing the
332 332 * client does after allocating the object. Of course, the client is not
333 333 * required to use this method. Fundamentally, how the client recognizes known
334 334 * objects is completely up to the client, but this method is recommended as an
335 335 * efficient and safe way to take advantage of the guarantees made by kmem. If
336 336 * the entire object is arbitrary data without any markable bits from a suitable
337 337 * pointer member, then the client must find some other method, such as
338 338 * searching a hash table of known objects.
339 339 *
340 340 * 2.5 Preventing Objects From Moving
341 341 *
342 342 * Besides a way to distinguish known objects, the other thing that the client
343 343 * needs is a strategy to ensure that an object will not move while the client
344 344 * is actively using it. The details of satisfying this requirement tend to be
345 345 * highly cache-specific. It might seem that the same rules that let a client
346 346 * remove an object safely should also decide when an object can be moved
347 347 * safely. However, any object state that makes a removal attempt invalid is
348 348 * likely to be long-lasting for objects that the client does not expect to
349 349 * remove. kmem knows nothing about the object state and is equally likely (from
350 350 * the client's point of view) to request a move for any object in the cache,
351 351 * whether prepared for removal or not. Even a low percentage of objects stuck
352 352 * in place by unremovability will defeat the consolidator if the stuck objects
353 353 * are the same long-lived allocations likely to hold slabs hostage.
354 354 * Fundamentally, the consolidator is not aimed at common cases. Severe external
355 355 * fragmentation is a worst case scenario manifested as sparsely allocated
356 356 * slabs, by definition a low percentage of the cache's objects. When deciding
357 357 * what makes an object movable, keep in mind the goal of the consolidator: to
358 358 * bring worst-case external fragmentation within the limits guaranteed for
359 359 * internal fragmentation. Removability is a poor criterion if it is likely to
360 360 * exclude more than an insignificant percentage of objects for long periods of
361 361 * time.
362 362 *
363 363 * A tricky general solution exists, and it has the advantage of letting you
364 364 * move any object at almost any moment, practically eliminating the likelihood
365 365 * that an object can hold a slab hostage. However, if there is a cache-specific
366 366 * way to ensure that an object is not actively in use in the vast majority of
367 367 * cases, a simpler solution that leverages this cache-specific knowledge is
368 368 * preferred.
369 369 *
370 370 * 2.5.1 Cache-Specific Solution
371 371 *
372 372 * As an example of a cache-specific solution, the ZFS znode cache takes
373 373 * advantage of the fact that the vast majority of znodes are only being
374 374 * referenced from the DNLC. (A typical case might be a few hundred in active
375 375 * use and a hundred thousand in the DNLC.) In the move callback, after the ZFS
376 376 * client has established that it recognizes the znode and can access its fields
377 377 * safely (using the method described earlier), it then tests whether the znode
378 378 * is referenced by anything other than the DNLC. If so, it assumes that the
379 379 * znode may be in active use and is unsafe to move, so it drops its locks and
380 380 * returns KMEM_CBRC_LATER. The advantage of this strategy is that everywhere
381 381 * else znodes are used, no change is needed to protect against the possibility
382 382 * of the znode moving. The disadvantage is that it remains possible for an
383 383 * application to hold a znode slab hostage with an open file descriptor.
384 384 * However, this case ought to be rare and the consolidator has a way to deal
385 385 * with it: If the client responds KMEM_CBRC_LATER repeatedly for the same
386 386 * object, kmem eventually stops believing it and treats the slab as if the
387 387 * client had responded KMEM_CBRC_NO. Having marked the hostage slab, kmem can
388 388 * then focus on getting it off of the partial slab list by allocating rather
389 389 * than freeing all of its objects. (Either way of getting a slab off the
390 390 * free list reduces fragmentation.)
391 391 *
392 392 * 2.5.2 General Solution
393 393 *
394 394 * The general solution, on the other hand, requires an explicit hold everywhere
395 395 * the object is used to prevent it from moving. To keep the client locking
396 396 * strategy as uncomplicated as possible, kmem guarantees the simplifying
397 397 * assumption that move callbacks are sequential, even across multiple caches.
398 398 * Internally, a global queue processed by a single thread supports all caches
399 399 * implementing the callback function. No matter how many caches supply a move
400 400 * function, the consolidator never moves more than one object at a time, so the
401 401 * client does not have to worry about tricky lock ordering involving several
402 402 * related objects from different kmem caches.
403 403 *
404 404 * The general solution implements the explicit hold as a read-write lock, which
405 405 * allows multiple readers to access an object from the cache simultaneously
406 406 * while a single writer is excluded from moving it. A single rwlock for the
407 407 * entire cache would lock out all threads from using any of the cache's objects
408 408 * even though only a single object is being moved, so to reduce contention,
409 409 * the client can fan out the single rwlock into an array of rwlocks hashed by
410 410 * the object address, making it probable that moving one object will not
411 411 * prevent other threads from using a different object. The rwlock cannot be a
412 412 * member of the object itself, because the possibility of the object moving
413 413 * makes it unsafe to access any of the object's fields until the lock is
414 414 * acquired.
415 415 *
416 416 * Assuming a small, fixed number of locks, it's possible that multiple objects
417 417 * will hash to the same lock. A thread that needs to use multiple objects in
418 418 * the same function may acquire the same lock multiple times. Since rwlocks are
419 419 * reentrant for readers, and since there is never more than a single writer at
420 420 * a time (assuming that the client acquires the lock as a writer only when
421 421 * moving an object inside the callback), there would seem to be no problem.
422 422 * However, a client locking multiple objects in the same function must handle
423 423 * one case of potential deadlock: Assume that thread A needs to prevent both
424 424 * object 1 and object 2 from moving, and thread B, the callback, meanwhile
425 425 * tries to move object 3. It's possible, if objects 1, 2, and 3 all hash to the
426 426 * same lock, that thread A will acquire the lock for object 1 as a reader
427 427 * before thread B sets the lock's write-wanted bit, preventing thread A from
428 428 * reacquiring the lock for object 2 as a reader. Unable to make forward
429 429 * progress, thread A will never release the lock for object 1, resulting in
430 430 * deadlock.
431 431 *
432 432 * There are two ways of avoiding the deadlock just described. The first is to
433 433 * use rw_tryenter() rather than rw_enter() in the callback function when
434 434 * attempting to acquire the lock as a writer. If tryenter discovers that the
435 435 * same object (or another object hashed to the same lock) is already in use, it
436 436 * aborts the callback and returns KMEM_CBRC_LATER. The second way is to use
437 437 * rprwlock_t (declared in common/fs/zfs/sys/rprwlock.h) instead of rwlock_t,
438 438 * since it allows a thread to acquire the lock as a reader in spite of a
439 439 * waiting writer. This second approach insists on moving the object now, no
440 440 * matter how many readers the move function must wait for in order to do so,
441 441 * and could delay the completion of the callback indefinitely (blocking
442 442 * callbacks to other clients). In practice, a less insistent callback using
443 443 * rw_tryenter() returns KMEM_CBRC_LATER infrequently enough that there seems
444 444 * little reason to use anything else.
445 445 *
446 446 * Avoiding deadlock is not the only problem that an implementation using an
447 447 * explicit hold needs to solve. Locking the object in the first place (to
448 448 * prevent it from moving) remains a problem, since the object could move
449 449 * between the time you obtain a pointer to the object and the time you acquire
450 450 * the rwlock hashed to that pointer value. Therefore the client needs to
451 451 * recheck the value of the pointer after acquiring the lock, drop the lock if
452 452 * the value has changed, and try again. This requires a level of indirection:
453 453 * something that points to the object rather than the object itself, that the
454 454 * client can access safely while attempting to acquire the lock. (The object
455 455 * itself cannot be referenced safely because it can move at any time.)
456 456 * The following lock-acquisition function takes whatever is safe to reference
457 457 * (arg), follows its pointer to the object (using function f), and tries as
458 458 * often as necessary to acquire the hashed lock and verify that the object
459 459 * still has not moved:
460 460 *
461 461 * object_t *
462 462 * object_hold(object_f f, void *arg)
463 463 * {
464 464 * object_t *op;
465 465 *
466 466 * op = f(arg);
467 467 * if (op == NULL) {
468 468 * return (NULL);
469 469 * }
470 470 *
471 471 * rw_enter(OBJECT_RWLOCK(op), RW_READER);
472 472 * while (op != f(arg)) {
473 473 * rw_exit(OBJECT_RWLOCK(op));
474 474 * op = f(arg);
475 475 * if (op == NULL) {
476 476 * break;
477 477 * }
478 478 * rw_enter(OBJECT_RWLOCK(op), RW_READER);
479 479 * }
480 480 *
481 481 * return (op);
482 482 * }
483 483 *
484 484 * The OBJECT_RWLOCK macro hashes the object address to obtain the rwlock. The
485 485 * lock reacquisition loop, while necessary, almost never executes. The function
486 486 * pointer f (used to obtain the object pointer from arg) has the following type
487 487 * definition:
488 488 *
489 489 * typedef object_t *(*object_f)(void *arg);
490 490 *
491 491 * An object_f implementation is likely to be as simple as accessing a structure
492 492 * member:
493 493 *
494 494 * object_t *
495 495 * s_object(void *arg)
496 496 * {
497 497 * something_t *sp = arg;
498 498 * return (sp->s_object);
499 499 * }
500 500 *
501 501 * The flexibility of a function pointer allows the path to the object to be
502 502 * arbitrarily complex and also supports the notion that depending on where you
503 503 * are using the object, you may need to get it from someplace different.
504 504 *
505 505 * The function that releases the explicit hold is simpler because it does not
506 506 * have to worry about the object moving:
507 507 *
508 508 * void
509 509 * object_rele(object_t *op)
510 510 * {
511 511 * rw_exit(OBJECT_RWLOCK(op));
512 512 * }
513 513 *
514 514 * The caller is spared these details so that obtaining and releasing an
515 515 * explicit hold feels like a simple mutex_enter()/mutex_exit() pair. The caller
516 516 * of object_hold() only needs to know that the returned object pointer is valid
517 517 * if not NULL and that the object will not move until released.
518 518 *
519 519 * Although object_hold() prevents an object from moving, it does not prevent it
520 520 * from being freed. The caller must take measures before calling object_hold()
521 521 * (afterwards is too late) to ensure that the held object cannot be freed. The
522 522 * caller must do so without accessing the unsafe object reference, so any lock
523 523 * or reference count used to ensure the continued existence of the object must
524 524 * live outside the object itself.
525 525 *
526 526 * Obtaining a new object is a special case where an explicit hold is impossible
527 527 * for the caller. Any function that returns a newly allocated object (either as
528 528 * a return value, or as an in-out paramter) must return it already held; after
529 529 * the caller gets it is too late, since the object cannot be safely accessed
530 530 * without the level of indirection described earlier. The following
531 531 * object_alloc() example uses the same code shown earlier to transition a new
532 532 * object into the state of being recognized (by the client) as a known object.
533 533 * The function must acquire the hold (rw_enter) before that state transition
534 534 * makes the object movable:
535 535 *
536 536 * static object_t *
537 537 * object_alloc(container_t *container)
538 538 * {
539 539 * object_t *object = kmem_cache_alloc(object_cache, 0);
540 540 * ... set any initial state not set by the constructor ...
541 541 * rw_enter(OBJECT_RWLOCK(object), RW_READER);
542 542 * mutex_enter(&container->c_objects_lock);
543 543 * list_insert_tail(&container->c_objects, object);
544 544 * membar_producer();
545 545 * object->o_container = container;
546 546 * mutex_exit(&container->c_objects_lock);
547 547 * return (object);
548 548 * }
549 549 *
550 550 * Functions that implicitly acquire an object hold (any function that calls
551 551 * object_alloc() to supply an object for the caller) need to be carefully noted
552 552 * so that the matching object_rele() is not neglected. Otherwise, leaked holds
553 553 * prevent all objects hashed to the affected rwlocks from ever being moved.
554 554 *
555 555 * The pointer to a held object can be hashed to the holding rwlock even after
556 556 * the object has been freed. Although it is possible to release the hold
557 557 * after freeing the object, you may decide to release the hold implicitly in
558 558 * whatever function frees the object, so as to release the hold as soon as
559 559 * possible, and for the sake of symmetry with the function that implicitly
560 560 * acquires the hold when it allocates the object. Here, object_free() releases
561 561 * the hold acquired by object_alloc(). Its implicit object_rele() forms a
562 562 * matching pair with object_hold():
563 563 *
564 564 * void
565 565 * object_free(object_t *object)
566 566 * {
567 567 * container_t *container;
568 568 *
569 569 * ASSERT(object_held(object));
570 570 * container = object->o_container;
571 571 * mutex_enter(&container->c_objects_lock);
572 572 * object->o_container =
573 573 * (void *)((uintptr_t)object->o_container | 0x1);
574 574 * list_remove(&container->c_objects, object);
575 575 * mutex_exit(&container->c_objects_lock);
576 576 * object_rele(object);
577 577 * kmem_cache_free(object_cache, object);
578 578 * }
579 579 *
580 580 * Note that object_free() cannot safely accept an object pointer as an argument
581 581 * unless the object is already held. Any function that calls object_free()
582 582 * needs to be carefully noted since it similarly forms a matching pair with
583 583 * object_hold().
584 584 *
585 585 * To complete the picture, the following callback function implements the
586 586 * general solution by moving objects only if they are currently unheld:
587 587 *
588 588 * static kmem_cbrc_t
589 589 * object_move(void *buf, void *newbuf, size_t size, void *arg)
590 590 * {
591 591 * object_t *op = buf, *np = newbuf;
592 592 * container_t *container;
593 593 *
594 594 * container = op->o_container;
595 595 * if ((uintptr_t)container & 0x3) {
596 596 * return (KMEM_CBRC_DONT_KNOW);
597 597 * }
598 598 *
599 599 * // Ensure that the container structure does not go away.
600 600 * if (container_hold(container) == 0) {
601 601 * return (KMEM_CBRC_DONT_KNOW);
602 602 * }
603 603 *
604 604 * mutex_enter(&container->c_objects_lock);
605 605 * if (container != op->o_container) {
606 606 * mutex_exit(&container->c_objects_lock);
607 607 * container_rele(container);
608 608 * return (KMEM_CBRC_DONT_KNOW);
609 609 * }
610 610 *
611 611 * if (rw_tryenter(OBJECT_RWLOCK(op), RW_WRITER) == 0) {
612 612 * mutex_exit(&container->c_objects_lock);
613 613 * container_rele(container);
614 614 * return (KMEM_CBRC_LATER);
615 615 * }
616 616 *
617 617 * object_move_impl(op, np); // critical section
618 618 * rw_exit(OBJECT_RWLOCK(op));
619 619 *
620 620 * op->o_container = (void *)((uintptr_t)op->o_container | 0x1);
621 621 * list_link_replace(&op->o_link_node, &np->o_link_node);
622 622 * mutex_exit(&container->c_objects_lock);
623 623 * container_rele(container);
624 624 * return (KMEM_CBRC_YES);
625 625 * }
626 626 *
627 627 * Note that object_move() must invalidate the designated o_container pointer of
628 628 * the old object in the same way that object_free() does, since kmem will free
629 629 * the object in response to the KMEM_CBRC_YES return value.
630 630 *
631 631 * The lock order in object_move() differs from object_alloc(), which locks
632 632 * OBJECT_RWLOCK first and &container->c_objects_lock second, but as long as the
633 633 * callback uses rw_tryenter() (preventing the deadlock described earlier), it's
634 634 * not a problem. Holding the lock on the object list in the example above
635 635 * through the entire callback not only prevents the object from going away, it
636 636 * also allows you to lock the list elsewhere and know that none of its elements
637 637 * will move during iteration.
638 638 *
639 639 * Adding an explicit hold everywhere an object from the cache is used is tricky
640 640 * and involves much more change to client code than a cache-specific solution
641 641 * that leverages existing state to decide whether or not an object is
642 642 * movable. However, this approach has the advantage that no object remains
643 643 * immovable for any significant length of time, making it extremely unlikely
644 644 * that long-lived allocations can continue holding slabs hostage; and it works
645 645 * for any cache.
646 646 *
647 647 * 3. Consolidator Implementation
648 648 *
649 649 * Once the client supplies a move function that a) recognizes known objects and
650 650 * b) avoids moving objects that are actively in use, the remaining work is up
651 651 * to the consolidator to decide which objects to move and when to issue
652 652 * callbacks.
653 653 *
654 654 * The consolidator relies on the fact that a cache's slabs are ordered by
655 655 * usage. Each slab has a fixed number of objects. Depending on the slab's
656 656 * "color" (the offset of the first object from the beginning of the slab;
657 657 * offsets are staggered to mitigate false sharing of cache lines) it is either
658 658 * the maximum number of objects per slab determined at cache creation time or
659 659 * else the number closest to the maximum that fits within the space remaining
660 660 * after the initial offset. A completely allocated slab may contribute some
661 661 * internal fragmentation (per-slab overhead) but no external fragmentation, so
662 662 * it is of no interest to the consolidator. At the other extreme, slabs whose
663 663 * objects have all been freed to the slab are released to the virtual memory
664 664 * (VM) subsystem (objects freed to magazines are still allocated as far as the
665 665 * slab is concerned). External fragmentation exists when there are slabs
666 666 * somewhere between these extremes. A partial slab has at least one but not all
667 667 * of its objects allocated. The more partial slabs, and the fewer allocated
668 668 * objects on each of them, the higher the fragmentation. Hence the
669 669 * consolidator's overall strategy is to reduce the number of partial slabs by
670 670 * moving allocated objects from the least allocated slabs to the most allocated
671 671 * slabs.
672 672 *
673 673 * Partial slabs are kept in an AVL tree ordered by usage. Completely allocated
674 674 * slabs are kept separately in an unordered list. Since the majority of slabs
675 675 * tend to be completely allocated (a typical unfragmented cache may have
676 676 * thousands of complete slabs and only a single partial slab), separating
677 677 * complete slabs improves the efficiency of partial slab ordering, since the
678 678 * complete slabs do not affect the depth or balance of the AVL tree. This
679 679 * ordered sequence of partial slabs acts as a "free list" supplying objects for
680 680 * allocation requests.
681 681 *
682 682 * Objects are always allocated from the first partial slab in the free list,
683 683 * where the allocation is most likely to eliminate a partial slab (by
684 684 * completely allocating it). Conversely, when a single object from a completely
685 685 * allocated slab is freed to the slab, that slab is added to the front of the
686 686 * free list. Since most free list activity involves highly allocated slabs
687 687 * coming and going at the front of the list, slabs tend naturally toward the
688 688 * ideal order: highly allocated at the front, sparsely allocated at the back.
689 689 * Slabs with few allocated objects are likely to become completely free if they
690 690 * keep a safe distance away from the front of the free list. Slab misorders
691 691 * interfere with the natural tendency of slabs to become completely free or
692 692 * completely allocated. For example, a slab with a single allocated object
693 693 * needs only a single free to escape the cache; its natural desire is
694 694 * frustrated when it finds itself at the front of the list where a second
695 695 * allocation happens just before the free could have released it. Another slab
696 696 * with all but one object allocated might have supplied the buffer instead, so
697 697 * that both (as opposed to neither) of the slabs would have been taken off the
698 698 * free list.
699 699 *
700 700 * Although slabs tend naturally toward the ideal order, misorders allowed by a
701 701 * simple list implementation defeat the consolidator's strategy of merging
702 702 * least- and most-allocated slabs. Without an AVL tree to guarantee order, kmem
703 703 * needs another way to fix misorders to optimize its callback strategy. One
704 704 * approach is to periodically scan a limited number of slabs, advancing a
705 705 * marker to hold the current scan position, and to move extreme misorders to
706 706 * the front or back of the free list and to the front or back of the current
707 707 * scan range. By making consecutive scan ranges overlap by one slab, the least
708 708 * allocated slab in the current range can be carried along from the end of one
709 709 * scan to the start of the next.
710 710 *
711 711 * Maintaining partial slabs in an AVL tree relieves kmem of this additional
712 712 * task, however. Since most of the cache's activity is in the magazine layer,
713 713 * and allocations from the slab layer represent only a startup cost, the
714 714 * overhead of maintaining a balanced tree is not a significant concern compared
715 715 * to the opportunity of reducing complexity by eliminating the partial slab
716 716 * scanner just described. The overhead of an AVL tree is minimized by
717 717 * maintaining only partial slabs in the tree and keeping completely allocated
718 718 * slabs separately in a list. To avoid increasing the size of the slab
719 719 * structure the AVL linkage pointers are reused for the slab's list linkage,
720 720 * since the slab will always be either partial or complete, never stored both
721 721 * ways at the same time. To further minimize the overhead of the AVL tree the
722 722 * compare function that orders partial slabs by usage divides the range of
723 723 * allocated object counts into bins such that counts within the same bin are
724 724 * considered equal. Binning partial slabs makes it less likely that allocating
725 725 * or freeing a single object will change the slab's order, requiring a tree
726 726 * reinsertion (an avl_remove() followed by an avl_add(), both potentially
727 727 * requiring some rebalancing of the tree). Allocation counts closest to
728 728 * completely free and completely allocated are left unbinned (finely sorted) to
729 729 * better support the consolidator's strategy of merging slabs at either
730 730 * extreme.
731 731 *
732 732 * 3.1 Assessing Fragmentation and Selecting Candidate Slabs
733 733 *
734 734 * The consolidator piggybacks on the kmem maintenance thread and is called on
735 735 * the same interval as kmem_cache_update(), once per cache every fifteen
736 736 * seconds. kmem maintains a running count of unallocated objects in the slab
737 737 * layer (cache_bufslab). The consolidator checks whether that number exceeds
738 738 * 12.5% (1/8) of the total objects in the cache (cache_buftotal), and whether
739 739 * there is a significant number of slabs in the cache (arbitrarily a minimum
740 740 * 101 total slabs). Unused objects that have fallen out of the magazine layer's
741 741 * working set are included in the assessment, and magazines in the depot are
742 742 * reaped if those objects would lift cache_bufslab above the fragmentation
743 743 * threshold. Once the consolidator decides that a cache is fragmented, it looks
744 744 * for a candidate slab to reclaim, starting at the end of the partial slab free
745 745 * list and scanning backwards. At first the consolidator is choosy: only a slab
746 746 * with fewer than 12.5% (1/8) of its objects allocated qualifies (or else a
747 747 * single allocated object, regardless of percentage). If there is difficulty
748 748 * finding a candidate slab, kmem raises the allocation threshold incrementally,
749 749 * up to a maximum 87.5% (7/8), so that eventually the consolidator will reduce
750 750 * external fragmentation (unused objects on the free list) below 12.5% (1/8),
751 751 * even in the worst case of every slab in the cache being almost 7/8 allocated.
752 752 * The threshold can also be lowered incrementally when candidate slabs are easy
753 753 * to find, and the threshold is reset to the minimum 1/8 as soon as the cache
754 754 * is no longer fragmented.
755 755 *
756 756 * 3.2 Generating Callbacks
757 757 *
758 758 * Once an eligible slab is chosen, a callback is generated for every allocated
759 759 * object on the slab, in the hope that the client will move everything off the
760 760 * slab and make it reclaimable. Objects selected as move destinations are
761 761 * chosen from slabs at the front of the free list. Assuming slabs in the ideal
762 762 * order (most allocated at the front, least allocated at the back) and a
763 763 * cooperative client, the consolidator will succeed in removing slabs from both
764 764 * ends of the free list, completely allocating on the one hand and completely
765 765 * freeing on the other. Objects selected as move destinations are allocated in
766 766 * the kmem maintenance thread where move requests are enqueued. A separate
767 767 * callback thread removes pending callbacks from the queue and calls the
768 768 * client. The separate thread ensures that client code (the move function) does
769 769 * not interfere with internal kmem maintenance tasks. A map of pending
770 770 * callbacks keyed by object address (the object to be moved) is checked to
771 771 * ensure that duplicate callbacks are not generated for the same object.
772 772 * Allocating the move destination (the object to move to) prevents subsequent
773 773 * callbacks from selecting the same destination as an earlier pending callback.
774 774 *
775 775 * Move requests can also be generated by kmem_cache_reap() when the system is
776 776 * desperate for memory and by kmem_cache_move_notify(), called by the client to
777 777 * notify kmem that a move refused earlier with KMEM_CBRC_LATER is now possible.
778 778 * The map of pending callbacks is protected by the same lock that protects the
779 779 * slab layer.
780 780 *
781 781 * When the system is desperate for memory, kmem does not bother to determine
782 782 * whether or not the cache exceeds the fragmentation threshold, but tries to
783 783 * consolidate as many slabs as possible. Normally, the consolidator chews
784 784 * slowly, one sparsely allocated slab at a time during each maintenance
785 785 * interval that the cache is fragmented. When desperate, the consolidator
786 786 * starts at the last partial slab and enqueues callbacks for every allocated
787 787 * object on every partial slab, working backwards until it reaches the first
788 788 * partial slab. The first partial slab, meanwhile, advances in pace with the
789 789 * consolidator as allocations to supply move destinations for the enqueued
790 790 * callbacks use up the highly allocated slabs at the front of the free list.
791 791 * Ideally, the overgrown free list collapses like an accordion, starting at
792 792 * both ends and ending at the center with a single partial slab.
793 793 *
794 794 * 3.3 Client Responses
795 795 *
796 796 * When the client returns KMEM_CBRC_NO in response to the move callback, kmem
797 797 * marks the slab that supplied the stuck object non-reclaimable and moves it to
798 798 * front of the free list. The slab remains marked as long as it remains on the
799 799 * free list, and it appears more allocated to the partial slab compare function
800 800 * than any unmarked slab, no matter how many of its objects are allocated.
801 801 * Since even one immovable object ties up the entire slab, the goal is to
802 802 * completely allocate any slab that cannot be completely freed. kmem does not
803 803 * bother generating callbacks to move objects from a marked slab unless the
804 804 * system is desperate.
805 805 *
806 806 * When the client responds KMEM_CBRC_LATER, kmem increments a count for the
807 807 * slab. If the client responds LATER too many times, kmem disbelieves and
808 808 * treats the response as a NO. The count is cleared when the slab is taken off
809 809 * the partial slab list or when the client moves one of the slab's objects.
810 810 *
811 811 * 4. Observability
812 812 *
813 813 * A kmem cache's external fragmentation is best observed with 'mdb -k' using
814 814 * the ::kmem_slabs dcmd. For a complete description of the command, enter
815 815 * '::help kmem_slabs' at the mdb prompt.
816 816 */
817 817
818 818 #include <sys/kmem_impl.h>
819 819 #include <sys/vmem_impl.h>
820 820 #include <sys/param.h>
821 821 #include <sys/sysmacros.h>
822 822 #include <sys/vm.h>
823 823 #include <sys/proc.h>
824 824 #include <sys/tuneable.h>
825 825 #include <sys/systm.h>
826 826 #include <sys/cmn_err.h>
827 827 #include <sys/debug.h>
828 828 #include <sys/sdt.h>
829 829 #include <sys/mutex.h>
830 830 #include <sys/bitmap.h>
831 831 #include <sys/atomic.h>
832 832 #include <sys/kobj.h>
833 833 #include <sys/disp.h>
834 834 #include <vm/seg_kmem.h>
835 835 #include <sys/log.h>
836 836 #include <sys/callb.h>
837 837 #include <sys/taskq.h>
838 838 #include <sys/modctl.h>
839 839 #include <sys/reboot.h>
840 840 #include <sys/id32.h>
841 841 #include <sys/zone.h>
842 842 #include <sys/netstack.h>
843 843 #ifdef DEBUG
844 844 #include <sys/random.h>
845 845 #endif
846 846
847 847 extern void streams_msg_init(void);
848 848 extern int segkp_fromheap;
849 849 extern void segkp_cache_free(void);
850 850 extern int callout_init_done;
851 851
852 852 struct kmem_cache_kstat {
853 853 kstat_named_t kmc_buf_size;
854 854 kstat_named_t kmc_align;
855 855 kstat_named_t kmc_chunk_size;
856 856 kstat_named_t kmc_slab_size;
857 857 kstat_named_t kmc_alloc;
858 858 kstat_named_t kmc_alloc_fail;
859 859 kstat_named_t kmc_free;
860 860 kstat_named_t kmc_depot_alloc;
861 861 kstat_named_t kmc_depot_free;
862 862 kstat_named_t kmc_depot_contention;
863 863 kstat_named_t kmc_slab_alloc;
864 864 kstat_named_t kmc_slab_free;
865 865 kstat_named_t kmc_buf_constructed;
866 866 kstat_named_t kmc_buf_avail;
867 867 kstat_named_t kmc_buf_inuse;
868 868 kstat_named_t kmc_buf_total;
869 869 kstat_named_t kmc_buf_max;
870 870 kstat_named_t kmc_slab_create;
871 871 kstat_named_t kmc_slab_destroy;
872 872 kstat_named_t kmc_vmem_source;
873 873 kstat_named_t kmc_hash_size;
874 874 kstat_named_t kmc_hash_lookup_depth;
875 875 kstat_named_t kmc_hash_rescale;
876 876 kstat_named_t kmc_full_magazines;
877 877 kstat_named_t kmc_empty_magazines;
878 878 kstat_named_t kmc_magazine_size;
879 879 kstat_named_t kmc_reap; /* number of kmem_cache_reap() calls */
880 880 kstat_named_t kmc_defrag; /* attempts to defrag all partial slabs */
881 881 kstat_named_t kmc_scan; /* attempts to defrag one partial slab */
882 882 kstat_named_t kmc_move_callbacks; /* sum of yes, no, later, dn, dk */
883 883 kstat_named_t kmc_move_yes;
884 884 kstat_named_t kmc_move_no;
885 885 kstat_named_t kmc_move_later;
886 886 kstat_named_t kmc_move_dont_need;
887 887 kstat_named_t kmc_move_dont_know; /* obj unrecognized by client ... */
888 888 kstat_named_t kmc_move_hunt_found; /* ... but found in mag layer */
889 889 kstat_named_t kmc_move_slabs_freed; /* slabs freed by consolidator */
890 890 kstat_named_t kmc_move_reclaimable; /* buffers, if consolidator ran */
891 891 } kmem_cache_kstat = {
892 892 { "buf_size", KSTAT_DATA_UINT64 },
893 893 { "align", KSTAT_DATA_UINT64 },
894 894 { "chunk_size", KSTAT_DATA_UINT64 },
895 895 { "slab_size", KSTAT_DATA_UINT64 },
896 896 { "alloc", KSTAT_DATA_UINT64 },
897 897 { "alloc_fail", KSTAT_DATA_UINT64 },
898 898 { "free", KSTAT_DATA_UINT64 },
899 899 { "depot_alloc", KSTAT_DATA_UINT64 },
900 900 { "depot_free", KSTAT_DATA_UINT64 },
901 901 { "depot_contention", KSTAT_DATA_UINT64 },
902 902 { "slab_alloc", KSTAT_DATA_UINT64 },
903 903 { "slab_free", KSTAT_DATA_UINT64 },
904 904 { "buf_constructed", KSTAT_DATA_UINT64 },
905 905 { "buf_avail", KSTAT_DATA_UINT64 },
906 906 { "buf_inuse", KSTAT_DATA_UINT64 },
907 907 { "buf_total", KSTAT_DATA_UINT64 },
908 908 { "buf_max", KSTAT_DATA_UINT64 },
909 909 { "slab_create", KSTAT_DATA_UINT64 },
910 910 { "slab_destroy", KSTAT_DATA_UINT64 },
911 911 { "vmem_source", KSTAT_DATA_UINT64 },
912 912 { "hash_size", KSTAT_DATA_UINT64 },
913 913 { "hash_lookup_depth", KSTAT_DATA_UINT64 },
914 914 { "hash_rescale", KSTAT_DATA_UINT64 },
915 915 { "full_magazines", KSTAT_DATA_UINT64 },
916 916 { "empty_magazines", KSTAT_DATA_UINT64 },
917 917 { "magazine_size", KSTAT_DATA_UINT64 },
918 918 { "reap", KSTAT_DATA_UINT64 },
919 919 { "defrag", KSTAT_DATA_UINT64 },
920 920 { "scan", KSTAT_DATA_UINT64 },
921 921 { "move_callbacks", KSTAT_DATA_UINT64 },
922 922 { "move_yes", KSTAT_DATA_UINT64 },
923 923 { "move_no", KSTAT_DATA_UINT64 },
924 924 { "move_later", KSTAT_DATA_UINT64 },
925 925 { "move_dont_need", KSTAT_DATA_UINT64 },
926 926 { "move_dont_know", KSTAT_DATA_UINT64 },
927 927 { "move_hunt_found", KSTAT_DATA_UINT64 },
928 928 { "move_slabs_freed", KSTAT_DATA_UINT64 },
929 929 { "move_reclaimable", KSTAT_DATA_UINT64 },
930 930 };
931 931
932 932 static kmutex_t kmem_cache_kstat_lock;
933 933
934 934 /*
935 935 * The default set of caches to back kmem_alloc().
936 936 * These sizes should be reevaluated periodically.
937 937 *
938 938 * We want allocations that are multiples of the coherency granularity
939 939 * (64 bytes) to be satisfied from a cache which is a multiple of 64
940 940 * bytes, so that it will be 64-byte aligned. For all multiples of 64,
941 941 * the next kmem_cache_size greater than or equal to it must be a
942 942 * multiple of 64.
943 943 *
944 944 * We split the table into two sections: size <= 4k and size > 4k. This
945 945 * saves a lot of space and cache footprint in our cache tables.
946 946 */
947 947 static const int kmem_alloc_sizes[] = {
948 948 1 * 8,
949 949 2 * 8,
950 950 3 * 8,
951 951 4 * 8, 5 * 8, 6 * 8, 7 * 8,
952 952 4 * 16, 5 * 16, 6 * 16, 7 * 16,
953 953 4 * 32, 5 * 32, 6 * 32, 7 * 32,
954 954 4 * 64, 5 * 64, 6 * 64, 7 * 64,
955 955 4 * 128, 5 * 128, 6 * 128, 7 * 128,
956 956 P2ALIGN(8192 / 7, 64),
957 957 P2ALIGN(8192 / 6, 64),
958 958 P2ALIGN(8192 / 5, 64),
959 959 P2ALIGN(8192 / 4, 64),
960 960 P2ALIGN(8192 / 3, 64),
961 961 P2ALIGN(8192 / 2, 64),
962 962 };
963 963
964 964 static const int kmem_big_alloc_sizes[] = {
965 965 2 * 4096, 3 * 4096,
966 966 2 * 8192, 3 * 8192,
967 967 4 * 8192, 5 * 8192, 6 * 8192, 7 * 8192,
968 968 8 * 8192, 9 * 8192, 10 * 8192, 11 * 8192,
969 969 12 * 8192, 13 * 8192, 14 * 8192, 15 * 8192,
970 970 16 * 8192
971 971 };
972 972
973 973 #define KMEM_MAXBUF 4096
974 974 #define KMEM_BIG_MAXBUF_32BIT 32768
975 975 #define KMEM_BIG_MAXBUF 131072
976 976
977 977 #define KMEM_BIG_MULTIPLE 4096 /* big_alloc_sizes must be a multiple */
978 978 #define KMEM_BIG_SHIFT 12 /* lg(KMEM_BIG_MULTIPLE) */
979 979
980 980 static kmem_cache_t *kmem_alloc_table[KMEM_MAXBUF >> KMEM_ALIGN_SHIFT];
981 981 static kmem_cache_t *kmem_big_alloc_table[KMEM_BIG_MAXBUF >> KMEM_BIG_SHIFT];
982 982
983 983 #define KMEM_ALLOC_TABLE_MAX (KMEM_MAXBUF >> KMEM_ALIGN_SHIFT)
984 984 static size_t kmem_big_alloc_table_max = 0; /* # of filled elements */
985 985
986 986 static kmem_magtype_t kmem_magtype[] = {
987 987 { 1, 8, 3200, 65536 },
988 988 { 3, 16, 256, 32768 },
989 989 { 7, 32, 64, 16384 },
990 990 { 15, 64, 0, 8192 },
991 991 { 31, 64, 0, 4096 },
992 992 { 47, 64, 0, 2048 },
993 993 { 63, 64, 0, 1024 },
994 994 { 95, 64, 0, 512 },
995 995 { 143, 64, 0, 0 },
996 996 };
997 997
998 998 static uint32_t kmem_reaping;
999 999 static uint32_t kmem_reaping_idspace;
1000 1000
1001 1001 /*
1002 1002 * kmem tunables
1003 1003 */
1004 1004 clock_t kmem_reap_interval; /* cache reaping rate [15 * HZ ticks] */
1005 1005 int kmem_depot_contention = 3; /* max failed tryenters per real interval */
1006 1006 pgcnt_t kmem_reapahead = 0; /* start reaping N pages before pageout */
1007 1007 int kmem_panic = 1; /* whether to panic on error */
1008 1008 int kmem_logging = 1; /* kmem_log_enter() override */
1009 1009 uint32_t kmem_mtbf = 0; /* mean time between failures [default: off] */
1010 1010 size_t kmem_transaction_log_size; /* transaction log size [2% of memory] */
1011 1011 size_t kmem_content_log_size; /* content log size [2% of memory] */
1012 1012 size_t kmem_failure_log_size; /* failure log [4 pages per CPU] */
1013 1013 size_t kmem_slab_log_size; /* slab create log [4 pages per CPU] */
1014 1014 size_t kmem_content_maxsave = 256; /* KMF_CONTENTS max bytes to log */
1015 1015 size_t kmem_lite_minsize = 0; /* minimum buffer size for KMF_LITE */
1016 1016 size_t kmem_lite_maxalign = 1024; /* maximum buffer alignment for KMF_LITE */
1017 1017 int kmem_lite_pcs = 4; /* number of PCs to store in KMF_LITE mode */
1018 1018 size_t kmem_maxverify; /* maximum bytes to inspect in debug routines */
1019 1019 size_t kmem_minfirewall; /* hardware-enforced redzone threshold */
1020 1020
1021 1021 #ifdef _LP64
1022 1022 size_t kmem_max_cached = KMEM_BIG_MAXBUF; /* maximum kmem_alloc cache */
1023 1023 #else
1024 1024 size_t kmem_max_cached = KMEM_BIG_MAXBUF_32BIT; /* maximum kmem_alloc cache */
1025 1025 #endif
1026 1026
1027 1027 #ifdef DEBUG
1028 1028 int kmem_flags = KMF_AUDIT | KMF_DEADBEEF | KMF_REDZONE | KMF_CONTENTS;
1029 1029 #else
1030 1030 int kmem_flags = 0;
1031 1031 #endif
1032 1032 int kmem_ready;
1033 1033
1034 1034 static kmem_cache_t *kmem_slab_cache;
1035 1035 static kmem_cache_t *kmem_bufctl_cache;
1036 1036 static kmem_cache_t *kmem_bufctl_audit_cache;
1037 1037
1038 1038 static kmutex_t kmem_cache_lock; /* inter-cache linkage only */
1039 1039 static list_t kmem_caches;
1040 1040
1041 1041 static taskq_t *kmem_taskq;
1042 1042 static kmutex_t kmem_flags_lock;
1043 1043 static vmem_t *kmem_metadata_arena;
1044 1044 static vmem_t *kmem_msb_arena; /* arena for metadata caches */
1045 1045 static vmem_t *kmem_cache_arena;
1046 1046 static vmem_t *kmem_hash_arena;
1047 1047 static vmem_t *kmem_log_arena;
1048 1048 static vmem_t *kmem_oversize_arena;
1049 1049 static vmem_t *kmem_va_arena;
1050 1050 static vmem_t *kmem_default_arena;
1051 1051 static vmem_t *kmem_firewall_va_arena;
1052 1052 static vmem_t *kmem_firewall_arena;
1053 1053
1054 1054 /*
1055 1055 * kmem slab consolidator thresholds (tunables)
1056 1056 */
1057 1057 size_t kmem_frag_minslabs = 101; /* minimum total slabs */
1058 1058 size_t kmem_frag_numer = 1; /* free buffers (numerator) */
1059 1059 size_t kmem_frag_denom = KMEM_VOID_FRACTION; /* buffers (denominator) */
1060 1060 /*
1061 1061 * Maximum number of slabs from which to move buffers during a single
1062 1062 * maintenance interval while the system is not low on memory.
1063 1063 */
1064 1064 size_t kmem_reclaim_max_slabs = 1;
1065 1065 /*
1066 1066 * Number of slabs to scan backwards from the end of the partial slab list
1067 1067 * when searching for buffers to relocate.
1068 1068 */
1069 1069 size_t kmem_reclaim_scan_range = 12;
1070 1070
1071 1071 /* consolidator knobs */
1072 1072 boolean_t kmem_move_noreap;
1073 1073 boolean_t kmem_move_blocked;
1074 1074 boolean_t kmem_move_fulltilt;
1075 1075 boolean_t kmem_move_any_partial;
1076 1076
1077 1077 #ifdef DEBUG
1078 1078 /*
1079 1079 * kmem consolidator debug tunables:
1080 1080 * Ensure code coverage by occasionally running the consolidator even when the
1081 1081 * caches are not fragmented (they may never be). These intervals are mean time
1082 1082 * in cache maintenance intervals (kmem_cache_update).
1083 1083 */
1084 1084 uint32_t kmem_mtb_move = 60; /* defrag 1 slab (~15min) */
1085 1085 uint32_t kmem_mtb_reap = 1800; /* defrag all slabs (~7.5hrs) */
1086 1086 #endif /* DEBUG */
1087 1087
1088 1088 static kmem_cache_t *kmem_defrag_cache;
1089 1089 static kmem_cache_t *kmem_move_cache;
1090 1090 static taskq_t *kmem_move_taskq;
1091 1091
1092 1092 static void kmem_cache_scan(kmem_cache_t *);
1093 1093 static void kmem_cache_defrag(kmem_cache_t *);
1094 1094 static void kmem_slab_prefill(kmem_cache_t *, kmem_slab_t *);
1095 1095
1096 1096
1097 1097 kmem_log_header_t *kmem_transaction_log;
1098 1098 kmem_log_header_t *kmem_content_log;
1099 1099 kmem_log_header_t *kmem_failure_log;
1100 1100 kmem_log_header_t *kmem_slab_log;
1101 1101
1102 1102 static int kmem_lite_count; /* # of PCs in kmem_buftag_lite_t */
1103 1103
1104 1104 #define KMEM_BUFTAG_LITE_ENTER(bt, count, caller) \
1105 1105 if ((count) > 0) { \
1106 1106 pc_t *_s = ((kmem_buftag_lite_t *)(bt))->bt_history; \
1107 1107 pc_t *_e; \
1108 1108 /* memmove() the old entries down one notch */ \
1109 1109 for (_e = &_s[(count) - 1]; _e > _s; _e--) \
1110 1110 *_e = *(_e - 1); \
1111 1111 *_s = (uintptr_t)(caller); \
1112 1112 }
1113 1113
1114 1114 #define KMERR_MODIFIED 0 /* buffer modified while on freelist */
1115 1115 #define KMERR_REDZONE 1 /* redzone violation (write past end of buf) */
1116 1116 #define KMERR_DUPFREE 2 /* freed a buffer twice */
1117 1117 #define KMERR_BADADDR 3 /* freed a bad (unallocated) address */
1118 1118 #define KMERR_BADBUFTAG 4 /* buftag corrupted */
1119 1119 #define KMERR_BADBUFCTL 5 /* bufctl corrupted */
1120 1120 #define KMERR_BADCACHE 6 /* freed a buffer to the wrong cache */
1121 1121 #define KMERR_BADSIZE 7 /* alloc size != free size */
1122 1122 #define KMERR_BADBASE 8 /* buffer base address wrong */
1123 1123
1124 1124 struct {
1125 1125 hrtime_t kmp_timestamp; /* timestamp of panic */
1126 1126 int kmp_error; /* type of kmem error */
1127 1127 void *kmp_buffer; /* buffer that induced panic */
1128 1128 void *kmp_realbuf; /* real start address for buffer */
1129 1129 kmem_cache_t *kmp_cache; /* buffer's cache according to client */
1130 1130 kmem_cache_t *kmp_realcache; /* actual cache containing buffer */
1131 1131 kmem_slab_t *kmp_slab; /* slab accoring to kmem_findslab() */
1132 1132 kmem_bufctl_t *kmp_bufctl; /* bufctl */
1133 1133 } kmem_panic_info;
1134 1134
1135 1135
1136 1136 static void
1137 1137 copy_pattern(uint64_t pattern, void *buf_arg, size_t size)
1138 1138 {
1139 1139 uint64_t *bufend = (uint64_t *)((char *)buf_arg + size);
1140 1140 uint64_t *buf = buf_arg;
1141 1141
1142 1142 while (buf < bufend)
1143 1143 *buf++ = pattern;
1144 1144 }
1145 1145
1146 1146 static void *
1147 1147 verify_pattern(uint64_t pattern, void *buf_arg, size_t size)
1148 1148 {
1149 1149 uint64_t *bufend = (uint64_t *)((char *)buf_arg + size);
1150 1150 uint64_t *buf;
1151 1151
1152 1152 for (buf = buf_arg; buf < bufend; buf++)
1153 1153 if (*buf != pattern)
1154 1154 return (buf);
1155 1155 return (NULL);
1156 1156 }
1157 1157
1158 1158 static void *
1159 1159 verify_and_copy_pattern(uint64_t old, uint64_t new, void *buf_arg, size_t size)
1160 1160 {
1161 1161 uint64_t *bufend = (uint64_t *)((char *)buf_arg + size);
1162 1162 uint64_t *buf;
1163 1163
1164 1164 for (buf = buf_arg; buf < bufend; buf++) {
1165 1165 if (*buf != old) {
1166 1166 copy_pattern(old, buf_arg,
1167 1167 (char *)buf - (char *)buf_arg);
1168 1168 return (buf);
1169 1169 }
1170 1170 *buf = new;
1171 1171 }
1172 1172
1173 1173 return (NULL);
1174 1174 }
1175 1175
1176 1176 static void
1177 1177 kmem_cache_applyall(void (*func)(kmem_cache_t *), taskq_t *tq, int tqflag)
1178 1178 {
1179 1179 kmem_cache_t *cp;
1180 1180
1181 1181 mutex_enter(&kmem_cache_lock);
1182 1182 for (cp = list_head(&kmem_caches); cp != NULL;
1183 1183 cp = list_next(&kmem_caches, cp))
1184 1184 if (tq != NULL)
1185 1185 (void) taskq_dispatch(tq, (task_func_t *)func, cp,
1186 1186 tqflag);
1187 1187 else
1188 1188 func(cp);
1189 1189 mutex_exit(&kmem_cache_lock);
1190 1190 }
1191 1191
1192 1192 static void
1193 1193 kmem_cache_applyall_id(void (*func)(kmem_cache_t *), taskq_t *tq, int tqflag)
1194 1194 {
1195 1195 kmem_cache_t *cp;
1196 1196
1197 1197 mutex_enter(&kmem_cache_lock);
1198 1198 for (cp = list_head(&kmem_caches); cp != NULL;
1199 1199 cp = list_next(&kmem_caches, cp)) {
1200 1200 if (!(cp->cache_cflags & KMC_IDENTIFIER))
1201 1201 continue;
1202 1202 if (tq != NULL)
1203 1203 (void) taskq_dispatch(tq, (task_func_t *)func, cp,
1204 1204 tqflag);
1205 1205 else
1206 1206 func(cp);
1207 1207 }
1208 1208 mutex_exit(&kmem_cache_lock);
1209 1209 }
1210 1210
1211 1211 /*
1212 1212 * Debugging support. Given a buffer address, find its slab.
1213 1213 */
1214 1214 static kmem_slab_t *
1215 1215 kmem_findslab(kmem_cache_t *cp, void *buf)
1216 1216 {
1217 1217 kmem_slab_t *sp;
1218 1218
1219 1219 mutex_enter(&cp->cache_lock);
1220 1220 for (sp = list_head(&cp->cache_complete_slabs); sp != NULL;
1221 1221 sp = list_next(&cp->cache_complete_slabs, sp)) {
1222 1222 if (KMEM_SLAB_MEMBER(sp, buf)) {
1223 1223 mutex_exit(&cp->cache_lock);
1224 1224 return (sp);
1225 1225 }
1226 1226 }
1227 1227 for (sp = avl_first(&cp->cache_partial_slabs); sp != NULL;
1228 1228 sp = AVL_NEXT(&cp->cache_partial_slabs, sp)) {
1229 1229 if (KMEM_SLAB_MEMBER(sp, buf)) {
1230 1230 mutex_exit(&cp->cache_lock);
1231 1231 return (sp);
1232 1232 }
1233 1233 }
1234 1234 mutex_exit(&cp->cache_lock);
1235 1235
1236 1236 return (NULL);
1237 1237 }
1238 1238
1239 1239 static void
1240 1240 kmem_error(int error, kmem_cache_t *cparg, void *bufarg)
1241 1241 {
1242 1242 kmem_buftag_t *btp = NULL;
1243 1243 kmem_bufctl_t *bcp = NULL;
1244 1244 kmem_cache_t *cp = cparg;
1245 1245 kmem_slab_t *sp;
1246 1246 uint64_t *off;
1247 1247 void *buf = bufarg;
1248 1248
1249 1249 kmem_logging = 0; /* stop logging when a bad thing happens */
1250 1250
1251 1251 kmem_panic_info.kmp_timestamp = gethrtime();
1252 1252
1253 1253 sp = kmem_findslab(cp, buf);
1254 1254 if (sp == NULL) {
1255 1255 for (cp = list_tail(&kmem_caches); cp != NULL;
1256 1256 cp = list_prev(&kmem_caches, cp)) {
1257 1257 if ((sp = kmem_findslab(cp, buf)) != NULL)
1258 1258 break;
1259 1259 }
1260 1260 }
1261 1261
1262 1262 if (sp == NULL) {
1263 1263 cp = NULL;
1264 1264 error = KMERR_BADADDR;
1265 1265 } else {
1266 1266 if (cp != cparg)
1267 1267 error = KMERR_BADCACHE;
1268 1268 else
1269 1269 buf = (char *)bufarg - ((uintptr_t)bufarg -
1270 1270 (uintptr_t)sp->slab_base) % cp->cache_chunksize;
1271 1271 if (buf != bufarg)
1272 1272 error = KMERR_BADBASE;
1273 1273 if (cp->cache_flags & KMF_BUFTAG)
1274 1274 btp = KMEM_BUFTAG(cp, buf);
1275 1275 if (cp->cache_flags & KMF_HASH) {
1276 1276 mutex_enter(&cp->cache_lock);
1277 1277 for (bcp = *KMEM_HASH(cp, buf); bcp; bcp = bcp->bc_next)
1278 1278 if (bcp->bc_addr == buf)
1279 1279 break;
1280 1280 mutex_exit(&cp->cache_lock);
1281 1281 if (bcp == NULL && btp != NULL)
1282 1282 bcp = btp->bt_bufctl;
1283 1283 if (kmem_findslab(cp->cache_bufctl_cache, bcp) ==
1284 1284 NULL || P2PHASE((uintptr_t)bcp, KMEM_ALIGN) ||
1285 1285 bcp->bc_addr != buf) {
1286 1286 error = KMERR_BADBUFCTL;
1287 1287 bcp = NULL;
1288 1288 }
1289 1289 }
1290 1290 }
1291 1291
1292 1292 kmem_panic_info.kmp_error = error;
1293 1293 kmem_panic_info.kmp_buffer = bufarg;
1294 1294 kmem_panic_info.kmp_realbuf = buf;
1295 1295 kmem_panic_info.kmp_cache = cparg;
1296 1296 kmem_panic_info.kmp_realcache = cp;
1297 1297 kmem_panic_info.kmp_slab = sp;
1298 1298 kmem_panic_info.kmp_bufctl = bcp;
1299 1299
1300 1300 printf("kernel memory allocator: ");
1301 1301
1302 1302 switch (error) {
1303 1303
1304 1304 case KMERR_MODIFIED:
1305 1305 printf("buffer modified after being freed\n");
1306 1306 off = verify_pattern(KMEM_FREE_PATTERN, buf, cp->cache_verify);
1307 1307 if (off == NULL) /* shouldn't happen */
1308 1308 off = buf;
1309 1309 printf("modification occurred at offset 0x%lx "
1310 1310 "(0x%llx replaced by 0x%llx)\n",
1311 1311 (uintptr_t)off - (uintptr_t)buf,
1312 1312 (longlong_t)KMEM_FREE_PATTERN, (longlong_t)*off);
1313 1313 break;
1314 1314
1315 1315 case KMERR_REDZONE:
1316 1316 printf("redzone violation: write past end of buffer\n");
1317 1317 break;
1318 1318
1319 1319 case KMERR_BADADDR:
1320 1320 printf("invalid free: buffer not in cache\n");
1321 1321 break;
1322 1322
1323 1323 case KMERR_DUPFREE:
1324 1324 printf("duplicate free: buffer freed twice\n");
1325 1325 break;
1326 1326
1327 1327 case KMERR_BADBUFTAG:
1328 1328 printf("boundary tag corrupted\n");
1329 1329 printf("bcp ^ bxstat = %lx, should be %lx\n",
1330 1330 (intptr_t)btp->bt_bufctl ^ btp->bt_bxstat,
1331 1331 KMEM_BUFTAG_FREE);
1332 1332 break;
1333 1333
1334 1334 case KMERR_BADBUFCTL:
1335 1335 printf("bufctl corrupted\n");
1336 1336 break;
1337 1337
1338 1338 case KMERR_BADCACHE:
1339 1339 printf("buffer freed to wrong cache\n");
1340 1340 printf("buffer was allocated from %s,\n", cp->cache_name);
1341 1341 printf("caller attempting free to %s.\n", cparg->cache_name);
1342 1342 break;
1343 1343
1344 1344 case KMERR_BADSIZE:
1345 1345 printf("bad free: free size (%u) != alloc size (%u)\n",
1346 1346 KMEM_SIZE_DECODE(((uint32_t *)btp)[0]),
1347 1347 KMEM_SIZE_DECODE(((uint32_t *)btp)[1]));
1348 1348 break;
1349 1349
1350 1350 case KMERR_BADBASE:
1351 1351 printf("bad free: free address (%p) != alloc address (%p)\n",
1352 1352 bufarg, buf);
1353 1353 break;
1354 1354 }
1355 1355
1356 1356 printf("buffer=%p bufctl=%p cache: %s\n",
1357 1357 bufarg, (void *)bcp, cparg->cache_name);
1358 1358
1359 1359 if (bcp != NULL && (cp->cache_flags & KMF_AUDIT) &&
1360 1360 error != KMERR_BADBUFCTL) {
1361 1361 int d;
1362 1362 timestruc_t ts;
1363 1363 kmem_bufctl_audit_t *bcap = (kmem_bufctl_audit_t *)bcp;
1364 1364
1365 1365 hrt2ts(kmem_panic_info.kmp_timestamp - bcap->bc_timestamp, &ts);
1366 1366 printf("previous transaction on buffer %p:\n", buf);
1367 1367 printf("thread=%p time=T-%ld.%09ld slab=%p cache: %s\n",
1368 1368 (void *)bcap->bc_thread, ts.tv_sec, ts.tv_nsec,
1369 1369 (void *)sp, cp->cache_name);
1370 1370 for (d = 0; d < MIN(bcap->bc_depth, KMEM_STACK_DEPTH); d++) {
1371 1371 ulong_t off;
1372 1372 char *sym = kobj_getsymname(bcap->bc_stack[d], &off);
1373 1373 printf("%s+%lx\n", sym ? sym : "?", off);
1374 1374 }
1375 1375 }
1376 1376 if (kmem_panic > 0)
1377 1377 panic("kernel heap corruption detected");
1378 1378 if (kmem_panic == 0)
1379 1379 debug_enter(NULL);
1380 1380 kmem_logging = 1; /* resume logging */
1381 1381 }
1382 1382
1383 1383 static kmem_log_header_t *
1384 1384 kmem_log_init(size_t logsize)
1385 1385 {
1386 1386 kmem_log_header_t *lhp;
1387 1387 int nchunks = 4 * max_ncpus;
1388 1388 size_t lhsize = (size_t)&((kmem_log_header_t *)0)->lh_cpu[max_ncpus];
1389 1389 int i;
1390 1390
1391 1391 /*
1392 1392 * Make sure that lhp->lh_cpu[] is nicely aligned
1393 1393 * to prevent false sharing of cache lines.
1394 1394 */
1395 1395 lhsize = P2ROUNDUP(lhsize, KMEM_ALIGN);
1396 1396 lhp = vmem_xalloc(kmem_log_arena, lhsize, 64, P2NPHASE(lhsize, 64), 0,
1397 1397 NULL, NULL, VM_SLEEP);
1398 1398 bzero(lhp, lhsize);
1399 1399
1400 1400 mutex_init(&lhp->lh_lock, NULL, MUTEX_DEFAULT, NULL);
1401 1401 lhp->lh_nchunks = nchunks;
1402 1402 lhp->lh_chunksize = P2ROUNDUP(logsize / nchunks + 1, PAGESIZE);
1403 1403 lhp->lh_base = vmem_alloc(kmem_log_arena,
1404 1404 lhp->lh_chunksize * nchunks, VM_SLEEP);
1405 1405 lhp->lh_free = vmem_alloc(kmem_log_arena,
1406 1406 nchunks * sizeof (int), VM_SLEEP);
1407 1407 bzero(lhp->lh_base, lhp->lh_chunksize * nchunks);
1408 1408
1409 1409 for (i = 0; i < max_ncpus; i++) {
1410 1410 kmem_cpu_log_header_t *clhp = &lhp->lh_cpu[i];
1411 1411 mutex_init(&clhp->clh_lock, NULL, MUTEX_DEFAULT, NULL);
1412 1412 clhp->clh_chunk = i;
1413 1413 }
1414 1414
1415 1415 for (i = max_ncpus; i < nchunks; i++)
1416 1416 lhp->lh_free[i] = i;
1417 1417
1418 1418 lhp->lh_head = max_ncpus;
1419 1419 lhp->lh_tail = 0;
1420 1420
1421 1421 return (lhp);
1422 1422 }
1423 1423
1424 1424 static void *
1425 1425 kmem_log_enter(kmem_log_header_t *lhp, void *data, size_t size)
1426 1426 {
1427 1427 void *logspace;
1428 1428 kmem_cpu_log_header_t *clhp = &lhp->lh_cpu[CPU->cpu_seqid];
1429 1429
1430 1430 if (lhp == NULL || kmem_logging == 0 || panicstr)
1431 1431 return (NULL);
1432 1432
1433 1433 mutex_enter(&clhp->clh_lock);
1434 1434 clhp->clh_hits++;
1435 1435 if (size > clhp->clh_avail) {
1436 1436 mutex_enter(&lhp->lh_lock);
1437 1437 lhp->lh_hits++;
1438 1438 lhp->lh_free[lhp->lh_tail] = clhp->clh_chunk;
1439 1439 lhp->lh_tail = (lhp->lh_tail + 1) % lhp->lh_nchunks;
1440 1440 clhp->clh_chunk = lhp->lh_free[lhp->lh_head];
1441 1441 lhp->lh_head = (lhp->lh_head + 1) % lhp->lh_nchunks;
1442 1442 clhp->clh_current = lhp->lh_base +
1443 1443 clhp->clh_chunk * lhp->lh_chunksize;
1444 1444 clhp->clh_avail = lhp->lh_chunksize;
1445 1445 if (size > lhp->lh_chunksize)
1446 1446 size = lhp->lh_chunksize;
1447 1447 mutex_exit(&lhp->lh_lock);
1448 1448 }
1449 1449 logspace = clhp->clh_current;
1450 1450 clhp->clh_current += size;
1451 1451 clhp->clh_avail -= size;
1452 1452 bcopy(data, logspace, size);
1453 1453 mutex_exit(&clhp->clh_lock);
1454 1454 return (logspace);
1455 1455 }
1456 1456
1457 1457 #define KMEM_AUDIT(lp, cp, bcp) \
1458 1458 { \
1459 1459 kmem_bufctl_audit_t *_bcp = (kmem_bufctl_audit_t *)(bcp); \
1460 1460 _bcp->bc_timestamp = gethrtime(); \
1461 1461 _bcp->bc_thread = curthread; \
1462 1462 _bcp->bc_depth = getpcstack(_bcp->bc_stack, KMEM_STACK_DEPTH); \
1463 1463 _bcp->bc_lastlog = kmem_log_enter((lp), _bcp, sizeof (*_bcp)); \
1464 1464 }
1465 1465
1466 1466 static void
1467 1467 kmem_log_event(kmem_log_header_t *lp, kmem_cache_t *cp,
1468 1468 kmem_slab_t *sp, void *addr)
1469 1469 {
1470 1470 kmem_bufctl_audit_t bca;
1471 1471
1472 1472 bzero(&bca, sizeof (kmem_bufctl_audit_t));
1473 1473 bca.bc_addr = addr;
1474 1474 bca.bc_slab = sp;
1475 1475 bca.bc_cache = cp;
1476 1476 KMEM_AUDIT(lp, cp, &bca);
1477 1477 }
1478 1478
1479 1479 /*
1480 1480 * Create a new slab for cache cp.
1481 1481 */
1482 1482 static kmem_slab_t *
1483 1483 kmem_slab_create(kmem_cache_t *cp, int kmflag)
1484 1484 {
1485 1485 size_t slabsize = cp->cache_slabsize;
1486 1486 size_t chunksize = cp->cache_chunksize;
1487 1487 int cache_flags = cp->cache_flags;
1488 1488 size_t color, chunks;
1489 1489 char *buf, *slab;
1490 1490 kmem_slab_t *sp;
1491 1491 kmem_bufctl_t *bcp;
1492 1492 vmem_t *vmp = cp->cache_arena;
1493 1493
1494 1494 ASSERT(MUTEX_NOT_HELD(&cp->cache_lock));
1495 1495
1496 1496 color = cp->cache_color + cp->cache_align;
1497 1497 if (color > cp->cache_maxcolor)
1498 1498 color = cp->cache_mincolor;
1499 1499 cp->cache_color = color;
1500 1500
1501 1501 slab = vmem_alloc(vmp, slabsize, kmflag & KM_VMFLAGS);
1502 1502
1503 1503 if (slab == NULL)
1504 1504 goto vmem_alloc_failure;
1505 1505
1506 1506 ASSERT(P2PHASE((uintptr_t)slab, vmp->vm_quantum) == 0);
1507 1507
1508 1508 /*
1509 1509 * Reverify what was already checked in kmem_cache_set_move(), since the
1510 1510 * consolidator depends (for correctness) on slabs being initialized
1511 1511 * with the 0xbaddcafe memory pattern (setting a low order bit usable by
1512 1512 * clients to distinguish uninitialized memory from known objects).
1513 1513 */
1514 1514 ASSERT((cp->cache_move == NULL) || !(cp->cache_cflags & KMC_NOTOUCH));
1515 1515 if (!(cp->cache_cflags & KMC_NOTOUCH))
1516 1516 copy_pattern(KMEM_UNINITIALIZED_PATTERN, slab, slabsize);
1517 1517
1518 1518 if (cache_flags & KMF_HASH) {
1519 1519 if ((sp = kmem_cache_alloc(kmem_slab_cache, kmflag)) == NULL)
1520 1520 goto slab_alloc_failure;
1521 1521 chunks = (slabsize - color) / chunksize;
1522 1522 } else {
1523 1523 sp = KMEM_SLAB(cp, slab);
1524 1524 chunks = (slabsize - sizeof (kmem_slab_t) - color) / chunksize;
1525 1525 }
1526 1526
1527 1527 sp->slab_cache = cp;
1528 1528 sp->slab_head = NULL;
1529 1529 sp->slab_refcnt = 0;
1530 1530 sp->slab_base = buf = slab + color;
1531 1531 sp->slab_chunks = chunks;
1532 1532 sp->slab_stuck_offset = (uint32_t)-1;
1533 1533 sp->slab_later_count = 0;
1534 1534 sp->slab_flags = 0;
1535 1535
1536 1536 ASSERT(chunks > 0);
1537 1537 while (chunks-- != 0) {
1538 1538 if (cache_flags & KMF_HASH) {
1539 1539 bcp = kmem_cache_alloc(cp->cache_bufctl_cache, kmflag);
1540 1540 if (bcp == NULL)
1541 1541 goto bufctl_alloc_failure;
1542 1542 if (cache_flags & KMF_AUDIT) {
1543 1543 kmem_bufctl_audit_t *bcap =
1544 1544 (kmem_bufctl_audit_t *)bcp;
1545 1545 bzero(bcap, sizeof (kmem_bufctl_audit_t));
1546 1546 bcap->bc_cache = cp;
1547 1547 }
1548 1548 bcp->bc_addr = buf;
1549 1549 bcp->bc_slab = sp;
1550 1550 } else {
1551 1551 bcp = KMEM_BUFCTL(cp, buf);
1552 1552 }
1553 1553 if (cache_flags & KMF_BUFTAG) {
1554 1554 kmem_buftag_t *btp = KMEM_BUFTAG(cp, buf);
1555 1555 btp->bt_redzone = KMEM_REDZONE_PATTERN;
1556 1556 btp->bt_bufctl = bcp;
1557 1557 btp->bt_bxstat = (intptr_t)bcp ^ KMEM_BUFTAG_FREE;
1558 1558 if (cache_flags & KMF_DEADBEEF) {
1559 1559 copy_pattern(KMEM_FREE_PATTERN, buf,
1560 1560 cp->cache_verify);
1561 1561 }
1562 1562 }
1563 1563 bcp->bc_next = sp->slab_head;
1564 1564 sp->slab_head = bcp;
1565 1565 buf += chunksize;
1566 1566 }
1567 1567
1568 1568 kmem_log_event(kmem_slab_log, cp, sp, slab);
1569 1569
1570 1570 return (sp);
1571 1571
1572 1572 bufctl_alloc_failure:
1573 1573
1574 1574 while ((bcp = sp->slab_head) != NULL) {
1575 1575 sp->slab_head = bcp->bc_next;
1576 1576 kmem_cache_free(cp->cache_bufctl_cache, bcp);
1577 1577 }
1578 1578 kmem_cache_free(kmem_slab_cache, sp);
1579 1579
1580 1580 slab_alloc_failure:
1581 1581
1582 1582 vmem_free(vmp, slab, slabsize);
1583 1583
1584 1584 vmem_alloc_failure:
1585 1585
1586 1586 kmem_log_event(kmem_failure_log, cp, NULL, NULL);
1587 1587 atomic_inc_64(&cp->cache_alloc_fail);
1588 1588
1589 1589 return (NULL);
1590 1590 }
1591 1591
1592 1592 /*
1593 1593 * Destroy a slab.
1594 1594 */
1595 1595 static void
1596 1596 kmem_slab_destroy(kmem_cache_t *cp, kmem_slab_t *sp)
1597 1597 {
1598 1598 vmem_t *vmp = cp->cache_arena;
1599 1599 void *slab = (void *)P2ALIGN((uintptr_t)sp->slab_base, vmp->vm_quantum);
1600 1600
1601 1601 ASSERT(MUTEX_NOT_HELD(&cp->cache_lock));
1602 1602 ASSERT(sp->slab_refcnt == 0);
1603 1603
1604 1604 if (cp->cache_flags & KMF_HASH) {
1605 1605 kmem_bufctl_t *bcp;
1606 1606 while ((bcp = sp->slab_head) != NULL) {
1607 1607 sp->slab_head = bcp->bc_next;
1608 1608 kmem_cache_free(cp->cache_bufctl_cache, bcp);
1609 1609 }
1610 1610 kmem_cache_free(kmem_slab_cache, sp);
1611 1611 }
1612 1612 vmem_free(vmp, slab, cp->cache_slabsize);
1613 1613 }
1614 1614
1615 1615 static void *
1616 1616 kmem_slab_alloc_impl(kmem_cache_t *cp, kmem_slab_t *sp, boolean_t prefill)
1617 1617 {
1618 1618 kmem_bufctl_t *bcp, **hash_bucket;
1619 1619 void *buf;
1620 1620 boolean_t new_slab = (sp->slab_refcnt == 0);
1621 1621
1622 1622 ASSERT(MUTEX_HELD(&cp->cache_lock));
1623 1623 /*
1624 1624 * kmem_slab_alloc() drops cache_lock when it creates a new slab, so we
1625 1625 * can't ASSERT(avl_is_empty(&cp->cache_partial_slabs)) here when the
1626 1626 * slab is newly created.
1627 1627 */
1628 1628 ASSERT(new_slab || (KMEM_SLAB_IS_PARTIAL(sp) &&
1629 1629 (sp == avl_first(&cp->cache_partial_slabs))));
1630 1630 ASSERT(sp->slab_cache == cp);
1631 1631
1632 1632 cp->cache_slab_alloc++;
1633 1633 cp->cache_bufslab--;
1634 1634 sp->slab_refcnt++;
1635 1635
1636 1636 bcp = sp->slab_head;
1637 1637 sp->slab_head = bcp->bc_next;
1638 1638
1639 1639 if (cp->cache_flags & KMF_HASH) {
1640 1640 /*
1641 1641 * Add buffer to allocated-address hash table.
1642 1642 */
1643 1643 buf = bcp->bc_addr;
1644 1644 hash_bucket = KMEM_HASH(cp, buf);
1645 1645 bcp->bc_next = *hash_bucket;
1646 1646 *hash_bucket = bcp;
1647 1647 if ((cp->cache_flags & (KMF_AUDIT | KMF_BUFTAG)) == KMF_AUDIT) {
1648 1648 KMEM_AUDIT(kmem_transaction_log, cp, bcp);
1649 1649 }
1650 1650 } else {
1651 1651 buf = KMEM_BUF(cp, bcp);
1652 1652 }
1653 1653
1654 1654 ASSERT(KMEM_SLAB_MEMBER(sp, buf));
1655 1655
1656 1656 if (sp->slab_head == NULL) {
1657 1657 ASSERT(KMEM_SLAB_IS_ALL_USED(sp));
1658 1658 if (new_slab) {
1659 1659 ASSERT(sp->slab_chunks == 1);
1660 1660 } else {
1661 1661 ASSERT(sp->slab_chunks > 1); /* the slab was partial */
1662 1662 avl_remove(&cp->cache_partial_slabs, sp);
1663 1663 sp->slab_later_count = 0; /* clear history */
1664 1664 sp->slab_flags &= ~KMEM_SLAB_NOMOVE;
1665 1665 sp->slab_stuck_offset = (uint32_t)-1;
1666 1666 }
1667 1667 list_insert_head(&cp->cache_complete_slabs, sp);
1668 1668 cp->cache_complete_slab_count++;
1669 1669 return (buf);
1670 1670 }
1671 1671
1672 1672 ASSERT(KMEM_SLAB_IS_PARTIAL(sp));
1673 1673 /*
1674 1674 * Peek to see if the magazine layer is enabled before
1675 1675 * we prefill. We're not holding the cpu cache lock,
1676 1676 * so the peek could be wrong, but there's no harm in it.
1677 1677 */
1678 1678 if (new_slab && prefill && (cp->cache_flags & KMF_PREFILL) &&
1679 1679 (KMEM_CPU_CACHE(cp)->cc_magsize != 0)) {
1680 1680 kmem_slab_prefill(cp, sp);
1681 1681 return (buf);
1682 1682 }
1683 1683
1684 1684 if (new_slab) {
1685 1685 avl_add(&cp->cache_partial_slabs, sp);
1686 1686 return (buf);
1687 1687 }
1688 1688
1689 1689 /*
1690 1690 * The slab is now more allocated than it was, so the
1691 1691 * order remains unchanged.
1692 1692 */
1693 1693 ASSERT(!avl_update(&cp->cache_partial_slabs, sp));
1694 1694 return (buf);
1695 1695 }
1696 1696
1697 1697 /*
1698 1698 * Allocate a raw (unconstructed) buffer from cp's slab layer.
1699 1699 */
1700 1700 static void *
1701 1701 kmem_slab_alloc(kmem_cache_t *cp, int kmflag)
1702 1702 {
1703 1703 kmem_slab_t *sp;
1704 1704 void *buf;
1705 1705 boolean_t test_destructor;
1706 1706
1707 1707 mutex_enter(&cp->cache_lock);
1708 1708 test_destructor = (cp->cache_slab_alloc == 0);
1709 1709 sp = avl_first(&cp->cache_partial_slabs);
1710 1710 if (sp == NULL) {
1711 1711 ASSERT(cp->cache_bufslab == 0);
1712 1712
1713 1713 /*
1714 1714 * The freelist is empty. Create a new slab.
1715 1715 */
1716 1716 mutex_exit(&cp->cache_lock);
1717 1717 if ((sp = kmem_slab_create(cp, kmflag)) == NULL) {
1718 1718 return (NULL);
1719 1719 }
1720 1720 mutex_enter(&cp->cache_lock);
1721 1721 cp->cache_slab_create++;
1722 1722 if ((cp->cache_buftotal += sp->slab_chunks) > cp->cache_bufmax)
1723 1723 cp->cache_bufmax = cp->cache_buftotal;
1724 1724 cp->cache_bufslab += sp->slab_chunks;
1725 1725 }
1726 1726
1727 1727 buf = kmem_slab_alloc_impl(cp, sp, B_TRUE);
1728 1728 ASSERT((cp->cache_slab_create - cp->cache_slab_destroy) ==
1729 1729 (cp->cache_complete_slab_count +
1730 1730 avl_numnodes(&cp->cache_partial_slabs) +
1731 1731 (cp->cache_defrag == NULL ? 0 : cp->cache_defrag->kmd_deadcount)));
1732 1732 mutex_exit(&cp->cache_lock);
1733 1733
1734 1734 if (test_destructor && cp->cache_destructor != NULL) {
1735 1735 /*
1736 1736 * On the first kmem_slab_alloc(), assert that it is valid to
1737 1737 * call the destructor on a newly constructed object without any
1738 1738 * client involvement.
1739 1739 */
1740 1740 if ((cp->cache_constructor == NULL) ||
1741 1741 cp->cache_constructor(buf, cp->cache_private,
1742 1742 kmflag) == 0) {
1743 1743 cp->cache_destructor(buf, cp->cache_private);
1744 1744 }
1745 1745 copy_pattern(KMEM_UNINITIALIZED_PATTERN, buf,
1746 1746 cp->cache_bufsize);
1747 1747 if (cp->cache_flags & KMF_DEADBEEF) {
1748 1748 copy_pattern(KMEM_FREE_PATTERN, buf, cp->cache_verify);
1749 1749 }
1750 1750 }
1751 1751
1752 1752 return (buf);
1753 1753 }
1754 1754
1755 1755 static void kmem_slab_move_yes(kmem_cache_t *, kmem_slab_t *, void *);
1756 1756
1757 1757 /*
1758 1758 * Free a raw (unconstructed) buffer to cp's slab layer.
1759 1759 */
1760 1760 static void
1761 1761 kmem_slab_free(kmem_cache_t *cp, void *buf)
1762 1762 {
1763 1763 kmem_slab_t *sp;
1764 1764 kmem_bufctl_t *bcp, **prev_bcpp;
1765 1765
1766 1766 ASSERT(buf != NULL);
1767 1767
1768 1768 mutex_enter(&cp->cache_lock);
1769 1769 cp->cache_slab_free++;
1770 1770
1771 1771 if (cp->cache_flags & KMF_HASH) {
1772 1772 /*
1773 1773 * Look up buffer in allocated-address hash table.
1774 1774 */
1775 1775 prev_bcpp = KMEM_HASH(cp, buf);
1776 1776 while ((bcp = *prev_bcpp) != NULL) {
1777 1777 if (bcp->bc_addr == buf) {
1778 1778 *prev_bcpp = bcp->bc_next;
1779 1779 sp = bcp->bc_slab;
1780 1780 break;
1781 1781 }
1782 1782 cp->cache_lookup_depth++;
1783 1783 prev_bcpp = &bcp->bc_next;
1784 1784 }
1785 1785 } else {
1786 1786 bcp = KMEM_BUFCTL(cp, buf);
1787 1787 sp = KMEM_SLAB(cp, buf);
1788 1788 }
1789 1789
1790 1790 if (bcp == NULL || sp->slab_cache != cp || !KMEM_SLAB_MEMBER(sp, buf)) {
1791 1791 mutex_exit(&cp->cache_lock);
1792 1792 kmem_error(KMERR_BADADDR, cp, buf);
1793 1793 return;
1794 1794 }
1795 1795
1796 1796 if (KMEM_SLAB_OFFSET(sp, buf) == sp->slab_stuck_offset) {
1797 1797 /*
1798 1798 * If this is the buffer that prevented the consolidator from
1799 1799 * clearing the slab, we can reset the slab flags now that the
1800 1800 * buffer is freed. (It makes sense to do this in
1801 1801 * kmem_cache_free(), where the client gives up ownership of the
1802 1802 * buffer, but on the hot path the test is too expensive.)
1803 1803 */
1804 1804 kmem_slab_move_yes(cp, sp, buf);
1805 1805 }
1806 1806
1807 1807 if ((cp->cache_flags & (KMF_AUDIT | KMF_BUFTAG)) == KMF_AUDIT) {
1808 1808 if (cp->cache_flags & KMF_CONTENTS)
1809 1809 ((kmem_bufctl_audit_t *)bcp)->bc_contents =
1810 1810 kmem_log_enter(kmem_content_log, buf,
1811 1811 cp->cache_contents);
1812 1812 KMEM_AUDIT(kmem_transaction_log, cp, bcp);
1813 1813 }
1814 1814
1815 1815 bcp->bc_next = sp->slab_head;
1816 1816 sp->slab_head = bcp;
1817 1817
1818 1818 cp->cache_bufslab++;
1819 1819 ASSERT(sp->slab_refcnt >= 1);
1820 1820
1821 1821 if (--sp->slab_refcnt == 0) {
1822 1822 /*
1823 1823 * There are no outstanding allocations from this slab,
1824 1824 * so we can reclaim the memory.
1825 1825 */
1826 1826 if (sp->slab_chunks == 1) {
1827 1827 list_remove(&cp->cache_complete_slabs, sp);
1828 1828 cp->cache_complete_slab_count--;
1829 1829 } else {
1830 1830 avl_remove(&cp->cache_partial_slabs, sp);
1831 1831 }
1832 1832
1833 1833 cp->cache_buftotal -= sp->slab_chunks;
1834 1834 cp->cache_bufslab -= sp->slab_chunks;
1835 1835 /*
1836 1836 * Defer releasing the slab to the virtual memory subsystem
1837 1837 * while there is a pending move callback, since we guarantee
1838 1838 * that buffers passed to the move callback have only been
1839 1839 * touched by kmem or by the client itself. Since the memory
1840 1840 * patterns baddcafe (uninitialized) and deadbeef (freed) both
1841 1841 * set at least one of the two lowest order bits, the client can
1842 1842 * test those bits in the move callback to determine whether or
1843 1843 * not it knows about the buffer (assuming that the client also
1844 1844 * sets one of those low order bits whenever it frees a buffer).
1845 1845 */
1846 1846 if (cp->cache_defrag == NULL ||
1847 1847 (avl_is_empty(&cp->cache_defrag->kmd_moves_pending) &&
1848 1848 !(sp->slab_flags & KMEM_SLAB_MOVE_PENDING))) {
1849 1849 cp->cache_slab_destroy++;
1850 1850 mutex_exit(&cp->cache_lock);
1851 1851 kmem_slab_destroy(cp, sp);
1852 1852 } else {
1853 1853 list_t *deadlist = &cp->cache_defrag->kmd_deadlist;
1854 1854 /*
1855 1855 * Slabs are inserted at both ends of the deadlist to
1856 1856 * distinguish between slabs freed while move callbacks
1857 1857 * are pending (list head) and a slab freed while the
1858 1858 * lock is dropped in kmem_move_buffers() (list tail) so
1859 1859 * that in both cases slab_destroy() is called from the
1860 1860 * right context.
1861 1861 */
1862 1862 if (sp->slab_flags & KMEM_SLAB_MOVE_PENDING) {
1863 1863 list_insert_tail(deadlist, sp);
1864 1864 } else {
1865 1865 list_insert_head(deadlist, sp);
1866 1866 }
1867 1867 cp->cache_defrag->kmd_deadcount++;
1868 1868 mutex_exit(&cp->cache_lock);
1869 1869 }
1870 1870 return;
1871 1871 }
1872 1872
1873 1873 if (bcp->bc_next == NULL) {
1874 1874 /* Transition the slab from completely allocated to partial. */
1875 1875 ASSERT(sp->slab_refcnt == (sp->slab_chunks - 1));
1876 1876 ASSERT(sp->slab_chunks > 1);
1877 1877 list_remove(&cp->cache_complete_slabs, sp);
1878 1878 cp->cache_complete_slab_count--;
1879 1879 avl_add(&cp->cache_partial_slabs, sp);
1880 1880 } else {
1881 1881 (void) avl_update_gt(&cp->cache_partial_slabs, sp);
1882 1882 }
1883 1883
1884 1884 ASSERT((cp->cache_slab_create - cp->cache_slab_destroy) ==
1885 1885 (cp->cache_complete_slab_count +
1886 1886 avl_numnodes(&cp->cache_partial_slabs) +
1887 1887 (cp->cache_defrag == NULL ? 0 : cp->cache_defrag->kmd_deadcount)));
1888 1888 mutex_exit(&cp->cache_lock);
1889 1889 }
1890 1890
1891 1891 /*
1892 1892 * Return -1 if kmem_error, 1 if constructor fails, 0 if successful.
1893 1893 */
1894 1894 static int
1895 1895 kmem_cache_alloc_debug(kmem_cache_t *cp, void *buf, int kmflag, int construct,
1896 1896 caddr_t caller)
1897 1897 {
1898 1898 kmem_buftag_t *btp = KMEM_BUFTAG(cp, buf);
1899 1899 kmem_bufctl_audit_t *bcp = (kmem_bufctl_audit_t *)btp->bt_bufctl;
1900 1900 uint32_t mtbf;
1901 1901
1902 1902 if (btp->bt_bxstat != ((intptr_t)bcp ^ KMEM_BUFTAG_FREE)) {
1903 1903 kmem_error(KMERR_BADBUFTAG, cp, buf);
1904 1904 return (-1);
1905 1905 }
1906 1906
1907 1907 btp->bt_bxstat = (intptr_t)bcp ^ KMEM_BUFTAG_ALLOC;
1908 1908
1909 1909 if ((cp->cache_flags & KMF_HASH) && bcp->bc_addr != buf) {
1910 1910 kmem_error(KMERR_BADBUFCTL, cp, buf);
1911 1911 return (-1);
1912 1912 }
1913 1913
1914 1914 if (cp->cache_flags & KMF_DEADBEEF) {
1915 1915 if (!construct && (cp->cache_flags & KMF_LITE)) {
1916 1916 if (*(uint64_t *)buf != KMEM_FREE_PATTERN) {
1917 1917 kmem_error(KMERR_MODIFIED, cp, buf);
1918 1918 return (-1);
1919 1919 }
1920 1920 if (cp->cache_constructor != NULL)
1921 1921 *(uint64_t *)buf = btp->bt_redzone;
1922 1922 else
1923 1923 *(uint64_t *)buf = KMEM_UNINITIALIZED_PATTERN;
1924 1924 } else {
1925 1925 construct = 1;
1926 1926 if (verify_and_copy_pattern(KMEM_FREE_PATTERN,
1927 1927 KMEM_UNINITIALIZED_PATTERN, buf,
1928 1928 cp->cache_verify)) {
1929 1929 kmem_error(KMERR_MODIFIED, cp, buf);
1930 1930 return (-1);
1931 1931 }
1932 1932 }
1933 1933 }
1934 1934 btp->bt_redzone = KMEM_REDZONE_PATTERN;
1935 1935
1936 1936 if ((mtbf = kmem_mtbf | cp->cache_mtbf) != 0 &&
1937 1937 gethrtime() % mtbf == 0 &&
1938 1938 (kmflag & (KM_NOSLEEP | KM_PANIC)) == KM_NOSLEEP) {
1939 1939 kmem_log_event(kmem_failure_log, cp, NULL, NULL);
1940 1940 if (!construct && cp->cache_destructor != NULL)
1941 1941 cp->cache_destructor(buf, cp->cache_private);
1942 1942 } else {
1943 1943 mtbf = 0;
1944 1944 }
1945 1945
1946 1946 if (mtbf || (construct && cp->cache_constructor != NULL &&
1947 1947 cp->cache_constructor(buf, cp->cache_private, kmflag) != 0)) {
1948 1948 atomic_inc_64(&cp->cache_alloc_fail);
1949 1949 btp->bt_bxstat = (intptr_t)bcp ^ KMEM_BUFTAG_FREE;
1950 1950 if (cp->cache_flags & KMF_DEADBEEF)
1951 1951 copy_pattern(KMEM_FREE_PATTERN, buf, cp->cache_verify);
1952 1952 kmem_slab_free(cp, buf);
1953 1953 return (1);
1954 1954 }
1955 1955
1956 1956 if (cp->cache_flags & KMF_AUDIT) {
1957 1957 KMEM_AUDIT(kmem_transaction_log, cp, bcp);
1958 1958 }
1959 1959
1960 1960 if ((cp->cache_flags & KMF_LITE) &&
1961 1961 !(cp->cache_cflags & KMC_KMEM_ALLOC)) {
1962 1962 KMEM_BUFTAG_LITE_ENTER(btp, kmem_lite_count, caller);
1963 1963 }
1964 1964
1965 1965 return (0);
1966 1966 }
1967 1967
1968 1968 static int
1969 1969 kmem_cache_free_debug(kmem_cache_t *cp, void *buf, caddr_t caller)
1970 1970 {
1971 1971 kmem_buftag_t *btp = KMEM_BUFTAG(cp, buf);
1972 1972 kmem_bufctl_audit_t *bcp = (kmem_bufctl_audit_t *)btp->bt_bufctl;
1973 1973 kmem_slab_t *sp;
1974 1974
1975 1975 if (btp->bt_bxstat != ((intptr_t)bcp ^ KMEM_BUFTAG_ALLOC)) {
1976 1976 if (btp->bt_bxstat == ((intptr_t)bcp ^ KMEM_BUFTAG_FREE)) {
1977 1977 kmem_error(KMERR_DUPFREE, cp, buf);
1978 1978 return (-1);
1979 1979 }
1980 1980 sp = kmem_findslab(cp, buf);
1981 1981 if (sp == NULL || sp->slab_cache != cp)
1982 1982 kmem_error(KMERR_BADADDR, cp, buf);
1983 1983 else
1984 1984 kmem_error(KMERR_REDZONE, cp, buf);
1985 1985 return (-1);
1986 1986 }
1987 1987
1988 1988 btp->bt_bxstat = (intptr_t)bcp ^ KMEM_BUFTAG_FREE;
1989 1989
1990 1990 if ((cp->cache_flags & KMF_HASH) && bcp->bc_addr != buf) {
1991 1991 kmem_error(KMERR_BADBUFCTL, cp, buf);
1992 1992 return (-1);
1993 1993 }
1994 1994
1995 1995 if (btp->bt_redzone != KMEM_REDZONE_PATTERN) {
1996 1996 kmem_error(KMERR_REDZONE, cp, buf);
1997 1997 return (-1);
1998 1998 }
1999 1999
2000 2000 if (cp->cache_flags & KMF_AUDIT) {
2001 2001 if (cp->cache_flags & KMF_CONTENTS)
2002 2002 bcp->bc_contents = kmem_log_enter(kmem_content_log,
2003 2003 buf, cp->cache_contents);
2004 2004 KMEM_AUDIT(kmem_transaction_log, cp, bcp);
2005 2005 }
2006 2006
2007 2007 if ((cp->cache_flags & KMF_LITE) &&
2008 2008 !(cp->cache_cflags & KMC_KMEM_ALLOC)) {
2009 2009 KMEM_BUFTAG_LITE_ENTER(btp, kmem_lite_count, caller);
2010 2010 }
2011 2011
2012 2012 if (cp->cache_flags & KMF_DEADBEEF) {
2013 2013 if (cp->cache_flags & KMF_LITE)
2014 2014 btp->bt_redzone = *(uint64_t *)buf;
2015 2015 else if (cp->cache_destructor != NULL)
2016 2016 cp->cache_destructor(buf, cp->cache_private);
2017 2017
2018 2018 copy_pattern(KMEM_FREE_PATTERN, buf, cp->cache_verify);
2019 2019 }
2020 2020
2021 2021 return (0);
2022 2022 }
2023 2023
2024 2024 /*
2025 2025 * Free each object in magazine mp to cp's slab layer, and free mp itself.
2026 2026 */
2027 2027 static void
2028 2028 kmem_magazine_destroy(kmem_cache_t *cp, kmem_magazine_t *mp, int nrounds)
2029 2029 {
2030 2030 int round;
2031 2031
2032 2032 ASSERT(!list_link_active(&cp->cache_link) ||
2033 2033 taskq_member(kmem_taskq, curthread));
2034 2034
2035 2035 for (round = 0; round < nrounds; round++) {
2036 2036 void *buf = mp->mag_round[round];
2037 2037
2038 2038 if (cp->cache_flags & KMF_DEADBEEF) {
2039 2039 if (verify_pattern(KMEM_FREE_PATTERN, buf,
2040 2040 cp->cache_verify) != NULL) {
2041 2041 kmem_error(KMERR_MODIFIED, cp, buf);
2042 2042 continue;
2043 2043 }
2044 2044 if ((cp->cache_flags & KMF_LITE) &&
2045 2045 cp->cache_destructor != NULL) {
2046 2046 kmem_buftag_t *btp = KMEM_BUFTAG(cp, buf);
2047 2047 *(uint64_t *)buf = btp->bt_redzone;
2048 2048 cp->cache_destructor(buf, cp->cache_private);
2049 2049 *(uint64_t *)buf = KMEM_FREE_PATTERN;
2050 2050 }
2051 2051 } else if (cp->cache_destructor != NULL) {
2052 2052 cp->cache_destructor(buf, cp->cache_private);
2053 2053 }
2054 2054
2055 2055 kmem_slab_free(cp, buf);
2056 2056 }
2057 2057 ASSERT(KMEM_MAGAZINE_VALID(cp, mp));
2058 2058 kmem_cache_free(cp->cache_magtype->mt_cache, mp);
2059 2059 }
2060 2060
2061 2061 /*
2062 2062 * Allocate a magazine from the depot.
2063 2063 */
2064 2064 static kmem_magazine_t *
2065 2065 kmem_depot_alloc(kmem_cache_t *cp, kmem_maglist_t *mlp)
2066 2066 {
2067 2067 kmem_magazine_t *mp;
2068 2068
2069 2069 /*
2070 2070 * If we can't get the depot lock without contention,
2071 2071 * update our contention count. We use the depot
2072 2072 * contention rate to determine whether we need to
2073 2073 * increase the magazine size for better scalability.
2074 2074 */
2075 2075 if (!mutex_tryenter(&cp->cache_depot_lock)) {
2076 2076 mutex_enter(&cp->cache_depot_lock);
2077 2077 cp->cache_depot_contention++;
2078 2078 }
2079 2079
2080 2080 if ((mp = mlp->ml_list) != NULL) {
2081 2081 ASSERT(KMEM_MAGAZINE_VALID(cp, mp));
2082 2082 mlp->ml_list = mp->mag_next;
2083 2083 if (--mlp->ml_total < mlp->ml_min)
2084 2084 mlp->ml_min = mlp->ml_total;
2085 2085 mlp->ml_alloc++;
2086 2086 }
2087 2087
2088 2088 mutex_exit(&cp->cache_depot_lock);
2089 2089
2090 2090 return (mp);
2091 2091 }
2092 2092
2093 2093 /*
2094 2094 * Free a magazine to the depot.
2095 2095 */
2096 2096 static void
2097 2097 kmem_depot_free(kmem_cache_t *cp, kmem_maglist_t *mlp, kmem_magazine_t *mp)
2098 2098 {
2099 2099 mutex_enter(&cp->cache_depot_lock);
2100 2100 ASSERT(KMEM_MAGAZINE_VALID(cp, mp));
2101 2101 mp->mag_next = mlp->ml_list;
2102 2102 mlp->ml_list = mp;
2103 2103 mlp->ml_total++;
2104 2104 mutex_exit(&cp->cache_depot_lock);
2105 2105 }
2106 2106
2107 2107 /*
2108 2108 * Update the working set statistics for cp's depot.
2109 2109 */
2110 2110 static void
2111 2111 kmem_depot_ws_update(kmem_cache_t *cp)
2112 2112 {
2113 2113 mutex_enter(&cp->cache_depot_lock);
2114 2114 cp->cache_full.ml_reaplimit = cp->cache_full.ml_min;
2115 2115 cp->cache_full.ml_min = cp->cache_full.ml_total;
2116 2116 cp->cache_empty.ml_reaplimit = cp->cache_empty.ml_min;
2117 2117 cp->cache_empty.ml_min = cp->cache_empty.ml_total;
2118 2118 mutex_exit(&cp->cache_depot_lock);
2119 2119 }
2120 2120
2121 2121 /*
2122 2122 * Set the working set statistics for cp's depot to zero. (Everything is
2123 2123 * eligible for reaping.)
2124 2124 */
2125 2125 static void
2126 2126 kmem_depot_ws_zero(kmem_cache_t *cp)
2127 2127 {
2128 2128 mutex_enter(&cp->cache_depot_lock);
2129 2129 cp->cache_full.ml_reaplimit = cp->cache_full.ml_total;
2130 2130 cp->cache_full.ml_min = cp->cache_full.ml_total;
2131 2131 cp->cache_empty.ml_reaplimit = cp->cache_empty.ml_total;
2132 2132 cp->cache_empty.ml_min = cp->cache_empty.ml_total;
2133 2133 mutex_exit(&cp->cache_depot_lock);
2134 2134 }
2135 2135
2136 2136 /*
2137 2137 * The number of bytes to reap before we call kpreempt(). The default (1MB)
2138 2138 * causes us to preempt reaping up to hundreds of times per second. Using a
2139 2139 * larger value (1GB) causes this to have virtually no effect.
2140 2140 */
2141 2141 size_t kmem_reap_preempt_bytes = 1024 * 1024;
2142 2142
2143 2143 /*
2144 2144 * Reap all magazines that have fallen out of the depot's working set.
2145 2145 */
2146 2146 static void
2147 2147 kmem_depot_ws_reap(kmem_cache_t *cp)
2148 2148 {
2149 2149 size_t bytes = 0;
2150 2150 long reap;
2151 2151 kmem_magazine_t *mp;
2152 2152
2153 2153 ASSERT(!list_link_active(&cp->cache_link) ||
2154 2154 taskq_member(kmem_taskq, curthread));
2155 2155
2156 2156 reap = MIN(cp->cache_full.ml_reaplimit, cp->cache_full.ml_min);
2157 2157 while (reap-- &&
2158 2158 (mp = kmem_depot_alloc(cp, &cp->cache_full)) != NULL) {
2159 2159 kmem_magazine_destroy(cp, mp, cp->cache_magtype->mt_magsize);
2160 2160 bytes += cp->cache_magtype->mt_magsize * cp->cache_bufsize;
2161 2161 if (bytes > kmem_reap_preempt_bytes) {
2162 2162 kpreempt(KPREEMPT_SYNC);
2163 2163 bytes = 0;
2164 2164 }
2165 2165 }
2166 2166
2167 2167 reap = MIN(cp->cache_empty.ml_reaplimit, cp->cache_empty.ml_min);
2168 2168 while (reap-- &&
2169 2169 (mp = kmem_depot_alloc(cp, &cp->cache_empty)) != NULL) {
2170 2170 kmem_magazine_destroy(cp, mp, 0);
2171 2171 bytes += cp->cache_magtype->mt_magsize * cp->cache_bufsize;
2172 2172 if (bytes > kmem_reap_preempt_bytes) {
2173 2173 kpreempt(KPREEMPT_SYNC);
2174 2174 bytes = 0;
2175 2175 }
2176 2176 }
2177 2177 }
2178 2178
2179 2179 static void
2180 2180 kmem_cpu_reload(kmem_cpu_cache_t *ccp, kmem_magazine_t *mp, int rounds)
2181 2181 {
2182 2182 ASSERT((ccp->cc_loaded == NULL && ccp->cc_rounds == -1) ||
2183 2183 (ccp->cc_loaded && ccp->cc_rounds + rounds == ccp->cc_magsize));
2184 2184 ASSERT(ccp->cc_magsize > 0);
2185 2185
2186 2186 ccp->cc_ploaded = ccp->cc_loaded;
2187 2187 ccp->cc_prounds = ccp->cc_rounds;
2188 2188 ccp->cc_loaded = mp;
2189 2189 ccp->cc_rounds = rounds;
2190 2190 }
2191 2191
2192 2192 /*
2193 2193 * Intercept kmem alloc/free calls during crash dump in order to avoid
2194 2194 * changing kmem state while memory is being saved to the dump device.
2195 2195 * Otherwise, ::kmem_verify will report "corrupt buffers". Note that
2196 2196 * there are no locks because only one CPU calls kmem during a crash
2197 2197 * dump. To enable this feature, first create the associated vmem
2198 2198 * arena with VMC_DUMPSAFE.
2199 2199 */
2200 2200 static void *kmem_dump_start; /* start of pre-reserved heap */
2201 2201 static void *kmem_dump_end; /* end of heap area */
2202 2202 static void *kmem_dump_curr; /* current free heap pointer */
2203 2203 static size_t kmem_dump_size; /* size of heap area */
|
↓ open down ↓ |
2203 lines elided |
↑ open up ↑ |
2204 2204
2205 2205 /* append to each buf created in the pre-reserved heap */
2206 2206 typedef struct kmem_dumpctl {
2207 2207 void *kdc_next; /* cache dump free list linkage */
2208 2208 } kmem_dumpctl_t;
2209 2209
2210 2210 #define KMEM_DUMPCTL(cp, buf) \
2211 2211 ((kmem_dumpctl_t *)P2ROUNDUP((uintptr_t)(buf) + (cp)->cache_bufsize, \
2212 2212 sizeof (void *)))
2213 2213
2214 -/* Keep some simple stats. */
2215 -#define KMEM_DUMP_LOGS (100)
2216 -
2217 -typedef struct kmem_dump_log {
2218 - kmem_cache_t *kdl_cache;
2219 - uint_t kdl_allocs; /* # of dump allocations */
2220 - uint_t kdl_frees; /* # of dump frees */
2221 - uint_t kdl_alloc_fails; /* # of allocation failures */
2222 - uint_t kdl_free_nondump; /* # of non-dump frees */
2223 - uint_t kdl_unsafe; /* cache was used, but unsafe */
2224 -} kmem_dump_log_t;
2225 -
2226 -static kmem_dump_log_t *kmem_dump_log;
2227 -static int kmem_dump_log_idx;
2228 -
2229 -#define KDI_LOG(cp, stat) { \
2230 - kmem_dump_log_t *kdl; \
2231 - if ((kdl = (kmem_dump_log_t *)((cp)->cache_dumplog)) != NULL) { \
2232 - kdl->stat++; \
2233 - } else if (kmem_dump_log_idx < KMEM_DUMP_LOGS) { \
2234 - kdl = &kmem_dump_log[kmem_dump_log_idx++]; \
2235 - kdl->stat++; \
2236 - kdl->kdl_cache = (cp); \
2237 - (cp)->cache_dumplog = kdl; \
2238 - } \
2239 -}
2240 -
2241 2214 /* set non zero for full report */
2242 2215 uint_t kmem_dump_verbose = 0;
2243 2216
2244 2217 /* stats for overize heap */
2245 2218 uint_t kmem_dump_oversize_allocs = 0;
2246 2219 uint_t kmem_dump_oversize_max = 0;
2247 2220
2248 2221 static void
2249 2222 kmem_dumppr(char **pp, char *e, const char *format, ...)
2250 2223 {
2251 2224 char *p = *pp;
2252 2225
2253 2226 if (p < e) {
2254 2227 int n;
2255 2228 va_list ap;
2256 2229
2257 2230 va_start(ap, format);
2258 2231 n = vsnprintf(p, e - p, format, ap);
2259 2232 va_end(ap);
|
↓ open down ↓ |
9 lines elided |
↑ open up ↑ |
2260 2233 *pp = p + n;
2261 2234 }
2262 2235 }
2263 2236
2264 2237 /*
2265 2238 * Called when dumpadm(1M) configures dump parameters.
2266 2239 */
2267 2240 void
2268 2241 kmem_dump_init(size_t size)
2269 2242 {
2243 + /* Our caller ensures size is always set. */
2244 + ASSERT3U(size, >, 0);
2245 +
2270 2246 if (kmem_dump_start != NULL)
2271 2247 kmem_free(kmem_dump_start, kmem_dump_size);
2272 2248
2273 - if (kmem_dump_log == NULL)
2274 - kmem_dump_log = (kmem_dump_log_t *)kmem_zalloc(KMEM_DUMP_LOGS *
2275 - sizeof (kmem_dump_log_t), KM_SLEEP);
2276 -
2277 2249 kmem_dump_start = kmem_alloc(size, KM_SLEEP);
2278 -
2279 - if (kmem_dump_start != NULL) {
2280 - kmem_dump_size = size;
2281 - kmem_dump_curr = kmem_dump_start;
2282 - kmem_dump_end = (void *)((char *)kmem_dump_start + size);
2283 - copy_pattern(KMEM_UNINITIALIZED_PATTERN, kmem_dump_start, size);
2284 - } else {
2285 - kmem_dump_size = 0;
2286 - kmem_dump_curr = NULL;
2287 - kmem_dump_end = NULL;
2288 - }
2250 + kmem_dump_size = size;
2251 + kmem_dump_curr = kmem_dump_start;
2252 + kmem_dump_end = (void *)((char *)kmem_dump_start + size);
2253 + copy_pattern(KMEM_UNINITIALIZED_PATTERN, kmem_dump_start, size);
2289 2254 }
2290 2255
2291 2256 /*
2292 2257 * Set flag for each kmem_cache_t if is safe to use alternate dump
2293 2258 * memory. Called just before panic crash dump starts. Set the flag
2294 2259 * for the calling CPU.
2295 2260 */
2296 2261 void
2297 2262 kmem_dump_begin(void)
2298 2263 {
2264 + kmem_cache_t *cp;
2265 +
2299 2266 ASSERT(panicstr != NULL);
2300 - if (kmem_dump_start != NULL) {
2301 - kmem_cache_t *cp;
2302 2267
2303 - for (cp = list_head(&kmem_caches); cp != NULL;
2304 - cp = list_next(&kmem_caches, cp)) {
2305 - kmem_cpu_cache_t *ccp = KMEM_CPU_CACHE(cp);
2268 + for (cp = list_head(&kmem_caches); cp != NULL;
2269 + cp = list_next(&kmem_caches, cp)) {
2270 + kmem_cpu_cache_t *ccp = KMEM_CPU_CACHE(cp);
2306 2271
2307 - if (cp->cache_arena->vm_cflags & VMC_DUMPSAFE) {
2308 - cp->cache_flags |= KMF_DUMPDIVERT;
2309 - ccp->cc_flags |= KMF_DUMPDIVERT;
2310 - ccp->cc_dump_rounds = ccp->cc_rounds;
2311 - ccp->cc_dump_prounds = ccp->cc_prounds;
2312 - ccp->cc_rounds = ccp->cc_prounds = -1;
2313 - } else {
2314 - cp->cache_flags |= KMF_DUMPUNSAFE;
2315 - ccp->cc_flags |= KMF_DUMPUNSAFE;
2316 - }
2272 + if (cp->cache_arena->vm_cflags & VMC_DUMPSAFE) {
2273 + cp->cache_flags |= KMF_DUMPDIVERT;
2274 + ccp->cc_flags |= KMF_DUMPDIVERT;
2275 + ccp->cc_dump_rounds = ccp->cc_rounds;
2276 + ccp->cc_dump_prounds = ccp->cc_prounds;
2277 + ccp->cc_rounds = ccp->cc_prounds = -1;
2278 + } else {
2279 + cp->cache_flags |= KMF_DUMPUNSAFE;
2280 + ccp->cc_flags |= KMF_DUMPUNSAFE;
2317 2281 }
2318 2282 }
2319 2283 }
2320 2284
2321 2285 /*
2322 2286 * finished dump intercept
2323 2287 * print any warnings on the console
2324 2288 * return verbose information to dumpsys() in the given buffer
2325 2289 */
2326 2290 size_t
2327 2291 kmem_dump_finish(char *buf, size_t size)
2328 2292 {
2329 - int kdi_idx;
2330 - int kdi_end = kmem_dump_log_idx;
2331 2293 int percent = 0;
2332 - int header = 0;
2333 - int warn = 0;
2334 2294 size_t used;
2335 - kmem_cache_t *cp;
2336 - kmem_dump_log_t *kdl;
2337 2295 char *e = buf + size;
2338 2296 char *p = buf;
2339 2297
2340 - if (kmem_dump_size == 0 || kmem_dump_verbose == 0)
2298 + if (kmem_dump_curr == kmem_dump_end) {
2299 + cmn_err(CE_WARN, "exceeded kmem_dump space of %lu "
2300 + "bytes: kmem state in dump may be inconsistent",
2301 + kmem_dump_size);
2302 + }
2303 +
2304 + if (kmem_dump_verbose == 0)
2341 2305 return (0);
2342 2306
2343 2307 used = (char *)kmem_dump_curr - (char *)kmem_dump_start;
2344 2308 percent = (used * 100) / kmem_dump_size;
2345 2309
2346 2310 kmem_dumppr(&p, e, "%% heap used,%d\n", percent);
2347 2311 kmem_dumppr(&p, e, "used bytes,%ld\n", used);
2348 2312 kmem_dumppr(&p, e, "heap size,%ld\n", kmem_dump_size);
2349 2313 kmem_dumppr(&p, e, "Oversize allocs,%d\n",
2350 2314 kmem_dump_oversize_allocs);
2351 2315 kmem_dumppr(&p, e, "Oversize max size,%ld\n",
2352 2316 kmem_dump_oversize_max);
2353 2317
2354 - for (kdi_idx = 0; kdi_idx < kdi_end; kdi_idx++) {
2355 - kdl = &kmem_dump_log[kdi_idx];
2356 - cp = kdl->kdl_cache;
2357 - if (cp == NULL)
2358 - break;
2359 - if (kdl->kdl_alloc_fails)
2360 - ++warn;
2361 - if (header == 0) {
2362 - kmem_dumppr(&p, e,
2363 - "Cache Name,Allocs,Frees,Alloc Fails,"
2364 - "Nondump Frees,Unsafe Allocs/Frees\n");
2365 - header = 1;
2366 - }
2367 - kmem_dumppr(&p, e, "%s,%d,%d,%d,%d,%d\n",
2368 - cp->cache_name, kdl->kdl_allocs, kdl->kdl_frees,
2369 - kdl->kdl_alloc_fails, kdl->kdl_free_nondump,
2370 - kdl->kdl_unsafe);
2371 - }
2372 -
2373 2318 /* return buffer size used */
2374 2319 if (p < e)
2375 2320 bzero(p, e - p);
2376 2321 return (p - buf);
2377 2322 }
2378 2323
2379 2324 /*
2380 2325 * Allocate a constructed object from alternate dump memory.
2381 2326 */
2382 2327 void *
2383 2328 kmem_cache_alloc_dump(kmem_cache_t *cp, int kmflag)
2384 2329 {
2385 2330 void *buf;
2386 2331 void *curr;
2387 2332 char *bufend;
2388 2333
2389 2334 /* return a constructed object */
2390 - if ((buf = cp->cache_dumpfreelist) != NULL) {
2391 - cp->cache_dumpfreelist = KMEM_DUMPCTL(cp, buf)->kdc_next;
2392 - KDI_LOG(cp, kdl_allocs);
2335 + if ((buf = cp->cache_dump.kd_freelist) != NULL) {
2336 + cp->cache_dump.kd_freelist = KMEM_DUMPCTL(cp, buf)->kdc_next;
2393 2337 return (buf);
2394 2338 }
2395 2339
2396 2340 /* create a new constructed object */
2397 2341 curr = kmem_dump_curr;
2398 2342 buf = (void *)P2ROUNDUP((uintptr_t)curr, cp->cache_align);
2399 2343 bufend = (char *)KMEM_DUMPCTL(cp, buf) + sizeof (kmem_dumpctl_t);
2400 2344
2401 2345 /* hat layer objects cannot cross a page boundary */
2402 2346 if (cp->cache_align < PAGESIZE) {
2403 2347 char *page = (char *)P2ROUNDUP((uintptr_t)buf, PAGESIZE);
2404 2348 if (bufend > page) {
2405 2349 bufend += page - (char *)buf;
2406 2350 buf = (void *)page;
2407 2351 }
2408 2352 }
2409 2353
2410 2354 /* fall back to normal alloc if reserved area is used up */
2411 2355 if (bufend > (char *)kmem_dump_end) {
2412 2356 kmem_dump_curr = kmem_dump_end;
2413 - KDI_LOG(cp, kdl_alloc_fails);
2357 + cp->cache_dump.kd_alloc_fails++;
2414 2358 return (NULL);
2415 2359 }
2416 2360
2417 2361 /*
2418 2362 * Must advance curr pointer before calling a constructor that
2419 2363 * may also allocate memory.
2420 2364 */
2421 2365 kmem_dump_curr = bufend;
2422 2366
2423 2367 /* run constructor */
2424 2368 if (cp->cache_constructor != NULL &&
|
↓ open down ↓ |
1 lines elided |
↑ open up ↑ |
2425 2369 cp->cache_constructor(buf, cp->cache_private, kmflag)
2426 2370 != 0) {
2427 2371 #ifdef DEBUG
2428 2372 printf("name='%s' cache=0x%p: kmem cache constructor failed\n",
2429 2373 cp->cache_name, (void *)cp);
2430 2374 #endif
2431 2375 /* reset curr pointer iff no allocs were done */
2432 2376 if (kmem_dump_curr == bufend)
2433 2377 kmem_dump_curr = curr;
2434 2378
2379 + cp->cache_dump.kd_alloc_fails++;
2435 2380 /* fall back to normal alloc if the constructor fails */
2436 - KDI_LOG(cp, kdl_alloc_fails);
2437 2381 return (NULL);
2438 2382 }
2439 2383
2440 - KDI_LOG(cp, kdl_allocs);
2441 2384 return (buf);
2442 2385 }
2443 2386
2444 2387 /*
2445 2388 * Free a constructed object in alternate dump memory.
2446 2389 */
2447 2390 int
2448 2391 kmem_cache_free_dump(kmem_cache_t *cp, void *buf)
2449 2392 {
2450 2393 /* save constructed buffers for next time */
2451 2394 if ((char *)buf >= (char *)kmem_dump_start &&
2452 2395 (char *)buf < (char *)kmem_dump_end) {
2453 - KMEM_DUMPCTL(cp, buf)->kdc_next = cp->cache_dumpfreelist;
2454 - cp->cache_dumpfreelist = buf;
2455 - KDI_LOG(cp, kdl_frees);
2396 + KMEM_DUMPCTL(cp, buf)->kdc_next = cp->cache_dump.kd_freelist;
2397 + cp->cache_dump.kd_freelist = buf;
2456 2398 return (0);
2457 2399 }
2458 2400
2459 - /* count all non-dump buf frees */
2460 - KDI_LOG(cp, kdl_free_nondump);
2461 -
2462 2401 /* just drop buffers that were allocated before dump started */
2463 2402 if (kmem_dump_curr < kmem_dump_end)
2464 2403 return (0);
2465 2404
2466 2405 /* fall back to normal free if reserved area is used up */
2467 2406 return (1);
2468 2407 }
2469 2408
2470 2409 /*
2471 2410 * Allocate a constructed object from cache cp.
2472 2411 */
2473 2412 void *
2474 2413 kmem_cache_alloc(kmem_cache_t *cp, int kmflag)
2475 2414 {
2476 2415 kmem_cpu_cache_t *ccp = KMEM_CPU_CACHE(cp);
2477 2416 kmem_magazine_t *fmp;
2478 2417 void *buf;
2479 2418
2480 2419 mutex_enter(&ccp->cc_lock);
2481 2420 for (;;) {
2482 2421 /*
2483 2422 * If there's an object available in the current CPU's
|
↓ open down ↓ |
12 lines elided |
↑ open up ↑ |
2484 2423 * loaded magazine, just take it and return.
2485 2424 */
2486 2425 if (ccp->cc_rounds > 0) {
2487 2426 buf = ccp->cc_loaded->mag_round[--ccp->cc_rounds];
2488 2427 ccp->cc_alloc++;
2489 2428 mutex_exit(&ccp->cc_lock);
2490 2429 if (ccp->cc_flags & (KMF_BUFTAG | KMF_DUMPUNSAFE)) {
2491 2430 if (ccp->cc_flags & KMF_DUMPUNSAFE) {
2492 2431 ASSERT(!(ccp->cc_flags &
2493 2432 KMF_DUMPDIVERT));
2494 - KDI_LOG(cp, kdl_unsafe);
2433 + cp->cache_dump.kd_unsafe++;
2495 2434 }
2496 2435 if ((ccp->cc_flags & KMF_BUFTAG) &&
2497 2436 kmem_cache_alloc_debug(cp, buf, kmflag, 0,
2498 2437 caller()) != 0) {
2499 2438 if (kmflag & KM_NOSLEEP)
2500 2439 return (NULL);
2501 2440 mutex_enter(&ccp->cc_lock);
2502 2441 continue;
2503 2442 }
2504 2443 }
2505 2444 return (buf);
2506 2445 }
2507 2446
2508 2447 /*
2509 2448 * The loaded magazine is empty. If the previously loaded
2510 2449 * magazine was full, exchange them and try again.
2511 2450 */
2512 2451 if (ccp->cc_prounds > 0) {
2513 2452 kmem_cpu_reload(ccp, ccp->cc_ploaded, ccp->cc_prounds);
2514 2453 continue;
|
↓ open down ↓ |
10 lines elided |
↑ open up ↑ |
2515 2454 }
2516 2455
2517 2456 /*
2518 2457 * Return an alternate buffer at dump time to preserve
2519 2458 * the heap.
2520 2459 */
2521 2460 if (ccp->cc_flags & (KMF_DUMPDIVERT | KMF_DUMPUNSAFE)) {
2522 2461 if (ccp->cc_flags & KMF_DUMPUNSAFE) {
2523 2462 ASSERT(!(ccp->cc_flags & KMF_DUMPDIVERT));
2524 2463 /* log it so that we can warn about it */
2525 - KDI_LOG(cp, kdl_unsafe);
2464 + cp->cache_dump.kd_unsafe++;
2526 2465 } else {
2527 2466 if ((buf = kmem_cache_alloc_dump(cp, kmflag)) !=
2528 2467 NULL) {
2529 2468 mutex_exit(&ccp->cc_lock);
2530 2469 return (buf);
2531 2470 }
2532 2471 break; /* fall back to slab layer */
2533 2472 }
2534 2473 }
2535 2474
2536 2475 /*
2537 2476 * If the magazine layer is disabled, break out now.
2538 2477 */
2539 2478 if (ccp->cc_magsize == 0)
2540 2479 break;
2541 2480
2542 2481 /*
2543 2482 * Try to get a full magazine from the depot.
2544 2483 */
2545 2484 fmp = kmem_depot_alloc(cp, &cp->cache_full);
2546 2485 if (fmp != NULL) {
2547 2486 if (ccp->cc_ploaded != NULL)
2548 2487 kmem_depot_free(cp, &cp->cache_empty,
2549 2488 ccp->cc_ploaded);
2550 2489 kmem_cpu_reload(ccp, fmp, ccp->cc_magsize);
2551 2490 continue;
2552 2491 }
2553 2492
2554 2493 /*
2555 2494 * There are no full magazines in the depot,
2556 2495 * so fall through to the slab layer.
2557 2496 */
2558 2497 break;
2559 2498 }
2560 2499 mutex_exit(&ccp->cc_lock);
2561 2500
2562 2501 /*
2563 2502 * We couldn't allocate a constructed object from the magazine layer,
2564 2503 * so get a raw buffer from the slab layer and apply its constructor.
2565 2504 */
2566 2505 buf = kmem_slab_alloc(cp, kmflag);
2567 2506
2568 2507 if (buf == NULL)
2569 2508 return (NULL);
2570 2509
2571 2510 if (cp->cache_flags & KMF_BUFTAG) {
2572 2511 /*
2573 2512 * Make kmem_cache_alloc_debug() apply the constructor for us.
2574 2513 */
2575 2514 int rc = kmem_cache_alloc_debug(cp, buf, kmflag, 1, caller());
2576 2515 if (rc != 0) {
2577 2516 if (kmflag & KM_NOSLEEP)
2578 2517 return (NULL);
2579 2518 /*
2580 2519 * kmem_cache_alloc_debug() detected corruption
2581 2520 * but didn't panic (kmem_panic <= 0). We should not be
2582 2521 * here because the constructor failed (indicated by a
2583 2522 * return code of 1). Try again.
2584 2523 */
2585 2524 ASSERT(rc == -1);
2586 2525 return (kmem_cache_alloc(cp, kmflag));
2587 2526 }
2588 2527 return (buf);
2589 2528 }
2590 2529
2591 2530 if (cp->cache_constructor != NULL &&
2592 2531 cp->cache_constructor(buf, cp->cache_private, kmflag) != 0) {
2593 2532 atomic_inc_64(&cp->cache_alloc_fail);
2594 2533 kmem_slab_free(cp, buf);
2595 2534 return (NULL);
2596 2535 }
2597 2536
2598 2537 return (buf);
2599 2538 }
2600 2539
2601 2540 /*
2602 2541 * The freed argument tells whether or not kmem_cache_free_debug() has already
2603 2542 * been called so that we can avoid the duplicate free error. For example, a
2604 2543 * buffer on a magazine has already been freed by the client but is still
2605 2544 * constructed.
2606 2545 */
2607 2546 static void
2608 2547 kmem_slab_free_constructed(kmem_cache_t *cp, void *buf, boolean_t freed)
2609 2548 {
2610 2549 if (!freed && (cp->cache_flags & KMF_BUFTAG))
2611 2550 if (kmem_cache_free_debug(cp, buf, caller()) == -1)
2612 2551 return;
2613 2552
2614 2553 /*
2615 2554 * Note that if KMF_DEADBEEF is in effect and KMF_LITE is not,
2616 2555 * kmem_cache_free_debug() will have already applied the destructor.
2617 2556 */
2618 2557 if ((cp->cache_flags & (KMF_DEADBEEF | KMF_LITE)) != KMF_DEADBEEF &&
2619 2558 cp->cache_destructor != NULL) {
2620 2559 if (cp->cache_flags & KMF_DEADBEEF) { /* KMF_LITE implied */
2621 2560 kmem_buftag_t *btp = KMEM_BUFTAG(cp, buf);
2622 2561 *(uint64_t *)buf = btp->bt_redzone;
2623 2562 cp->cache_destructor(buf, cp->cache_private);
2624 2563 *(uint64_t *)buf = KMEM_FREE_PATTERN;
2625 2564 } else {
2626 2565 cp->cache_destructor(buf, cp->cache_private);
2627 2566 }
2628 2567 }
2629 2568
2630 2569 kmem_slab_free(cp, buf);
2631 2570 }
2632 2571
2633 2572 /*
2634 2573 * Used when there's no room to free a buffer to the per-CPU cache.
2635 2574 * Drops and re-acquires &ccp->cc_lock, and returns non-zero if the
2636 2575 * caller should try freeing to the per-CPU cache again.
2637 2576 * Note that we don't directly install the magazine in the cpu cache,
2638 2577 * since its state may have changed wildly while the lock was dropped.
2639 2578 */
2640 2579 static int
2641 2580 kmem_cpucache_magazine_alloc(kmem_cpu_cache_t *ccp, kmem_cache_t *cp)
2642 2581 {
2643 2582 kmem_magazine_t *emp;
2644 2583 kmem_magtype_t *mtp;
2645 2584
2646 2585 ASSERT(MUTEX_HELD(&ccp->cc_lock));
2647 2586 ASSERT(((uint_t)ccp->cc_rounds == ccp->cc_magsize ||
2648 2587 ((uint_t)ccp->cc_rounds == -1)) &&
2649 2588 ((uint_t)ccp->cc_prounds == ccp->cc_magsize ||
2650 2589 ((uint_t)ccp->cc_prounds == -1)));
2651 2590
2652 2591 emp = kmem_depot_alloc(cp, &cp->cache_empty);
2653 2592 if (emp != NULL) {
2654 2593 if (ccp->cc_ploaded != NULL)
2655 2594 kmem_depot_free(cp, &cp->cache_full,
2656 2595 ccp->cc_ploaded);
2657 2596 kmem_cpu_reload(ccp, emp, 0);
2658 2597 return (1);
2659 2598 }
2660 2599 /*
2661 2600 * There are no empty magazines in the depot,
2662 2601 * so try to allocate a new one. We must drop all locks
2663 2602 * across kmem_cache_alloc() because lower layers may
2664 2603 * attempt to allocate from this cache.
2665 2604 */
2666 2605 mtp = cp->cache_magtype;
2667 2606 mutex_exit(&ccp->cc_lock);
2668 2607 emp = kmem_cache_alloc(mtp->mt_cache, KM_NOSLEEP);
2669 2608 mutex_enter(&ccp->cc_lock);
2670 2609
2671 2610 if (emp != NULL) {
2672 2611 /*
2673 2612 * We successfully allocated an empty magazine.
2674 2613 * However, we had to drop ccp->cc_lock to do it,
2675 2614 * so the cache's magazine size may have changed.
2676 2615 * If so, free the magazine and try again.
2677 2616 */
2678 2617 if (ccp->cc_magsize != mtp->mt_magsize) {
2679 2618 mutex_exit(&ccp->cc_lock);
2680 2619 kmem_cache_free(mtp->mt_cache, emp);
2681 2620 mutex_enter(&ccp->cc_lock);
2682 2621 return (1);
2683 2622 }
2684 2623
2685 2624 /*
2686 2625 * We got a magazine of the right size. Add it to
2687 2626 * the depot and try the whole dance again.
2688 2627 */
2689 2628 kmem_depot_free(cp, &cp->cache_empty, emp);
2690 2629 return (1);
2691 2630 }
2692 2631
2693 2632 /*
2694 2633 * We couldn't allocate an empty magazine,
2695 2634 * so fall through to the slab layer.
2696 2635 */
2697 2636 return (0);
2698 2637 }
2699 2638
2700 2639 /*
2701 2640 * Free a constructed object to cache cp.
2702 2641 */
2703 2642 void
2704 2643 kmem_cache_free(kmem_cache_t *cp, void *buf)
2705 2644 {
2706 2645 kmem_cpu_cache_t *ccp = KMEM_CPU_CACHE(cp);
2707 2646
2708 2647 /*
2709 2648 * The client must not free either of the buffers passed to the move
2710 2649 * callback function.
|
↓ open down ↓ |
175 lines elided |
↑ open up ↑ |
2711 2650 */
2712 2651 ASSERT(cp->cache_defrag == NULL ||
2713 2652 cp->cache_defrag->kmd_thread != curthread ||
2714 2653 (buf != cp->cache_defrag->kmd_from_buf &&
2715 2654 buf != cp->cache_defrag->kmd_to_buf));
2716 2655
2717 2656 if (ccp->cc_flags & (KMF_BUFTAG | KMF_DUMPDIVERT | KMF_DUMPUNSAFE)) {
2718 2657 if (ccp->cc_flags & KMF_DUMPUNSAFE) {
2719 2658 ASSERT(!(ccp->cc_flags & KMF_DUMPDIVERT));
2720 2659 /* log it so that we can warn about it */
2721 - KDI_LOG(cp, kdl_unsafe);
2660 + cp->cache_dump.kd_unsafe++;
2722 2661 } else if (KMEM_DUMPCC(ccp) && !kmem_cache_free_dump(cp, buf)) {
2723 2662 return;
2724 2663 }
2725 2664 if (ccp->cc_flags & KMF_BUFTAG) {
2726 2665 if (kmem_cache_free_debug(cp, buf, caller()) == -1)
2727 2666 return;
2728 2667 }
2729 2668 }
2730 2669
2731 2670 mutex_enter(&ccp->cc_lock);
2732 2671 /*
2733 2672 * Any changes to this logic should be reflected in kmem_slab_prefill()
2734 2673 */
2735 2674 for (;;) {
2736 2675 /*
2737 2676 * If there's a slot available in the current CPU's
2738 2677 * loaded magazine, just put the object there and return.
2739 2678 */
2740 2679 if ((uint_t)ccp->cc_rounds < ccp->cc_magsize) {
2741 2680 ccp->cc_loaded->mag_round[ccp->cc_rounds++] = buf;
2742 2681 ccp->cc_free++;
2743 2682 mutex_exit(&ccp->cc_lock);
2744 2683 return;
2745 2684 }
2746 2685
2747 2686 /*
2748 2687 * The loaded magazine is full. If the previously loaded
2749 2688 * magazine was empty, exchange them and try again.
2750 2689 */
2751 2690 if (ccp->cc_prounds == 0) {
2752 2691 kmem_cpu_reload(ccp, ccp->cc_ploaded, ccp->cc_prounds);
2753 2692 continue;
2754 2693 }
2755 2694
2756 2695 /*
2757 2696 * If the magazine layer is disabled, break out now.
2758 2697 */
2759 2698 if (ccp->cc_magsize == 0)
2760 2699 break;
2761 2700
2762 2701 if (!kmem_cpucache_magazine_alloc(ccp, cp)) {
2763 2702 /*
2764 2703 * We couldn't free our constructed object to the
2765 2704 * magazine layer, so apply its destructor and free it
2766 2705 * to the slab layer.
2767 2706 */
2768 2707 break;
2769 2708 }
2770 2709 }
2771 2710 mutex_exit(&ccp->cc_lock);
2772 2711 kmem_slab_free_constructed(cp, buf, B_TRUE);
2773 2712 }
2774 2713
2775 2714 static void
2776 2715 kmem_slab_prefill(kmem_cache_t *cp, kmem_slab_t *sp)
2777 2716 {
2778 2717 kmem_cpu_cache_t *ccp = KMEM_CPU_CACHE(cp);
2779 2718 int cache_flags = cp->cache_flags;
2780 2719
2781 2720 kmem_bufctl_t *next, *head;
2782 2721 size_t nbufs;
2783 2722
2784 2723 /*
2785 2724 * Completely allocate the newly created slab and put the pre-allocated
2786 2725 * buffers in magazines. Any of the buffers that cannot be put in
2787 2726 * magazines must be returned to the slab.
2788 2727 */
2789 2728 ASSERT(MUTEX_HELD(&cp->cache_lock));
2790 2729 ASSERT((cache_flags & (KMF_PREFILL|KMF_BUFTAG)) == KMF_PREFILL);
2791 2730 ASSERT(cp->cache_constructor == NULL);
2792 2731 ASSERT(sp->slab_cache == cp);
2793 2732 ASSERT(sp->slab_refcnt == 1);
2794 2733 ASSERT(sp->slab_head != NULL && sp->slab_chunks > sp->slab_refcnt);
2795 2734 ASSERT(avl_find(&cp->cache_partial_slabs, sp, NULL) == NULL);
2796 2735
2797 2736 head = sp->slab_head;
2798 2737 nbufs = (sp->slab_chunks - sp->slab_refcnt);
2799 2738 sp->slab_head = NULL;
2800 2739 sp->slab_refcnt += nbufs;
2801 2740 cp->cache_bufslab -= nbufs;
2802 2741 cp->cache_slab_alloc += nbufs;
2803 2742 list_insert_head(&cp->cache_complete_slabs, sp);
2804 2743 cp->cache_complete_slab_count++;
2805 2744 mutex_exit(&cp->cache_lock);
2806 2745 mutex_enter(&ccp->cc_lock);
2807 2746
2808 2747 while (head != NULL) {
2809 2748 void *buf = KMEM_BUF(cp, head);
2810 2749 /*
2811 2750 * If there's a slot available in the current CPU's
2812 2751 * loaded magazine, just put the object there and
2813 2752 * continue.
2814 2753 */
2815 2754 if ((uint_t)ccp->cc_rounds < ccp->cc_magsize) {
2816 2755 ccp->cc_loaded->mag_round[ccp->cc_rounds++] =
2817 2756 buf;
2818 2757 ccp->cc_free++;
2819 2758 nbufs--;
2820 2759 head = head->bc_next;
2821 2760 continue;
2822 2761 }
2823 2762
2824 2763 /*
2825 2764 * The loaded magazine is full. If the previously
2826 2765 * loaded magazine was empty, exchange them and try
2827 2766 * again.
2828 2767 */
2829 2768 if (ccp->cc_prounds == 0) {
2830 2769 kmem_cpu_reload(ccp, ccp->cc_ploaded,
2831 2770 ccp->cc_prounds);
2832 2771 continue;
2833 2772 }
2834 2773
2835 2774 /*
2836 2775 * If the magazine layer is disabled, break out now.
2837 2776 */
2838 2777
2839 2778 if (ccp->cc_magsize == 0) {
2840 2779 break;
2841 2780 }
2842 2781
2843 2782 if (!kmem_cpucache_magazine_alloc(ccp, cp))
2844 2783 break;
2845 2784 }
2846 2785 mutex_exit(&ccp->cc_lock);
2847 2786 if (nbufs != 0) {
2848 2787 ASSERT(head != NULL);
2849 2788
2850 2789 /*
2851 2790 * If there was a failure, return remaining objects to
2852 2791 * the slab
2853 2792 */
2854 2793 while (head != NULL) {
2855 2794 ASSERT(nbufs != 0);
2856 2795 next = head->bc_next;
2857 2796 head->bc_next = NULL;
2858 2797 kmem_slab_free(cp, KMEM_BUF(cp, head));
2859 2798 head = next;
2860 2799 nbufs--;
2861 2800 }
2862 2801 }
2863 2802 ASSERT(head == NULL);
2864 2803 ASSERT(nbufs == 0);
2865 2804 mutex_enter(&cp->cache_lock);
2866 2805 }
2867 2806
2868 2807 void *
2869 2808 kmem_zalloc(size_t size, int kmflag)
2870 2809 {
2871 2810 size_t index;
2872 2811 void *buf;
2873 2812
2874 2813 if ((index = ((size - 1) >> KMEM_ALIGN_SHIFT)) < KMEM_ALLOC_TABLE_MAX) {
2875 2814 kmem_cache_t *cp = kmem_alloc_table[index];
2876 2815 buf = kmem_cache_alloc(cp, kmflag);
2877 2816 if (buf != NULL) {
2878 2817 if ((cp->cache_flags & KMF_BUFTAG) && !KMEM_DUMP(cp)) {
2879 2818 kmem_buftag_t *btp = KMEM_BUFTAG(cp, buf);
2880 2819 ((uint8_t *)buf)[size] = KMEM_REDZONE_BYTE;
2881 2820 ((uint32_t *)btp)[1] = KMEM_SIZE_ENCODE(size);
2882 2821
2883 2822 if (cp->cache_flags & KMF_LITE) {
2884 2823 KMEM_BUFTAG_LITE_ENTER(btp,
2885 2824 kmem_lite_count, caller());
2886 2825 }
2887 2826 }
2888 2827 bzero(buf, size);
2889 2828 }
2890 2829 } else {
2891 2830 buf = kmem_alloc(size, kmflag);
2892 2831 if (buf != NULL)
2893 2832 bzero(buf, size);
2894 2833 }
2895 2834 return (buf);
2896 2835 }
2897 2836
2898 2837 void *
2899 2838 kmem_alloc(size_t size, int kmflag)
2900 2839 {
2901 2840 size_t index;
2902 2841 kmem_cache_t *cp;
2903 2842 void *buf;
2904 2843
2905 2844 if ((index = ((size - 1) >> KMEM_ALIGN_SHIFT)) < KMEM_ALLOC_TABLE_MAX) {
2906 2845 cp = kmem_alloc_table[index];
2907 2846 /* fall through to kmem_cache_alloc() */
2908 2847
2909 2848 } else if ((index = ((size - 1) >> KMEM_BIG_SHIFT)) <
2910 2849 kmem_big_alloc_table_max) {
2911 2850 cp = kmem_big_alloc_table[index];
2912 2851 /* fall through to kmem_cache_alloc() */
2913 2852
2914 2853 } else {
2915 2854 if (size == 0)
2916 2855 return (NULL);
2917 2856
2918 2857 buf = vmem_alloc(kmem_oversize_arena, size,
2919 2858 kmflag & KM_VMFLAGS);
2920 2859 if (buf == NULL)
2921 2860 kmem_log_event(kmem_failure_log, NULL, NULL,
2922 2861 (void *)size);
2923 2862 else if (KMEM_DUMP(kmem_slab_cache)) {
2924 2863 /* stats for dump intercept */
2925 2864 kmem_dump_oversize_allocs++;
2926 2865 if (size > kmem_dump_oversize_max)
2927 2866 kmem_dump_oversize_max = size;
2928 2867 }
2929 2868 return (buf);
2930 2869 }
2931 2870
2932 2871 buf = kmem_cache_alloc(cp, kmflag);
2933 2872 if ((cp->cache_flags & KMF_BUFTAG) && !KMEM_DUMP(cp) && buf != NULL) {
2934 2873 kmem_buftag_t *btp = KMEM_BUFTAG(cp, buf);
2935 2874 ((uint8_t *)buf)[size] = KMEM_REDZONE_BYTE;
2936 2875 ((uint32_t *)btp)[1] = KMEM_SIZE_ENCODE(size);
2937 2876
2938 2877 if (cp->cache_flags & KMF_LITE) {
2939 2878 KMEM_BUFTAG_LITE_ENTER(btp, kmem_lite_count, caller());
2940 2879 }
2941 2880 }
2942 2881 return (buf);
2943 2882 }
2944 2883
2945 2884 void
2946 2885 kmem_free(void *buf, size_t size)
2947 2886 {
2948 2887 size_t index;
2949 2888 kmem_cache_t *cp;
2950 2889
2951 2890 if ((index = (size - 1) >> KMEM_ALIGN_SHIFT) < KMEM_ALLOC_TABLE_MAX) {
2952 2891 cp = kmem_alloc_table[index];
2953 2892 /* fall through to kmem_cache_free() */
2954 2893
2955 2894 } else if ((index = ((size - 1) >> KMEM_BIG_SHIFT)) <
2956 2895 kmem_big_alloc_table_max) {
2957 2896 cp = kmem_big_alloc_table[index];
2958 2897 /* fall through to kmem_cache_free() */
2959 2898
2960 2899 } else {
2961 2900 EQUIV(buf == NULL, size == 0);
2962 2901 if (buf == NULL && size == 0)
2963 2902 return;
2964 2903 vmem_free(kmem_oversize_arena, buf, size);
2965 2904 return;
2966 2905 }
2967 2906
2968 2907 if ((cp->cache_flags & KMF_BUFTAG) && !KMEM_DUMP(cp)) {
2969 2908 kmem_buftag_t *btp = KMEM_BUFTAG(cp, buf);
2970 2909 uint32_t *ip = (uint32_t *)btp;
2971 2910 if (ip[1] != KMEM_SIZE_ENCODE(size)) {
2972 2911 if (*(uint64_t *)buf == KMEM_FREE_PATTERN) {
2973 2912 kmem_error(KMERR_DUPFREE, cp, buf);
2974 2913 return;
2975 2914 }
2976 2915 if (KMEM_SIZE_VALID(ip[1])) {
2977 2916 ip[0] = KMEM_SIZE_ENCODE(size);
2978 2917 kmem_error(KMERR_BADSIZE, cp, buf);
2979 2918 } else {
2980 2919 kmem_error(KMERR_REDZONE, cp, buf);
2981 2920 }
2982 2921 return;
2983 2922 }
2984 2923 if (((uint8_t *)buf)[size] != KMEM_REDZONE_BYTE) {
2985 2924 kmem_error(KMERR_REDZONE, cp, buf);
2986 2925 return;
2987 2926 }
2988 2927 btp->bt_redzone = KMEM_REDZONE_PATTERN;
2989 2928 if (cp->cache_flags & KMF_LITE) {
2990 2929 KMEM_BUFTAG_LITE_ENTER(btp, kmem_lite_count,
2991 2930 caller());
2992 2931 }
2993 2932 }
2994 2933 kmem_cache_free(cp, buf);
2995 2934 }
2996 2935
2997 2936 void *
2998 2937 kmem_firewall_va_alloc(vmem_t *vmp, size_t size, int vmflag)
2999 2938 {
3000 2939 size_t realsize = size + vmp->vm_quantum;
3001 2940 void *addr;
3002 2941
3003 2942 /*
3004 2943 * Annoying edge case: if 'size' is just shy of ULONG_MAX, adding
3005 2944 * vm_quantum will cause integer wraparound. Check for this, and
3006 2945 * blow off the firewall page in this case. Note that such a
3007 2946 * giant allocation (the entire kernel address space) can never
3008 2947 * be satisfied, so it will either fail immediately (VM_NOSLEEP)
3009 2948 * or sleep forever (VM_SLEEP). Thus, there is no need for a
3010 2949 * corresponding check in kmem_firewall_va_free().
3011 2950 */
3012 2951 if (realsize < size)
3013 2952 realsize = size;
3014 2953
3015 2954 /*
3016 2955 * While boot still owns resource management, make sure that this
3017 2956 * redzone virtual address allocation is properly accounted for in
3018 2957 * OBPs "virtual-memory" "available" lists because we're
3019 2958 * effectively claiming them for a red zone. If we don't do this,
3020 2959 * the available lists become too fragmented and too large for the
3021 2960 * current boot/kernel memory list interface.
3022 2961 */
3023 2962 addr = vmem_alloc(vmp, realsize, vmflag | VM_NEXTFIT);
3024 2963
3025 2964 if (addr != NULL && kvseg.s_base == NULL && realsize != size)
3026 2965 (void) boot_virt_alloc((char *)addr + size, vmp->vm_quantum);
3027 2966
3028 2967 return (addr);
3029 2968 }
3030 2969
3031 2970 void
3032 2971 kmem_firewall_va_free(vmem_t *vmp, void *addr, size_t size)
3033 2972 {
3034 2973 ASSERT((kvseg.s_base == NULL ?
3035 2974 va_to_pfn((char *)addr + size) :
3036 2975 hat_getpfnum(kas.a_hat, (caddr_t)addr + size)) == PFN_INVALID);
3037 2976
3038 2977 vmem_free(vmp, addr, size + vmp->vm_quantum);
3039 2978 }
3040 2979
3041 2980 /*
3042 2981 * Try to allocate at least `size' bytes of memory without sleeping or
3043 2982 * panicking. Return actual allocated size in `asize'. If allocation failed,
3044 2983 * try final allocation with sleep or panic allowed.
3045 2984 */
3046 2985 void *
3047 2986 kmem_alloc_tryhard(size_t size, size_t *asize, int kmflag)
3048 2987 {
3049 2988 void *p;
3050 2989
3051 2990 *asize = P2ROUNDUP(size, KMEM_ALIGN);
3052 2991 do {
3053 2992 p = kmem_alloc(*asize, (kmflag | KM_NOSLEEP) & ~KM_PANIC);
3054 2993 if (p != NULL)
3055 2994 return (p);
3056 2995 *asize += KMEM_ALIGN;
3057 2996 } while (*asize <= PAGESIZE);
3058 2997
3059 2998 *asize = P2ROUNDUP(size, KMEM_ALIGN);
3060 2999 return (kmem_alloc(*asize, kmflag));
3061 3000 }
3062 3001
3063 3002 /*
3064 3003 * Reclaim all unused memory from a cache.
3065 3004 */
3066 3005 static void
3067 3006 kmem_cache_reap(kmem_cache_t *cp)
3068 3007 {
3069 3008 ASSERT(taskq_member(kmem_taskq, curthread));
3070 3009 cp->cache_reap++;
3071 3010
3072 3011 /*
3073 3012 * Ask the cache's owner to free some memory if possible.
3074 3013 * The idea is to handle things like the inode cache, which
3075 3014 * typically sits on a bunch of memory that it doesn't truly
3076 3015 * *need*. Reclaim policy is entirely up to the owner; this
3077 3016 * callback is just an advisory plea for help.
3078 3017 */
3079 3018 if (cp->cache_reclaim != NULL) {
3080 3019 long delta;
3081 3020
3082 3021 /*
3083 3022 * Reclaimed memory should be reapable (not included in the
3084 3023 * depot's working set).
3085 3024 */
3086 3025 delta = cp->cache_full.ml_total;
3087 3026 cp->cache_reclaim(cp->cache_private);
3088 3027 delta = cp->cache_full.ml_total - delta;
3089 3028 if (delta > 0) {
3090 3029 mutex_enter(&cp->cache_depot_lock);
3091 3030 cp->cache_full.ml_reaplimit += delta;
3092 3031 cp->cache_full.ml_min += delta;
3093 3032 mutex_exit(&cp->cache_depot_lock);
3094 3033 }
3095 3034 }
3096 3035
3097 3036 kmem_depot_ws_reap(cp);
3098 3037
3099 3038 if (cp->cache_defrag != NULL && !kmem_move_noreap) {
3100 3039 kmem_cache_defrag(cp);
3101 3040 }
3102 3041 }
3103 3042
3104 3043 static void
3105 3044 kmem_reap_timeout(void *flag_arg)
3106 3045 {
3107 3046 uint32_t *flag = (uint32_t *)flag_arg;
3108 3047
3109 3048 ASSERT(flag == &kmem_reaping || flag == &kmem_reaping_idspace);
3110 3049 *flag = 0;
3111 3050 }
3112 3051
3113 3052 static void
3114 3053 kmem_reap_done(void *flag)
3115 3054 {
3116 3055 if (!callout_init_done) {
3117 3056 /* can't schedule a timeout at this point */
3118 3057 kmem_reap_timeout(flag);
3119 3058 } else {
3120 3059 (void) timeout(kmem_reap_timeout, flag, kmem_reap_interval);
3121 3060 }
3122 3061 }
3123 3062
3124 3063 static void
3125 3064 kmem_reap_start(void *flag)
3126 3065 {
3127 3066 ASSERT(flag == &kmem_reaping || flag == &kmem_reaping_idspace);
3128 3067
3129 3068 if (flag == &kmem_reaping) {
3130 3069 kmem_cache_applyall(kmem_cache_reap, kmem_taskq, TQ_NOSLEEP);
3131 3070 /*
3132 3071 * if we have segkp under heap, reap segkp cache.
3133 3072 */
3134 3073 if (segkp_fromheap)
3135 3074 segkp_cache_free();
3136 3075 }
3137 3076 else
3138 3077 kmem_cache_applyall_id(kmem_cache_reap, kmem_taskq, TQ_NOSLEEP);
3139 3078
3140 3079 /*
3141 3080 * We use taskq_dispatch() to schedule a timeout to clear
3142 3081 * the flag so that kmem_reap() becomes self-throttling:
3143 3082 * we won't reap again until the current reap completes *and*
3144 3083 * at least kmem_reap_interval ticks have elapsed.
3145 3084 */
3146 3085 if (!taskq_dispatch(kmem_taskq, kmem_reap_done, flag, TQ_NOSLEEP))
3147 3086 kmem_reap_done(flag);
3148 3087 }
3149 3088
3150 3089 static void
3151 3090 kmem_reap_common(void *flag_arg)
3152 3091 {
3153 3092 uint32_t *flag = (uint32_t *)flag_arg;
3154 3093
3155 3094 if (MUTEX_HELD(&kmem_cache_lock) || kmem_taskq == NULL ||
3156 3095 atomic_cas_32(flag, 0, 1) != 0)
3157 3096 return;
3158 3097
3159 3098 /*
3160 3099 * It may not be kosher to do memory allocation when a reap is called
3161 3100 * (for example, if vmem_populate() is in the call chain). So we
3162 3101 * start the reap going with a TQ_NOALLOC dispatch. If the dispatch
3163 3102 * fails, we reset the flag, and the next reap will try again.
3164 3103 */
3165 3104 if (!taskq_dispatch(kmem_taskq, kmem_reap_start, flag, TQ_NOALLOC))
3166 3105 *flag = 0;
3167 3106 }
3168 3107
3169 3108 /*
3170 3109 * Reclaim all unused memory from all caches. Called from the VM system
3171 3110 * when memory gets tight.
3172 3111 */
3173 3112 void
3174 3113 kmem_reap(void)
3175 3114 {
3176 3115 kmem_reap_common(&kmem_reaping);
3177 3116 }
3178 3117
3179 3118 /*
3180 3119 * Reclaim all unused memory from identifier arenas, called when a vmem
3181 3120 * arena not back by memory is exhausted. Since reaping memory-backed caches
3182 3121 * cannot help with identifier exhaustion, we avoid both a large amount of
3183 3122 * work and unwanted side-effects from reclaim callbacks.
3184 3123 */
3185 3124 void
3186 3125 kmem_reap_idspace(void)
3187 3126 {
3188 3127 kmem_reap_common(&kmem_reaping_idspace);
3189 3128 }
3190 3129
3191 3130 /*
3192 3131 * Purge all magazines from a cache and set its magazine limit to zero.
3193 3132 * All calls are serialized by the kmem_taskq lock, except for the final
3194 3133 * call from kmem_cache_destroy().
3195 3134 */
3196 3135 static void
3197 3136 kmem_cache_magazine_purge(kmem_cache_t *cp)
3198 3137 {
3199 3138 kmem_cpu_cache_t *ccp;
3200 3139 kmem_magazine_t *mp, *pmp;
3201 3140 int rounds, prounds, cpu_seqid;
3202 3141
3203 3142 ASSERT(!list_link_active(&cp->cache_link) ||
3204 3143 taskq_member(kmem_taskq, curthread));
3205 3144 ASSERT(MUTEX_NOT_HELD(&cp->cache_lock));
3206 3145
3207 3146 for (cpu_seqid = 0; cpu_seqid < max_ncpus; cpu_seqid++) {
3208 3147 ccp = &cp->cache_cpu[cpu_seqid];
3209 3148
3210 3149 mutex_enter(&ccp->cc_lock);
3211 3150 mp = ccp->cc_loaded;
3212 3151 pmp = ccp->cc_ploaded;
3213 3152 rounds = ccp->cc_rounds;
3214 3153 prounds = ccp->cc_prounds;
3215 3154 ccp->cc_loaded = NULL;
3216 3155 ccp->cc_ploaded = NULL;
3217 3156 ccp->cc_rounds = -1;
3218 3157 ccp->cc_prounds = -1;
3219 3158 ccp->cc_magsize = 0;
3220 3159 mutex_exit(&ccp->cc_lock);
3221 3160
3222 3161 if (mp)
3223 3162 kmem_magazine_destroy(cp, mp, rounds);
3224 3163 if (pmp)
3225 3164 kmem_magazine_destroy(cp, pmp, prounds);
3226 3165 }
3227 3166
3228 3167 kmem_depot_ws_zero(cp);
3229 3168 kmem_depot_ws_reap(cp);
3230 3169 }
3231 3170
3232 3171 /*
3233 3172 * Enable per-cpu magazines on a cache.
3234 3173 */
3235 3174 static void
3236 3175 kmem_cache_magazine_enable(kmem_cache_t *cp)
3237 3176 {
3238 3177 int cpu_seqid;
3239 3178
3240 3179 if (cp->cache_flags & KMF_NOMAGAZINE)
3241 3180 return;
3242 3181
3243 3182 for (cpu_seqid = 0; cpu_seqid < max_ncpus; cpu_seqid++) {
3244 3183 kmem_cpu_cache_t *ccp = &cp->cache_cpu[cpu_seqid];
3245 3184 mutex_enter(&ccp->cc_lock);
3246 3185 ccp->cc_magsize = cp->cache_magtype->mt_magsize;
3247 3186 mutex_exit(&ccp->cc_lock);
3248 3187 }
3249 3188
3250 3189 }
3251 3190
3252 3191 /*
3253 3192 * Allow our caller to determine if there are running reaps.
3254 3193 *
3255 3194 * This call is very conservative and may return B_TRUE even when
3256 3195 * reaping activity isn't active. If it returns B_FALSE, then reaping
3257 3196 * activity is definitely inactive.
3258 3197 */
3259 3198 boolean_t
3260 3199 kmem_cache_reap_active(void)
3261 3200 {
3262 3201 return (!taskq_empty(kmem_taskq));
3263 3202 }
3264 3203
3265 3204 /*
3266 3205 * Reap (almost) everything soon.
3267 3206 *
3268 3207 * Note: this does not wait for the reap-tasks to complete. Caller
3269 3208 * should use kmem_cache_reap_active() (above) and/or moderation to
3270 3209 * avoid scheduling too many reap-tasks.
3271 3210 */
3272 3211 void
3273 3212 kmem_cache_reap_soon(kmem_cache_t *cp)
3274 3213 {
3275 3214 ASSERT(list_link_active(&cp->cache_link));
3276 3215
3277 3216 kmem_depot_ws_zero(cp);
3278 3217
3279 3218 (void) taskq_dispatch(kmem_taskq,
3280 3219 (task_func_t *)kmem_depot_ws_reap, cp, TQ_SLEEP);
3281 3220 }
3282 3221
3283 3222 /*
3284 3223 * Recompute a cache's magazine size. The trade-off is that larger magazines
3285 3224 * provide a higher transfer rate with the depot, while smaller magazines
3286 3225 * reduce memory consumption. Magazine resizing is an expensive operation;
3287 3226 * it should not be done frequently.
3288 3227 *
3289 3228 * Changes to the magazine size are serialized by the kmem_taskq lock.
3290 3229 *
3291 3230 * Note: at present this only grows the magazine size. It might be useful
3292 3231 * to allow shrinkage too.
3293 3232 */
3294 3233 static void
3295 3234 kmem_cache_magazine_resize(kmem_cache_t *cp)
3296 3235 {
3297 3236 kmem_magtype_t *mtp = cp->cache_magtype;
3298 3237
3299 3238 ASSERT(taskq_member(kmem_taskq, curthread));
3300 3239
3301 3240 if (cp->cache_chunksize < mtp->mt_maxbuf) {
3302 3241 kmem_cache_magazine_purge(cp);
3303 3242 mutex_enter(&cp->cache_depot_lock);
3304 3243 cp->cache_magtype = ++mtp;
3305 3244 cp->cache_depot_contention_prev =
3306 3245 cp->cache_depot_contention + INT_MAX;
3307 3246 mutex_exit(&cp->cache_depot_lock);
3308 3247 kmem_cache_magazine_enable(cp);
3309 3248 }
3310 3249 }
3311 3250
3312 3251 /*
3313 3252 * Rescale a cache's hash table, so that the table size is roughly the
3314 3253 * cache size. We want the average lookup time to be extremely small.
3315 3254 */
3316 3255 static void
3317 3256 kmem_hash_rescale(kmem_cache_t *cp)
3318 3257 {
3319 3258 kmem_bufctl_t **old_table, **new_table, *bcp;
3320 3259 size_t old_size, new_size, h;
3321 3260
3322 3261 ASSERT(taskq_member(kmem_taskq, curthread));
3323 3262
3324 3263 new_size = MAX(KMEM_HASH_INITIAL,
3325 3264 1 << (highbit(3 * cp->cache_buftotal + 4) - 2));
3326 3265 old_size = cp->cache_hash_mask + 1;
3327 3266
3328 3267 if ((old_size >> 1) <= new_size && new_size <= (old_size << 1))
3329 3268 return;
3330 3269
3331 3270 new_table = vmem_alloc(kmem_hash_arena, new_size * sizeof (void *),
3332 3271 VM_NOSLEEP);
3333 3272 if (new_table == NULL)
3334 3273 return;
3335 3274 bzero(new_table, new_size * sizeof (void *));
3336 3275
3337 3276 mutex_enter(&cp->cache_lock);
3338 3277
3339 3278 old_size = cp->cache_hash_mask + 1;
3340 3279 old_table = cp->cache_hash_table;
3341 3280
3342 3281 cp->cache_hash_mask = new_size - 1;
3343 3282 cp->cache_hash_table = new_table;
3344 3283 cp->cache_rescale++;
3345 3284
3346 3285 for (h = 0; h < old_size; h++) {
3347 3286 bcp = old_table[h];
3348 3287 while (bcp != NULL) {
3349 3288 void *addr = bcp->bc_addr;
3350 3289 kmem_bufctl_t *next_bcp = bcp->bc_next;
3351 3290 kmem_bufctl_t **hash_bucket = KMEM_HASH(cp, addr);
3352 3291 bcp->bc_next = *hash_bucket;
3353 3292 *hash_bucket = bcp;
3354 3293 bcp = next_bcp;
3355 3294 }
3356 3295 }
3357 3296
3358 3297 mutex_exit(&cp->cache_lock);
3359 3298
3360 3299 vmem_free(kmem_hash_arena, old_table, old_size * sizeof (void *));
3361 3300 }
3362 3301
3363 3302 /*
3364 3303 * Perform periodic maintenance on a cache: hash rescaling, depot working-set
3365 3304 * update, magazine resizing, and slab consolidation.
3366 3305 */
3367 3306 static void
3368 3307 kmem_cache_update(kmem_cache_t *cp)
3369 3308 {
3370 3309 int need_hash_rescale = 0;
3371 3310 int need_magazine_resize = 0;
3372 3311
3373 3312 ASSERT(MUTEX_HELD(&kmem_cache_lock));
3374 3313
3375 3314 /*
3376 3315 * If the cache has become much larger or smaller than its hash table,
3377 3316 * fire off a request to rescale the hash table.
3378 3317 */
3379 3318 mutex_enter(&cp->cache_lock);
3380 3319
3381 3320 if ((cp->cache_flags & KMF_HASH) &&
3382 3321 (cp->cache_buftotal > (cp->cache_hash_mask << 1) ||
3383 3322 (cp->cache_buftotal < (cp->cache_hash_mask >> 1) &&
3384 3323 cp->cache_hash_mask > KMEM_HASH_INITIAL)))
3385 3324 need_hash_rescale = 1;
3386 3325
3387 3326 mutex_exit(&cp->cache_lock);
3388 3327
3389 3328 /*
3390 3329 * Update the depot working set statistics.
3391 3330 */
3392 3331 kmem_depot_ws_update(cp);
3393 3332
3394 3333 /*
3395 3334 * If there's a lot of contention in the depot,
3396 3335 * increase the magazine size.
3397 3336 */
3398 3337 mutex_enter(&cp->cache_depot_lock);
3399 3338
3400 3339 if (cp->cache_chunksize < cp->cache_magtype->mt_maxbuf &&
3401 3340 (int)(cp->cache_depot_contention -
3402 3341 cp->cache_depot_contention_prev) > kmem_depot_contention)
3403 3342 need_magazine_resize = 1;
3404 3343
3405 3344 cp->cache_depot_contention_prev = cp->cache_depot_contention;
3406 3345
3407 3346 mutex_exit(&cp->cache_depot_lock);
3408 3347
3409 3348 if (need_hash_rescale)
3410 3349 (void) taskq_dispatch(kmem_taskq,
3411 3350 (task_func_t *)kmem_hash_rescale, cp, TQ_NOSLEEP);
3412 3351
3413 3352 if (need_magazine_resize)
3414 3353 (void) taskq_dispatch(kmem_taskq,
3415 3354 (task_func_t *)kmem_cache_magazine_resize, cp, TQ_NOSLEEP);
3416 3355
3417 3356 if (cp->cache_defrag != NULL)
3418 3357 (void) taskq_dispatch(kmem_taskq,
3419 3358 (task_func_t *)kmem_cache_scan, cp, TQ_NOSLEEP);
3420 3359 }
3421 3360
3422 3361 static void kmem_update(void *);
3423 3362
3424 3363 static void
3425 3364 kmem_update_timeout(void *dummy)
3426 3365 {
3427 3366 (void) timeout(kmem_update, dummy, kmem_reap_interval);
3428 3367 }
3429 3368
3430 3369 static void
3431 3370 kmem_update(void *dummy)
3432 3371 {
3433 3372 kmem_cache_applyall(kmem_cache_update, NULL, TQ_NOSLEEP);
3434 3373
3435 3374 /*
3436 3375 * We use taskq_dispatch() to reschedule the timeout so that
3437 3376 * kmem_update() becomes self-throttling: it won't schedule
3438 3377 * new tasks until all previous tasks have completed.
3439 3378 */
3440 3379 if (!taskq_dispatch(kmem_taskq, kmem_update_timeout, dummy, TQ_NOSLEEP))
3441 3380 kmem_update_timeout(NULL);
3442 3381 }
3443 3382
3444 3383 static int
3445 3384 kmem_cache_kstat_update(kstat_t *ksp, int rw)
3446 3385 {
3447 3386 struct kmem_cache_kstat *kmcp = &kmem_cache_kstat;
3448 3387 kmem_cache_t *cp = ksp->ks_private;
3449 3388 uint64_t cpu_buf_avail;
3450 3389 uint64_t buf_avail = 0;
3451 3390 int cpu_seqid;
3452 3391 long reap;
3453 3392
3454 3393 ASSERT(MUTEX_HELD(&kmem_cache_kstat_lock));
3455 3394
3456 3395 if (rw == KSTAT_WRITE)
3457 3396 return (EACCES);
3458 3397
3459 3398 mutex_enter(&cp->cache_lock);
3460 3399
3461 3400 kmcp->kmc_alloc_fail.value.ui64 = cp->cache_alloc_fail;
3462 3401 kmcp->kmc_alloc.value.ui64 = cp->cache_slab_alloc;
3463 3402 kmcp->kmc_free.value.ui64 = cp->cache_slab_free;
3464 3403 kmcp->kmc_slab_alloc.value.ui64 = cp->cache_slab_alloc;
3465 3404 kmcp->kmc_slab_free.value.ui64 = cp->cache_slab_free;
3466 3405
3467 3406 for (cpu_seqid = 0; cpu_seqid < max_ncpus; cpu_seqid++) {
3468 3407 kmem_cpu_cache_t *ccp = &cp->cache_cpu[cpu_seqid];
3469 3408
3470 3409 mutex_enter(&ccp->cc_lock);
3471 3410
3472 3411 cpu_buf_avail = 0;
3473 3412 if (ccp->cc_rounds > 0)
3474 3413 cpu_buf_avail += ccp->cc_rounds;
3475 3414 if (ccp->cc_prounds > 0)
3476 3415 cpu_buf_avail += ccp->cc_prounds;
3477 3416
3478 3417 kmcp->kmc_alloc.value.ui64 += ccp->cc_alloc;
3479 3418 kmcp->kmc_free.value.ui64 += ccp->cc_free;
3480 3419 buf_avail += cpu_buf_avail;
3481 3420
3482 3421 mutex_exit(&ccp->cc_lock);
3483 3422 }
3484 3423
3485 3424 mutex_enter(&cp->cache_depot_lock);
3486 3425
3487 3426 kmcp->kmc_depot_alloc.value.ui64 = cp->cache_full.ml_alloc;
3488 3427 kmcp->kmc_depot_free.value.ui64 = cp->cache_empty.ml_alloc;
3489 3428 kmcp->kmc_depot_contention.value.ui64 = cp->cache_depot_contention;
3490 3429 kmcp->kmc_full_magazines.value.ui64 = cp->cache_full.ml_total;
3491 3430 kmcp->kmc_empty_magazines.value.ui64 = cp->cache_empty.ml_total;
3492 3431 kmcp->kmc_magazine_size.value.ui64 =
3493 3432 (cp->cache_flags & KMF_NOMAGAZINE) ?
3494 3433 0 : cp->cache_magtype->mt_magsize;
3495 3434
3496 3435 kmcp->kmc_alloc.value.ui64 += cp->cache_full.ml_alloc;
3497 3436 kmcp->kmc_free.value.ui64 += cp->cache_empty.ml_alloc;
3498 3437 buf_avail += cp->cache_full.ml_total * cp->cache_magtype->mt_magsize;
3499 3438
3500 3439 reap = MIN(cp->cache_full.ml_reaplimit, cp->cache_full.ml_min);
3501 3440 reap = MIN(reap, cp->cache_full.ml_total);
3502 3441
3503 3442 mutex_exit(&cp->cache_depot_lock);
3504 3443
3505 3444 kmcp->kmc_buf_size.value.ui64 = cp->cache_bufsize;
3506 3445 kmcp->kmc_align.value.ui64 = cp->cache_align;
3507 3446 kmcp->kmc_chunk_size.value.ui64 = cp->cache_chunksize;
3508 3447 kmcp->kmc_slab_size.value.ui64 = cp->cache_slabsize;
3509 3448 kmcp->kmc_buf_constructed.value.ui64 = buf_avail;
3510 3449 buf_avail += cp->cache_bufslab;
3511 3450 kmcp->kmc_buf_avail.value.ui64 = buf_avail;
3512 3451 kmcp->kmc_buf_inuse.value.ui64 = cp->cache_buftotal - buf_avail;
3513 3452 kmcp->kmc_buf_total.value.ui64 = cp->cache_buftotal;
3514 3453 kmcp->kmc_buf_max.value.ui64 = cp->cache_bufmax;
3515 3454 kmcp->kmc_slab_create.value.ui64 = cp->cache_slab_create;
3516 3455 kmcp->kmc_slab_destroy.value.ui64 = cp->cache_slab_destroy;
3517 3456 kmcp->kmc_hash_size.value.ui64 = (cp->cache_flags & KMF_HASH) ?
3518 3457 cp->cache_hash_mask + 1 : 0;
3519 3458 kmcp->kmc_hash_lookup_depth.value.ui64 = cp->cache_lookup_depth;
3520 3459 kmcp->kmc_hash_rescale.value.ui64 = cp->cache_rescale;
3521 3460 kmcp->kmc_vmem_source.value.ui64 = cp->cache_arena->vm_id;
3522 3461 kmcp->kmc_reap.value.ui64 = cp->cache_reap;
3523 3462
3524 3463 if (cp->cache_defrag == NULL) {
3525 3464 kmcp->kmc_move_callbacks.value.ui64 = 0;
3526 3465 kmcp->kmc_move_yes.value.ui64 = 0;
3527 3466 kmcp->kmc_move_no.value.ui64 = 0;
3528 3467 kmcp->kmc_move_later.value.ui64 = 0;
3529 3468 kmcp->kmc_move_dont_need.value.ui64 = 0;
3530 3469 kmcp->kmc_move_dont_know.value.ui64 = 0;
3531 3470 kmcp->kmc_move_hunt_found.value.ui64 = 0;
3532 3471 kmcp->kmc_move_slabs_freed.value.ui64 = 0;
3533 3472 kmcp->kmc_defrag.value.ui64 = 0;
3534 3473 kmcp->kmc_scan.value.ui64 = 0;
3535 3474 kmcp->kmc_move_reclaimable.value.ui64 = 0;
3536 3475 } else {
3537 3476 int64_t reclaimable;
3538 3477
3539 3478 kmem_defrag_t *kd = cp->cache_defrag;
3540 3479 kmcp->kmc_move_callbacks.value.ui64 = kd->kmd_callbacks;
3541 3480 kmcp->kmc_move_yes.value.ui64 = kd->kmd_yes;
3542 3481 kmcp->kmc_move_no.value.ui64 = kd->kmd_no;
3543 3482 kmcp->kmc_move_later.value.ui64 = kd->kmd_later;
3544 3483 kmcp->kmc_move_dont_need.value.ui64 = kd->kmd_dont_need;
3545 3484 kmcp->kmc_move_dont_know.value.ui64 = kd->kmd_dont_know;
3546 3485 kmcp->kmc_move_hunt_found.value.ui64 = 0;
3547 3486 kmcp->kmc_move_slabs_freed.value.ui64 = kd->kmd_slabs_freed;
3548 3487 kmcp->kmc_defrag.value.ui64 = kd->kmd_defrags;
3549 3488 kmcp->kmc_scan.value.ui64 = kd->kmd_scans;
3550 3489
3551 3490 reclaimable = cp->cache_bufslab - (cp->cache_maxchunks - 1);
3552 3491 reclaimable = MAX(reclaimable, 0);
3553 3492 reclaimable += ((uint64_t)reap * cp->cache_magtype->mt_magsize);
3554 3493 kmcp->kmc_move_reclaimable.value.ui64 = reclaimable;
3555 3494 }
3556 3495
3557 3496 mutex_exit(&cp->cache_lock);
3558 3497 return (0);
3559 3498 }
3560 3499
3561 3500 /*
3562 3501 * Return a named statistic about a particular cache.
3563 3502 * This shouldn't be called very often, so it's currently designed for
3564 3503 * simplicity (leverages existing kstat support) rather than efficiency.
3565 3504 */
3566 3505 uint64_t
3567 3506 kmem_cache_stat(kmem_cache_t *cp, char *name)
3568 3507 {
3569 3508 int i;
3570 3509 kstat_t *ksp = cp->cache_kstat;
3571 3510 kstat_named_t *knp = (kstat_named_t *)&kmem_cache_kstat;
3572 3511 uint64_t value = 0;
3573 3512
3574 3513 if (ksp != NULL) {
3575 3514 mutex_enter(&kmem_cache_kstat_lock);
3576 3515 (void) kmem_cache_kstat_update(ksp, KSTAT_READ);
3577 3516 for (i = 0; i < ksp->ks_ndata; i++) {
3578 3517 if (strcmp(knp[i].name, name) == 0) {
3579 3518 value = knp[i].value.ui64;
3580 3519 break;
3581 3520 }
3582 3521 }
3583 3522 mutex_exit(&kmem_cache_kstat_lock);
3584 3523 }
3585 3524 return (value);
3586 3525 }
3587 3526
3588 3527 /*
3589 3528 * Return an estimate of currently available kernel heap memory.
3590 3529 * On 32-bit systems, physical memory may exceed virtual memory,
3591 3530 * we just truncate the result at 1GB.
3592 3531 */
3593 3532 size_t
3594 3533 kmem_avail(void)
3595 3534 {
3596 3535 spgcnt_t rmem = availrmem - tune.t_minarmem;
3597 3536 spgcnt_t fmem = freemem - minfree;
3598 3537
3599 3538 return ((size_t)ptob(MIN(MAX(MIN(rmem, fmem), 0),
3600 3539 1 << (30 - PAGESHIFT))));
3601 3540 }
3602 3541
3603 3542 /*
3604 3543 * Return the maximum amount of memory that is (in theory) allocatable
3605 3544 * from the heap. This may be used as an estimate only since there
3606 3545 * is no guarentee this space will still be available when an allocation
3607 3546 * request is made, nor that the space may be allocated in one big request
3608 3547 * due to kernel heap fragmentation.
3609 3548 */
3610 3549 size_t
3611 3550 kmem_maxavail(void)
3612 3551 {
3613 3552 spgcnt_t pmem = availrmem - tune.t_minarmem;
3614 3553 spgcnt_t vmem = btop(vmem_size(heap_arena, VMEM_FREE));
3615 3554
3616 3555 return ((size_t)ptob(MAX(MIN(pmem, vmem), 0)));
3617 3556 }
3618 3557
3619 3558 /*
3620 3559 * Indicate whether memory-intensive kmem debugging is enabled.
3621 3560 */
3622 3561 int
3623 3562 kmem_debugging(void)
3624 3563 {
3625 3564 return (kmem_flags & (KMF_AUDIT | KMF_REDZONE));
3626 3565 }
3627 3566
3628 3567 /* binning function, sorts finely at the two extremes */
3629 3568 #define KMEM_PARTIAL_SLAB_WEIGHT(sp, binshift) \
3630 3569 ((((sp)->slab_refcnt <= (binshift)) || \
3631 3570 (((sp)->slab_chunks - (sp)->slab_refcnt) <= (binshift))) \
3632 3571 ? -(sp)->slab_refcnt \
3633 3572 : -((binshift) + ((sp)->slab_refcnt >> (binshift))))
3634 3573
3635 3574 /*
3636 3575 * Minimizing the number of partial slabs on the freelist minimizes
3637 3576 * fragmentation (the ratio of unused buffers held by the slab layer). There are
3638 3577 * two ways to get a slab off of the freelist: 1) free all the buffers on the
3639 3578 * slab, and 2) allocate all the buffers on the slab. It follows that we want
3640 3579 * the most-used slabs at the front of the list where they have the best chance
3641 3580 * of being completely allocated, and the least-used slabs at a safe distance
3642 3581 * from the front to improve the odds that the few remaining buffers will all be
3643 3582 * freed before another allocation can tie up the slab. For that reason a slab
3644 3583 * with a higher slab_refcnt sorts less than than a slab with a lower
3645 3584 * slab_refcnt.
3646 3585 *
3647 3586 * However, if a slab has at least one buffer that is deemed unfreeable, we
3648 3587 * would rather have that slab at the front of the list regardless of
3649 3588 * slab_refcnt, since even one unfreeable buffer makes the entire slab
3650 3589 * unfreeable. If the client returns KMEM_CBRC_NO in response to a cache_move()
3651 3590 * callback, the slab is marked unfreeable for as long as it remains on the
3652 3591 * freelist.
3653 3592 */
3654 3593 static int
3655 3594 kmem_partial_slab_cmp(const void *p0, const void *p1)
3656 3595 {
3657 3596 const kmem_cache_t *cp;
3658 3597 const kmem_slab_t *s0 = p0;
3659 3598 const kmem_slab_t *s1 = p1;
3660 3599 int w0, w1;
3661 3600 size_t binshift;
3662 3601
3663 3602 ASSERT(KMEM_SLAB_IS_PARTIAL(s0));
3664 3603 ASSERT(KMEM_SLAB_IS_PARTIAL(s1));
3665 3604 ASSERT(s0->slab_cache == s1->slab_cache);
3666 3605 cp = s1->slab_cache;
3667 3606 ASSERT(MUTEX_HELD(&cp->cache_lock));
3668 3607 binshift = cp->cache_partial_binshift;
3669 3608
3670 3609 /* weight of first slab */
3671 3610 w0 = KMEM_PARTIAL_SLAB_WEIGHT(s0, binshift);
3672 3611 if (s0->slab_flags & KMEM_SLAB_NOMOVE) {
3673 3612 w0 -= cp->cache_maxchunks;
3674 3613 }
3675 3614
3676 3615 /* weight of second slab */
3677 3616 w1 = KMEM_PARTIAL_SLAB_WEIGHT(s1, binshift);
3678 3617 if (s1->slab_flags & KMEM_SLAB_NOMOVE) {
3679 3618 w1 -= cp->cache_maxchunks;
3680 3619 }
3681 3620
3682 3621 if (w0 < w1)
3683 3622 return (-1);
3684 3623 if (w0 > w1)
3685 3624 return (1);
3686 3625
3687 3626 /* compare pointer values */
3688 3627 if ((uintptr_t)s0 < (uintptr_t)s1)
3689 3628 return (-1);
3690 3629 if ((uintptr_t)s0 > (uintptr_t)s1)
3691 3630 return (1);
3692 3631
3693 3632 return (0);
3694 3633 }
3695 3634
3696 3635 /*
3697 3636 * It must be valid to call the destructor (if any) on a newly created object.
3698 3637 * That is, the constructor (if any) must leave the object in a valid state for
3699 3638 * the destructor.
3700 3639 */
3701 3640 kmem_cache_t *
3702 3641 kmem_cache_create(
3703 3642 char *name, /* descriptive name for this cache */
3704 3643 size_t bufsize, /* size of the objects it manages */
3705 3644 size_t align, /* required object alignment */
3706 3645 int (*constructor)(void *, void *, int), /* object constructor */
3707 3646 void (*destructor)(void *, void *), /* object destructor */
3708 3647 void (*reclaim)(void *), /* memory reclaim callback */
3709 3648 void *private, /* pass-thru arg for constr/destr/reclaim */
3710 3649 vmem_t *vmp, /* vmem source for slab allocation */
3711 3650 int cflags) /* cache creation flags */
3712 3651 {
3713 3652 int cpu_seqid;
3714 3653 size_t chunksize;
3715 3654 kmem_cache_t *cp;
3716 3655 kmem_magtype_t *mtp;
3717 3656 size_t csize = KMEM_CACHE_SIZE(max_ncpus);
3718 3657
3719 3658 #ifdef DEBUG
3720 3659 /*
3721 3660 * Cache names should conform to the rules for valid C identifiers
3722 3661 */
3723 3662 if (!strident_valid(name)) {
3724 3663 cmn_err(CE_CONT,
3725 3664 "kmem_cache_create: '%s' is an invalid cache name\n"
3726 3665 "cache names must conform to the rules for "
3727 3666 "C identifiers\n", name);
3728 3667 }
3729 3668 #endif /* DEBUG */
3730 3669
3731 3670 if (vmp == NULL)
3732 3671 vmp = kmem_default_arena;
3733 3672
3734 3673 /*
3735 3674 * If this kmem cache has an identifier vmem arena as its source, mark
3736 3675 * it such to allow kmem_reap_idspace().
3737 3676 */
3738 3677 ASSERT(!(cflags & KMC_IDENTIFIER)); /* consumer should not set this */
3739 3678 if (vmp->vm_cflags & VMC_IDENTIFIER)
3740 3679 cflags |= KMC_IDENTIFIER;
3741 3680
3742 3681 /*
3743 3682 * Get a kmem_cache structure. We arrange that cp->cache_cpu[]
3744 3683 * is aligned on a KMEM_CPU_CACHE_SIZE boundary to prevent
3745 3684 * false sharing of per-CPU data.
3746 3685 */
3747 3686 cp = vmem_xalloc(kmem_cache_arena, csize, KMEM_CPU_CACHE_SIZE,
3748 3687 P2NPHASE(csize, KMEM_CPU_CACHE_SIZE), 0, NULL, NULL, VM_SLEEP);
3749 3688 bzero(cp, csize);
3750 3689 list_link_init(&cp->cache_link);
3751 3690
3752 3691 if (align == 0)
3753 3692 align = KMEM_ALIGN;
3754 3693
3755 3694 /*
3756 3695 * If we're not at least KMEM_ALIGN aligned, we can't use free
3757 3696 * memory to hold bufctl information (because we can't safely
3758 3697 * perform word loads and stores on it).
3759 3698 */
3760 3699 if (align < KMEM_ALIGN)
3761 3700 cflags |= KMC_NOTOUCH;
3762 3701
3763 3702 if (!ISP2(align) || align > vmp->vm_quantum)
3764 3703 panic("kmem_cache_create: bad alignment %lu", align);
3765 3704
3766 3705 mutex_enter(&kmem_flags_lock);
3767 3706 if (kmem_flags & KMF_RANDOMIZE)
3768 3707 kmem_flags = (((kmem_flags | ~KMF_RANDOM) + 1) & KMF_RANDOM) |
3769 3708 KMF_RANDOMIZE;
3770 3709 cp->cache_flags = (kmem_flags | cflags) & KMF_DEBUG;
3771 3710 mutex_exit(&kmem_flags_lock);
3772 3711
3773 3712 /*
3774 3713 * Make sure all the various flags are reasonable.
3775 3714 */
3776 3715 ASSERT(!(cflags & KMC_NOHASH) || !(cflags & KMC_NOTOUCH));
3777 3716
3778 3717 if (cp->cache_flags & KMF_LITE) {
3779 3718 if (bufsize >= kmem_lite_minsize &&
3780 3719 align <= kmem_lite_maxalign &&
3781 3720 P2PHASE(bufsize, kmem_lite_maxalign) != 0) {
3782 3721 cp->cache_flags |= KMF_BUFTAG;
3783 3722 cp->cache_flags &= ~(KMF_AUDIT | KMF_FIREWALL);
3784 3723 } else {
3785 3724 cp->cache_flags &= ~KMF_DEBUG;
3786 3725 }
3787 3726 }
3788 3727
3789 3728 if (cp->cache_flags & KMF_DEADBEEF)
3790 3729 cp->cache_flags |= KMF_REDZONE;
3791 3730
3792 3731 if ((cflags & KMC_QCACHE) && (cp->cache_flags & KMF_AUDIT))
3793 3732 cp->cache_flags |= KMF_NOMAGAZINE;
3794 3733
3795 3734 if (cflags & KMC_NODEBUG)
3796 3735 cp->cache_flags &= ~KMF_DEBUG;
3797 3736
3798 3737 if (cflags & KMC_NOTOUCH)
3799 3738 cp->cache_flags &= ~KMF_TOUCH;
3800 3739
3801 3740 if (cflags & KMC_PREFILL)
3802 3741 cp->cache_flags |= KMF_PREFILL;
3803 3742
3804 3743 if (cflags & KMC_NOHASH)
3805 3744 cp->cache_flags &= ~(KMF_AUDIT | KMF_FIREWALL);
3806 3745
3807 3746 if (cflags & KMC_NOMAGAZINE)
3808 3747 cp->cache_flags |= KMF_NOMAGAZINE;
3809 3748
3810 3749 if ((cp->cache_flags & KMF_AUDIT) && !(cflags & KMC_NOTOUCH))
3811 3750 cp->cache_flags |= KMF_REDZONE;
3812 3751
3813 3752 if (!(cp->cache_flags & KMF_AUDIT))
3814 3753 cp->cache_flags &= ~KMF_CONTENTS;
3815 3754
3816 3755 if ((cp->cache_flags & KMF_BUFTAG) && bufsize >= kmem_minfirewall &&
3817 3756 !(cp->cache_flags & KMF_LITE) && !(cflags & KMC_NOHASH))
3818 3757 cp->cache_flags |= KMF_FIREWALL;
3819 3758
3820 3759 if (vmp != kmem_default_arena || kmem_firewall_arena == NULL)
3821 3760 cp->cache_flags &= ~KMF_FIREWALL;
3822 3761
3823 3762 if (cp->cache_flags & KMF_FIREWALL) {
3824 3763 cp->cache_flags &= ~KMF_BUFTAG;
3825 3764 cp->cache_flags |= KMF_NOMAGAZINE;
3826 3765 ASSERT(vmp == kmem_default_arena);
3827 3766 vmp = kmem_firewall_arena;
3828 3767 }
3829 3768
3830 3769 /*
3831 3770 * Set cache properties.
3832 3771 */
3833 3772 (void) strncpy(cp->cache_name, name, KMEM_CACHE_NAMELEN);
3834 3773 strident_canon(cp->cache_name, KMEM_CACHE_NAMELEN + 1);
3835 3774 cp->cache_bufsize = bufsize;
3836 3775 cp->cache_align = align;
3837 3776 cp->cache_constructor = constructor;
3838 3777 cp->cache_destructor = destructor;
3839 3778 cp->cache_reclaim = reclaim;
3840 3779 cp->cache_private = private;
3841 3780 cp->cache_arena = vmp;
3842 3781 cp->cache_cflags = cflags;
3843 3782
3844 3783 /*
3845 3784 * Determine the chunk size.
3846 3785 */
3847 3786 chunksize = bufsize;
3848 3787
3849 3788 if (align >= KMEM_ALIGN) {
3850 3789 chunksize = P2ROUNDUP(chunksize, KMEM_ALIGN);
3851 3790 cp->cache_bufctl = chunksize - KMEM_ALIGN;
3852 3791 }
3853 3792
3854 3793 if (cp->cache_flags & KMF_BUFTAG) {
3855 3794 cp->cache_bufctl = chunksize;
3856 3795 cp->cache_buftag = chunksize;
3857 3796 if (cp->cache_flags & KMF_LITE)
3858 3797 chunksize += KMEM_BUFTAG_LITE_SIZE(kmem_lite_count);
3859 3798 else
3860 3799 chunksize += sizeof (kmem_buftag_t);
3861 3800 }
3862 3801
3863 3802 if (cp->cache_flags & KMF_DEADBEEF) {
3864 3803 cp->cache_verify = MIN(cp->cache_buftag, kmem_maxverify);
3865 3804 if (cp->cache_flags & KMF_LITE)
3866 3805 cp->cache_verify = sizeof (uint64_t);
3867 3806 }
3868 3807
3869 3808 cp->cache_contents = MIN(cp->cache_bufctl, kmem_content_maxsave);
3870 3809
3871 3810 cp->cache_chunksize = chunksize = P2ROUNDUP(chunksize, align);
3872 3811
3873 3812 /*
3874 3813 * Now that we know the chunk size, determine the optimal slab size.
3875 3814 */
3876 3815 if (vmp == kmem_firewall_arena) {
3877 3816 cp->cache_slabsize = P2ROUNDUP(chunksize, vmp->vm_quantum);
3878 3817 cp->cache_mincolor = cp->cache_slabsize - chunksize;
3879 3818 cp->cache_maxcolor = cp->cache_mincolor;
3880 3819 cp->cache_flags |= KMF_HASH;
3881 3820 ASSERT(!(cp->cache_flags & KMF_BUFTAG));
3882 3821 } else if ((cflags & KMC_NOHASH) || (!(cflags & KMC_NOTOUCH) &&
3883 3822 !(cp->cache_flags & KMF_AUDIT) &&
3884 3823 chunksize < vmp->vm_quantum / KMEM_VOID_FRACTION)) {
3885 3824 cp->cache_slabsize = vmp->vm_quantum;
3886 3825 cp->cache_mincolor = 0;
3887 3826 cp->cache_maxcolor =
3888 3827 (cp->cache_slabsize - sizeof (kmem_slab_t)) % chunksize;
3889 3828 ASSERT(chunksize + sizeof (kmem_slab_t) <= cp->cache_slabsize);
3890 3829 ASSERT(!(cp->cache_flags & KMF_AUDIT));
3891 3830 } else {
3892 3831 size_t chunks, bestfit, waste, slabsize;
3893 3832 size_t minwaste = LONG_MAX;
3894 3833
3895 3834 for (chunks = 1; chunks <= KMEM_VOID_FRACTION; chunks++) {
3896 3835 slabsize = P2ROUNDUP(chunksize * chunks,
3897 3836 vmp->vm_quantum);
3898 3837 chunks = slabsize / chunksize;
3899 3838 waste = (slabsize % chunksize) / chunks;
3900 3839 if (waste < minwaste) {
3901 3840 minwaste = waste;
3902 3841 bestfit = slabsize;
3903 3842 }
3904 3843 }
3905 3844 if (cflags & KMC_QCACHE)
3906 3845 bestfit = VMEM_QCACHE_SLABSIZE(vmp->vm_qcache_max);
3907 3846 cp->cache_slabsize = bestfit;
3908 3847 cp->cache_mincolor = 0;
3909 3848 cp->cache_maxcolor = bestfit % chunksize;
3910 3849 cp->cache_flags |= KMF_HASH;
3911 3850 }
3912 3851
3913 3852 cp->cache_maxchunks = (cp->cache_slabsize / cp->cache_chunksize);
3914 3853 cp->cache_partial_binshift = highbit(cp->cache_maxchunks / 16) + 1;
3915 3854
3916 3855 /*
3917 3856 * Disallowing prefill when either the DEBUG or HASH flag is set or when
3918 3857 * there is a constructor avoids some tricky issues with debug setup
3919 3858 * that may be revisited later. We cannot allow prefill in a
3920 3859 * metadata cache because of potential recursion.
3921 3860 */
3922 3861 if (vmp == kmem_msb_arena ||
3923 3862 cp->cache_flags & (KMF_HASH | KMF_BUFTAG) ||
3924 3863 cp->cache_constructor != NULL)
3925 3864 cp->cache_flags &= ~KMF_PREFILL;
3926 3865
3927 3866 if (cp->cache_flags & KMF_HASH) {
3928 3867 ASSERT(!(cflags & KMC_NOHASH));
3929 3868 cp->cache_bufctl_cache = (cp->cache_flags & KMF_AUDIT) ?
3930 3869 kmem_bufctl_audit_cache : kmem_bufctl_cache;
3931 3870 }
3932 3871
3933 3872 if (cp->cache_maxcolor >= vmp->vm_quantum)
3934 3873 cp->cache_maxcolor = vmp->vm_quantum - 1;
3935 3874
3936 3875 cp->cache_color = cp->cache_mincolor;
3937 3876
3938 3877 /*
3939 3878 * Initialize the rest of the slab layer.
3940 3879 */
3941 3880 mutex_init(&cp->cache_lock, NULL, MUTEX_DEFAULT, NULL);
3942 3881
3943 3882 avl_create(&cp->cache_partial_slabs, kmem_partial_slab_cmp,
3944 3883 sizeof (kmem_slab_t), offsetof(kmem_slab_t, slab_link));
3945 3884 /* LINTED: E_TRUE_LOGICAL_EXPR */
3946 3885 ASSERT(sizeof (list_node_t) <= sizeof (avl_node_t));
3947 3886 /* reuse partial slab AVL linkage for complete slab list linkage */
3948 3887 list_create(&cp->cache_complete_slabs,
3949 3888 sizeof (kmem_slab_t), offsetof(kmem_slab_t, slab_link));
3950 3889
3951 3890 if (cp->cache_flags & KMF_HASH) {
3952 3891 cp->cache_hash_table = vmem_alloc(kmem_hash_arena,
3953 3892 KMEM_HASH_INITIAL * sizeof (void *), VM_SLEEP);
3954 3893 bzero(cp->cache_hash_table,
3955 3894 KMEM_HASH_INITIAL * sizeof (void *));
3956 3895 cp->cache_hash_mask = KMEM_HASH_INITIAL - 1;
3957 3896 cp->cache_hash_shift = highbit((ulong_t)chunksize) - 1;
3958 3897 }
3959 3898
3960 3899 /*
3961 3900 * Initialize the depot.
3962 3901 */
3963 3902 mutex_init(&cp->cache_depot_lock, NULL, MUTEX_DEFAULT, NULL);
3964 3903
3965 3904 for (mtp = kmem_magtype; chunksize <= mtp->mt_minbuf; mtp++)
3966 3905 continue;
3967 3906
3968 3907 cp->cache_magtype = mtp;
3969 3908
3970 3909 /*
3971 3910 * Initialize the CPU layer.
3972 3911 */
3973 3912 for (cpu_seqid = 0; cpu_seqid < max_ncpus; cpu_seqid++) {
3974 3913 kmem_cpu_cache_t *ccp = &cp->cache_cpu[cpu_seqid];
3975 3914 mutex_init(&ccp->cc_lock, NULL, MUTEX_DEFAULT, NULL);
3976 3915 ccp->cc_flags = cp->cache_flags;
3977 3916 ccp->cc_rounds = -1;
3978 3917 ccp->cc_prounds = -1;
3979 3918 }
3980 3919
3981 3920 /*
3982 3921 * Create the cache's kstats.
3983 3922 */
3984 3923 if ((cp->cache_kstat = kstat_create("unix", 0, cp->cache_name,
3985 3924 "kmem_cache", KSTAT_TYPE_NAMED,
3986 3925 sizeof (kmem_cache_kstat) / sizeof (kstat_named_t),
3987 3926 KSTAT_FLAG_VIRTUAL)) != NULL) {
3988 3927 cp->cache_kstat->ks_data = &kmem_cache_kstat;
3989 3928 cp->cache_kstat->ks_update = kmem_cache_kstat_update;
3990 3929 cp->cache_kstat->ks_private = cp;
3991 3930 cp->cache_kstat->ks_lock = &kmem_cache_kstat_lock;
3992 3931 kstat_install(cp->cache_kstat);
3993 3932 }
3994 3933
3995 3934 /*
3996 3935 * Add the cache to the global list. This makes it visible
3997 3936 * to kmem_update(), so the cache must be ready for business.
3998 3937 */
3999 3938 mutex_enter(&kmem_cache_lock);
4000 3939 list_insert_tail(&kmem_caches, cp);
4001 3940 mutex_exit(&kmem_cache_lock);
4002 3941
4003 3942 if (kmem_ready)
4004 3943 kmem_cache_magazine_enable(cp);
4005 3944
4006 3945 return (cp);
4007 3946 }
4008 3947
4009 3948 static int
4010 3949 kmem_move_cmp(const void *buf, const void *p)
4011 3950 {
4012 3951 const kmem_move_t *kmm = p;
4013 3952 uintptr_t v1 = (uintptr_t)buf;
4014 3953 uintptr_t v2 = (uintptr_t)kmm->kmm_from_buf;
4015 3954 return (v1 < v2 ? -1 : (v1 > v2 ? 1 : 0));
4016 3955 }
4017 3956
4018 3957 static void
4019 3958 kmem_reset_reclaim_threshold(kmem_defrag_t *kmd)
4020 3959 {
4021 3960 kmd->kmd_reclaim_numer = 1;
4022 3961 }
4023 3962
4024 3963 /*
4025 3964 * Initially, when choosing candidate slabs for buffers to move, we want to be
4026 3965 * very selective and take only slabs that are less than
4027 3966 * (1 / KMEM_VOID_FRACTION) allocated. If we have difficulty finding candidate
4028 3967 * slabs, then we raise the allocation ceiling incrementally. The reclaim
4029 3968 * threshold is reset to (1 / KMEM_VOID_FRACTION) as soon as the cache is no
4030 3969 * longer fragmented.
4031 3970 */
4032 3971 static void
4033 3972 kmem_adjust_reclaim_threshold(kmem_defrag_t *kmd, int direction)
4034 3973 {
4035 3974 if (direction > 0) {
4036 3975 /* make it easier to find a candidate slab */
4037 3976 if (kmd->kmd_reclaim_numer < (KMEM_VOID_FRACTION - 1)) {
4038 3977 kmd->kmd_reclaim_numer++;
4039 3978 }
4040 3979 } else {
4041 3980 /* be more selective */
4042 3981 if (kmd->kmd_reclaim_numer > 1) {
4043 3982 kmd->kmd_reclaim_numer--;
4044 3983 }
4045 3984 }
4046 3985 }
4047 3986
4048 3987 void
4049 3988 kmem_cache_set_move(kmem_cache_t *cp,
4050 3989 kmem_cbrc_t (*move)(void *, void *, size_t, void *))
4051 3990 {
4052 3991 kmem_defrag_t *defrag;
4053 3992
4054 3993 ASSERT(move != NULL);
4055 3994 /*
4056 3995 * The consolidator does not support NOTOUCH caches because kmem cannot
4057 3996 * initialize their slabs with the 0xbaddcafe memory pattern, which sets
4058 3997 * a low order bit usable by clients to distinguish uninitialized memory
4059 3998 * from known objects (see kmem_slab_create).
4060 3999 */
4061 4000 ASSERT(!(cp->cache_cflags & KMC_NOTOUCH));
4062 4001 ASSERT(!(cp->cache_cflags & KMC_IDENTIFIER));
4063 4002
4064 4003 /*
4065 4004 * We should not be holding anyone's cache lock when calling
4066 4005 * kmem_cache_alloc(), so allocate in all cases before acquiring the
4067 4006 * lock.
4068 4007 */
4069 4008 defrag = kmem_cache_alloc(kmem_defrag_cache, KM_SLEEP);
4070 4009
4071 4010 mutex_enter(&cp->cache_lock);
4072 4011
4073 4012 if (KMEM_IS_MOVABLE(cp)) {
4074 4013 if (cp->cache_move == NULL) {
4075 4014 ASSERT(cp->cache_slab_alloc == 0);
4076 4015
4077 4016 cp->cache_defrag = defrag;
4078 4017 defrag = NULL; /* nothing to free */
4079 4018 bzero(cp->cache_defrag, sizeof (kmem_defrag_t));
4080 4019 avl_create(&cp->cache_defrag->kmd_moves_pending,
4081 4020 kmem_move_cmp, sizeof (kmem_move_t),
4082 4021 offsetof(kmem_move_t, kmm_entry));
4083 4022 /* LINTED: E_TRUE_LOGICAL_EXPR */
4084 4023 ASSERT(sizeof (list_node_t) <= sizeof (avl_node_t));
4085 4024 /* reuse the slab's AVL linkage for deadlist linkage */
4086 4025 list_create(&cp->cache_defrag->kmd_deadlist,
4087 4026 sizeof (kmem_slab_t),
4088 4027 offsetof(kmem_slab_t, slab_link));
4089 4028 kmem_reset_reclaim_threshold(cp->cache_defrag);
4090 4029 }
4091 4030 cp->cache_move = move;
4092 4031 }
4093 4032
4094 4033 mutex_exit(&cp->cache_lock);
4095 4034
4096 4035 if (defrag != NULL) {
4097 4036 kmem_cache_free(kmem_defrag_cache, defrag); /* unused */
4098 4037 }
4099 4038 }
4100 4039
4101 4040 void
4102 4041 kmem_cache_destroy(kmem_cache_t *cp)
4103 4042 {
4104 4043 int cpu_seqid;
4105 4044
4106 4045 /*
4107 4046 * Remove the cache from the global cache list so that no one else
4108 4047 * can schedule tasks on its behalf, wait for any pending tasks to
4109 4048 * complete, purge the cache, and then destroy it.
4110 4049 */
4111 4050 mutex_enter(&kmem_cache_lock);
4112 4051 list_remove(&kmem_caches, cp);
4113 4052 mutex_exit(&kmem_cache_lock);
4114 4053
4115 4054 if (kmem_taskq != NULL)
4116 4055 taskq_wait(kmem_taskq);
4117 4056
4118 4057 if (kmem_move_taskq != NULL && cp->cache_defrag != NULL)
4119 4058 taskq_wait(kmem_move_taskq);
4120 4059
4121 4060 kmem_cache_magazine_purge(cp);
4122 4061
4123 4062 mutex_enter(&cp->cache_lock);
4124 4063 if (cp->cache_buftotal != 0)
4125 4064 cmn_err(CE_WARN, "kmem_cache_destroy: '%s' (%p) not empty",
4126 4065 cp->cache_name, (void *)cp);
4127 4066 if (cp->cache_defrag != NULL) {
4128 4067 avl_destroy(&cp->cache_defrag->kmd_moves_pending);
4129 4068 list_destroy(&cp->cache_defrag->kmd_deadlist);
4130 4069 kmem_cache_free(kmem_defrag_cache, cp->cache_defrag);
4131 4070 cp->cache_defrag = NULL;
4132 4071 }
4133 4072 /*
4134 4073 * The cache is now dead. There should be no further activity. We
4135 4074 * enforce this by setting land mines in the constructor, destructor,
4136 4075 * reclaim, and move routines that induce a kernel text fault if
4137 4076 * invoked.
4138 4077 */
4139 4078 cp->cache_constructor = (int (*)(void *, void *, int))1;
4140 4079 cp->cache_destructor = (void (*)(void *, void *))2;
4141 4080 cp->cache_reclaim = (void (*)(void *))3;
4142 4081 cp->cache_move = (kmem_cbrc_t (*)(void *, void *, size_t, void *))4;
4143 4082 mutex_exit(&cp->cache_lock);
4144 4083
4145 4084 kstat_delete(cp->cache_kstat);
4146 4085
4147 4086 if (cp->cache_hash_table != NULL)
4148 4087 vmem_free(kmem_hash_arena, cp->cache_hash_table,
4149 4088 (cp->cache_hash_mask + 1) * sizeof (void *));
4150 4089
4151 4090 for (cpu_seqid = 0; cpu_seqid < max_ncpus; cpu_seqid++)
4152 4091 mutex_destroy(&cp->cache_cpu[cpu_seqid].cc_lock);
4153 4092
4154 4093 mutex_destroy(&cp->cache_depot_lock);
4155 4094 mutex_destroy(&cp->cache_lock);
4156 4095
4157 4096 vmem_free(kmem_cache_arena, cp, KMEM_CACHE_SIZE(max_ncpus));
4158 4097 }
4159 4098
4160 4099 /*ARGSUSED*/
4161 4100 static int
4162 4101 kmem_cpu_setup(cpu_setup_t what, int id, void *arg)
4163 4102 {
4164 4103 ASSERT(MUTEX_HELD(&cpu_lock));
4165 4104 if (what == CPU_UNCONFIG) {
4166 4105 kmem_cache_applyall(kmem_cache_magazine_purge,
4167 4106 kmem_taskq, TQ_SLEEP);
4168 4107 kmem_cache_applyall(kmem_cache_magazine_enable,
4169 4108 kmem_taskq, TQ_SLEEP);
4170 4109 }
4171 4110 return (0);
4172 4111 }
4173 4112
4174 4113 static void
4175 4114 kmem_alloc_caches_create(const int *array, size_t count,
4176 4115 kmem_cache_t **alloc_table, size_t maxbuf, uint_t shift)
4177 4116 {
4178 4117 char name[KMEM_CACHE_NAMELEN + 1];
4179 4118 size_t table_unit = (1 << shift); /* range of one alloc_table entry */
4180 4119 size_t size = table_unit;
4181 4120 int i;
4182 4121
4183 4122 for (i = 0; i < count; i++) {
4184 4123 size_t cache_size = array[i];
4185 4124 size_t align = KMEM_ALIGN;
4186 4125 kmem_cache_t *cp;
4187 4126
4188 4127 /* if the table has an entry for maxbuf, we're done */
4189 4128 if (size > maxbuf)
4190 4129 break;
4191 4130
4192 4131 /* cache size must be a multiple of the table unit */
4193 4132 ASSERT(P2PHASE(cache_size, table_unit) == 0);
4194 4133
4195 4134 /*
4196 4135 * If they allocate a multiple of the coherency granularity,
4197 4136 * they get a coherency-granularity-aligned address.
4198 4137 */
4199 4138 if (IS_P2ALIGNED(cache_size, 64))
4200 4139 align = 64;
4201 4140 if (IS_P2ALIGNED(cache_size, PAGESIZE))
4202 4141 align = PAGESIZE;
4203 4142 (void) snprintf(name, sizeof (name),
4204 4143 "kmem_alloc_%lu", cache_size);
4205 4144 cp = kmem_cache_create(name, cache_size, align,
4206 4145 NULL, NULL, NULL, NULL, NULL, KMC_KMEM_ALLOC);
4207 4146
4208 4147 while (size <= cache_size) {
4209 4148 alloc_table[(size - 1) >> shift] = cp;
4210 4149 size += table_unit;
4211 4150 }
4212 4151 }
4213 4152
4214 4153 ASSERT(size > maxbuf); /* i.e. maxbuf <= max(cache_size) */
4215 4154 }
4216 4155
4217 4156 static void
4218 4157 kmem_cache_init(int pass, int use_large_pages)
4219 4158 {
4220 4159 int i;
4221 4160 size_t maxbuf;
4222 4161 kmem_magtype_t *mtp;
4223 4162
4224 4163 for (i = 0; i < sizeof (kmem_magtype) / sizeof (*mtp); i++) {
4225 4164 char name[KMEM_CACHE_NAMELEN + 1];
4226 4165
4227 4166 mtp = &kmem_magtype[i];
4228 4167 (void) sprintf(name, "kmem_magazine_%d", mtp->mt_magsize);
4229 4168 mtp->mt_cache = kmem_cache_create(name,
4230 4169 (mtp->mt_magsize + 1) * sizeof (void *),
4231 4170 mtp->mt_align, NULL, NULL, NULL, NULL,
4232 4171 kmem_msb_arena, KMC_NOHASH);
4233 4172 }
4234 4173
4235 4174 kmem_slab_cache = kmem_cache_create("kmem_slab_cache",
4236 4175 sizeof (kmem_slab_t), 0, NULL, NULL, NULL, NULL,
4237 4176 kmem_msb_arena, KMC_NOHASH);
4238 4177
4239 4178 kmem_bufctl_cache = kmem_cache_create("kmem_bufctl_cache",
4240 4179 sizeof (kmem_bufctl_t), 0, NULL, NULL, NULL, NULL,
4241 4180 kmem_msb_arena, KMC_NOHASH);
4242 4181
4243 4182 kmem_bufctl_audit_cache = kmem_cache_create("kmem_bufctl_audit_cache",
4244 4183 sizeof (kmem_bufctl_audit_t), 0, NULL, NULL, NULL, NULL,
4245 4184 kmem_msb_arena, KMC_NOHASH);
4246 4185
4247 4186 if (pass == 2) {
4248 4187 kmem_va_arena = vmem_create("kmem_va",
4249 4188 NULL, 0, PAGESIZE,
4250 4189 vmem_alloc, vmem_free, heap_arena,
4251 4190 8 * PAGESIZE, VM_SLEEP);
4252 4191
4253 4192 if (use_large_pages) {
4254 4193 kmem_default_arena = vmem_xcreate("kmem_default",
4255 4194 NULL, 0, PAGESIZE,
4256 4195 segkmem_alloc_lp, segkmem_free_lp, kmem_va_arena,
4257 4196 0, VMC_DUMPSAFE | VM_SLEEP);
4258 4197 } else {
4259 4198 kmem_default_arena = vmem_create("kmem_default",
4260 4199 NULL, 0, PAGESIZE,
4261 4200 segkmem_alloc, segkmem_free, kmem_va_arena,
4262 4201 0, VMC_DUMPSAFE | VM_SLEEP);
4263 4202 }
4264 4203
4265 4204 /* Figure out what our maximum cache size is */
4266 4205 maxbuf = kmem_max_cached;
4267 4206 if (maxbuf <= KMEM_MAXBUF) {
4268 4207 maxbuf = 0;
4269 4208 kmem_max_cached = KMEM_MAXBUF;
4270 4209 } else {
4271 4210 size_t size = 0;
4272 4211 size_t max =
4273 4212 sizeof (kmem_big_alloc_sizes) / sizeof (int);
4274 4213 /*
4275 4214 * Round maxbuf up to an existing cache size. If maxbuf
4276 4215 * is larger than the largest cache, we truncate it to
4277 4216 * the largest cache's size.
4278 4217 */
4279 4218 for (i = 0; i < max; i++) {
4280 4219 size = kmem_big_alloc_sizes[i];
4281 4220 if (maxbuf <= size)
4282 4221 break;
4283 4222 }
4284 4223 kmem_max_cached = maxbuf = size;
4285 4224 }
4286 4225
4287 4226 /*
4288 4227 * The big alloc table may not be completely overwritten, so
4289 4228 * we clear out any stale cache pointers from the first pass.
4290 4229 */
4291 4230 bzero(kmem_big_alloc_table, sizeof (kmem_big_alloc_table));
4292 4231 } else {
4293 4232 /*
4294 4233 * During the first pass, the kmem_alloc_* caches
4295 4234 * are treated as metadata.
4296 4235 */
4297 4236 kmem_default_arena = kmem_msb_arena;
4298 4237 maxbuf = KMEM_BIG_MAXBUF_32BIT;
4299 4238 }
4300 4239
4301 4240 /*
4302 4241 * Set up the default caches to back kmem_alloc()
4303 4242 */
4304 4243 kmem_alloc_caches_create(
4305 4244 kmem_alloc_sizes, sizeof (kmem_alloc_sizes) / sizeof (int),
4306 4245 kmem_alloc_table, KMEM_MAXBUF, KMEM_ALIGN_SHIFT);
4307 4246
4308 4247 kmem_alloc_caches_create(
4309 4248 kmem_big_alloc_sizes, sizeof (kmem_big_alloc_sizes) / sizeof (int),
4310 4249 kmem_big_alloc_table, maxbuf, KMEM_BIG_SHIFT);
4311 4250
4312 4251 kmem_big_alloc_table_max = maxbuf >> KMEM_BIG_SHIFT;
4313 4252 }
4314 4253
4315 4254 void
4316 4255 kmem_init(void)
4317 4256 {
4318 4257 kmem_cache_t *cp;
4319 4258 int old_kmem_flags = kmem_flags;
4320 4259 int use_large_pages = 0;
4321 4260 size_t maxverify, minfirewall;
4322 4261
4323 4262 kstat_init();
4324 4263
4325 4264 /*
4326 4265 * Don't do firewalled allocations if the heap is less than 1TB
4327 4266 * (i.e. on a 32-bit kernel)
4328 4267 * The resulting VM_NEXTFIT allocations would create too much
4329 4268 * fragmentation in a small heap.
4330 4269 */
4331 4270 #if defined(_LP64)
4332 4271 maxverify = minfirewall = PAGESIZE / 2;
4333 4272 #else
4334 4273 maxverify = minfirewall = ULONG_MAX;
4335 4274 #endif
4336 4275
4337 4276 /* LINTED */
4338 4277 ASSERT(sizeof (kmem_cpu_cache_t) == KMEM_CPU_CACHE_SIZE);
4339 4278
4340 4279 list_create(&kmem_caches, sizeof (kmem_cache_t),
4341 4280 offsetof(kmem_cache_t, cache_link));
4342 4281
4343 4282 kmem_metadata_arena = vmem_create("kmem_metadata", NULL, 0, PAGESIZE,
4344 4283 vmem_alloc, vmem_free, heap_arena, 8 * PAGESIZE,
4345 4284 VM_SLEEP | VMC_NO_QCACHE);
4346 4285
4347 4286 kmem_msb_arena = vmem_create("kmem_msb", NULL, 0,
4348 4287 PAGESIZE, segkmem_alloc, segkmem_free, kmem_metadata_arena, 0,
4349 4288 VMC_DUMPSAFE | VM_SLEEP);
4350 4289
4351 4290 kmem_cache_arena = vmem_create("kmem_cache", NULL, 0, KMEM_ALIGN,
4352 4291 segkmem_alloc, segkmem_free, kmem_metadata_arena, 0, VM_SLEEP);
4353 4292
4354 4293 kmem_hash_arena = vmem_create("kmem_hash", NULL, 0, KMEM_ALIGN,
4355 4294 segkmem_alloc, segkmem_free, kmem_metadata_arena, 0, VM_SLEEP);
4356 4295
4357 4296 kmem_log_arena = vmem_create("kmem_log", NULL, 0, KMEM_ALIGN,
4358 4297 segkmem_alloc, segkmem_free, heap_arena, 0, VM_SLEEP);
4359 4298
4360 4299 kmem_firewall_va_arena = vmem_create("kmem_firewall_va",
4361 4300 NULL, 0, PAGESIZE,
4362 4301 kmem_firewall_va_alloc, kmem_firewall_va_free, heap_arena,
4363 4302 0, VM_SLEEP);
4364 4303
4365 4304 kmem_firewall_arena = vmem_create("kmem_firewall", NULL, 0, PAGESIZE,
4366 4305 segkmem_alloc, segkmem_free, kmem_firewall_va_arena, 0,
4367 4306 VMC_DUMPSAFE | VM_SLEEP);
4368 4307
4369 4308 /* temporary oversize arena for mod_read_system_file */
4370 4309 kmem_oversize_arena = vmem_create("kmem_oversize", NULL, 0, PAGESIZE,
4371 4310 segkmem_alloc, segkmem_free, heap_arena, 0, VM_SLEEP);
4372 4311
4373 4312 kmem_reap_interval = 15 * hz;
4374 4313
4375 4314 /*
4376 4315 * Read /etc/system. This is a chicken-and-egg problem because
4377 4316 * kmem_flags may be set in /etc/system, but mod_read_system_file()
4378 4317 * needs to use the allocator. The simplest solution is to create
4379 4318 * all the standard kmem caches, read /etc/system, destroy all the
4380 4319 * caches we just created, and then create them all again in light
4381 4320 * of the (possibly) new kmem_flags and other kmem tunables.
4382 4321 */
4383 4322 kmem_cache_init(1, 0);
4384 4323
4385 4324 mod_read_system_file(boothowto & RB_ASKNAME);
4386 4325
4387 4326 while ((cp = list_tail(&kmem_caches)) != NULL)
4388 4327 kmem_cache_destroy(cp);
4389 4328
4390 4329 vmem_destroy(kmem_oversize_arena);
4391 4330
4392 4331 if (old_kmem_flags & KMF_STICKY)
4393 4332 kmem_flags = old_kmem_flags;
4394 4333
4395 4334 if (!(kmem_flags & KMF_AUDIT))
4396 4335 vmem_seg_size = offsetof(vmem_seg_t, vs_thread);
4397 4336
4398 4337 if (kmem_maxverify == 0)
4399 4338 kmem_maxverify = maxverify;
4400 4339
4401 4340 if (kmem_minfirewall == 0)
4402 4341 kmem_minfirewall = minfirewall;
4403 4342
4404 4343 /*
4405 4344 * give segkmem a chance to figure out if we are using large pages
4406 4345 * for the kernel heap
4407 4346 */
4408 4347 use_large_pages = segkmem_lpsetup();
4409 4348
4410 4349 /*
4411 4350 * To protect against corruption, we keep the actual number of callers
4412 4351 * KMF_LITE records seperate from the tunable. We arbitrarily clamp
4413 4352 * to 16, since the overhead for small buffers quickly gets out of
4414 4353 * hand.
4415 4354 *
4416 4355 * The real limit would depend on the needs of the largest KMC_NOHASH
4417 4356 * cache.
4418 4357 */
4419 4358 kmem_lite_count = MIN(MAX(0, kmem_lite_pcs), 16);
4420 4359 kmem_lite_pcs = kmem_lite_count;
4421 4360
4422 4361 /*
4423 4362 * Normally, we firewall oversized allocations when possible, but
4424 4363 * if we are using large pages for kernel memory, and we don't have
4425 4364 * any non-LITE debugging flags set, we want to allocate oversized
4426 4365 * buffers from large pages, and so skip the firewalling.
4427 4366 */
4428 4367 if (use_large_pages &&
4429 4368 ((kmem_flags & KMF_LITE) || !(kmem_flags & KMF_DEBUG))) {
4430 4369 kmem_oversize_arena = vmem_xcreate("kmem_oversize", NULL, 0,
4431 4370 PAGESIZE, segkmem_alloc_lp, segkmem_free_lp, heap_arena,
4432 4371 0, VMC_DUMPSAFE | VM_SLEEP);
4433 4372 } else {
4434 4373 kmem_oversize_arena = vmem_create("kmem_oversize",
4435 4374 NULL, 0, PAGESIZE,
4436 4375 segkmem_alloc, segkmem_free, kmem_minfirewall < ULONG_MAX?
4437 4376 kmem_firewall_va_arena : heap_arena, 0, VMC_DUMPSAFE |
4438 4377 VM_SLEEP);
4439 4378 }
4440 4379
4441 4380 kmem_cache_init(2, use_large_pages);
4442 4381
4443 4382 if (kmem_flags & (KMF_AUDIT | KMF_RANDOMIZE)) {
4444 4383 if (kmem_transaction_log_size == 0)
4445 4384 kmem_transaction_log_size = kmem_maxavail() / 50;
4446 4385 kmem_transaction_log = kmem_log_init(kmem_transaction_log_size);
4447 4386 }
4448 4387
4449 4388 if (kmem_flags & (KMF_CONTENTS | KMF_RANDOMIZE)) {
4450 4389 if (kmem_content_log_size == 0)
4451 4390 kmem_content_log_size = kmem_maxavail() / 50;
4452 4391 kmem_content_log = kmem_log_init(kmem_content_log_size);
4453 4392 }
4454 4393
4455 4394 kmem_failure_log = kmem_log_init(kmem_failure_log_size);
4456 4395
4457 4396 kmem_slab_log = kmem_log_init(kmem_slab_log_size);
4458 4397
4459 4398 /*
4460 4399 * Initialize STREAMS message caches so allocb() is available.
4461 4400 * This allows us to initialize the logging framework (cmn_err(9F),
4462 4401 * strlog(9F), etc) so we can start recording messages.
4463 4402 */
4464 4403 streams_msg_init();
4465 4404
4466 4405 /*
4467 4406 * Initialize the ZSD framework in Zones so modules loaded henceforth
4468 4407 * can register their callbacks.
4469 4408 */
4470 4409 zone_zsd_init();
4471 4410
4472 4411 log_init();
4473 4412 taskq_init();
4474 4413
4475 4414 /*
4476 4415 * Warn about invalid or dangerous values of kmem_flags.
4477 4416 * Always warn about unsupported values.
4478 4417 */
4479 4418 if (((kmem_flags & ~(KMF_AUDIT | KMF_DEADBEEF | KMF_REDZONE |
4480 4419 KMF_CONTENTS | KMF_LITE)) != 0) ||
4481 4420 ((kmem_flags & KMF_LITE) && kmem_flags != KMF_LITE))
4482 4421 cmn_err(CE_WARN, "kmem_flags set to unsupported value 0x%x. "
4483 4422 "See the Solaris Tunable Parameters Reference Manual.",
4484 4423 kmem_flags);
4485 4424
4486 4425 #ifdef DEBUG
4487 4426 if ((kmem_flags & KMF_DEBUG) == 0)
4488 4427 cmn_err(CE_NOTE, "kmem debugging disabled.");
4489 4428 #else
4490 4429 /*
4491 4430 * For non-debug kernels, the only "normal" flags are 0, KMF_LITE,
4492 4431 * KMF_REDZONE, and KMF_CONTENTS (the last because it is only enabled
4493 4432 * if KMF_AUDIT is set). We should warn the user about the performance
4494 4433 * penalty of KMF_AUDIT or KMF_DEADBEEF if they are set and KMF_LITE
4495 4434 * isn't set (since that disables AUDIT).
4496 4435 */
4497 4436 if (!(kmem_flags & KMF_LITE) &&
4498 4437 (kmem_flags & (KMF_AUDIT | KMF_DEADBEEF)) != 0)
4499 4438 cmn_err(CE_WARN, "High-overhead kmem debugging features "
4500 4439 "enabled (kmem_flags = 0x%x). Performance degradation "
4501 4440 "and large memory overhead possible. See the Solaris "
4502 4441 "Tunable Parameters Reference Manual.", kmem_flags);
4503 4442 #endif /* not DEBUG */
4504 4443
4505 4444 kmem_cache_applyall(kmem_cache_magazine_enable, NULL, TQ_SLEEP);
4506 4445
4507 4446 kmem_ready = 1;
4508 4447
4509 4448 /*
4510 4449 * Initialize the platform-specific aligned/DMA memory allocator.
4511 4450 */
4512 4451 ka_init();
4513 4452
4514 4453 /*
4515 4454 * Initialize 32-bit ID cache.
4516 4455 */
4517 4456 id32_init();
4518 4457
4519 4458 /*
4520 4459 * Initialize the networking stack so modules loaded can
4521 4460 * register their callbacks.
4522 4461 */
4523 4462 netstack_init();
4524 4463 }
4525 4464
4526 4465 static void
4527 4466 kmem_move_init(void)
4528 4467 {
4529 4468 kmem_defrag_cache = kmem_cache_create("kmem_defrag_cache",
4530 4469 sizeof (kmem_defrag_t), 0, NULL, NULL, NULL, NULL,
4531 4470 kmem_msb_arena, KMC_NOHASH);
4532 4471 kmem_move_cache = kmem_cache_create("kmem_move_cache",
4533 4472 sizeof (kmem_move_t), 0, NULL, NULL, NULL, NULL,
4534 4473 kmem_msb_arena, KMC_NOHASH);
4535 4474
4536 4475 /*
4537 4476 * kmem guarantees that move callbacks are sequential and that even
4538 4477 * across multiple caches no two moves ever execute simultaneously.
4539 4478 * Move callbacks are processed on a separate taskq so that client code
4540 4479 * does not interfere with internal maintenance tasks.
4541 4480 */
4542 4481 kmem_move_taskq = taskq_create_instance("kmem_move_taskq", 0, 1,
4543 4482 minclsyspri, 100, INT_MAX, TASKQ_PREPOPULATE);
4544 4483 }
4545 4484
4546 4485 void
4547 4486 kmem_thread_init(void)
4548 4487 {
4549 4488 kmem_move_init();
4550 4489 kmem_taskq = taskq_create_instance("kmem_taskq", 0, 1, minclsyspri,
4551 4490 300, INT_MAX, TASKQ_PREPOPULATE);
4552 4491 }
4553 4492
4554 4493 void
4555 4494 kmem_mp_init(void)
4556 4495 {
4557 4496 mutex_enter(&cpu_lock);
4558 4497 register_cpu_setup_func(kmem_cpu_setup, NULL);
4559 4498 mutex_exit(&cpu_lock);
4560 4499
4561 4500 kmem_update_timeout(NULL);
4562 4501
4563 4502 taskq_mp_init();
4564 4503 }
4565 4504
4566 4505 /*
4567 4506 * Return the slab of the allocated buffer, or NULL if the buffer is not
4568 4507 * allocated. This function may be called with a known slab address to determine
4569 4508 * whether or not the buffer is allocated, or with a NULL slab address to obtain
4570 4509 * an allocated buffer's slab.
4571 4510 */
4572 4511 static kmem_slab_t *
4573 4512 kmem_slab_allocated(kmem_cache_t *cp, kmem_slab_t *sp, void *buf)
4574 4513 {
4575 4514 kmem_bufctl_t *bcp, *bufbcp;
4576 4515
4577 4516 ASSERT(MUTEX_HELD(&cp->cache_lock));
4578 4517 ASSERT(sp == NULL || KMEM_SLAB_MEMBER(sp, buf));
4579 4518
4580 4519 if (cp->cache_flags & KMF_HASH) {
4581 4520 for (bcp = *KMEM_HASH(cp, buf);
4582 4521 (bcp != NULL) && (bcp->bc_addr != buf);
4583 4522 bcp = bcp->bc_next) {
4584 4523 continue;
4585 4524 }
4586 4525 ASSERT(sp != NULL && bcp != NULL ? sp == bcp->bc_slab : 1);
4587 4526 return (bcp == NULL ? NULL : bcp->bc_slab);
4588 4527 }
4589 4528
4590 4529 if (sp == NULL) {
4591 4530 sp = KMEM_SLAB(cp, buf);
4592 4531 }
4593 4532 bufbcp = KMEM_BUFCTL(cp, buf);
4594 4533 for (bcp = sp->slab_head;
4595 4534 (bcp != NULL) && (bcp != bufbcp);
4596 4535 bcp = bcp->bc_next) {
4597 4536 continue;
4598 4537 }
4599 4538 return (bcp == NULL ? sp : NULL);
4600 4539 }
4601 4540
4602 4541 static boolean_t
4603 4542 kmem_slab_is_reclaimable(kmem_cache_t *cp, kmem_slab_t *sp, int flags)
4604 4543 {
4605 4544 long refcnt = sp->slab_refcnt;
4606 4545
4607 4546 ASSERT(cp->cache_defrag != NULL);
4608 4547
4609 4548 /*
4610 4549 * For code coverage we want to be able to move an object within the
4611 4550 * same slab (the only partial slab) even if allocating the destination
4612 4551 * buffer resulted in a completely allocated slab.
4613 4552 */
4614 4553 if (flags & KMM_DEBUG) {
4615 4554 return ((flags & KMM_DESPERATE) ||
4616 4555 ((sp->slab_flags & KMEM_SLAB_NOMOVE) == 0));
4617 4556 }
4618 4557
4619 4558 /* If we're desperate, we don't care if the client said NO. */
4620 4559 if (flags & KMM_DESPERATE) {
4621 4560 return (refcnt < sp->slab_chunks); /* any partial */
4622 4561 }
4623 4562
4624 4563 if (sp->slab_flags & KMEM_SLAB_NOMOVE) {
4625 4564 return (B_FALSE);
4626 4565 }
4627 4566
4628 4567 if ((refcnt == 1) || kmem_move_any_partial) {
4629 4568 return (refcnt < sp->slab_chunks);
4630 4569 }
4631 4570
4632 4571 /*
4633 4572 * The reclaim threshold is adjusted at each kmem_cache_scan() so that
4634 4573 * slabs with a progressively higher percentage of used buffers can be
4635 4574 * reclaimed until the cache as a whole is no longer fragmented.
4636 4575 *
4637 4576 * sp->slab_refcnt kmd_reclaim_numer
4638 4577 * --------------- < ------------------
4639 4578 * sp->slab_chunks KMEM_VOID_FRACTION
4640 4579 */
4641 4580 return ((refcnt * KMEM_VOID_FRACTION) <
4642 4581 (sp->slab_chunks * cp->cache_defrag->kmd_reclaim_numer));
4643 4582 }
4644 4583
4645 4584 /*
4646 4585 * May be called from the kmem_move_taskq, from kmem_cache_move_notify_task(),
4647 4586 * or when the buffer is freed.
4648 4587 */
4649 4588 static void
4650 4589 kmem_slab_move_yes(kmem_cache_t *cp, kmem_slab_t *sp, void *from_buf)
4651 4590 {
4652 4591 ASSERT(MUTEX_HELD(&cp->cache_lock));
4653 4592 ASSERT(KMEM_SLAB_MEMBER(sp, from_buf));
4654 4593
4655 4594 if (!KMEM_SLAB_IS_PARTIAL(sp)) {
4656 4595 return;
4657 4596 }
4658 4597
4659 4598 if (sp->slab_flags & KMEM_SLAB_NOMOVE) {
4660 4599 if (KMEM_SLAB_OFFSET(sp, from_buf) == sp->slab_stuck_offset) {
4661 4600 avl_remove(&cp->cache_partial_slabs, sp);
4662 4601 sp->slab_flags &= ~KMEM_SLAB_NOMOVE;
4663 4602 sp->slab_stuck_offset = (uint32_t)-1;
4664 4603 avl_add(&cp->cache_partial_slabs, sp);
4665 4604 }
4666 4605 } else {
4667 4606 sp->slab_later_count = 0;
4668 4607 sp->slab_stuck_offset = (uint32_t)-1;
4669 4608 }
4670 4609 }
4671 4610
4672 4611 static void
4673 4612 kmem_slab_move_no(kmem_cache_t *cp, kmem_slab_t *sp, void *from_buf)
4674 4613 {
4675 4614 ASSERT(taskq_member(kmem_move_taskq, curthread));
4676 4615 ASSERT(MUTEX_HELD(&cp->cache_lock));
4677 4616 ASSERT(KMEM_SLAB_MEMBER(sp, from_buf));
4678 4617
4679 4618 if (!KMEM_SLAB_IS_PARTIAL(sp)) {
4680 4619 return;
4681 4620 }
4682 4621
4683 4622 avl_remove(&cp->cache_partial_slabs, sp);
4684 4623 sp->slab_later_count = 0;
4685 4624 sp->slab_flags |= KMEM_SLAB_NOMOVE;
4686 4625 sp->slab_stuck_offset = KMEM_SLAB_OFFSET(sp, from_buf);
4687 4626 avl_add(&cp->cache_partial_slabs, sp);
4688 4627 }
4689 4628
4690 4629 static void kmem_move_end(kmem_cache_t *, kmem_move_t *);
4691 4630
4692 4631 /*
4693 4632 * The move callback takes two buffer addresses, the buffer to be moved, and a
4694 4633 * newly allocated and constructed buffer selected by kmem as the destination.
4695 4634 * It also takes the size of the buffer and an optional user argument specified
4696 4635 * at cache creation time. kmem guarantees that the buffer to be moved has not
4697 4636 * been unmapped by the virtual memory subsystem. Beyond that, it cannot
4698 4637 * guarantee the present whereabouts of the buffer to be moved, so it is up to
4699 4638 * the client to safely determine whether or not it is still using the buffer.
4700 4639 * The client must not free either of the buffers passed to the move callback,
4701 4640 * since kmem wants to free them directly to the slab layer. The client response
4702 4641 * tells kmem which of the two buffers to free:
4703 4642 *
4704 4643 * YES kmem frees the old buffer (the move was successful)
4705 4644 * NO kmem frees the new buffer, marks the slab of the old buffer
4706 4645 * non-reclaimable to avoid bothering the client again
4707 4646 * LATER kmem frees the new buffer, increments slab_later_count
4708 4647 * DONT_KNOW kmem frees the new buffer
4709 4648 * DONT_NEED kmem frees both the old buffer and the new buffer
4710 4649 *
4711 4650 * The pending callback argument now being processed contains both of the
4712 4651 * buffers (old and new) passed to the move callback function, the slab of the
4713 4652 * old buffer, and flags related to the move request, such as whether or not the
4714 4653 * system was desperate for memory.
4715 4654 *
4716 4655 * Slabs are not freed while there is a pending callback, but instead are kept
4717 4656 * on a deadlist, which is drained after the last callback completes. This means
4718 4657 * that slabs are safe to access until kmem_move_end(), no matter how many of
4719 4658 * their buffers have been freed. Once slab_refcnt reaches zero, it stays at
4720 4659 * zero for as long as the slab remains on the deadlist and until the slab is
4721 4660 * freed.
4722 4661 */
4723 4662 static void
4724 4663 kmem_move_buffer(kmem_move_t *callback)
4725 4664 {
4726 4665 kmem_cbrc_t response;
4727 4666 kmem_slab_t *sp = callback->kmm_from_slab;
4728 4667 kmem_cache_t *cp = sp->slab_cache;
4729 4668 boolean_t free_on_slab;
4730 4669
4731 4670 ASSERT(taskq_member(kmem_move_taskq, curthread));
4732 4671 ASSERT(MUTEX_NOT_HELD(&cp->cache_lock));
4733 4672 ASSERT(KMEM_SLAB_MEMBER(sp, callback->kmm_from_buf));
4734 4673
4735 4674 /*
4736 4675 * The number of allocated buffers on the slab may have changed since we
4737 4676 * last checked the slab's reclaimability (when the pending move was
4738 4677 * enqueued), or the client may have responded NO when asked to move
4739 4678 * another buffer on the same slab.
4740 4679 */
4741 4680 if (!kmem_slab_is_reclaimable(cp, sp, callback->kmm_flags)) {
4742 4681 kmem_slab_free(cp, callback->kmm_to_buf);
4743 4682 kmem_move_end(cp, callback);
4744 4683 return;
4745 4684 }
4746 4685
4747 4686 /*
4748 4687 * Checking the slab layer is easy, so we might as well do that here
4749 4688 * in case we can avoid bothering the client.
4750 4689 */
4751 4690 mutex_enter(&cp->cache_lock);
4752 4691 free_on_slab = (kmem_slab_allocated(cp, sp,
4753 4692 callback->kmm_from_buf) == NULL);
4754 4693 mutex_exit(&cp->cache_lock);
4755 4694
4756 4695 if (free_on_slab) {
4757 4696 kmem_slab_free(cp, callback->kmm_to_buf);
4758 4697 kmem_move_end(cp, callback);
4759 4698 return;
4760 4699 }
4761 4700
4762 4701 if (cp->cache_flags & KMF_BUFTAG) {
4763 4702 /*
4764 4703 * Make kmem_cache_alloc_debug() apply the constructor for us.
4765 4704 */
4766 4705 if (kmem_cache_alloc_debug(cp, callback->kmm_to_buf,
4767 4706 KM_NOSLEEP, 1, caller()) != 0) {
4768 4707 kmem_move_end(cp, callback);
4769 4708 return;
4770 4709 }
4771 4710 } else if (cp->cache_constructor != NULL &&
4772 4711 cp->cache_constructor(callback->kmm_to_buf, cp->cache_private,
4773 4712 KM_NOSLEEP) != 0) {
4774 4713 atomic_inc_64(&cp->cache_alloc_fail);
4775 4714 kmem_slab_free(cp, callback->kmm_to_buf);
4776 4715 kmem_move_end(cp, callback);
4777 4716 return;
4778 4717 }
4779 4718
4780 4719 cp->cache_defrag->kmd_callbacks++;
4781 4720 cp->cache_defrag->kmd_thread = curthread;
4782 4721 cp->cache_defrag->kmd_from_buf = callback->kmm_from_buf;
4783 4722 cp->cache_defrag->kmd_to_buf = callback->kmm_to_buf;
4784 4723 DTRACE_PROBE2(kmem__move__start, kmem_cache_t *, cp, kmem_move_t *,
4785 4724 callback);
4786 4725
4787 4726 response = cp->cache_move(callback->kmm_from_buf,
4788 4727 callback->kmm_to_buf, cp->cache_bufsize, cp->cache_private);
4789 4728
4790 4729 DTRACE_PROBE3(kmem__move__end, kmem_cache_t *, cp, kmem_move_t *,
4791 4730 callback, kmem_cbrc_t, response);
4792 4731 cp->cache_defrag->kmd_thread = NULL;
4793 4732 cp->cache_defrag->kmd_from_buf = NULL;
4794 4733 cp->cache_defrag->kmd_to_buf = NULL;
4795 4734
4796 4735 if (response == KMEM_CBRC_YES) {
4797 4736 cp->cache_defrag->kmd_yes++;
4798 4737 kmem_slab_free_constructed(cp, callback->kmm_from_buf, B_FALSE);
4799 4738 /* slab safe to access until kmem_move_end() */
4800 4739 if (sp->slab_refcnt == 0)
4801 4740 cp->cache_defrag->kmd_slabs_freed++;
4802 4741 mutex_enter(&cp->cache_lock);
4803 4742 kmem_slab_move_yes(cp, sp, callback->kmm_from_buf);
4804 4743 mutex_exit(&cp->cache_lock);
4805 4744 kmem_move_end(cp, callback);
4806 4745 return;
4807 4746 }
4808 4747
4809 4748 switch (response) {
4810 4749 case KMEM_CBRC_NO:
4811 4750 cp->cache_defrag->kmd_no++;
4812 4751 mutex_enter(&cp->cache_lock);
4813 4752 kmem_slab_move_no(cp, sp, callback->kmm_from_buf);
4814 4753 mutex_exit(&cp->cache_lock);
4815 4754 break;
4816 4755 case KMEM_CBRC_LATER:
4817 4756 cp->cache_defrag->kmd_later++;
4818 4757 mutex_enter(&cp->cache_lock);
4819 4758 if (!KMEM_SLAB_IS_PARTIAL(sp)) {
4820 4759 mutex_exit(&cp->cache_lock);
4821 4760 break;
4822 4761 }
4823 4762
4824 4763 if (++sp->slab_later_count >= KMEM_DISBELIEF) {
4825 4764 kmem_slab_move_no(cp, sp, callback->kmm_from_buf);
4826 4765 } else if (!(sp->slab_flags & KMEM_SLAB_NOMOVE)) {
4827 4766 sp->slab_stuck_offset = KMEM_SLAB_OFFSET(sp,
4828 4767 callback->kmm_from_buf);
4829 4768 }
4830 4769 mutex_exit(&cp->cache_lock);
4831 4770 break;
4832 4771 case KMEM_CBRC_DONT_NEED:
4833 4772 cp->cache_defrag->kmd_dont_need++;
4834 4773 kmem_slab_free_constructed(cp, callback->kmm_from_buf, B_FALSE);
4835 4774 if (sp->slab_refcnt == 0)
4836 4775 cp->cache_defrag->kmd_slabs_freed++;
4837 4776 mutex_enter(&cp->cache_lock);
4838 4777 kmem_slab_move_yes(cp, sp, callback->kmm_from_buf);
4839 4778 mutex_exit(&cp->cache_lock);
4840 4779 break;
4841 4780 case KMEM_CBRC_DONT_KNOW:
4842 4781 /*
4843 4782 * If we don't know if we can move this buffer or not, we'll
4844 4783 * just assume that we can't: if the buffer is in fact free,
4845 4784 * then it is sitting in one of the per-CPU magazines or in
4846 4785 * a full magazine in the depot layer. Either way, because
4847 4786 * defrag is induced in the same logic that reaps a cache,
4848 4787 * it's likely that full magazines will be returned to the
4849 4788 * system soon (thereby accomplishing what we're trying to
4850 4789 * accomplish here: return those magazines to their slabs).
4851 4790 * Given this, any work that we might do now to locate a buffer
4852 4791 * in a magazine is wasted (and expensive!) work; we bump
4853 4792 * a counter in this case and otherwise assume that we can't
4854 4793 * move it.
4855 4794 */
4856 4795 cp->cache_defrag->kmd_dont_know++;
4857 4796 break;
4858 4797 default:
4859 4798 panic("'%s' (%p) unexpected move callback response %d\n",
4860 4799 cp->cache_name, (void *)cp, response);
4861 4800 }
4862 4801
4863 4802 kmem_slab_free_constructed(cp, callback->kmm_to_buf, B_FALSE);
4864 4803 kmem_move_end(cp, callback);
4865 4804 }
4866 4805
4867 4806 /* Return B_FALSE if there is insufficient memory for the move request. */
4868 4807 static boolean_t
4869 4808 kmem_move_begin(kmem_cache_t *cp, kmem_slab_t *sp, void *buf, int flags)
4870 4809 {
4871 4810 void *to_buf;
4872 4811 avl_index_t index;
4873 4812 kmem_move_t *callback, *pending;
4874 4813 ulong_t n;
4875 4814
4876 4815 ASSERT(taskq_member(kmem_taskq, curthread));
4877 4816 ASSERT(MUTEX_NOT_HELD(&cp->cache_lock));
4878 4817 ASSERT(sp->slab_flags & KMEM_SLAB_MOVE_PENDING);
4879 4818
4880 4819 callback = kmem_cache_alloc(kmem_move_cache, KM_NOSLEEP);
4881 4820
4882 4821 if (callback == NULL)
4883 4822 return (B_FALSE);
4884 4823
4885 4824 callback->kmm_from_slab = sp;
4886 4825 callback->kmm_from_buf = buf;
4887 4826 callback->kmm_flags = flags;
4888 4827
4889 4828 mutex_enter(&cp->cache_lock);
4890 4829
4891 4830 n = avl_numnodes(&cp->cache_partial_slabs);
4892 4831 if ((n == 0) || ((n == 1) && !(flags & KMM_DEBUG))) {
4893 4832 mutex_exit(&cp->cache_lock);
4894 4833 kmem_cache_free(kmem_move_cache, callback);
4895 4834 return (B_TRUE); /* there is no need for the move request */
4896 4835 }
4897 4836
4898 4837 pending = avl_find(&cp->cache_defrag->kmd_moves_pending, buf, &index);
4899 4838 if (pending != NULL) {
4900 4839 /*
4901 4840 * If the move is already pending and we're desperate now,
4902 4841 * update the move flags.
4903 4842 */
4904 4843 if (flags & KMM_DESPERATE) {
4905 4844 pending->kmm_flags |= KMM_DESPERATE;
4906 4845 }
4907 4846 mutex_exit(&cp->cache_lock);
4908 4847 kmem_cache_free(kmem_move_cache, callback);
4909 4848 return (B_TRUE);
4910 4849 }
4911 4850
4912 4851 to_buf = kmem_slab_alloc_impl(cp, avl_first(&cp->cache_partial_slabs),
4913 4852 B_FALSE);
4914 4853 callback->kmm_to_buf = to_buf;
4915 4854 avl_insert(&cp->cache_defrag->kmd_moves_pending, callback, index);
4916 4855
4917 4856 mutex_exit(&cp->cache_lock);
4918 4857
4919 4858 if (!taskq_dispatch(kmem_move_taskq, (task_func_t *)kmem_move_buffer,
4920 4859 callback, TQ_NOSLEEP)) {
4921 4860 mutex_enter(&cp->cache_lock);
4922 4861 avl_remove(&cp->cache_defrag->kmd_moves_pending, callback);
4923 4862 mutex_exit(&cp->cache_lock);
4924 4863 kmem_slab_free(cp, to_buf);
4925 4864 kmem_cache_free(kmem_move_cache, callback);
4926 4865 return (B_FALSE);
4927 4866 }
4928 4867
4929 4868 return (B_TRUE);
4930 4869 }
4931 4870
4932 4871 static void
4933 4872 kmem_move_end(kmem_cache_t *cp, kmem_move_t *callback)
4934 4873 {
4935 4874 avl_index_t index;
4936 4875
4937 4876 ASSERT(cp->cache_defrag != NULL);
4938 4877 ASSERT(taskq_member(kmem_move_taskq, curthread));
4939 4878 ASSERT(MUTEX_NOT_HELD(&cp->cache_lock));
4940 4879
4941 4880 mutex_enter(&cp->cache_lock);
4942 4881 VERIFY(avl_find(&cp->cache_defrag->kmd_moves_pending,
4943 4882 callback->kmm_from_buf, &index) != NULL);
4944 4883 avl_remove(&cp->cache_defrag->kmd_moves_pending, callback);
4945 4884 if (avl_is_empty(&cp->cache_defrag->kmd_moves_pending)) {
4946 4885 list_t *deadlist = &cp->cache_defrag->kmd_deadlist;
4947 4886 kmem_slab_t *sp;
4948 4887
4949 4888 /*
4950 4889 * The last pending move completed. Release all slabs from the
4951 4890 * front of the dead list except for any slab at the tail that
4952 4891 * needs to be released from the context of kmem_move_buffers().
4953 4892 * kmem deferred unmapping the buffers on these slabs in order
4954 4893 * to guarantee that buffers passed to the move callback have
4955 4894 * been touched only by kmem or by the client itself.
4956 4895 */
4957 4896 while ((sp = list_remove_head(deadlist)) != NULL) {
4958 4897 if (sp->slab_flags & KMEM_SLAB_MOVE_PENDING) {
4959 4898 list_insert_tail(deadlist, sp);
4960 4899 break;
4961 4900 }
4962 4901 cp->cache_defrag->kmd_deadcount--;
4963 4902 cp->cache_slab_destroy++;
4964 4903 mutex_exit(&cp->cache_lock);
4965 4904 kmem_slab_destroy(cp, sp);
4966 4905 mutex_enter(&cp->cache_lock);
4967 4906 }
4968 4907 }
4969 4908 mutex_exit(&cp->cache_lock);
4970 4909 kmem_cache_free(kmem_move_cache, callback);
4971 4910 }
4972 4911
4973 4912 /*
4974 4913 * Move buffers from least used slabs first by scanning backwards from the end
4975 4914 * of the partial slab list. Scan at most max_scan candidate slabs and move
4976 4915 * buffers from at most max_slabs slabs (0 for all partial slabs in both cases).
4977 4916 * If desperate to reclaim memory, move buffers from any partial slab, otherwise
4978 4917 * skip slabs with a ratio of allocated buffers at or above the current
4979 4918 * threshold. Return the number of unskipped slabs (at most max_slabs, -1 if the
4980 4919 * scan is aborted) so that the caller can adjust the reclaimability threshold
4981 4920 * depending on how many reclaimable slabs it finds.
4982 4921 *
4983 4922 * kmem_move_buffers() drops and reacquires cache_lock every time it issues a
4984 4923 * move request, since it is not valid for kmem_move_begin() to call
4985 4924 * kmem_cache_alloc() or taskq_dispatch() with cache_lock held.
4986 4925 */
4987 4926 static int
4988 4927 kmem_move_buffers(kmem_cache_t *cp, size_t max_scan, size_t max_slabs,
4989 4928 int flags)
4990 4929 {
4991 4930 kmem_slab_t *sp;
4992 4931 void *buf;
4993 4932 int i, j; /* slab index, buffer index */
4994 4933 int s; /* reclaimable slabs */
4995 4934 int b; /* allocated (movable) buffers on reclaimable slab */
4996 4935 boolean_t success;
4997 4936 int refcnt;
4998 4937 int nomove;
4999 4938
5000 4939 ASSERT(taskq_member(kmem_taskq, curthread));
5001 4940 ASSERT(MUTEX_HELD(&cp->cache_lock));
5002 4941 ASSERT(kmem_move_cache != NULL);
5003 4942 ASSERT(cp->cache_move != NULL && cp->cache_defrag != NULL);
5004 4943 ASSERT((flags & KMM_DEBUG) ? !avl_is_empty(&cp->cache_partial_slabs) :
5005 4944 avl_numnodes(&cp->cache_partial_slabs) > 1);
5006 4945
5007 4946 if (kmem_move_blocked) {
5008 4947 return (0);
5009 4948 }
5010 4949
5011 4950 if (kmem_move_fulltilt) {
5012 4951 flags |= KMM_DESPERATE;
5013 4952 }
5014 4953
5015 4954 if (max_scan == 0 || (flags & KMM_DESPERATE)) {
5016 4955 /*
5017 4956 * Scan as many slabs as needed to find the desired number of
5018 4957 * candidate slabs.
5019 4958 */
5020 4959 max_scan = (size_t)-1;
5021 4960 }
5022 4961
5023 4962 if (max_slabs == 0 || (flags & KMM_DESPERATE)) {
5024 4963 /* Find as many candidate slabs as possible. */
5025 4964 max_slabs = (size_t)-1;
5026 4965 }
5027 4966
5028 4967 sp = avl_last(&cp->cache_partial_slabs);
5029 4968 ASSERT(KMEM_SLAB_IS_PARTIAL(sp));
5030 4969 for (i = 0, s = 0; (i < max_scan) && (s < max_slabs) && (sp != NULL) &&
5031 4970 ((sp != avl_first(&cp->cache_partial_slabs)) ||
5032 4971 (flags & KMM_DEBUG));
5033 4972 sp = AVL_PREV(&cp->cache_partial_slabs, sp), i++) {
5034 4973
5035 4974 if (!kmem_slab_is_reclaimable(cp, sp, flags)) {
5036 4975 continue;
5037 4976 }
5038 4977 s++;
5039 4978
5040 4979 /* Look for allocated buffers to move. */
5041 4980 for (j = 0, b = 0, buf = sp->slab_base;
5042 4981 (j < sp->slab_chunks) && (b < sp->slab_refcnt);
5043 4982 buf = (((char *)buf) + cp->cache_chunksize), j++) {
5044 4983
5045 4984 if (kmem_slab_allocated(cp, sp, buf) == NULL) {
5046 4985 continue;
5047 4986 }
5048 4987
5049 4988 b++;
5050 4989
5051 4990 /*
5052 4991 * Prevent the slab from being destroyed while we drop
5053 4992 * cache_lock and while the pending move is not yet
5054 4993 * registered. Flag the pending move while
5055 4994 * kmd_moves_pending may still be empty, since we can't
5056 4995 * yet rely on a non-zero pending move count to prevent
5057 4996 * the slab from being destroyed.
5058 4997 */
5059 4998 ASSERT(!(sp->slab_flags & KMEM_SLAB_MOVE_PENDING));
5060 4999 sp->slab_flags |= KMEM_SLAB_MOVE_PENDING;
5061 5000 /*
5062 5001 * Recheck refcnt and nomove after reacquiring the lock,
5063 5002 * since these control the order of partial slabs, and
5064 5003 * we want to know if we can pick up the scan where we
5065 5004 * left off.
5066 5005 */
5067 5006 refcnt = sp->slab_refcnt;
5068 5007 nomove = (sp->slab_flags & KMEM_SLAB_NOMOVE);
5069 5008 mutex_exit(&cp->cache_lock);
5070 5009
5071 5010 success = kmem_move_begin(cp, sp, buf, flags);
5072 5011
5073 5012 /*
5074 5013 * Now, before the lock is reacquired, kmem could
5075 5014 * process all pending move requests and purge the
5076 5015 * deadlist, so that upon reacquiring the lock, sp has
5077 5016 * been remapped. Or, the client may free all the
5078 5017 * objects on the slab while the pending moves are still
5079 5018 * on the taskq. Therefore, the KMEM_SLAB_MOVE_PENDING
5080 5019 * flag causes the slab to be put at the end of the
5081 5020 * deadlist and prevents it from being destroyed, since
5082 5021 * we plan to destroy it here after reacquiring the
5083 5022 * lock.
5084 5023 */
5085 5024 mutex_enter(&cp->cache_lock);
5086 5025 ASSERT(sp->slab_flags & KMEM_SLAB_MOVE_PENDING);
5087 5026 sp->slab_flags &= ~KMEM_SLAB_MOVE_PENDING;
5088 5027
5089 5028 if (sp->slab_refcnt == 0) {
5090 5029 list_t *deadlist =
5091 5030 &cp->cache_defrag->kmd_deadlist;
5092 5031 list_remove(deadlist, sp);
5093 5032
5094 5033 if (!avl_is_empty(
5095 5034 &cp->cache_defrag->kmd_moves_pending)) {
5096 5035 /*
5097 5036 * A pending move makes it unsafe to
5098 5037 * destroy the slab, because even though
5099 5038 * the move is no longer needed, the
5100 5039 * context where that is determined
5101 5040 * requires the slab to exist.
5102 5041 * Fortunately, a pending move also
5103 5042 * means we don't need to destroy the
5104 5043 * slab here, since it will get
5105 5044 * destroyed along with any other slabs
5106 5045 * on the deadlist after the last
5107 5046 * pending move completes.
5108 5047 */
5109 5048 list_insert_head(deadlist, sp);
5110 5049 return (-1);
5111 5050 }
5112 5051
5113 5052 /*
5114 5053 * Destroy the slab now if it was completely
5115 5054 * freed while we dropped cache_lock and there
5116 5055 * are no pending moves. Since slab_refcnt
5117 5056 * cannot change once it reaches zero, no new
5118 5057 * pending moves from that slab are possible.
5119 5058 */
5120 5059 cp->cache_defrag->kmd_deadcount--;
5121 5060 cp->cache_slab_destroy++;
5122 5061 mutex_exit(&cp->cache_lock);
5123 5062 kmem_slab_destroy(cp, sp);
5124 5063 mutex_enter(&cp->cache_lock);
5125 5064 /*
5126 5065 * Since we can't pick up the scan where we left
5127 5066 * off, abort the scan and say nothing about the
5128 5067 * number of reclaimable slabs.
5129 5068 */
5130 5069 return (-1);
5131 5070 }
5132 5071
5133 5072 if (!success) {
5134 5073 /*
5135 5074 * Abort the scan if there is not enough memory
5136 5075 * for the request and say nothing about the
5137 5076 * number of reclaimable slabs.
5138 5077 */
5139 5078 return (-1);
5140 5079 }
5141 5080
5142 5081 /*
5143 5082 * The slab's position changed while the lock was
5144 5083 * dropped, so we don't know where we are in the
5145 5084 * sequence any more.
5146 5085 */
5147 5086 if (sp->slab_refcnt != refcnt) {
5148 5087 /*
5149 5088 * If this is a KMM_DEBUG move, the slab_refcnt
5150 5089 * may have changed because we allocated a
5151 5090 * destination buffer on the same slab. In that
5152 5091 * case, we're not interested in counting it.
5153 5092 */
5154 5093 return (-1);
5155 5094 }
5156 5095 if ((sp->slab_flags & KMEM_SLAB_NOMOVE) != nomove)
5157 5096 return (-1);
5158 5097
5159 5098 /*
5160 5099 * Generating a move request allocates a destination
5161 5100 * buffer from the slab layer, bumping the first partial
5162 5101 * slab if it is completely allocated. If the current
5163 5102 * slab becomes the first partial slab as a result, we
5164 5103 * can't continue to scan backwards.
5165 5104 *
5166 5105 * If this is a KMM_DEBUG move and we allocated the
5167 5106 * destination buffer from the last partial slab, then
5168 5107 * the buffer we're moving is on the same slab and our
5169 5108 * slab_refcnt has changed, causing us to return before
5170 5109 * reaching here if there are no partial slabs left.
5171 5110 */
5172 5111 ASSERT(!avl_is_empty(&cp->cache_partial_slabs));
5173 5112 if (sp == avl_first(&cp->cache_partial_slabs)) {
5174 5113 /*
5175 5114 * We're not interested in a second KMM_DEBUG
5176 5115 * move.
5177 5116 */
5178 5117 goto end_scan;
5179 5118 }
5180 5119 }
5181 5120 }
5182 5121 end_scan:
5183 5122
5184 5123 return (s);
5185 5124 }
5186 5125
5187 5126 typedef struct kmem_move_notify_args {
5188 5127 kmem_cache_t *kmna_cache;
5189 5128 void *kmna_buf;
5190 5129 } kmem_move_notify_args_t;
5191 5130
5192 5131 static void
5193 5132 kmem_cache_move_notify_task(void *arg)
5194 5133 {
5195 5134 kmem_move_notify_args_t *args = arg;
5196 5135 kmem_cache_t *cp = args->kmna_cache;
5197 5136 void *buf = args->kmna_buf;
5198 5137 kmem_slab_t *sp;
5199 5138
5200 5139 ASSERT(taskq_member(kmem_taskq, curthread));
5201 5140 ASSERT(list_link_active(&cp->cache_link));
5202 5141
5203 5142 kmem_free(args, sizeof (kmem_move_notify_args_t));
5204 5143 mutex_enter(&cp->cache_lock);
5205 5144 sp = kmem_slab_allocated(cp, NULL, buf);
5206 5145
5207 5146 /* Ignore the notification if the buffer is no longer allocated. */
5208 5147 if (sp == NULL) {
5209 5148 mutex_exit(&cp->cache_lock);
5210 5149 return;
5211 5150 }
5212 5151
5213 5152 /* Ignore the notification if there's no reason to move the buffer. */
5214 5153 if (avl_numnodes(&cp->cache_partial_slabs) > 1) {
5215 5154 /*
5216 5155 * So far the notification is not ignored. Ignore the
5217 5156 * notification if the slab is not marked by an earlier refusal
5218 5157 * to move a buffer.
5219 5158 */
5220 5159 if (!(sp->slab_flags & KMEM_SLAB_NOMOVE) &&
5221 5160 (sp->slab_later_count == 0)) {
5222 5161 mutex_exit(&cp->cache_lock);
5223 5162 return;
5224 5163 }
5225 5164
5226 5165 kmem_slab_move_yes(cp, sp, buf);
5227 5166 ASSERT(!(sp->slab_flags & KMEM_SLAB_MOVE_PENDING));
5228 5167 sp->slab_flags |= KMEM_SLAB_MOVE_PENDING;
5229 5168 mutex_exit(&cp->cache_lock);
5230 5169 /* see kmem_move_buffers() about dropping the lock */
5231 5170 (void) kmem_move_begin(cp, sp, buf, KMM_NOTIFY);
5232 5171 mutex_enter(&cp->cache_lock);
5233 5172 ASSERT(sp->slab_flags & KMEM_SLAB_MOVE_PENDING);
5234 5173 sp->slab_flags &= ~KMEM_SLAB_MOVE_PENDING;
5235 5174 if (sp->slab_refcnt == 0) {
5236 5175 list_t *deadlist = &cp->cache_defrag->kmd_deadlist;
5237 5176 list_remove(deadlist, sp);
5238 5177
5239 5178 if (!avl_is_empty(
5240 5179 &cp->cache_defrag->kmd_moves_pending)) {
5241 5180 list_insert_head(deadlist, sp);
5242 5181 mutex_exit(&cp->cache_lock);
5243 5182 return;
5244 5183 }
5245 5184
5246 5185 cp->cache_defrag->kmd_deadcount--;
5247 5186 cp->cache_slab_destroy++;
5248 5187 mutex_exit(&cp->cache_lock);
5249 5188 kmem_slab_destroy(cp, sp);
5250 5189 return;
5251 5190 }
5252 5191 } else {
5253 5192 kmem_slab_move_yes(cp, sp, buf);
5254 5193 }
5255 5194 mutex_exit(&cp->cache_lock);
5256 5195 }
5257 5196
5258 5197 void
5259 5198 kmem_cache_move_notify(kmem_cache_t *cp, void *buf)
5260 5199 {
5261 5200 kmem_move_notify_args_t *args;
5262 5201
5263 5202 args = kmem_alloc(sizeof (kmem_move_notify_args_t), KM_NOSLEEP);
5264 5203 if (args != NULL) {
5265 5204 args->kmna_cache = cp;
5266 5205 args->kmna_buf = buf;
5267 5206 if (!taskq_dispatch(kmem_taskq,
5268 5207 (task_func_t *)kmem_cache_move_notify_task, args,
5269 5208 TQ_NOSLEEP))
5270 5209 kmem_free(args, sizeof (kmem_move_notify_args_t));
5271 5210 }
5272 5211 }
5273 5212
5274 5213 static void
5275 5214 kmem_cache_defrag(kmem_cache_t *cp)
5276 5215 {
5277 5216 size_t n;
5278 5217
5279 5218 ASSERT(cp->cache_defrag != NULL);
5280 5219
5281 5220 mutex_enter(&cp->cache_lock);
5282 5221 n = avl_numnodes(&cp->cache_partial_slabs);
5283 5222 if (n > 1) {
5284 5223 /* kmem_move_buffers() drops and reacquires cache_lock */
5285 5224 cp->cache_defrag->kmd_defrags++;
5286 5225 (void) kmem_move_buffers(cp, n, 0, KMM_DESPERATE);
5287 5226 }
5288 5227 mutex_exit(&cp->cache_lock);
5289 5228 }
5290 5229
5291 5230 /* Is this cache above the fragmentation threshold? */
5292 5231 static boolean_t
5293 5232 kmem_cache_frag_threshold(kmem_cache_t *cp, uint64_t nfree)
5294 5233 {
5295 5234 /*
5296 5235 * nfree kmem_frag_numer
5297 5236 * ------------------ > ---------------
5298 5237 * cp->cache_buftotal kmem_frag_denom
5299 5238 */
5300 5239 return ((nfree * kmem_frag_denom) >
5301 5240 (cp->cache_buftotal * kmem_frag_numer));
5302 5241 }
5303 5242
5304 5243 static boolean_t
5305 5244 kmem_cache_is_fragmented(kmem_cache_t *cp, boolean_t *doreap)
5306 5245 {
5307 5246 boolean_t fragmented;
5308 5247 uint64_t nfree;
5309 5248
5310 5249 ASSERT(MUTEX_HELD(&cp->cache_lock));
5311 5250 *doreap = B_FALSE;
5312 5251
5313 5252 if (kmem_move_fulltilt) {
5314 5253 if (avl_numnodes(&cp->cache_partial_slabs) > 1) {
5315 5254 return (B_TRUE);
5316 5255 }
5317 5256 } else {
5318 5257 if ((cp->cache_complete_slab_count + avl_numnodes(
5319 5258 &cp->cache_partial_slabs)) < kmem_frag_minslabs) {
5320 5259 return (B_FALSE);
5321 5260 }
5322 5261 }
5323 5262
5324 5263 nfree = cp->cache_bufslab;
5325 5264 fragmented = ((avl_numnodes(&cp->cache_partial_slabs) > 1) &&
5326 5265 kmem_cache_frag_threshold(cp, nfree));
5327 5266
5328 5267 /*
5329 5268 * Free buffers in the magazine layer appear allocated from the point of
5330 5269 * view of the slab layer. We want to know if the slab layer would
5331 5270 * appear fragmented if we included free buffers from magazines that
5332 5271 * have fallen out of the working set.
5333 5272 */
5334 5273 if (!fragmented) {
5335 5274 long reap;
5336 5275
5337 5276 mutex_enter(&cp->cache_depot_lock);
5338 5277 reap = MIN(cp->cache_full.ml_reaplimit, cp->cache_full.ml_min);
5339 5278 reap = MIN(reap, cp->cache_full.ml_total);
5340 5279 mutex_exit(&cp->cache_depot_lock);
5341 5280
5342 5281 nfree += ((uint64_t)reap * cp->cache_magtype->mt_magsize);
5343 5282 if (kmem_cache_frag_threshold(cp, nfree)) {
5344 5283 *doreap = B_TRUE;
5345 5284 }
5346 5285 }
5347 5286
5348 5287 return (fragmented);
5349 5288 }
5350 5289
5351 5290 /* Called periodically from kmem_taskq */
5352 5291 static void
5353 5292 kmem_cache_scan(kmem_cache_t *cp)
5354 5293 {
5355 5294 boolean_t reap = B_FALSE;
5356 5295 kmem_defrag_t *kmd;
5357 5296
5358 5297 ASSERT(taskq_member(kmem_taskq, curthread));
5359 5298
5360 5299 mutex_enter(&cp->cache_lock);
5361 5300
5362 5301 kmd = cp->cache_defrag;
5363 5302 if (kmd->kmd_consolidate > 0) {
5364 5303 kmd->kmd_consolidate--;
5365 5304 mutex_exit(&cp->cache_lock);
5366 5305 kmem_cache_reap(cp);
5367 5306 return;
5368 5307 }
5369 5308
5370 5309 if (kmem_cache_is_fragmented(cp, &reap)) {
5371 5310 size_t slabs_found;
5372 5311
5373 5312 /*
5374 5313 * Consolidate reclaimable slabs from the end of the partial
5375 5314 * slab list (scan at most kmem_reclaim_scan_range slabs to find
5376 5315 * reclaimable slabs). Keep track of how many candidate slabs we
5377 5316 * looked for and how many we actually found so we can adjust
5378 5317 * the definition of a candidate slab if we're having trouble
5379 5318 * finding them.
5380 5319 *
5381 5320 * kmem_move_buffers() drops and reacquires cache_lock.
5382 5321 */
5383 5322 kmd->kmd_scans++;
5384 5323 slabs_found = kmem_move_buffers(cp, kmem_reclaim_scan_range,
5385 5324 kmem_reclaim_max_slabs, 0);
5386 5325 if (slabs_found >= 0) {
5387 5326 kmd->kmd_slabs_sought += kmem_reclaim_max_slabs;
5388 5327 kmd->kmd_slabs_found += slabs_found;
5389 5328 }
5390 5329
5391 5330 if (++kmd->kmd_tries >= kmem_reclaim_scan_range) {
5392 5331 kmd->kmd_tries = 0;
5393 5332
5394 5333 /*
5395 5334 * If we had difficulty finding candidate slabs in
5396 5335 * previous scans, adjust the threshold so that
5397 5336 * candidates are easier to find.
5398 5337 */
5399 5338 if (kmd->kmd_slabs_found == kmd->kmd_slabs_sought) {
5400 5339 kmem_adjust_reclaim_threshold(kmd, -1);
5401 5340 } else if ((kmd->kmd_slabs_found * 2) <
5402 5341 kmd->kmd_slabs_sought) {
5403 5342 kmem_adjust_reclaim_threshold(kmd, 1);
5404 5343 }
5405 5344 kmd->kmd_slabs_sought = 0;
5406 5345 kmd->kmd_slabs_found = 0;
5407 5346 }
5408 5347 } else {
5409 5348 kmem_reset_reclaim_threshold(cp->cache_defrag);
5410 5349 #ifdef DEBUG
5411 5350 if (!avl_is_empty(&cp->cache_partial_slabs)) {
5412 5351 /*
5413 5352 * In a debug kernel we want the consolidator to
5414 5353 * run occasionally even when there is plenty of
5415 5354 * memory.
5416 5355 */
5417 5356 uint16_t debug_rand;
5418 5357
5419 5358 (void) random_get_bytes((uint8_t *)&debug_rand, 2);
5420 5359 if (!kmem_move_noreap &&
5421 5360 ((debug_rand % kmem_mtb_reap) == 0)) {
5422 5361 mutex_exit(&cp->cache_lock);
5423 5362 kmem_cache_reap(cp);
5424 5363 return;
5425 5364 } else if ((debug_rand % kmem_mtb_move) == 0) {
5426 5365 kmd->kmd_scans++;
5427 5366 (void) kmem_move_buffers(cp,
5428 5367 kmem_reclaim_scan_range, 1, KMM_DEBUG);
5429 5368 }
5430 5369 }
5431 5370 #endif /* DEBUG */
5432 5371 }
5433 5372
5434 5373 mutex_exit(&cp->cache_lock);
5435 5374
5436 5375 if (reap)
5437 5376 kmem_depot_ws_reap(cp);
5438 5377 }
|
↓ open down ↓ |
2707 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX