]> git.saurik.com Git - apple/xnu.git/blob - osfmk/kern/kalloc.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-6153.61.1.tar.gz
[apple/xnu.git] / osfmk / kern / kalloc.c
1 /*
2 * Copyright (c) 2000-2011 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * @OSF_COPYRIGHT@
30 */
31 /*
32 * Mach Operating System
33 * Copyright (c) 1991,1990,1989,1988,1987 Carnegie Mellon University
34 * All Rights Reserved.
35 *
36 * Permission to use, copy, modify and distribute this software and its
37 * documentation is hereby granted, provided that both the copyright
38 * notice and this permission notice appear in all copies of the
39 * software, derivative works or modified versions, and any portions
40 * thereof, and that both notices appear in supporting documentation.
41 *
42 * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS"
43 * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR
44 * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE.
45 *
46 * Carnegie Mellon requests users of this software to return to
47 *
48 * Software Distribution Coordinator or Software.Distribution@CS.CMU.EDU
49 * School of Computer Science
50 * Carnegie Mellon University
51 * Pittsburgh PA 15213-3890
52 *
53 * any improvements or extensions that they make and grant Carnegie Mellon
54 * the rights to redistribute these changes.
55 */
56 /*
57 */
58 /*
59 * File: kern/kalloc.c
60 * Author: Avadis Tevanian, Jr.
61 * Date: 1985
62 *
63 * General kernel memory allocator. This allocator is designed
64 * to be used by the kernel to manage dynamic memory fast.
65 */
66
67 #include <zone_debug.h>
68
69 #include <mach/boolean.h>
70 #include <mach/sdt.h>
71 #include <mach/machine/vm_types.h>
72 #include <mach/vm_param.h>
73 #include <kern/misc_protos.h>
74 #include <kern/zalloc.h>
75 #include <kern/kalloc.h>
76 #include <kern/ledger.h>
77 #include <vm/vm_kern.h>
78 #include <vm/vm_object.h>
79 #include <vm/vm_map.h>
80 #include <libkern/OSMalloc.h>
81 #include <sys/kdebug.h>
82
83 #include <san/kasan.h>
84
85 #ifdef MACH_BSD
86 zone_t kalloc_zone(vm_size_t);
87 #endif
88
89 #define KALLOC_MAP_SIZE_MIN (16 * 1024 * 1024)
90 #define KALLOC_MAP_SIZE_MAX (128 * 1024 * 1024)
91 vm_map_t kalloc_map;
92 vm_size_t kalloc_max;
93 vm_size_t kalloc_max_prerounded;
94 vm_size_t kalloc_kernmap_size; /* size of kallocs that can come from kernel map */
95
96 /* how many times we couldn't allocate out of kalloc_map and fell back to kernel_map */
97 unsigned long kalloc_fallback_count;
98
99 uint_t kalloc_large_inuse;
100 vm_size_t kalloc_large_total;
101 vm_size_t kalloc_large_max;
102 vm_size_t kalloc_largest_allocated = 0;
103 uint64_t kalloc_large_sum;
104
105 int kalloc_fake_zone_index = -1; /* index of our fake zone in statistics arrays */
106
107 vm_offset_t kalloc_map_min;
108 vm_offset_t kalloc_map_max;
109
110 #ifdef MUTEX_ZONE
111 /*
112 * Diagnostic code to track mutexes separately rather than via the 2^ zones
113 */
114 zone_t lck_mtx_zone;
115 #endif
116
117 static void
118 KALLOC_ZINFO_SALLOC(vm_size_t bytes)
119 {
120 thread_t thr = current_thread();
121 ledger_debit(thr->t_ledger, task_ledgers.tkm_shared, bytes);
122 }
123
124 static void
125 KALLOC_ZINFO_SFREE(vm_size_t bytes)
126 {
127 thread_t thr = current_thread();
128 ledger_credit(thr->t_ledger, task_ledgers.tkm_shared, bytes);
129 }
130
131 /*
132 * All allocations of size less than kalloc_max are rounded to the next nearest
133 * sized zone. This allocator is built on top of the zone allocator. A zone
134 * is created for each potential size that we are willing to get in small
135 * blocks.
136 *
137 * We assume that kalloc_max is not greater than 64K;
138 *
139 * Note that kalloc_max is somewhat confusingly named. It represents the first
140 * power of two for which no zone exists. kalloc_max_prerounded is the
141 * smallest allocation size, before rounding, for which no zone exists.
142 *
143 * Also if the allocation size is more than kalloc_kernmap_size then allocate
144 * from kernel map rather than kalloc_map.
145 */
146
147 #define KALLOC_MINALIGN (1 << KALLOC_LOG2_MINALIGN)
148 #define KiB(x) (1024 * (x))
149
150 /*
151 * The k_zone_config table defines the configuration of zones on various platforms.
152 * The currently defined list of zones and their per-CPU caching behavior are as
153 * follows (X:zone not present; N:zone present no cpu-caching; Y:zone present with cpu-caching):
154 *
155 * Size macOS(64-bit) embedded(32-bit) embedded(64-bit)
156 *-------- ---------------- ---------------- ----------------
157 *
158 * 8 X Y X
159 * 16 Y Y Y
160 * 24 X Y X
161 * 32 Y Y Y
162 * 40 X Y X
163 * 48 Y Y Y
164 * 64 Y Y Y
165 * 72 X Y X
166 * 80 Y X Y
167 * 88 X Y X
168 * 96 Y X Y
169 * 112 X Y X
170 * 128 Y Y Y
171 * 160 Y X Y
172 * 192 Y Y Y
173 * 224 Y X Y
174 * 256 Y Y Y
175 * 288 Y Y Y
176 * 368 Y X Y
177 * 384 X Y X
178 * 400 Y X Y
179 * 440 X Y X
180 * 512 Y Y Y
181 * 576 Y N N
182 * 768 Y N N
183 * 1024 Y Y Y
184 * 1152 N N N
185 * 1280 N N N
186 * 1536 X N X
187 * 1664 N X N
188 * 2048 Y N N
189 * 2128 X N X
190 * 3072 X N X
191 * 4096 Y N N
192 * 6144 N N N
193 * 8192 Y N N
194 * 12288 N X X
195 * 16384 N X N
196 * 32768 X X N
197 *
198 */
199 static const struct kalloc_zone_config {
200 bool kzc_caching;
201 int kzc_size;
202 const char *kzc_name;
203 } k_zone_config[] = {
204 #define KZC_ENTRY(SIZE, caching) { .kzc_caching = (caching), .kzc_size = (SIZE), .kzc_name = "kalloc." #SIZE }
205
206 #if CONFIG_EMBEDDED
207
208 #if KALLOC_MINSIZE == 16 && KALLOC_LOG2_MINALIGN == 4
209 /* Zone config for embedded 64-bit platforms */
210 KZC_ENTRY(16, true),
211 KZC_ENTRY(32, true),
212 KZC_ENTRY(48, true),
213 KZC_ENTRY(64, true),
214 KZC_ENTRY(80, true),
215 KZC_ENTRY(96, true),
216 KZC_ENTRY(128, true),
217 KZC_ENTRY(160, true),
218 KZC_ENTRY(192, true),
219 KZC_ENTRY(224, true),
220 KZC_ENTRY(256, true),
221 KZC_ENTRY(288, true),
222 KZC_ENTRY(368, true),
223 KZC_ENTRY(400, true),
224 KZC_ENTRY(512, true),
225 KZC_ENTRY(576, false),
226 KZC_ENTRY(768, false),
227 KZC_ENTRY(1024, true),
228 KZC_ENTRY(1152, false),
229 KZC_ENTRY(1280, false),
230 KZC_ENTRY(1664, false),
231 KZC_ENTRY(2048, false),
232 KZC_ENTRY(4096, false),
233 KZC_ENTRY(6144, false),
234 KZC_ENTRY(8192, false),
235 KZC_ENTRY(16384, false),
236 KZC_ENTRY(32768, false),
237
238 #elif KALLOC_MINSIZE == 8 && KALLOC_LOG2_MINALIGN == 3
239 /* Zone config for embedded 32-bit platforms */
240 KZC_ENTRY(8, true),
241 KZC_ENTRY(16, true),
242 KZC_ENTRY(24, true),
243 KZC_ENTRY(32, true),
244 KZC_ENTRY(40, true),
245 KZC_ENTRY(48, true),
246 KZC_ENTRY(64, true),
247 KZC_ENTRY(72, true),
248 KZC_ENTRY(88, true),
249 KZC_ENTRY(112, true),
250 KZC_ENTRY(128, true),
251 KZC_ENTRY(192, true),
252 KZC_ENTRY(256, true),
253 KZC_ENTRY(288, true),
254 KZC_ENTRY(384, true),
255 KZC_ENTRY(440, true),
256 KZC_ENTRY(512, true),
257 KZC_ENTRY(576, false),
258 KZC_ENTRY(768, false),
259 KZC_ENTRY(1024, true),
260 KZC_ENTRY(1152, false),
261 KZC_ENTRY(1280, false),
262 KZC_ENTRY(1536, false),
263 KZC_ENTRY(2048, false),
264 KZC_ENTRY(2128, false),
265 KZC_ENTRY(3072, false),
266 KZC_ENTRY(4096, false),
267 KZC_ENTRY(6144, false),
268 KZC_ENTRY(8192, false),
269 /* To limit internal fragmentation, only add the following zones if the
270 * page size is greater than 4K.
271 * Note that we use ARM_PGBYTES here (instead of one of the VM macros)
272 * since it's guaranteed to be a compile time constant.
273 */
274 #if ARM_PGBYTES > 4096
275 KZC_ENTRY(16384, false),
276 KZC_ENTRY(32768, false),
277 #endif /* ARM_PGBYTES > 4096 */
278
279 #else
280 #error missing or invalid zone size parameters for kalloc
281 #endif
282
283 #else /* CONFIG_EMBEDDED */
284
285 /* Zone config for macOS 64-bit platforms */
286 KZC_ENTRY(16, true),
287 KZC_ENTRY(32, true),
288 KZC_ENTRY(48, true),
289 KZC_ENTRY(64, true),
290 KZC_ENTRY(80, true),
291 KZC_ENTRY(96, true),
292 KZC_ENTRY(128, true),
293 KZC_ENTRY(160, true),
294 KZC_ENTRY(192, true),
295 KZC_ENTRY(224, true),
296 KZC_ENTRY(256, true),
297 KZC_ENTRY(288, true),
298 KZC_ENTRY(368, true),
299 KZC_ENTRY(400, true),
300 KZC_ENTRY(512, true),
301 KZC_ENTRY(576, true),
302 KZC_ENTRY(768, true),
303 KZC_ENTRY(1024, true),
304 KZC_ENTRY(1152, false),
305 KZC_ENTRY(1280, false),
306 KZC_ENTRY(1664, false),
307 KZC_ENTRY(2048, true),
308 KZC_ENTRY(4096, true),
309 KZC_ENTRY(6144, false),
310 KZC_ENTRY(8192, true),
311 KZC_ENTRY(12288, false),
312 KZC_ENTRY(16384, false)
313
314 #endif /* CONFIG_EMBEDDED */
315
316 #undef KZC_ENTRY
317 };
318
319 #define MAX_K_ZONE (int)(sizeof(k_zone_config) / sizeof(k_zone_config[0]))
320
321 /*
322 * Many kalloc() allocations are for small structures containing a few
323 * pointers and longs - the k_zone_dlut[] direct lookup table, indexed by
324 * size normalized to the minimum alignment, finds the right zone index
325 * for them in one dereference.
326 */
327
328 #define INDEX_ZDLUT(size) \
329 (((size) + KALLOC_MINALIGN - 1) / KALLOC_MINALIGN)
330 #define N_K_ZDLUT (2048 / KALLOC_MINALIGN)
331 /* covers sizes [0 .. 2048 - KALLOC_MINALIGN] */
332 #define MAX_SIZE_ZDLUT ((N_K_ZDLUT - 1) * KALLOC_MINALIGN)
333
334 static int8_t k_zone_dlut[N_K_ZDLUT]; /* table of indices into k_zone[] */
335
336 /*
337 * If there's no hit in the DLUT, then start searching from k_zindex_start.
338 */
339 static int k_zindex_start;
340
341 static zone_t k_zone[MAX_K_ZONE];
342
343 /* #define KALLOC_DEBUG 1 */
344
345 /* forward declarations */
346
347 lck_grp_t kalloc_lck_grp;
348 lck_mtx_t kalloc_lock;
349
350 #define kalloc_spin_lock() lck_mtx_lock_spin(&kalloc_lock)
351 #define kalloc_unlock() lck_mtx_unlock(&kalloc_lock)
352
353
354 /* OSMalloc local data declarations */
355 static
356 queue_head_t OSMalloc_tag_list;
357
358 lck_grp_t *OSMalloc_tag_lck_grp;
359 lck_mtx_t OSMalloc_tag_lock;
360
361 #define OSMalloc_tag_spin_lock() lck_mtx_lock_spin(&OSMalloc_tag_lock)
362 #define OSMalloc_tag_unlock() lck_mtx_unlock(&OSMalloc_tag_lock)
363
364
365 /* OSMalloc forward declarations */
366 void OSMalloc_init(void);
367 void OSMalloc_Tagref(OSMallocTag tag);
368 void OSMalloc_Tagrele(OSMallocTag tag);
369
370 /*
371 * Initialize the memory allocator. This should be called only
372 * once on a system wide basis (i.e. first processor to get here
373 * does the initialization).
374 *
375 * This initializes all of the zones.
376 */
377
378 void
379 kalloc_init(
380 void)
381 {
382 kern_return_t retval;
383 vm_offset_t min;
384 vm_size_t size, kalloc_map_size;
385 vm_map_kernel_flags_t vmk_flags;
386
387 /*
388 * Scale the kalloc_map_size to physical memory size: stay below
389 * 1/8th the total zone map size, or 128 MB (for a 32-bit kernel).
390 */
391 kalloc_map_size = (vm_size_t)(sane_size >> 5);
392 #if !__LP64__
393 if (kalloc_map_size > KALLOC_MAP_SIZE_MAX) {
394 kalloc_map_size = KALLOC_MAP_SIZE_MAX;
395 }
396 #endif /* !__LP64__ */
397 if (kalloc_map_size < KALLOC_MAP_SIZE_MIN) {
398 kalloc_map_size = KALLOC_MAP_SIZE_MIN;
399 }
400
401 vmk_flags = VM_MAP_KERNEL_FLAGS_NONE;
402 vmk_flags.vmkf_permanent = TRUE;
403
404 retval = kmem_suballoc(kernel_map, &min, kalloc_map_size,
405 FALSE,
406 (VM_FLAGS_ANYWHERE),
407 vmk_flags,
408 VM_KERN_MEMORY_KALLOC,
409 &kalloc_map);
410
411 if (retval != KERN_SUCCESS) {
412 panic("kalloc_init: kmem_suballoc failed");
413 }
414
415 kalloc_map_min = min;
416 kalloc_map_max = min + kalloc_map_size - 1;
417
418 kalloc_max = (k_zone_config[MAX_K_ZONE - 1].kzc_size << 1);
419 if (kalloc_max < KiB(16)) {
420 kalloc_max = KiB(16);
421 }
422 assert(kalloc_max <= KiB(64)); /* assumption made in size arrays */
423
424 kalloc_max_prerounded = kalloc_max / 2 + 1;
425 /* allocations larger than 16 times kalloc_max go directly to kernel map */
426 kalloc_kernmap_size = (kalloc_max * 16) + 1;
427 kalloc_largest_allocated = kalloc_kernmap_size;
428
429 /*
430 * Allocate a zone for each size we are going to handle.
431 */
432 for (int i = 0; i < MAX_K_ZONE && (size = k_zone_config[i].kzc_size) < kalloc_max; i++) {
433 k_zone[i] = zinit(size, size, size, k_zone_config[i].kzc_name);
434
435 /*
436 * Don't charge the caller for the allocation, as we aren't sure how
437 * the memory will be handled.
438 */
439 zone_change(k_zone[i], Z_CALLERACCT, FALSE);
440 #if VM_MAX_TAG_ZONES
441 if (zone_tagging_on) {
442 zone_change(k_zone[i], Z_TAGS_ENABLED, TRUE);
443 }
444 #endif
445 zone_change(k_zone[i], Z_KASAN_QUARANTINE, FALSE);
446 if (k_zone_config[i].kzc_caching) {
447 zone_change(k_zone[i], Z_CACHING_ENABLED, TRUE);
448 }
449 }
450
451 /*
452 * Build the Direct LookUp Table for small allocations
453 */
454 size = 0;
455 for (int i = 0; i <= N_K_ZDLUT; i++, size += KALLOC_MINALIGN) {
456 int zindex = 0;
457
458 while ((vm_size_t)k_zone_config[zindex].kzc_size < size) {
459 zindex++;
460 }
461
462 if (i == N_K_ZDLUT) {
463 k_zindex_start = zindex;
464 break;
465 }
466 k_zone_dlut[i] = (int8_t)zindex;
467 }
468
469 #ifdef KALLOC_DEBUG
470 printf("kalloc_init: k_zindex_start %d\n", k_zindex_start);
471
472 /*
473 * Do a quick synthesis to see how well/badly we can
474 * find-a-zone for a given size.
475 * Useful when debugging/tweaking the array of zone sizes.
476 * Cache misses probably more critical than compare-branches!
477 */
478 for (int i = 0; i < MAX_K_ZONE; i++) {
479 vm_size_t testsize = (vm_size_t)k_zone_config[i].kzc_size - 1;
480 int compare = 0;
481 int zindex;
482
483 if (testsize < MAX_SIZE_ZDLUT) {
484 compare += 1; /* 'if' (T) */
485
486 long dindex = INDEX_ZDLUT(testsize);
487 zindex = (int)k_zone_dlut[dindex];
488 } else if (testsize < kalloc_max_prerounded) {
489 compare += 2; /* 'if' (F), 'if' (T) */
490
491 zindex = k_zindex_start;
492 while ((vm_size_t)k_zone_config[zindex].kzc_size < testsize) {
493 zindex++;
494 compare++; /* 'while' (T) */
495 }
496 compare++; /* 'while' (F) */
497 } else {
498 break; /* not zone-backed */
499 }
500 zone_t z = k_zone[zindex];
501 printf("kalloc_init: req size %4lu: %11s took %d compare%s\n",
502 (unsigned long)testsize, z->zone_name, compare,
503 compare == 1 ? "" : "s");
504 }
505 #endif
506
507 lck_grp_init(&kalloc_lck_grp, "kalloc.large", LCK_GRP_ATTR_NULL);
508 lck_mtx_init(&kalloc_lock, &kalloc_lck_grp, LCK_ATTR_NULL);
509 OSMalloc_init();
510 #ifdef MUTEX_ZONE
511 lck_mtx_zone = zinit(sizeof(struct _lck_mtx_), 1024 * 256, 4096, "lck_mtx");
512 #endif
513 }
514
515 /*
516 * Given an allocation size, return the kalloc zone it belongs to.
517 * Direct LookUp Table variant.
518 */
519 static __inline zone_t
520 get_zone_dlut(vm_size_t size)
521 {
522 long dindex = INDEX_ZDLUT(size);
523 int zindex = (int)k_zone_dlut[dindex];
524 return k_zone[zindex];
525 }
526
527 /* As above, but linear search k_zone_config[] for the next zone that fits. */
528
529 static __inline zone_t
530 get_zone_search(vm_size_t size, int zindex)
531 {
532 assert(size < kalloc_max_prerounded);
533
534 while ((vm_size_t)k_zone_config[zindex].kzc_size < size) {
535 zindex++;
536 }
537
538 assert(zindex < MAX_K_ZONE &&
539 (vm_size_t)k_zone_config[zindex].kzc_size < kalloc_max);
540
541 return k_zone[zindex];
542 }
543
544 static vm_size_t
545 vm_map_lookup_kalloc_entry_locked(
546 vm_map_t map,
547 void *addr)
548 {
549 boolean_t ret;
550 vm_map_entry_t vm_entry = NULL;
551
552 ret = vm_map_lookup_entry(map, (vm_map_offset_t)addr, &vm_entry);
553 if (!ret) {
554 panic("Attempting to lookup/free an address not allocated via kalloc! (vm_map_lookup_entry() failed map: %p, addr: %p)\n",
555 map, addr);
556 }
557 if (vm_entry->vme_start != (vm_map_offset_t)addr) {
558 panic("Attempting to lookup/free the middle of a kalloc'ed element! (map: %p, addr: %p, entry: %p)\n",
559 map, addr, vm_entry);
560 }
561 if (!vm_entry->vme_atomic) {
562 panic("Attempting to lookup/free an address not managed by kalloc! (map: %p, addr: %p, entry: %p)\n",
563 map, addr, vm_entry);
564 }
565 return vm_entry->vme_end - vm_entry->vme_start;
566 }
567
568 #if KASAN_KALLOC
569 /*
570 * KASAN kalloc stashes the original user-requested size away in the poisoned
571 * area. Return that directly.
572 */
573 vm_size_t
574 kalloc_size(void *addr)
575 {
576 (void)vm_map_lookup_kalloc_entry_locked; /* silence warning */
577 return kasan_user_size((vm_offset_t)addr);
578 }
579 #else
580 vm_size_t
581 kalloc_size(
582 void *addr)
583 {
584 vm_map_t map;
585 vm_size_t size;
586
587 size = zone_element_size(addr, NULL);
588 if (size) {
589 return size;
590 }
591 if (((vm_offset_t)addr >= kalloc_map_min) && ((vm_offset_t)addr < kalloc_map_max)) {
592 map = kalloc_map;
593 } else {
594 map = kernel_map;
595 }
596 vm_map_lock_read(map);
597 size = vm_map_lookup_kalloc_entry_locked(map, addr);
598 vm_map_unlock_read(map);
599 return size;
600 }
601 #endif
602
603 vm_size_t
604 kalloc_bucket_size(
605 vm_size_t size)
606 {
607 zone_t z;
608 vm_map_t map;
609
610 if (size < MAX_SIZE_ZDLUT) {
611 z = get_zone_dlut(size);
612 return z->elem_size;
613 }
614
615 if (size < kalloc_max_prerounded) {
616 z = get_zone_search(size, k_zindex_start);
617 return z->elem_size;
618 }
619
620 if (size >= kalloc_kernmap_size) {
621 map = kernel_map;
622 } else {
623 map = kalloc_map;
624 }
625
626 return vm_map_round_page(size, VM_MAP_PAGE_MASK(map));
627 }
628
629 #if KASAN_KALLOC
630 vm_size_t
631 (kfree_addr)(void *addr)
632 {
633 vm_size_t origsz = kalloc_size(addr);
634 kfree(addr, origsz);
635 return origsz;
636 }
637 #else
638 vm_size_t
639 (kfree_addr)(
640 void *addr)
641 {
642 vm_map_t map;
643 vm_size_t size = 0;
644 kern_return_t ret;
645 zone_t z;
646
647 size = zone_element_size(addr, &z);
648 if (size) {
649 DTRACE_VM3(kfree, vm_size_t, -1, vm_size_t, z->elem_size, void*, addr);
650 zfree(z, addr);
651 return size;
652 }
653
654 if (((vm_offset_t)addr >= kalloc_map_min) && ((vm_offset_t)addr < kalloc_map_max)) {
655 map = kalloc_map;
656 } else {
657 map = kernel_map;
658 }
659 if ((vm_offset_t)addr < VM_MIN_KERNEL_AND_KEXT_ADDRESS) {
660 panic("kfree on an address not in the kernel & kext address range! addr: %p\n", addr);
661 }
662
663 vm_map_lock(map);
664 size = vm_map_lookup_kalloc_entry_locked(map, addr);
665 ret = vm_map_remove_locked(map,
666 vm_map_trunc_page((vm_map_offset_t)addr,
667 VM_MAP_PAGE_MASK(map)),
668 vm_map_round_page((vm_map_offset_t)addr + size,
669 VM_MAP_PAGE_MASK(map)),
670 VM_MAP_REMOVE_KUNWIRE);
671 if (ret != KERN_SUCCESS) {
672 panic("vm_map_remove_locked() failed for kalloc vm_entry! addr: %p, map: %p ret: %d\n",
673 addr, map, ret);
674 }
675 vm_map_unlock(map);
676 DTRACE_VM3(kfree, vm_size_t, -1, vm_size_t, size, void*, addr);
677
678 kalloc_spin_lock();
679 assert(kalloc_large_total >= size);
680 kalloc_large_total -= size;
681 kalloc_large_inuse--;
682 kalloc_unlock();
683
684 KALLOC_ZINFO_SFREE(size);
685 return size;
686 }
687 #endif
688
689 void *
690 kalloc_canblock(
691 vm_size_t *psize,
692 boolean_t canblock,
693 vm_allocation_site_t *site)
694 {
695 zone_t z;
696 vm_size_t size;
697 void *addr;
698 vm_tag_t tag;
699
700 tag = VM_KERN_MEMORY_KALLOC;
701 size = *psize;
702
703 #if KASAN_KALLOC
704 /* expand the allocation to accomodate redzones */
705 vm_size_t req_size = size;
706 size = kasan_alloc_resize(req_size);
707 #endif
708
709 if (size < MAX_SIZE_ZDLUT) {
710 z = get_zone_dlut(size);
711 } else if (size < kalloc_max_prerounded) {
712 z = get_zone_search(size, k_zindex_start);
713 } else {
714 /*
715 * If size is too large for a zone, then use kmem_alloc.
716 * (We use kmem_alloc instead of kmem_alloc_kobject so that
717 * krealloc can use kmem_realloc.)
718 */
719 vm_map_t alloc_map;
720
721 /* kmem_alloc could block so we return if noblock */
722 if (!canblock) {
723 return NULL;
724 }
725
726 #if KASAN_KALLOC
727 /* large allocation - use guard pages instead of small redzones */
728 size = round_page(req_size + 2 * PAGE_SIZE);
729 assert(size >= MAX_SIZE_ZDLUT && size >= kalloc_max_prerounded);
730 #else
731 size = round_page(size);
732 #endif
733
734 if (size >= kalloc_kernmap_size) {
735 alloc_map = kernel_map;
736 } else {
737 alloc_map = kalloc_map;
738 }
739
740 if (site) {
741 tag = vm_tag_alloc(site);
742 }
743
744 if (kmem_alloc_flags(alloc_map, (vm_offset_t *)&addr, size, tag, KMA_ATOMIC) != KERN_SUCCESS) {
745 if (alloc_map != kernel_map) {
746 if (kalloc_fallback_count++ == 0) {
747 printf("%s: falling back to kernel_map\n", __func__);
748 }
749 if (kmem_alloc_flags(kernel_map, (vm_offset_t *)&addr, size, tag, KMA_ATOMIC) != KERN_SUCCESS) {
750 addr = NULL;
751 }
752 } else {
753 addr = NULL;
754 }
755 }
756
757 if (addr != NULL) {
758 kalloc_spin_lock();
759 /*
760 * Thread-safe version of the workaround for 4740071
761 * (a double FREE())
762 */
763 if (size > kalloc_largest_allocated) {
764 kalloc_largest_allocated = size;
765 }
766
767 kalloc_large_inuse++;
768 assert(kalloc_large_total + size >= kalloc_large_total); /* no wrap around */
769 kalloc_large_total += size;
770 kalloc_large_sum += size;
771
772 if (kalloc_large_total > kalloc_large_max) {
773 kalloc_large_max = kalloc_large_total;
774 }
775
776 kalloc_unlock();
777
778 KALLOC_ZINFO_SALLOC(size);
779 }
780 #if KASAN_KALLOC
781 /* fixup the return address to skip the redzone */
782 addr = (void *)kasan_alloc((vm_offset_t)addr, size, req_size, PAGE_SIZE);
783 #else
784 *psize = size;
785 #endif
786 DTRACE_VM3(kalloc, vm_size_t, size, vm_size_t, *psize, void*, addr);
787 return addr;
788 }
789 #ifdef KALLOC_DEBUG
790 if (size > z->elem_size) {
791 panic("%s: z %p (%s) but requested size %lu", __func__,
792 z, z->zone_name, (unsigned long)size);
793 }
794 #endif
795
796 assert(size <= z->elem_size);
797
798 #if VM_MAX_TAG_ZONES
799 if (z->tags && site) {
800 tag = vm_tag_alloc(site);
801 if (!canblock && !vm_allocation_zone_totals[tag]) {
802 tag = VM_KERN_MEMORY_KALLOC;
803 }
804 }
805 #endif
806
807 addr = zalloc_canblock_tag(z, canblock, size, tag);
808
809 #if KASAN_KALLOC
810 /* fixup the return address to skip the redzone */
811 addr = (void *)kasan_alloc((vm_offset_t)addr, z->elem_size, req_size, KASAN_GUARD_SIZE);
812
813 /* For KASan, the redzone lives in any additional space, so don't
814 * expand the allocation. */
815 #else
816 *psize = z->elem_size;
817 #endif
818
819 DTRACE_VM3(kalloc, vm_size_t, size, vm_size_t, *psize, void*, addr);
820 return addr;
821 }
822
823 void *
824 kalloc_external(
825 vm_size_t size);
826 void *
827 kalloc_external(
828 vm_size_t size)
829 {
830 return kalloc_tag_bt(size, VM_KERN_MEMORY_KALLOC);
831 }
832
833 void
834 (kfree)(
835 void *data,
836 vm_size_t size)
837 {
838 zone_t z;
839
840 #if KASAN_KALLOC
841 /*
842 * Resize back to the real allocation size and hand off to the KASan
843 * quarantine. `data` may then point to a different allocation.
844 */
845 vm_size_t user_size = size;
846 kasan_check_free((vm_address_t)data, size, KASAN_HEAP_KALLOC);
847 data = (void *)kasan_dealloc((vm_address_t)data, &size);
848 kasan_free(&data, &size, KASAN_HEAP_KALLOC, NULL, user_size, true);
849 if (!data) {
850 return;
851 }
852 #endif
853
854 if (size < MAX_SIZE_ZDLUT) {
855 z = get_zone_dlut(size);
856 } else if (size < kalloc_max_prerounded) {
857 z = get_zone_search(size, k_zindex_start);
858 } else {
859 /* if size was too large for a zone, then use kmem_free */
860
861 vm_map_t alloc_map = kernel_map;
862
863 if ((((vm_offset_t) data) >= kalloc_map_min) && (((vm_offset_t) data) <= kalloc_map_max)) {
864 alloc_map = kalloc_map;
865 }
866 if (size > kalloc_largest_allocated) {
867 panic("kfree: size %lu > kalloc_largest_allocated %lu", (unsigned long)size, (unsigned long)kalloc_largest_allocated);
868 }
869 kmem_free(alloc_map, (vm_offset_t)data, size);
870 kalloc_spin_lock();
871
872 assert(kalloc_large_total >= size);
873 kalloc_large_total -= size;
874 kalloc_large_inuse--;
875
876 kalloc_unlock();
877
878 #if !KASAN_KALLOC
879 DTRACE_VM3(kfree, vm_size_t, size, vm_size_t, size, void*, data);
880 #endif
881
882 KALLOC_ZINFO_SFREE(size);
883 return;
884 }
885
886 /* free to the appropriate zone */
887 #ifdef KALLOC_DEBUG
888 if (size > z->elem_size) {
889 panic("%s: z %p (%s) but requested size %lu", __func__,
890 z, z->zone_name, (unsigned long)size);
891 }
892 #endif
893 assert(size <= z->elem_size);
894 #if !KASAN_KALLOC
895 DTRACE_VM3(kfree, vm_size_t, size, vm_size_t, z->elem_size, void*, data);
896 #endif
897 zfree(z, data);
898 }
899
900 #ifdef MACH_BSD
901 zone_t
902 kalloc_zone(
903 vm_size_t size)
904 {
905 if (size < MAX_SIZE_ZDLUT) {
906 return get_zone_dlut(size);
907 }
908 if (size <= kalloc_max) {
909 return get_zone_search(size, k_zindex_start);
910 }
911 return ZONE_NULL;
912 }
913 #endif
914
915 void
916 OSMalloc_init(
917 void)
918 {
919 queue_init(&OSMalloc_tag_list);
920
921 OSMalloc_tag_lck_grp = lck_grp_alloc_init("OSMalloc_tag", LCK_GRP_ATTR_NULL);
922 lck_mtx_init(&OSMalloc_tag_lock, OSMalloc_tag_lck_grp, LCK_ATTR_NULL);
923 }
924
925 OSMallocTag
926 OSMalloc_Tagalloc(
927 const char *str,
928 uint32_t flags)
929 {
930 OSMallocTag OSMTag;
931
932 OSMTag = (OSMallocTag)kalloc(sizeof(*OSMTag));
933
934 bzero((void *)OSMTag, sizeof(*OSMTag));
935
936 if (flags & OSMT_PAGEABLE) {
937 OSMTag->OSMT_attr = OSMT_ATTR_PAGEABLE;
938 }
939
940 OSMTag->OSMT_refcnt = 1;
941
942 strlcpy(OSMTag->OSMT_name, str, OSMT_MAX_NAME);
943
944 OSMalloc_tag_spin_lock();
945 enqueue_tail(&OSMalloc_tag_list, (queue_entry_t)OSMTag);
946 OSMalloc_tag_unlock();
947 OSMTag->OSMT_state = OSMT_VALID;
948 return OSMTag;
949 }
950
951 void
952 OSMalloc_Tagref(
953 OSMallocTag tag)
954 {
955 if (!((tag->OSMT_state & OSMT_VALID_MASK) == OSMT_VALID)) {
956 panic("OSMalloc_Tagref():'%s' has bad state 0x%08X\n", tag->OSMT_name, tag->OSMT_state);
957 }
958
959 os_atomic_inc(&tag->OSMT_refcnt, relaxed);
960 }
961
962 void
963 OSMalloc_Tagrele(
964 OSMallocTag tag)
965 {
966 if (!((tag->OSMT_state & OSMT_VALID_MASK) == OSMT_VALID)) {
967 panic("OSMalloc_Tagref():'%s' has bad state 0x%08X\n", tag->OSMT_name, tag->OSMT_state);
968 }
969
970 if (os_atomic_dec(&tag->OSMT_refcnt, relaxed) == 0) {
971 if (os_atomic_cmpxchg(&tag->OSMT_state, OSMT_VALID | OSMT_RELEASED, OSMT_VALID | OSMT_RELEASED, acq_rel)) {
972 OSMalloc_tag_spin_lock();
973 (void)remque((queue_entry_t)tag);
974 OSMalloc_tag_unlock();
975 kfree(tag, sizeof(*tag));
976 } else {
977 panic("OSMalloc_Tagrele():'%s' has refcnt 0\n", tag->OSMT_name);
978 }
979 }
980 }
981
982 void
983 OSMalloc_Tagfree(
984 OSMallocTag tag)
985 {
986 if (!os_atomic_cmpxchg(&tag->OSMT_state, OSMT_VALID, OSMT_VALID | OSMT_RELEASED, acq_rel)) {
987 panic("OSMalloc_Tagfree():'%s' has bad state 0x%08X \n", tag->OSMT_name, tag->OSMT_state);
988 }
989
990 if (os_atomic_dec(&tag->OSMT_refcnt, relaxed) == 0) {
991 OSMalloc_tag_spin_lock();
992 (void)remque((queue_entry_t)tag);
993 OSMalloc_tag_unlock();
994 kfree(tag, sizeof(*tag));
995 }
996 }
997
998 void *
999 OSMalloc(
1000 uint32_t size,
1001 OSMallocTag tag)
1002 {
1003 void *addr = NULL;
1004 kern_return_t kr;
1005
1006 OSMalloc_Tagref(tag);
1007 if ((tag->OSMT_attr & OSMT_PAGEABLE)
1008 && (size & ~PAGE_MASK)) {
1009 if ((kr = kmem_alloc_pageable_external(kernel_map, (vm_offset_t *)&addr, size)) != KERN_SUCCESS) {
1010 addr = NULL;
1011 }
1012 } else {
1013 addr = kalloc_tag_bt((vm_size_t)size, VM_KERN_MEMORY_KALLOC);
1014 }
1015
1016 if (!addr) {
1017 OSMalloc_Tagrele(tag);
1018 }
1019
1020 return addr;
1021 }
1022
1023 void *
1024 OSMalloc_nowait(
1025 uint32_t size,
1026 OSMallocTag tag)
1027 {
1028 void *addr = NULL;
1029
1030 if (tag->OSMT_attr & OSMT_PAGEABLE) {
1031 return NULL;
1032 }
1033
1034 OSMalloc_Tagref(tag);
1035 /* XXX: use non-blocking kalloc for now */
1036 addr = kalloc_noblock_tag_bt((vm_size_t)size, VM_KERN_MEMORY_KALLOC);
1037 if (addr == NULL) {
1038 OSMalloc_Tagrele(tag);
1039 }
1040
1041 return addr;
1042 }
1043
1044 void *
1045 OSMalloc_noblock(
1046 uint32_t size,
1047 OSMallocTag tag)
1048 {
1049 void *addr = NULL;
1050
1051 if (tag->OSMT_attr & OSMT_PAGEABLE) {
1052 return NULL;
1053 }
1054
1055 OSMalloc_Tagref(tag);
1056 addr = kalloc_noblock_tag_bt((vm_size_t)size, VM_KERN_MEMORY_KALLOC);
1057 if (addr == NULL) {
1058 OSMalloc_Tagrele(tag);
1059 }
1060
1061 return addr;
1062 }
1063
1064 void
1065 OSFree(
1066 void *addr,
1067 uint32_t size,
1068 OSMallocTag tag)
1069 {
1070 if ((tag->OSMT_attr & OSMT_PAGEABLE)
1071 && (size & ~PAGE_MASK)) {
1072 kmem_free(kernel_map, (vm_offset_t)addr, size);
1073 } else {
1074 kfree(addr, size);
1075 }
1076
1077 OSMalloc_Tagrele(tag);
1078 }
1079
1080 uint32_t
1081 OSMalloc_size(
1082 void *addr)
1083 {
1084 return (uint32_t)kalloc_size(addr);
1085 }
mirror of XNU