]> git.saurik.com Git - apple/xnu.git/blob - osfmk/kern/kalloc.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-4570.31.3.tar.gz
[apple/xnu.git] / osfmk / kern / kalloc.c
1 /*
2 * Copyright (c) 2000-2011 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * @OSF_COPYRIGHT@
30 */
31 /*
32 * Mach Operating System
33 * Copyright (c) 1991,1990,1989,1988,1987 Carnegie Mellon University
34 * All Rights Reserved.
35 *
36 * Permission to use, copy, modify and distribute this software and its
37 * documentation is hereby granted, provided that both the copyright
38 * notice and this permission notice appear in all copies of the
39 * software, derivative works or modified versions, and any portions
40 * thereof, and that both notices appear in supporting documentation.
41 *
42 * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS"
43 * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR
44 * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE.
45 *
46 * Carnegie Mellon requests users of this software to return to
47 *
48 * Software Distribution Coordinator or Software.Distribution@CS.CMU.EDU
49 * School of Computer Science
50 * Carnegie Mellon University
51 * Pittsburgh PA 15213-3890
52 *
53 * any improvements or extensions that they make and grant Carnegie Mellon
54 * the rights to redistribute these changes.
55 */
56 /*
57 */
58 /*
59 * File: kern/kalloc.c
60 * Author: Avadis Tevanian, Jr.
61 * Date: 1985
62 *
63 * General kernel memory allocator. This allocator is designed
64 * to be used by the kernel to manage dynamic memory fast.
65 */
66
67 #include <zone_debug.h>
68
69 #include <mach/boolean.h>
70 #include <mach/machine/vm_types.h>
71 #include <mach/vm_param.h>
72 #include <kern/misc_protos.h>
73 #include <kern/zalloc.h>
74 #include <kern/kalloc.h>
75 #include <kern/ledger.h>
76 #include <vm/vm_kern.h>
77 #include <vm/vm_object.h>
78 #include <vm/vm_map.h>
79 #include <libkern/OSMalloc.h>
80 #include <sys/kdebug.h>
81
82 #include <san/kasan.h>
83
84 #ifdef MACH_BSD
85 zone_t kalloc_zone(vm_size_t);
86 #endif
87
88 #define KALLOC_MAP_SIZE_MIN (16 * 1024 * 1024)
89 #define KALLOC_MAP_SIZE_MAX (128 * 1024 * 1024)
90 vm_map_t kalloc_map;
91 vm_size_t kalloc_max;
92 vm_size_t kalloc_max_prerounded;
93 vm_size_t kalloc_kernmap_size; /* size of kallocs that can come from kernel map */
94
95 /* how many times we couldn't allocate out of kalloc_map and fell back to kernel_map */
96 unsigned long kalloc_fallback_count;
97
98 unsigned int kalloc_large_inuse;
99 vm_size_t kalloc_large_total;
100 vm_size_t kalloc_large_max;
101 vm_size_t kalloc_largest_allocated = 0;
102 uint64_t kalloc_large_sum;
103
104 int kalloc_fake_zone_index = -1; /* index of our fake zone in statistics arrays */
105
106 vm_offset_t kalloc_map_min;
107 vm_offset_t kalloc_map_max;
108
109 #ifdef MUTEX_ZONE
110 /*
111 * Diagnostic code to track mutexes separately rather than via the 2^ zones
112 */
113 zone_t lck_mtx_zone;
114 #endif
115
116 static void
117 KALLOC_ZINFO_SALLOC(vm_size_t bytes)
118 {
119 thread_t thr = current_thread();
120 ledger_debit(thr->t_ledger, task_ledgers.tkm_shared, bytes);
121 }
122
123 static void
124 KALLOC_ZINFO_SFREE(vm_size_t bytes)
125 {
126 thread_t thr = current_thread();
127 ledger_credit(thr->t_ledger, task_ledgers.tkm_shared, bytes);
128 }
129
130 /*
131 * All allocations of size less than kalloc_max are rounded to the
132 * next nearest sized zone. This allocator is built on top of
133 * the zone allocator. A zone is created for each potential size
134 * that we are willing to get in small blocks.
135 *
136 * We assume that kalloc_max is not greater than 64K;
137 *
138 * Note that kalloc_max is somewhat confusingly named.
139 * It represents the first power of two for which no zone exists.
140 * kalloc_max_prerounded is the smallest allocation size, before
141 * rounding, for which no zone exists.
142 *
143 * Also if the allocation size is more than kalloc_kernmap_size
144 * then allocate from kernel map rather than kalloc_map.
145 */
146
147 #if KALLOC_MINSIZE == 16 && KALLOC_LOG2_MINALIGN == 4
148
149 #define K_ZONE_SIZES \
150 16, \
151 32, \
152 48, \
153 64, /* 2^6 */ \
154 80, \
155 96, \
156 128, /* 2^7 */ \
157 160, \
158 192, \
159 224, \
160 256, /* 2^8 */ \
161 288, \
162 368, \
163 400, \
164 512, /* 2^9 */\
165 576, \
166 768, \
167 1024, /* 2^10 */ \
168 1152, \
169 1280, \
170 1664, \
171 2048, /* 2^11 */ \
172 4096, /* 2^12 */ \
173 6144
174
175 #define K_ZONE_NAMES \
176 "kalloc.16", \
177 "kalloc.32", \
178 "kalloc.48", \
179 "kalloc.64", /* 2^6 */ \
180 "kalloc.80", \
181 "kalloc.96", \
182 "kalloc.128", /* 2^7 */ \
183 "kalloc.160", \
184 "kalloc.192", \
185 "kalloc.224", \
186 "kalloc.256", /* 2^8 */\
187 "kalloc.288", \
188 "kalloc.368", \
189 "kalloc.400", \
190 "kalloc.512", /* 2^9 */ \
191 "kalloc.576", \
192 "kalloc.768", \
193 "kalloc.1024", /* 2^10 */ \
194 "kalloc.1152", \
195 "kalloc.1280", \
196 "kalloc.1664", \
197 "kalloc.2048", /* 2^11 */ \
198 "kalloc.4096", /* 2^12 */ \
199 "kalloc.6144"
200
201 #elif KALLOC_MINSIZE == 8 && KALLOC_LOG2_MINALIGN == 3
202
203 /*
204 * Tweaked for ARM (and x64) in 04/2011
205 */
206
207 #define K_ZONE_SIZES \
208 /* 3 */ 8, \
209 16, 24, \
210 32, 40, 48, \
211 /* 6 */ 64, 72, 88, 112, \
212 128, 192, \
213 256, 288, 384, 440, \
214 /* 9 */ 512, 576, 768, \
215 1024, 1152, 1536, \
216 2048, 2128, 3072, \
217 4096, 6144
218
219 #define K_ZONE_NAMES \
220 /* 3 */ "kalloc.8", \
221 "kalloc.16", "kalloc.24", \
222 "kalloc.32", "kalloc.40", "kalloc.48", \
223 /* 6 */ "kalloc.64", "kalloc.72", "kalloc.88", "kalloc.112", \
224 "kalloc.128", "kalloc.192", \
225 "kalloc.256", "kalloc.288", "kalloc.384", "kalloc.440", \
226 /* 9 */ "kalloc.512", "kalloc.576", "kalloc.768", \
227 "kalloc.1024", "kalloc.1152", "kalloc.1536", \
228 "kalloc.2048", "kalloc.2128", "kalloc.3072", \
229 "kalloc.4096", "kalloc.6144"
230
231 #else
232 #error missing or invalid zone size parameters for kalloc
233 #endif
234
235 #define KALLOC_MINALIGN (1 << KALLOC_LOG2_MINALIGN)
236 #define KiB(x) (1024 * (x))
237
238 static const int k_zone_size[] = {
239 K_ZONE_SIZES,
240 KiB(8),
241 KiB(16),
242 KiB(32)
243 };
244
245 #define MAX_K_ZONE (sizeof (k_zone_size) / sizeof (k_zone_size[0]))
246
247 static const char *k_zone_name[MAX_K_ZONE] = {
248 K_ZONE_NAMES,
249 "kalloc.8192",
250 "kalloc.16384",
251 "kalloc.32768"
252 };
253
254
255 /*
256 * Many kalloc() allocations are for small structures containing a few
257 * pointers and longs - the k_zone_dlut[] direct lookup table, indexed by
258 * size normalized to the minimum alignment, finds the right zone index
259 * for them in one dereference.
260 */
261
262 #define INDEX_ZDLUT(size) \
263 (((size) + KALLOC_MINALIGN - 1) / KALLOC_MINALIGN)
264 #define N_K_ZDLUT (2048 / KALLOC_MINALIGN)
265 /* covers sizes [0 .. 2048 - KALLOC_MINALIGN] */
266 #define MAX_SIZE_ZDLUT ((N_K_ZDLUT - 1) * KALLOC_MINALIGN)
267
268 static int8_t k_zone_dlut[N_K_ZDLUT]; /* table of indices into k_zone[] */
269
270 /*
271 * If there's no hit in the DLUT, then start searching from k_zindex_start.
272 */
273 static int k_zindex_start;
274
275 static zone_t k_zone[MAX_K_ZONE];
276
277 /* #define KALLOC_DEBUG 1 */
278
279 /* forward declarations */
280
281 lck_grp_t kalloc_lck_grp;
282 lck_mtx_t kalloc_lock;
283
284 #define kalloc_spin_lock() lck_mtx_lock_spin(&kalloc_lock)
285 #define kalloc_unlock() lck_mtx_unlock(&kalloc_lock)
286
287
288 /* OSMalloc local data declarations */
289 static
290 queue_head_t OSMalloc_tag_list;
291
292 lck_grp_t *OSMalloc_tag_lck_grp;
293 lck_mtx_t OSMalloc_tag_lock;
294
295 #define OSMalloc_tag_spin_lock() lck_mtx_lock_spin(&OSMalloc_tag_lock)
296 #define OSMalloc_tag_unlock() lck_mtx_unlock(&OSMalloc_tag_lock)
297
298
299 /* OSMalloc forward declarations */
300 void OSMalloc_init(void);
301 void OSMalloc_Tagref(OSMallocTag tag);
302 void OSMalloc_Tagrele(OSMallocTag tag);
303
304 /*
305 * Initialize the memory allocator. This should be called only
306 * once on a system wide basis (i.e. first processor to get here
307 * does the initialization).
308 *
309 * This initializes all of the zones.
310 */
311
312 void
313 kalloc_init(
314 void)
315 {
316 kern_return_t retval;
317 vm_offset_t min;
318 vm_size_t size, kalloc_map_size;
319 int i;
320 vm_map_kernel_flags_t vmk_flags;
321
322 /*
323 * Scale the kalloc_map_size to physical memory size: stay below
324 * 1/8th the total zone map size, or 128 MB (for a 32-bit kernel).
325 */
326 kalloc_map_size = (vm_size_t)(sane_size >> 5);
327 #if !__LP64__
328 if (kalloc_map_size > KALLOC_MAP_SIZE_MAX)
329 kalloc_map_size = KALLOC_MAP_SIZE_MAX;
330 #endif /* !__LP64__ */
331 if (kalloc_map_size < KALLOC_MAP_SIZE_MIN)
332 kalloc_map_size = KALLOC_MAP_SIZE_MIN;
333
334 vmk_flags = VM_MAP_KERNEL_FLAGS_NONE;
335 vmk_flags.vmkf_permanent = TRUE;
336
337 retval = kmem_suballoc(kernel_map, &min, kalloc_map_size,
338 FALSE,
339 (VM_FLAGS_ANYWHERE),
340 vmk_flags,
341 VM_KERN_MEMORY_KALLOC,
342 &kalloc_map);
343
344 if (retval != KERN_SUCCESS)
345 panic("kalloc_init: kmem_suballoc failed");
346
347 kalloc_map_min = min;
348 kalloc_map_max = min + kalloc_map_size - 1;
349
350 /*
351 * Create zones up to a least 2 pages because small page-multiples are common
352 * allocations. Also ensure that zones up to size 8192 bytes exist. This is
353 * desirable because messages are allocated with kalloc(), and messages up
354 * through size 8192 are common.
355 */
356 kalloc_max = PAGE_SIZE << 2;
357 if (kalloc_max < KiB(16)) {
358 kalloc_max = KiB(16);
359 }
360 assert(kalloc_max <= KiB(64)); /* assumption made in size arrays */
361
362 kalloc_max_prerounded = kalloc_max / 2 + 1;
363 /* allocations larger than 16 times kalloc_max go directly to kernel map */
364 kalloc_kernmap_size = (kalloc_max * 16) + 1;
365 kalloc_largest_allocated = kalloc_kernmap_size;
366
367 /*
368 * Allocate a zone for each size we are going to handle. Don't charge the
369 * caller for the allocation, as we aren't sure how the memory will be
370 * handled.
371 */
372 for (i = 0; i < (int)MAX_K_ZONE && (size = k_zone_size[i]) < kalloc_max; i++) {
373 k_zone[i] = zinit(size, size, size, k_zone_name[i]);
374 zone_change(k_zone[i], Z_CALLERACCT, FALSE);
375 #if VM_MAX_TAG_ZONES
376 if (zone_tagging_on) zone_change(k_zone[i], Z_TAGS_ENABLED, TRUE);
377 #endif
378 zone_change(k_zone[i], Z_KASAN_QUARANTINE, FALSE);
379 }
380
381 /*
382 * Build the Direct LookUp Table for small allocations
383 */
384 for (i = 0, size = 0; i <= N_K_ZDLUT; i++, size += KALLOC_MINALIGN) {
385 int zindex = 0;
386
387 while ((vm_size_t)k_zone_size[zindex] < size)
388 zindex++;
389
390 if (i == N_K_ZDLUT) {
391 k_zindex_start = zindex;
392 break;
393 }
394 k_zone_dlut[i] = (int8_t)zindex;
395 }
396
397 #ifdef KALLOC_DEBUG
398 printf("kalloc_init: k_zindex_start %d\n", k_zindex_start);
399
400 /*
401 * Do a quick synthesis to see how well/badly we can
402 * find-a-zone for a given size.
403 * Useful when debugging/tweaking the array of zone sizes.
404 * Cache misses probably more critical than compare-branches!
405 */
406 for (i = 0; i < (int)MAX_K_ZONE; i++) {
407 vm_size_t testsize = (vm_size_t)k_zone_size[i] - 1;
408 int compare = 0;
409 int zindex;
410
411 if (testsize < MAX_SIZE_ZDLUT) {
412 compare += 1; /* 'if' (T) */
413
414 long dindex = INDEX_ZDLUT(testsize);
415 zindex = (int)k_zone_dlut[dindex];
416
417 } else if (testsize < kalloc_max_prerounded) {
418
419 compare += 2; /* 'if' (F), 'if' (T) */
420
421 zindex = k_zindex_start;
422 while ((vm_size_t)k_zone_size[zindex] < testsize) {
423 zindex++;
424 compare++; /* 'while' (T) */
425 }
426 compare++; /* 'while' (F) */
427 } else
428 break; /* not zone-backed */
429
430 zone_t z = k_zone[zindex];
431 printf("kalloc_init: req size %4lu: %11s took %d compare%s\n",
432 (unsigned long)testsize, z->zone_name, compare,
433 compare == 1 ? "" : "s");
434 }
435 #endif
436
437 lck_grp_init(&kalloc_lck_grp, "kalloc.large", LCK_GRP_ATTR_NULL);
438 lck_mtx_init(&kalloc_lock, &kalloc_lck_grp, LCK_ATTR_NULL);
439 OSMalloc_init();
440 #ifdef MUTEX_ZONE
441 lck_mtx_zone = zinit(sizeof(struct _lck_mtx_), 1024*256, 4096, "lck_mtx");
442 #endif
443 }
444
445 /*
446 * Given an allocation size, return the kalloc zone it belongs to.
447 * Direct LookUp Table variant.
448 */
449 static __inline zone_t
450 get_zone_dlut(vm_size_t size)
451 {
452 long dindex = INDEX_ZDLUT(size);
453 int zindex = (int)k_zone_dlut[dindex];
454 return (k_zone[zindex]);
455 }
456
457 /* As above, but linear search k_zone_size[] for the next zone that fits. */
458
459 static __inline zone_t
460 get_zone_search(vm_size_t size, int zindex)
461 {
462 assert(size < kalloc_max_prerounded);
463
464 while ((vm_size_t)k_zone_size[zindex] < size)
465 zindex++;
466
467 assert((unsigned)zindex < MAX_K_ZONE &&
468 (vm_size_t)k_zone_size[zindex] < kalloc_max);
469
470 return (k_zone[zindex]);
471 }
472
473 static vm_size_t
474 vm_map_lookup_kalloc_entry_locked(
475 vm_map_t map,
476 void *addr)
477 {
478 boolean_t ret;
479 vm_map_entry_t vm_entry = NULL;
480
481 ret = vm_map_lookup_entry(map, (vm_map_offset_t)addr, &vm_entry);
482 if (!ret) {
483 panic("Attempting to lookup/free an address not allocated via kalloc! (vm_map_lookup_entry() failed map: %p, addr: %p)\n",
484 map, addr);
485 }
486 if (vm_entry->vme_start != (vm_map_offset_t)addr) {
487 panic("Attempting to lookup/free the middle of a kalloc'ed element! (map: %p, addr: %p, entry: %p)\n",
488 map, addr, vm_entry);
489 }
490 if (!vm_entry->vme_atomic) {
491 panic("Attempting to lookup/free an address not managed by kalloc! (map: %p, addr: %p, entry: %p)\n",
492 map, addr, vm_entry);
493 }
494 return (vm_entry->vme_end - vm_entry->vme_start);
495 }
496
497 #if KASAN_KALLOC
498 /*
499 * KASAN kalloc stashes the original user-requested size away in the poisoned
500 * area. Return that directly.
501 */
502 vm_size_t
503 kalloc_size(void *addr)
504 {
505 (void)vm_map_lookup_kalloc_entry_locked; /* silence warning */
506 return kasan_user_size((vm_offset_t)addr);
507 }
508 #else
509 vm_size_t
510 kalloc_size(
511 void *addr)
512 {
513 vm_map_t map;
514 vm_size_t size;
515
516 size = zone_element_size(addr, NULL);
517 if (size) {
518 return size;
519 }
520 if (((vm_offset_t)addr >= kalloc_map_min) && ((vm_offset_t)addr < kalloc_map_max)) {
521 map = kalloc_map;
522 } else {
523 map = kernel_map;
524 }
525 vm_map_lock_read(map);
526 size = vm_map_lookup_kalloc_entry_locked(map, addr);
527 vm_map_unlock_read(map);
528 return size;
529 }
530 #endif
531
532 vm_size_t
533 kalloc_bucket_size(
534 vm_size_t size)
535 {
536 zone_t z;
537 vm_map_t map;
538
539 if (size < MAX_SIZE_ZDLUT) {
540 z = get_zone_dlut(size);
541 return z->elem_size;
542 }
543
544 if (size < kalloc_max_prerounded) {
545 z = get_zone_search(size, k_zindex_start);
546 return z->elem_size;
547 }
548
549 if (size >= kalloc_kernmap_size)
550 map = kernel_map;
551 else
552 map = kalloc_map;
553
554 return vm_map_round_page(size, VM_MAP_PAGE_MASK(map));
555 }
556
557 #if KASAN_KALLOC
558 vm_size_t
559 kfree_addr(void *addr)
560 {
561 vm_size_t origsz = kalloc_size(addr);
562 kfree(addr, origsz);
563 return origsz;
564 }
565 #else
566 vm_size_t
567 kfree_addr(
568 void *addr)
569 {
570 vm_map_t map;
571 vm_size_t size = 0;
572 kern_return_t ret;
573 zone_t z;
574
575 size = zone_element_size(addr, &z);
576 if (size) {
577 zfree(z, addr);
578 return size;
579 }
580
581 if (((vm_offset_t)addr >= kalloc_map_min) && ((vm_offset_t)addr < kalloc_map_max)) {
582 map = kalloc_map;
583 } else {
584 map = kernel_map;
585 }
586 if ((vm_offset_t)addr < VM_MIN_KERNEL_AND_KEXT_ADDRESS) {
587 panic("kfree on an address not in the kernel & kext address range! addr: %p\n", addr);
588 }
589
590 vm_map_lock(map);
591 size = vm_map_lookup_kalloc_entry_locked(map, addr);
592 ret = vm_map_remove_locked(map,
593 vm_map_trunc_page((vm_map_offset_t)addr,
594 VM_MAP_PAGE_MASK(map)),
595 vm_map_round_page((vm_map_offset_t)addr + size,
596 VM_MAP_PAGE_MASK(map)),
597 VM_MAP_REMOVE_KUNWIRE);
598 if (ret != KERN_SUCCESS) {
599 panic("vm_map_remove_locked() failed for kalloc vm_entry! addr: %p, map: %p ret: %d\n",
600 addr, map, ret);
601 }
602 vm_map_unlock(map);
603
604 kalloc_spin_lock();
605 kalloc_large_total -= size;
606 kalloc_large_inuse--;
607 kalloc_unlock();
608
609 KALLOC_ZINFO_SFREE(size);
610 return size;
611 }
612 #endif
613
614 void *
615 kalloc_canblock(
616 vm_size_t * psize,
617 boolean_t canblock,
618 vm_allocation_site_t * site)
619 {
620 zone_t z;
621 vm_size_t size;
622 void *addr;
623 vm_tag_t tag;
624
625 tag = VM_KERN_MEMORY_KALLOC;
626 size = *psize;
627
628 #if KASAN_KALLOC
629 /* expand the allocation to accomodate redzones */
630 vm_size_t req_size = size;
631 size = kasan_alloc_resize(req_size);
632 #endif
633
634 if (size < MAX_SIZE_ZDLUT)
635 z = get_zone_dlut(size);
636 else if (size < kalloc_max_prerounded)
637 z = get_zone_search(size, k_zindex_start);
638 else {
639 /*
640 * If size is too large for a zone, then use kmem_alloc.
641 * (We use kmem_alloc instead of kmem_alloc_kobject so that
642 * krealloc can use kmem_realloc.)
643 */
644 vm_map_t alloc_map;
645
646 /* kmem_alloc could block so we return if noblock */
647 if (!canblock) {
648 return(NULL);
649 }
650
651 #if KASAN_KALLOC
652 /* large allocation - use guard pages instead of small redzones */
653 size = round_page(req_size + 2 * PAGE_SIZE);
654 assert(size >= MAX_SIZE_ZDLUT && size >= kalloc_max_prerounded);
655 #endif
656
657 if (size >= kalloc_kernmap_size)
658 alloc_map = kernel_map;
659 else
660 alloc_map = kalloc_map;
661
662 if (site) tag = vm_tag_alloc(site);
663
664 if (kmem_alloc_flags(alloc_map, (vm_offset_t *)&addr, size, tag, KMA_ATOMIC) != KERN_SUCCESS) {
665 if (alloc_map != kernel_map) {
666 if (kalloc_fallback_count++ == 0) {
667 printf("%s: falling back to kernel_map\n", __func__);
668 }
669 if (kmem_alloc_flags(kernel_map, (vm_offset_t *)&addr, size, tag, KMA_ATOMIC) != KERN_SUCCESS)
670 addr = NULL;
671 }
672 else
673 addr = NULL;
674 }
675
676 if (addr != NULL) {
677 kalloc_spin_lock();
678 /*
679 * Thread-safe version of the workaround for 4740071
680 * (a double FREE())
681 */
682 if (size > kalloc_largest_allocated)
683 kalloc_largest_allocated = size;
684
685 kalloc_large_inuse++;
686 kalloc_large_total += size;
687 kalloc_large_sum += size;
688
689 if (kalloc_large_total > kalloc_large_max)
690 kalloc_large_max = kalloc_large_total;
691
692 kalloc_unlock();
693
694 KALLOC_ZINFO_SALLOC(size);
695 }
696 #if KASAN_KALLOC
697 /* fixup the return address to skip the redzone */
698 addr = (void *)kasan_alloc((vm_offset_t)addr, size, req_size, PAGE_SIZE);
699 #else
700 *psize = round_page(size);
701 #endif
702 return(addr);
703 }
704 #ifdef KALLOC_DEBUG
705 if (size > z->elem_size)
706 panic("%s: z %p (%s) but requested size %lu", __func__,
707 z, z->zone_name, (unsigned long)size);
708 #endif
709
710 assert(size <= z->elem_size);
711
712 #if VM_MAX_TAG_ZONES
713 if (z->tags && site)
714 {
715 tag = vm_tag_alloc(site);
716 if (!canblock && !vm_allocation_zone_totals[tag]) tag = VM_KERN_MEMORY_KALLOC;
717 }
718 #endif
719
720 addr = zalloc_canblock_tag(z, canblock, size, tag);
721
722 #if KASAN_KALLOC
723 /* fixup the return address to skip the redzone */
724 addr = (void *)kasan_alloc((vm_offset_t)addr, z->elem_size, req_size, KASAN_GUARD_SIZE);
725
726 /* For KASan, the redzone lives in any additional space, so don't
727 * expand the allocation. */
728 #else
729 *psize = z->elem_size;
730 #endif
731
732 return addr;
733 }
734
735 void *
736 kalloc_external(
737 vm_size_t size);
738 void *
739 kalloc_external(
740 vm_size_t size)
741 {
742 return( kalloc_tag_bt(size, VM_KERN_MEMORY_KALLOC) );
743 }
744
745 volatile SInt32 kfree_nop_count = 0;
746
747 void
748 kfree(
749 void *data,
750 vm_size_t size)
751 {
752 zone_t z;
753
754 #if KASAN_KALLOC
755 /*
756 * Resize back to the real allocation size and hand off to the KASan
757 * quarantine. `data` may then point to a different allocation.
758 */
759 vm_size_t user_size = size;
760 kasan_check_free((vm_address_t)data, size, KASAN_HEAP_KALLOC);
761 data = (void *)kasan_dealloc((vm_address_t)data, &size);
762 kasan_free(&data, &size, KASAN_HEAP_KALLOC, NULL, user_size, true);
763 if (!data) {
764 return;
765 }
766 #endif
767
768 if (size < MAX_SIZE_ZDLUT)
769 z = get_zone_dlut(size);
770 else if (size < kalloc_max_prerounded)
771 z = get_zone_search(size, k_zindex_start);
772 else {
773 /* if size was too large for a zone, then use kmem_free */
774
775 vm_map_t alloc_map = kernel_map;
776
777 if ((((vm_offset_t) data) >= kalloc_map_min) && (((vm_offset_t) data) <= kalloc_map_max))
778 alloc_map = kalloc_map;
779 if (size > kalloc_largest_allocated) {
780 /*
781 * work around double FREEs of small MALLOCs
782 * this used to end up being a nop
783 * since the pointer being freed from an
784 * alloc backed by the zalloc world could
785 * never show up in the kalloc_map... however,
786 * the kernel_map is a different issue... since it
787 * was released back into the zalloc pool, a pointer
788 * would have gotten written over the 'size' that
789 * the MALLOC was retaining in the first 4 bytes of
790 * the underlying allocation... that pointer ends up
791 * looking like a really big size on the 2nd FREE and
792 * pushes the kfree into the kernel_map... we
793 * end up removing a ton of virtual space before we panic
794 * this check causes us to ignore the kfree for a size
795 * that must be 'bogus'... note that it might not be due
796 * to the above scenario, but it would still be wrong and
797 * cause serious damage.
798 */
799
800 OSAddAtomic(1, &kfree_nop_count);
801 return;
802 }
803 kmem_free(alloc_map, (vm_offset_t)data, size);
804 kalloc_spin_lock();
805
806 kalloc_large_total -= size;
807 kalloc_large_inuse--;
808
809 kalloc_unlock();
810
811 KALLOC_ZINFO_SFREE(size);
812 return;
813 }
814
815 /* free to the appropriate zone */
816 #ifdef KALLOC_DEBUG
817 if (size > z->elem_size)
818 panic("%s: z %p (%s) but requested size %lu", __func__,
819 z, z->zone_name, (unsigned long)size);
820 #endif
821 assert(size <= z->elem_size);
822 zfree(z, data);
823 }
824
825 #ifdef MACH_BSD
826 zone_t
827 kalloc_zone(
828 vm_size_t size)
829 {
830 if (size < MAX_SIZE_ZDLUT)
831 return (get_zone_dlut(size));
832 if (size <= kalloc_max)
833 return (get_zone_search(size, k_zindex_start));
834 return (ZONE_NULL);
835 }
836 #endif
837
838 void
839 OSMalloc_init(
840 void)
841 {
842 queue_init(&OSMalloc_tag_list);
843
844 OSMalloc_tag_lck_grp = lck_grp_alloc_init("OSMalloc_tag", LCK_GRP_ATTR_NULL);
845 lck_mtx_init(&OSMalloc_tag_lock, OSMalloc_tag_lck_grp, LCK_ATTR_NULL);
846 }
847
848 OSMallocTag
849 OSMalloc_Tagalloc(
850 const char *str,
851 uint32_t flags)
852 {
853 OSMallocTag OSMTag;
854
855 OSMTag = (OSMallocTag)kalloc(sizeof(*OSMTag));
856
857 bzero((void *)OSMTag, sizeof(*OSMTag));
858
859 if (flags & OSMT_PAGEABLE)
860 OSMTag->OSMT_attr = OSMT_ATTR_PAGEABLE;
861
862 OSMTag->OSMT_refcnt = 1;
863
864 strlcpy(OSMTag->OSMT_name, str, OSMT_MAX_NAME);
865
866 OSMalloc_tag_spin_lock();
867 enqueue_tail(&OSMalloc_tag_list, (queue_entry_t)OSMTag);
868 OSMalloc_tag_unlock();
869 OSMTag->OSMT_state = OSMT_VALID;
870 return(OSMTag);
871 }
872
873 void
874 OSMalloc_Tagref(
875 OSMallocTag tag)
876 {
877 if (!((tag->OSMT_state & OSMT_VALID_MASK) == OSMT_VALID))
878 panic("OSMalloc_Tagref():'%s' has bad state 0x%08X\n", tag->OSMT_name, tag->OSMT_state);
879
880 (void)hw_atomic_add(&tag->OSMT_refcnt, 1);
881 }
882
883 void
884 OSMalloc_Tagrele(
885 OSMallocTag tag)
886 {
887 if (!((tag->OSMT_state & OSMT_VALID_MASK) == OSMT_VALID))
888 panic("OSMalloc_Tagref():'%s' has bad state 0x%08X\n", tag->OSMT_name, tag->OSMT_state);
889
890 if (hw_atomic_sub(&tag->OSMT_refcnt, 1) == 0) {
891 if (hw_compare_and_store(OSMT_VALID|OSMT_RELEASED, OSMT_VALID|OSMT_RELEASED, &tag->OSMT_state)) {
892 OSMalloc_tag_spin_lock();
893 (void)remque((queue_entry_t)tag);
894 OSMalloc_tag_unlock();
895 kfree((void*)tag, sizeof(*tag));
896 } else
897 panic("OSMalloc_Tagrele():'%s' has refcnt 0\n", tag->OSMT_name);
898 }
899 }
900
901 void
902 OSMalloc_Tagfree(
903 OSMallocTag tag)
904 {
905 if (!hw_compare_and_store(OSMT_VALID, OSMT_VALID|OSMT_RELEASED, &tag->OSMT_state))
906 panic("OSMalloc_Tagfree():'%s' has bad state 0x%08X \n", tag->OSMT_name, tag->OSMT_state);
907
908 if (hw_atomic_sub(&tag->OSMT_refcnt, 1) == 0) {
909 OSMalloc_tag_spin_lock();
910 (void)remque((queue_entry_t)tag);
911 OSMalloc_tag_unlock();
912 kfree((void*)tag, sizeof(*tag));
913 }
914 }
915
916 void *
917 OSMalloc(
918 uint32_t size,
919 OSMallocTag tag)
920 {
921 void *addr=NULL;
922 kern_return_t kr;
923
924 OSMalloc_Tagref(tag);
925 if ((tag->OSMT_attr & OSMT_PAGEABLE)
926 && (size & ~PAGE_MASK)) {
927 if ((kr = kmem_alloc_pageable_external(kernel_map, (vm_offset_t *)&addr, size)) != KERN_SUCCESS)
928 addr = NULL;
929 } else
930 addr = kalloc_tag_bt((vm_size_t)size, VM_KERN_MEMORY_KALLOC);
931
932 if (!addr)
933 OSMalloc_Tagrele(tag);
934
935 return(addr);
936 }
937
938 void *
939 OSMalloc_nowait(
940 uint32_t size,
941 OSMallocTag tag)
942 {
943 void *addr=NULL;
944
945 if (tag->OSMT_attr & OSMT_PAGEABLE)
946 return(NULL);
947
948 OSMalloc_Tagref(tag);
949 /* XXX: use non-blocking kalloc for now */
950 addr = kalloc_noblock_tag_bt((vm_size_t)size, VM_KERN_MEMORY_KALLOC);
951 if (addr == NULL)
952 OSMalloc_Tagrele(tag);
953
954 return(addr);
955 }
956
957 void *
958 OSMalloc_noblock(
959 uint32_t size,
960 OSMallocTag tag)
961 {
962 void *addr=NULL;
963
964 if (tag->OSMT_attr & OSMT_PAGEABLE)
965 return(NULL);
966
967 OSMalloc_Tagref(tag);
968 addr = kalloc_noblock_tag_bt((vm_size_t)size, VM_KERN_MEMORY_KALLOC);
969 if (addr == NULL)
970 OSMalloc_Tagrele(tag);
971
972 return(addr);
973 }
974
975 void
976 OSFree(
977 void *addr,
978 uint32_t size,
979 OSMallocTag tag)
980 {
981 if ((tag->OSMT_attr & OSMT_PAGEABLE)
982 && (size & ~PAGE_MASK)) {
983 kmem_free(kernel_map, (vm_offset_t)addr, size);
984 } else
985 kfree((void *)addr, size);
986
987 OSMalloc_Tagrele(tag);
988 }
989
990 uint32_t
991 OSMalloc_size(
992 void *addr)
993 {
994 return (uint32_t)kalloc_size(addr);
995 }
996
mirror of XNU