1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Slab allocator functions that are independent of the allocator strategy 4 * 5 * (C) 2012 Christoph Lameter <cl@linux.com> 6 */ 7 #include <linux/slab.h> 8 9 #include <linux/mm.h> 10 #include <linux/poison.h> 11 #include <linux/interrupt.h> 12 #include <linux/memory.h> 13 #include <linux/cache.h> 14 #include <linux/compiler.h> 15 #include <linux/kfence.h> 16 #include <linux/module.h> 17 #include <linux/cpu.h> 18 #include <linux/uaccess.h> 19 #include <linux/seq_file.h> 20 #include <linux/dma-mapping.h> 21 #include <linux/swiotlb.h> 22 #include <linux/proc_fs.h> 23 #include <linux/debugfs.h> 24 #include <linux/kmemleak.h> 25 #include <linux/kasan.h> 26 #include <asm/cacheflush.h> 27 #include <asm/tlbflush.h> 28 #include <asm/page.h> 29 #include <linux/memcontrol.h> 30 #include <linux/stackdepot.h> 31 32 #include "internal.h" 33 #include "slab.h" 34 35 #define CREATE_TRACE_POINTS 36 #include <trace/events/kmem.h> 37 38 enum slab_state slab_state; 39 LIST_HEAD(slab_caches); 40 DEFINE_MUTEX(slab_mutex); 41 struct kmem_cache *kmem_cache; 42 43 /* 44 * Set of flags that will prevent slab merging 45 */ 46 #define SLAB_NEVER_MERGE (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER | \ 47 SLAB_TRACE | SLAB_TYPESAFE_BY_RCU | SLAB_NOLEAKTRACE | \ 48 SLAB_FAILSLAB | SLAB_NO_MERGE) 49 50 #define SLAB_MERGE_SAME (SLAB_RECLAIM_ACCOUNT | SLAB_CACHE_DMA | \ 51 SLAB_CACHE_DMA32 | SLAB_ACCOUNT) 52 53 /* 54 * Merge control. If this is set then no merging of slab caches will occur. 55 */ 56 static bool slab_nomerge = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT); 57 setup_slab_nomerge(char * str)58 static int __init setup_slab_nomerge(char *str) 59 { 60 slab_nomerge = true; 61 return 1; 62 } 63 setup_slab_merge(char * str)64 static int __init setup_slab_merge(char *str) 65 { 66 slab_nomerge = false; 67 return 1; 68 } 69 70 __setup_param("slub_nomerge", slub_nomerge, setup_slab_nomerge, 0); 71 __setup_param("slub_merge", slub_merge, setup_slab_merge, 0); 72 73 __setup("slab_nomerge", setup_slab_nomerge); 74 __setup("slab_merge", setup_slab_merge); 75 76 /* 77 * Determine the size of a slab object 78 */ kmem_cache_size(struct kmem_cache * s)79 unsigned int kmem_cache_size(struct kmem_cache *s) 80 { 81 return s->object_size; 82 } 83 EXPORT_SYMBOL(kmem_cache_size); 84 85 #ifdef CONFIG_DEBUG_VM 86 kmem_cache_is_duplicate_name(const char * name)87 static bool kmem_cache_is_duplicate_name(const char *name) 88 { 89 struct kmem_cache *s; 90 91 list_for_each_entry(s, &slab_caches, list) { 92 if (!strcmp(s->name, name)) 93 return true; 94 } 95 96 return false; 97 } 98 kmem_cache_sanity_check(const char * name,unsigned int size)99 static int kmem_cache_sanity_check(const char *name, unsigned int size) 100 { 101 if (!name || in_interrupt() || size > KMALLOC_MAX_SIZE) { 102 pr_err("kmem_cache_create(%s) integrity check failed\n", name); 103 return -EINVAL; 104 } 105 106 /* Duplicate names will confuse slabtop, et al */ 107 WARN(kmem_cache_is_duplicate_name(name), 108 "kmem_cache of name '%s' already exists\n", name); 109 110 WARN_ON(strchr(name, ' ')); /* It confuses parsers */ 111 return 0; 112 } 113 #else kmem_cache_sanity_check(const char * name,unsigned int size)114 static inline int kmem_cache_sanity_check(const char *name, unsigned int size) 115 { 116 return 0; 117 } 118 #endif 119 120 /* 121 * Figure out what the alignment of the objects will be given a set of 122 * flags, a user specified alignment and the size of the objects. 123 */ calculate_alignment(slab_flags_t flags,unsigned int align,unsigned int size)124 static unsigned int calculate_alignment(slab_flags_t flags, 125 unsigned int align, unsigned int size) 126 { 127 /* 128 * If the user wants hardware cache aligned objects then follow that 129 * suggestion if the object is sufficiently large. 130 * 131 * The hardware cache alignment cannot override the specified 132 * alignment though. If that is greater then use it. 133 */ 134 if (flags & SLAB_HWCACHE_ALIGN) { 135 unsigned int ralign; 136 137 ralign = cache_line_size(); 138 while (size <= ralign / 2) 139 ralign /= 2; 140 align = max(align, ralign); 141 } 142 143 align = max(align, arch_slab_minalign()); 144 145 return ALIGN(align, sizeof(void *)); 146 } 147 148 /* 149 * Find a mergeable slab cache 150 */ slab_unmergeable(struct kmem_cache * s)151 int slab_unmergeable(struct kmem_cache *s) 152 { 153 if (slab_nomerge || (s->flags & SLAB_NEVER_MERGE)) 154 return 1; 155 156 if (s->ctor) 157 return 1; 158 159 #ifdef CONFIG_HARDENED_USERCOPY 160 if (s->usersize) 161 return 1; 162 #endif 163 164 /* 165 * We may have set a slab to be unmergeable during bootstrap. 166 */ 167 if (s->refcount < 0) 168 return 1; 169 170 return 0; 171 } 172 find_mergeable(unsigned int size,unsigned int align,slab_flags_t flags,const char * name,void (* ctor)(void *))173 struct kmem_cache *find_mergeable(unsigned int size, unsigned int align, 174 slab_flags_t flags, const char *name, void (*ctor)(void *)) 175 { 176 struct kmem_cache *s; 177 178 if (slab_nomerge) 179 return NULL; 180 181 if (ctor) 182 return NULL; 183 184 flags = kmem_cache_flags(flags, name); 185 186 if (flags & SLAB_NEVER_MERGE) 187 return NULL; 188 189 size = ALIGN(size, sizeof(void *)); 190 align = calculate_alignment(flags, align, size); 191 size = ALIGN(size, align); 192 193 list_for_each_entry_reverse(s, &slab_caches, list) { 194 if (slab_unmergeable(s)) 195 continue; 196 197 if (size > s->size) 198 continue; 199 200 if ((flags & SLAB_MERGE_SAME) != (s->flags & SLAB_MERGE_SAME)) 201 continue; 202 /* 203 * Check if alignment is compatible. 204 * Courtesy of Adrian Drzewiecki 205 */ 206 if ((s->size & ~(align - 1)) != s->size) 207 continue; 208 209 if (s->size - size >= sizeof(void *)) 210 continue; 211 212 return s; 213 } 214 return NULL; 215 } 216 create_cache(const char * name,unsigned int object_size,struct kmem_cache_args * args,slab_flags_t flags)217 static struct kmem_cache *create_cache(const char *name, 218 unsigned int object_size, 219 struct kmem_cache_args *args, 220 slab_flags_t flags) 221 { 222 struct kmem_cache *s; 223 int err; 224 225 if (WARN_ON(args->useroffset + args->usersize > object_size)) 226 args->useroffset = args->usersize = 0; 227 228 /* If a custom freelist pointer is requested make sure it's sane. */ 229 err = -EINVAL; 230 if (args->use_freeptr_offset && 231 (args->freeptr_offset >= object_size || 232 !(flags & SLAB_TYPESAFE_BY_RCU) || 233 !IS_ALIGNED(args->freeptr_offset, sizeof(freeptr_t)))) 234 goto out; 235 236 err = -ENOMEM; 237 s = kmem_cache_zalloc(kmem_cache, GFP_KERNEL); 238 if (!s) 239 goto out; 240 err = do_kmem_cache_create(s, name, object_size, args, flags); 241 if (err) 242 goto out_free_cache; 243 244 s->refcount = 1; 245 list_add(&s->list, &slab_caches); 246 return s; 247 248 out_free_cache: 249 kmem_cache_free(kmem_cache, s); 250 out: 251 return ERR_PTR(err); 252 } 253 254 /** 255 * __kmem_cache_create_args - Create a kmem cache. 256 * @name: A string which is used in /proc/slabinfo to identify this cache. 257 * @object_size: The size of objects to be created in this cache. 258 * @args: Additional arguments for the cache creation (see 259 * &struct kmem_cache_args). 260 * @flags: See %SLAB_* flags for an explanation of individual @flags. 261 * 262 * Not to be called directly, use the kmem_cache_create() wrapper with the same 263 * parameters. 264 * 265 * Context: Cannot be called within a interrupt, but can be interrupted. 266 * 267 * Return: a pointer to the cache on success, NULL on failure. 268 */ __kmem_cache_create_args(const char * name,unsigned int object_size,struct kmem_cache_args * args,slab_flags_t flags)269 struct kmem_cache *__kmem_cache_create_args(const char *name, 270 unsigned int object_size, 271 struct kmem_cache_args *args, 272 slab_flags_t flags) 273 { 274 struct kmem_cache *s = NULL; 275 const char *cache_name; 276 int err; 277 278 #ifdef CONFIG_SLUB_DEBUG 279 /* 280 * If no slab_debug was enabled globally, the static key is not yet 281 * enabled by setup_slub_debug(). Enable it if the cache is being 282 * created with any of the debugging flags passed explicitly. 283 * It's also possible that this is the first cache created with 284 * SLAB_STORE_USER and we should init stack_depot for it. 285 */ 286 if (flags & SLAB_DEBUG_FLAGS) 287 static_branch_enable(&slub_debug_enabled); 288 if (flags & SLAB_STORE_USER) 289 stack_depot_init(); 290 #endif 291 292 mutex_lock(&slab_mutex); 293 294 err = kmem_cache_sanity_check(name, object_size); 295 if (err) { 296 goto out_unlock; 297 } 298 299 /* Refuse requests with allocator specific flags */ 300 if (flags & ~SLAB_FLAGS_PERMITTED) { 301 err = -EINVAL; 302 goto out_unlock; 303 } 304 305 /* 306 * Some allocators will constraint the set of valid flags to a subset 307 * of all flags. We expect them to define CACHE_CREATE_MASK in this 308 * case, and we'll just provide them with a sanitized version of the 309 * passed flags. 310 */ 311 flags &= CACHE_CREATE_MASK; 312 313 /* Fail closed on bad usersize of useroffset values. */ 314 if (!IS_ENABLED(CONFIG_HARDENED_USERCOPY) || 315 WARN_ON(!args->usersize && args->useroffset) || 316 WARN_ON(object_size < args->usersize || 317 object_size - args->usersize < args->useroffset)) 318 args->usersize = args->useroffset = 0; 319 320 if (!args->usersize) 321 s = __kmem_cache_alias(name, object_size, args->align, flags, 322 args->ctor); 323 if (s) 324 goto out_unlock; 325 326 cache_name = kstrdup_const(name, GFP_KERNEL); 327 if (!cache_name) { 328 err = -ENOMEM; 329 goto out_unlock; 330 } 331 332 args->align = calculate_alignment(flags, args->align, object_size); 333 s = create_cache(cache_name, object_size, args, flags); 334 if (IS_ERR(s)) { 335 err = PTR_ERR(s); 336 kfree_const(cache_name); 337 } 338 339 out_unlock: 340 mutex_unlock(&slab_mutex); 341 342 if (err) { 343 if (flags & SLAB_PANIC) 344 panic("%s: Failed to create slab '%s'. Error %d\n", 345 __func__, name, err); 346 else { 347 pr_warn("%s(%s) failed with error %d\n", 348 __func__, name, err); 349 dump_stack(); 350 } 351 return NULL; 352 } 353 return s; 354 } 355 EXPORT_SYMBOL(__kmem_cache_create_args); 356 357 static struct kmem_cache *kmem_buckets_cache __ro_after_init; 358 359 /** 360 * kmem_buckets_create - Create a set of caches that handle dynamic sized 361 * allocations via kmem_buckets_alloc() 362 * @name: A prefix string which is used in /proc/slabinfo to identify this 363 * cache. The individual caches with have their sizes as the suffix. 364 * @flags: SLAB flags (see kmem_cache_create() for details). 365 * @useroffset: Starting offset within an allocation that may be copied 366 * to/from userspace. 367 * @usersize: How many bytes, starting at @useroffset, may be copied 368 * to/from userspace. 369 * @ctor: A constructor for the objects, run when new allocations are made. 370 * 371 * Cannot be called within an interrupt, but can be interrupted. 372 * 373 * Return: a pointer to the cache on success, NULL on failure. When 374 * CONFIG_SLAB_BUCKETS is not enabled, ZERO_SIZE_PTR is returned, and 375 * subsequent calls to kmem_buckets_alloc() will fall back to kmalloc(). 376 * (i.e. callers only need to check for NULL on failure.) 377 */ kmem_buckets_create(const char * name,slab_flags_t flags,unsigned int useroffset,unsigned int usersize,void (* ctor)(void *))378 kmem_buckets *kmem_buckets_create(const char *name, slab_flags_t flags, 379 unsigned int useroffset, 380 unsigned int usersize, 381 void (*ctor)(void *)) 382 { 383 unsigned long mask = 0; 384 unsigned int idx; 385 kmem_buckets *b; 386 387 BUILD_BUG_ON(ARRAY_SIZE(kmalloc_caches[KMALLOC_NORMAL]) > BITS_PER_LONG); 388 389 /* 390 * When the separate buckets API is not built in, just return 391 * a non-NULL value for the kmem_buckets pointer, which will be 392 * unused when performing allocations. 393 */ 394 if (!IS_ENABLED(CONFIG_SLAB_BUCKETS)) 395 return ZERO_SIZE_PTR; 396 397 if (WARN_ON(!kmem_buckets_cache)) 398 return NULL; 399 400 b = kmem_cache_alloc(kmem_buckets_cache, GFP_KERNEL|__GFP_ZERO); 401 if (WARN_ON(!b)) 402 return NULL; 403 404 flags |= SLAB_NO_MERGE; 405 406 for (idx = 0; idx < ARRAY_SIZE(kmalloc_caches[KMALLOC_NORMAL]); idx++) { 407 char *short_size, *cache_name; 408 unsigned int cache_useroffset, cache_usersize; 409 unsigned int size, aligned_idx; 410 411 if (!kmalloc_caches[KMALLOC_NORMAL][idx]) 412 continue; 413 414 size = kmalloc_caches[KMALLOC_NORMAL][idx]->object_size; 415 if (!size) 416 continue; 417 418 short_size = strchr(kmalloc_caches[KMALLOC_NORMAL][idx]->name, '-'); 419 if (WARN_ON(!short_size)) 420 goto fail; 421 422 if (useroffset >= size) { 423 cache_useroffset = 0; 424 cache_usersize = 0; 425 } else { 426 cache_useroffset = useroffset; 427 cache_usersize = min(size - cache_useroffset, usersize); 428 } 429 430 aligned_idx = __kmalloc_index(size, false); 431 if (!(*b)[aligned_idx]) { 432 cache_name = kasprintf(GFP_KERNEL, "%s-%s", name, short_size + 1); 433 if (WARN_ON(!cache_name)) 434 goto fail; 435 (*b)[aligned_idx] = kmem_cache_create_usercopy(cache_name, size, 436 0, flags, cache_useroffset, 437 cache_usersize, ctor); 438 kfree(cache_name); 439 if (WARN_ON(!(*b)[aligned_idx])) 440 goto fail; 441 set_bit(aligned_idx, &mask); 442 } 443 if (idx != aligned_idx) 444 (*b)[idx] = (*b)[aligned_idx]; 445 } 446 447 return b; 448 449 fail: 450 for_each_set_bit(idx, &mask, ARRAY_SIZE(kmalloc_caches[KMALLOC_NORMAL])) 451 kmem_cache_destroy((*b)[idx]); 452 kmem_cache_free(kmem_buckets_cache, b); 453 454 return NULL; 455 } 456 EXPORT_SYMBOL(kmem_buckets_create); 457 458 /* 459 * For a given kmem_cache, kmem_cache_destroy() should only be called 460 * once or there will be a use-after-free problem. The actual deletion 461 * and release of the kobject does not need slab_mutex or cpu_hotplug_lock 462 * protection. So they are now done without holding those locks. 463 */ kmem_cache_release(struct kmem_cache * s)464 static void kmem_cache_release(struct kmem_cache *s) 465 { 466 kfence_shutdown_cache(s); 467 if (__is_defined(SLAB_SUPPORTS_SYSFS) && slab_state >= FULL) 468 sysfs_slab_release(s); 469 else 470 slab_kmem_cache_release(s); 471 } 472 slab_kmem_cache_release(struct kmem_cache * s)473 void slab_kmem_cache_release(struct kmem_cache *s) 474 { 475 __kmem_cache_release(s); 476 kfree_const(s->name); 477 kmem_cache_free(kmem_cache, s); 478 } 479 kmem_cache_destroy(struct kmem_cache * s)480 void kmem_cache_destroy(struct kmem_cache *s) 481 { 482 int err; 483 484 if (unlikely(!s) || !kasan_check_byte(s)) 485 return; 486 487 /* in-flight kfree_rcu()'s may include objects from our cache */ 488 kvfree_rcu_barrier(); 489 490 if (IS_ENABLED(CONFIG_SLUB_RCU_DEBUG) && 491 (s->flags & SLAB_TYPESAFE_BY_RCU)) { 492 /* 493 * Under CONFIG_SLUB_RCU_DEBUG, when objects in a 494 * SLAB_TYPESAFE_BY_RCU slab are freed, SLUB will internally 495 * defer their freeing with call_rcu(). 496 * Wait for such call_rcu() invocations here before actually 497 * destroying the cache. 498 * 499 * It doesn't matter that we haven't looked at the slab refcount 500 * yet - slabs with SLAB_TYPESAFE_BY_RCU can't be merged, so 501 * the refcount should be 1 here. 502 */ 503 rcu_barrier(); 504 } 505 506 cpus_read_lock(); 507 mutex_lock(&slab_mutex); 508 509 s->refcount--; 510 if (s->refcount) { 511 mutex_unlock(&slab_mutex); 512 cpus_read_unlock(); 513 return; 514 } 515 516 /* free asan quarantined objects */ 517 kasan_cache_shutdown(s); 518 519 err = __kmem_cache_shutdown(s); 520 if (!slab_in_kunit_test()) 521 WARN(err, "%s %s: Slab cache still has objects when called from %pS", 522 __func__, s->name, (void *)_RET_IP_); 523 524 list_del(&s->list); 525 526 mutex_unlock(&slab_mutex); 527 cpus_read_unlock(); 528 529 if (slab_state >= FULL) 530 sysfs_slab_unlink(s); 531 debugfs_slab_release(s); 532 533 if (err) 534 return; 535 536 if (s->flags & SLAB_TYPESAFE_BY_RCU) 537 rcu_barrier(); 538 539 kmem_cache_release(s); 540 } 541 EXPORT_SYMBOL(kmem_cache_destroy); 542 543 /** 544 * kmem_cache_shrink - Shrink a cache. 545 * @cachep: The cache to shrink. 546 * 547 * Releases as many slabs as possible for a cache. 548 * To help debugging, a zero exit status indicates all slabs were released. 549 * 550 * Return: %0 if all slabs were released, non-zero otherwise 551 */ kmem_cache_shrink(struct kmem_cache * cachep)552 int kmem_cache_shrink(struct kmem_cache *cachep) 553 { 554 kasan_cache_shrink(cachep); 555 556 return __kmem_cache_shrink(cachep); 557 } 558 EXPORT_SYMBOL(kmem_cache_shrink); 559 slab_is_available(void)560 bool slab_is_available(void) 561 { 562 return slab_state >= UP; 563 } 564 565 #ifdef CONFIG_PRINTK kmem_obj_info(struct kmem_obj_info * kpp,void * object,struct slab * slab)566 static void kmem_obj_info(struct kmem_obj_info *kpp, void *object, struct slab *slab) 567 { 568 if (__kfence_obj_info(kpp, object, slab)) 569 return; 570 __kmem_obj_info(kpp, object, slab); 571 } 572 573 /** 574 * kmem_dump_obj - Print available slab provenance information 575 * @object: slab object for which to find provenance information. 576 * 577 * This function uses pr_cont(), so that the caller is expected to have 578 * printed out whatever preamble is appropriate. The provenance information 579 * depends on the type of object and on how much debugging is enabled. 580 * For a slab-cache object, the fact that it is a slab object is printed, 581 * and, if available, the slab name, return address, and stack trace from 582 * the allocation and last free path of that object. 583 * 584 * Return: %true if the pointer is to a not-yet-freed object from 585 * kmalloc() or kmem_cache_alloc(), either %true or %false if the pointer 586 * is to an already-freed object, and %false otherwise. 587 */ kmem_dump_obj(void * object)588 bool kmem_dump_obj(void *object) 589 { 590 char *cp = IS_ENABLED(CONFIG_MMU) ? "" : "/vmalloc"; 591 int i; 592 struct slab *slab; 593 unsigned long ptroffset; 594 struct kmem_obj_info kp = { }; 595 596 /* Some arches consider ZERO_SIZE_PTR to be a valid address. */ 597 if (object < (void *)PAGE_SIZE || !virt_addr_valid(object)) 598 return false; 599 slab = virt_to_slab(object); 600 if (!slab) 601 return false; 602 603 kmem_obj_info(&kp, object, slab); 604 if (kp.kp_slab_cache) 605 pr_cont(" slab%s %s", cp, kp.kp_slab_cache->name); 606 else 607 pr_cont(" slab%s", cp); 608 if (is_kfence_address(object)) 609 pr_cont(" (kfence)"); 610 if (kp.kp_objp) 611 pr_cont(" start %px", kp.kp_objp); 612 if (kp.kp_data_offset) 613 pr_cont(" data offset %lu", kp.kp_data_offset); 614 if (kp.kp_objp) { 615 ptroffset = ((char *)object - (char *)kp.kp_objp) - kp.kp_data_offset; 616 pr_cont(" pointer offset %lu", ptroffset); 617 } 618 if (kp.kp_slab_cache && kp.kp_slab_cache->object_size) 619 pr_cont(" size %u", kp.kp_slab_cache->object_size); 620 if (kp.kp_ret) 621 pr_cont(" allocated at %pS\n", kp.kp_ret); 622 else 623 pr_cont("\n"); 624 for (i = 0; i < ARRAY_SIZE(kp.kp_stack); i++) { 625 if (!kp.kp_stack[i]) 626 break; 627 pr_info(" %pS\n", kp.kp_stack[i]); 628 } 629 630 if (kp.kp_free_stack[0]) 631 pr_cont(" Free path:\n"); 632 633 for (i = 0; i < ARRAY_SIZE(kp.kp_free_stack); i++) { 634 if (!kp.kp_free_stack[i]) 635 break; 636 pr_info(" %pS\n", kp.kp_free_stack[i]); 637 } 638 639 return true; 640 } 641 EXPORT_SYMBOL_GPL(kmem_dump_obj); 642 #endif 643 644 /* Create a cache during boot when no slab services are available yet */ create_boot_cache(struct kmem_cache * s,const char * name,unsigned int size,slab_flags_t flags,unsigned int useroffset,unsigned int usersize)645 void __init create_boot_cache(struct kmem_cache *s, const char *name, 646 unsigned int size, slab_flags_t flags, 647 unsigned int useroffset, unsigned int usersize) 648 { 649 int err; 650 unsigned int align = ARCH_KMALLOC_MINALIGN; 651 struct kmem_cache_args kmem_args = {}; 652 653 /* 654 * kmalloc caches guarantee alignment of at least the largest 655 * power-of-two divisor of the size. For power-of-two sizes, 656 * it is the size itself. 657 */ 658 if (flags & SLAB_KMALLOC) 659 align = max(align, 1U << (ffs(size) - 1)); 660 kmem_args.align = calculate_alignment(flags, align, size); 661 662 #ifdef CONFIG_HARDENED_USERCOPY 663 kmem_args.useroffset = useroffset; 664 kmem_args.usersize = usersize; 665 #endif 666 667 err = do_kmem_cache_create(s, name, size, &kmem_args, flags); 668 669 if (err) 670 panic("Creation of kmalloc slab %s size=%u failed. Reason %d\n", 671 name, size, err); 672 673 s->refcount = -1; /* Exempt from merging for now */ 674 } 675 create_kmalloc_cache(const char * name,unsigned int size,slab_flags_t flags)676 static struct kmem_cache *__init create_kmalloc_cache(const char *name, 677 unsigned int size, 678 slab_flags_t flags) 679 { 680 struct kmem_cache *s = kmem_cache_zalloc(kmem_cache, GFP_NOWAIT); 681 682 if (!s) 683 panic("Out of memory when creating slab %s\n", name); 684 685 create_boot_cache(s, name, size, flags | SLAB_KMALLOC, 0, size); 686 list_add(&s->list, &slab_caches); 687 s->refcount = 1; 688 return s; 689 } 690 691 kmem_buckets kmalloc_caches[NR_KMALLOC_TYPES] __ro_after_init = 692 { /* initialization for https://llvm.org/pr42570 */ }; 693 EXPORT_SYMBOL(kmalloc_caches); 694 695 #ifdef CONFIG_RANDOM_KMALLOC_CACHES 696 unsigned long random_kmalloc_seed __ro_after_init; 697 EXPORT_SYMBOL(random_kmalloc_seed); 698 #endif 699 700 /* 701 * Conversion table for small slabs sizes / 8 to the index in the 702 * kmalloc array. This is necessary for slabs < 192 since we have non power 703 * of two cache sizes there. The size of larger slabs can be determined using 704 * fls. 705 */ 706 u8 kmalloc_size_index[24] __ro_after_init = { 707 3, /* 8 */ 708 4, /* 16 */ 709 5, /* 24 */ 710 5, /* 32 */ 711 6, /* 40 */ 712 6, /* 48 */ 713 6, /* 56 */ 714 6, /* 64 */ 715 1, /* 72 */ 716 1, /* 80 */ 717 1, /* 88 */ 718 1, /* 96 */ 719 7, /* 104 */ 720 7, /* 112 */ 721 7, /* 120 */ 722 7, /* 128 */ 723 2, /* 136 */ 724 2, /* 144 */ 725 2, /* 152 */ 726 2, /* 160 */ 727 2, /* 168 */ 728 2, /* 176 */ 729 2, /* 184 */ 730 2 /* 192 */ 731 }; 732 kmalloc_size_roundup(size_t size)733 size_t kmalloc_size_roundup(size_t size) 734 { 735 if (size && size <= KMALLOC_MAX_CACHE_SIZE) { 736 /* 737 * The flags don't matter since size_index is common to all. 738 * Neither does the caller for just getting ->object_size. 739 */ 740 return kmalloc_slab(size, NULL, GFP_KERNEL, 0)->object_size; 741 } 742 743 /* Above the smaller buckets, size is a multiple of page size. */ 744 if (size && size <= KMALLOC_MAX_SIZE) 745 return PAGE_SIZE << get_order(size); 746 747 /* 748 * Return 'size' for 0 - kmalloc() returns ZERO_SIZE_PTR 749 * and very large size - kmalloc() may fail. 750 */ 751 return size; 752 753 } 754 EXPORT_SYMBOL(kmalloc_size_roundup); 755 756 #ifdef CONFIG_ZONE_DMA 757 #define KMALLOC_DMA_NAME(sz) .name[KMALLOC_DMA] = "dma-kmalloc-" #sz, 758 #else 759 #define KMALLOC_DMA_NAME(sz) 760 #endif 761 762 #ifdef CONFIG_MEMCG 763 #define KMALLOC_CGROUP_NAME(sz) .name[KMALLOC_CGROUP] = "kmalloc-cg-" #sz, 764 #else 765 #define KMALLOC_CGROUP_NAME(sz) 766 #endif 767 768 #ifndef CONFIG_SLUB_TINY 769 #define KMALLOC_RCL_NAME(sz) .name[KMALLOC_RECLAIM] = "kmalloc-rcl-" #sz, 770 #else 771 #define KMALLOC_RCL_NAME(sz) 772 #endif 773 774 #ifdef CONFIG_RANDOM_KMALLOC_CACHES 775 #define __KMALLOC_RANDOM_CONCAT(a, b) a ## b 776 #define KMALLOC_RANDOM_NAME(N, sz) __KMALLOC_RANDOM_CONCAT(KMA_RAND_, N)(sz) 777 #define KMA_RAND_1(sz) .name[KMALLOC_RANDOM_START + 1] = "kmalloc-rnd-01-" #sz, 778 #define KMA_RAND_2(sz) KMA_RAND_1(sz) .name[KMALLOC_RANDOM_START + 2] = "kmalloc-rnd-02-" #sz, 779 #define KMA_RAND_3(sz) KMA_RAND_2(sz) .name[KMALLOC_RANDOM_START + 3] = "kmalloc-rnd-03-" #sz, 780 #define KMA_RAND_4(sz) KMA_RAND_3(sz) .name[KMALLOC_RANDOM_START + 4] = "kmalloc-rnd-04-" #sz, 781 #define KMA_RAND_5(sz) KMA_RAND_4(sz) .name[KMALLOC_RANDOM_START + 5] = "kmalloc-rnd-05-" #sz, 782 #define KMA_RAND_6(sz) KMA_RAND_5(sz) .name[KMALLOC_RANDOM_START + 6] = "kmalloc-rnd-06-" #sz, 783 #define KMA_RAND_7(sz) KMA_RAND_6(sz) .name[KMALLOC_RANDOM_START + 7] = "kmalloc-rnd-07-" #sz, 784 #define KMA_RAND_8(sz) KMA_RAND_7(sz) .name[KMALLOC_RANDOM_START + 8] = "kmalloc-rnd-08-" #sz, 785 #define KMA_RAND_9(sz) KMA_RAND_8(sz) .name[KMALLOC_RANDOM_START + 9] = "kmalloc-rnd-09-" #sz, 786 #define KMA_RAND_10(sz) KMA_RAND_9(sz) .name[KMALLOC_RANDOM_START + 10] = "kmalloc-rnd-10-" #sz, 787 #define KMA_RAND_11(sz) KMA_RAND_10(sz) .name[KMALLOC_RANDOM_START + 11] = "kmalloc-rnd-11-" #sz, 788 #define KMA_RAND_12(sz) KMA_RAND_11(sz) .name[KMALLOC_RANDOM_START + 12] = "kmalloc-rnd-12-" #sz, 789 #define KMA_RAND_13(sz) KMA_RAND_12(sz) .name[KMALLOC_RANDOM_START + 13] = "kmalloc-rnd-13-" #sz, 790 #define KMA_RAND_14(sz) KMA_RAND_13(sz) .name[KMALLOC_RANDOM_START + 14] = "kmalloc-rnd-14-" #sz, 791 #define KMA_RAND_15(sz) KMA_RAND_14(sz) .name[KMALLOC_RANDOM_START + 15] = "kmalloc-rnd-15-" #sz, 792 #else // CONFIG_RANDOM_KMALLOC_CACHES 793 #define KMALLOC_RANDOM_NAME(N, sz) 794 #endif 795 796 #define INIT_KMALLOC_INFO(__size, __short_size) \ 797 { \ 798 .name[KMALLOC_NORMAL] = "kmalloc-" #__short_size, \ 799 KMALLOC_RCL_NAME(__short_size) \ 800 KMALLOC_CGROUP_NAME(__short_size) \ 801 KMALLOC_DMA_NAME(__short_size) \ 802 KMALLOC_RANDOM_NAME(RANDOM_KMALLOC_CACHES_NR, __short_size) \ 803 .size = __size, \ 804 } 805 806 /* 807 * kmalloc_info[] is to make slab_debug=,kmalloc-xx option work at boot time. 808 * kmalloc_index() supports up to 2^21=2MB, so the final entry of the table is 809 * kmalloc-2M. 810 */ 811 const struct kmalloc_info_struct kmalloc_info[] __initconst = { 812 INIT_KMALLOC_INFO(0, 0), 813 INIT_KMALLOC_INFO(96, 96), 814 INIT_KMALLOC_INFO(192, 192), 815 INIT_KMALLOC_INFO(8, 8), 816 INIT_KMALLOC_INFO(16, 16), 817 INIT_KMALLOC_INFO(32, 32), 818 INIT_KMALLOC_INFO(64, 64), 819 INIT_KMALLOC_INFO(128, 128), 820 INIT_KMALLOC_INFO(256, 256), 821 INIT_KMALLOC_INFO(512, 512), 822 INIT_KMALLOC_INFO(1024, 1k), 823 INIT_KMALLOC_INFO(2048, 2k), 824 INIT_KMALLOC_INFO(4096, 4k), 825 INIT_KMALLOC_INFO(8192, 8k), 826 INIT_KMALLOC_INFO(16384, 16k), 827 INIT_KMALLOC_INFO(32768, 32k), 828 INIT_KMALLOC_INFO(65536, 64k), 829 INIT_KMALLOC_INFO(131072, 128k), 830 INIT_KMALLOC_INFO(262144, 256k), 831 INIT_KMALLOC_INFO(524288, 512k), 832 INIT_KMALLOC_INFO(1048576, 1M), 833 INIT_KMALLOC_INFO(2097152, 2M) 834 }; 835 836 /* 837 * Patch up the size_index table if we have strange large alignment 838 * requirements for the kmalloc array. This is only the case for 839 * MIPS it seems. The standard arches will not generate any code here. 840 * 841 * Largest permitted alignment is 256 bytes due to the way we 842 * handle the index determination for the smaller caches. 843 * 844 * Make sure that nothing crazy happens if someone starts tinkering 845 * around with ARCH_KMALLOC_MINALIGN 846 */ setup_kmalloc_cache_index_table(void)847 void __init setup_kmalloc_cache_index_table(void) 848 { 849 unsigned int i; 850 851 BUILD_BUG_ON(KMALLOC_MIN_SIZE > 256 || 852 !is_power_of_2(KMALLOC_MIN_SIZE)); 853 854 for (i = 8; i < KMALLOC_MIN_SIZE; i += 8) { 855 unsigned int elem = size_index_elem(i); 856 857 if (elem >= ARRAY_SIZE(kmalloc_size_index)) 858 break; 859 kmalloc_size_index[elem] = KMALLOC_SHIFT_LOW; 860 } 861 862 if (KMALLOC_MIN_SIZE >= 64) { 863 /* 864 * The 96 byte sized cache is not used if the alignment 865 * is 64 byte. 866 */ 867 for (i = 64 + 8; i <= 96; i += 8) 868 kmalloc_size_index[size_index_elem(i)] = 7; 869 870 } 871 872 if (KMALLOC_MIN_SIZE >= 128) { 873 /* 874 * The 192 byte sized cache is not used if the alignment 875 * is 128 byte. Redirect kmalloc to use the 256 byte cache 876 * instead. 877 */ 878 for (i = 128 + 8; i <= 192; i += 8) 879 kmalloc_size_index[size_index_elem(i)] = 8; 880 } 881 } 882 __kmalloc_minalign(void)883 static unsigned int __kmalloc_minalign(void) 884 { 885 unsigned int minalign = dma_get_cache_alignment(); 886 887 if (IS_ENABLED(CONFIG_DMA_BOUNCE_UNALIGNED_KMALLOC) && 888 is_swiotlb_allocated()) 889 minalign = ARCH_KMALLOC_MINALIGN; 890 891 return max(minalign, arch_slab_minalign()); 892 } 893 894 static void __init new_kmalloc_cache(int idx,enum kmalloc_cache_type type)895 new_kmalloc_cache(int idx, enum kmalloc_cache_type type) 896 { 897 slab_flags_t flags = 0; 898 unsigned int minalign = __kmalloc_minalign(); 899 unsigned int aligned_size = kmalloc_info[idx].size; 900 int aligned_idx = idx; 901 902 if ((KMALLOC_RECLAIM != KMALLOC_NORMAL) && (type == KMALLOC_RECLAIM)) { 903 flags |= SLAB_RECLAIM_ACCOUNT; 904 } else if (IS_ENABLED(CONFIG_MEMCG) && (type == KMALLOC_CGROUP)) { 905 if (mem_cgroup_kmem_disabled()) { 906 kmalloc_caches[type][idx] = kmalloc_caches[KMALLOC_NORMAL][idx]; 907 return; 908 } 909 flags |= SLAB_ACCOUNT; 910 } else if (IS_ENABLED(CONFIG_ZONE_DMA) && (type == KMALLOC_DMA)) { 911 flags |= SLAB_CACHE_DMA; 912 } 913 914 #ifdef CONFIG_RANDOM_KMALLOC_CACHES 915 if (type >= KMALLOC_RANDOM_START && type <= KMALLOC_RANDOM_END) 916 flags |= SLAB_NO_MERGE; 917 #endif 918 919 /* 920 * If CONFIG_MEMCG is enabled, disable cache merging for 921 * KMALLOC_NORMAL caches. 922 */ 923 if (IS_ENABLED(CONFIG_MEMCG) && (type == KMALLOC_NORMAL)) 924 flags |= SLAB_NO_MERGE; 925 926 if (minalign > ARCH_KMALLOC_MINALIGN) { 927 aligned_size = ALIGN(aligned_size, minalign); 928 aligned_idx = __kmalloc_index(aligned_size, false); 929 } 930 931 if (!kmalloc_caches[type][aligned_idx]) 932 kmalloc_caches[type][aligned_idx] = create_kmalloc_cache( 933 kmalloc_info[aligned_idx].name[type], 934 aligned_size, flags); 935 if (idx != aligned_idx) 936 kmalloc_caches[type][idx] = kmalloc_caches[type][aligned_idx]; 937 } 938 939 /* 940 * Create the kmalloc array. Some of the regular kmalloc arrays 941 * may already have been created because they were needed to 942 * enable allocations for slab creation. 943 */ create_kmalloc_caches(void)944 void __init create_kmalloc_caches(void) 945 { 946 int i; 947 enum kmalloc_cache_type type; 948 949 /* 950 * Including KMALLOC_CGROUP if CONFIG_MEMCG defined 951 */ 952 for (type = KMALLOC_NORMAL; type < NR_KMALLOC_TYPES; type++) { 953 /* Caches that are NOT of the two-to-the-power-of size. */ 954 if (KMALLOC_MIN_SIZE <= 32) 955 new_kmalloc_cache(1, type); 956 if (KMALLOC_MIN_SIZE <= 64) 957 new_kmalloc_cache(2, type); 958 959 /* Caches that are of the two-to-the-power-of size. */ 960 for (i = KMALLOC_SHIFT_LOW; i <= KMALLOC_SHIFT_HIGH; i++) 961 new_kmalloc_cache(i, type); 962 } 963 #ifdef CONFIG_RANDOM_KMALLOC_CACHES 964 random_kmalloc_seed = get_random_u64(); 965 #endif 966 967 /* Kmalloc array is now usable */ 968 slab_state = UP; 969 970 if (IS_ENABLED(CONFIG_SLAB_BUCKETS)) 971 kmem_buckets_cache = kmem_cache_create("kmalloc_buckets", 972 sizeof(kmem_buckets), 973 0, SLAB_NO_MERGE, NULL); 974 } 975 976 /** 977 * __ksize -- Report full size of underlying allocation 978 * @object: pointer to the object 979 * 980 * This should only be used internally to query the true size of allocations. 981 * It is not meant to be a way to discover the usable size of an allocation 982 * after the fact. Instead, use kmalloc_size_roundup(). Using memory beyond 983 * the originally requested allocation size may trigger KASAN, UBSAN_BOUNDS, 984 * and/or FORTIFY_SOURCE. 985 * 986 * Return: size of the actual memory used by @object in bytes 987 */ __ksize(const void * object)988 size_t __ksize(const void *object) 989 { 990 struct folio *folio; 991 992 if (unlikely(object == ZERO_SIZE_PTR)) 993 return 0; 994 995 folio = virt_to_folio(object); 996 997 if (unlikely(!folio_test_slab(folio))) { 998 if (WARN_ON(folio_size(folio) <= KMALLOC_MAX_CACHE_SIZE)) 999 return 0; 1000 if (WARN_ON(object != folio_address(folio))) 1001 return 0; 1002 return folio_size(folio); 1003 } 1004 1005 #ifdef CONFIG_SLUB_DEBUG 1006 skip_orig_size_check(folio_slab(folio)->slab_cache, object); 1007 #endif 1008 1009 return slab_ksize(folio_slab(folio)->slab_cache); 1010 } 1011 kmalloc_fix_flags(gfp_t flags)1012 gfp_t kmalloc_fix_flags(gfp_t flags) 1013 { 1014 gfp_t invalid_mask = flags & GFP_SLAB_BUG_MASK; 1015 1016 flags &= ~GFP_SLAB_BUG_MASK; 1017 pr_warn("Unexpected gfp: %#x (%pGg). Fixing up to gfp: %#x (%pGg). Fix your code!\n", 1018 invalid_mask, &invalid_mask, flags, &flags); 1019 dump_stack(); 1020 1021 return flags; 1022 } 1023 1024 #ifdef CONFIG_SLAB_FREELIST_RANDOM 1025 /* Randomize a generic freelist */ freelist_randomize(unsigned int * list,unsigned int count)1026 static void freelist_randomize(unsigned int *list, 1027 unsigned int count) 1028 { 1029 unsigned int rand; 1030 unsigned int i; 1031 1032 for (i = 0; i < count; i++) 1033 list[i] = i; 1034 1035 /* Fisher-Yates shuffle */ 1036 for (i = count - 1; i > 0; i--) { 1037 rand = get_random_u32_below(i + 1); 1038 swap(list[i], list[rand]); 1039 } 1040 } 1041 1042 /* Create a random sequence per cache */ cache_random_seq_create(struct kmem_cache * cachep,unsigned int count,gfp_t gfp)1043 int cache_random_seq_create(struct kmem_cache *cachep, unsigned int count, 1044 gfp_t gfp) 1045 { 1046 1047 if (count < 2 || cachep->random_seq) 1048 return 0; 1049 1050 cachep->random_seq = kcalloc(count, sizeof(unsigned int), gfp); 1051 if (!cachep->random_seq) 1052 return -ENOMEM; 1053 1054 freelist_randomize(cachep->random_seq, count); 1055 return 0; 1056 } 1057 1058 /* Destroy the per-cache random freelist sequence */ cache_random_seq_destroy(struct kmem_cache * cachep)1059 void cache_random_seq_destroy(struct kmem_cache *cachep) 1060 { 1061 kfree(cachep->random_seq); 1062 cachep->random_seq = NULL; 1063 } 1064 #endif /* CONFIG_SLAB_FREELIST_RANDOM */ 1065 1066 #ifdef CONFIG_SLUB_DEBUG 1067 #define SLABINFO_RIGHTS (0400) 1068 print_slabinfo_header(struct seq_file * m)1069 static void print_slabinfo_header(struct seq_file *m) 1070 { 1071 /* 1072 * Output format version, so at least we can change it 1073 * without _too_ many complaints. 1074 */ 1075 seq_puts(m, "slabinfo - version: 2.1\n"); 1076 seq_puts(m, "# name <active_objs> <num_objs> <objsize> <objperslab> <pagesperslab>"); 1077 seq_puts(m, " : tunables <limit> <batchcount> <sharedfactor>"); 1078 seq_puts(m, " : slabdata <active_slabs> <num_slabs> <sharedavail>"); 1079 seq_putc(m, '\n'); 1080 } 1081 slab_start(struct seq_file * m,loff_t * pos)1082 static void *slab_start(struct seq_file *m, loff_t *pos) 1083 { 1084 mutex_lock(&slab_mutex); 1085 return seq_list_start(&slab_caches, *pos); 1086 } 1087 slab_next(struct seq_file * m,void * p,loff_t * pos)1088 static void *slab_next(struct seq_file *m, void *p, loff_t *pos) 1089 { 1090 return seq_list_next(p, &slab_caches, pos); 1091 } 1092 slab_stop(struct seq_file * m,void * p)1093 static void slab_stop(struct seq_file *m, void *p) 1094 { 1095 mutex_unlock(&slab_mutex); 1096 } 1097 cache_show(struct kmem_cache * s,struct seq_file * m)1098 static void cache_show(struct kmem_cache *s, struct seq_file *m) 1099 { 1100 struct slabinfo sinfo; 1101 1102 memset(&sinfo, 0, sizeof(sinfo)); 1103 get_slabinfo(s, &sinfo); 1104 1105 seq_printf(m, "%-17s %6lu %6lu %6u %4u %4d", 1106 s->name, sinfo.active_objs, sinfo.num_objs, s->size, 1107 sinfo.objects_per_slab, (1 << sinfo.cache_order)); 1108 1109 seq_printf(m, " : tunables %4u %4u %4u", 1110 sinfo.limit, sinfo.batchcount, sinfo.shared); 1111 seq_printf(m, " : slabdata %6lu %6lu %6lu", 1112 sinfo.active_slabs, sinfo.num_slabs, sinfo.shared_avail); 1113 seq_putc(m, '\n'); 1114 } 1115 slab_show(struct seq_file * m,void * p)1116 static int slab_show(struct seq_file *m, void *p) 1117 { 1118 struct kmem_cache *s = list_entry(p, struct kmem_cache, list); 1119 1120 if (p == slab_caches.next) 1121 print_slabinfo_header(m); 1122 cache_show(s, m); 1123 return 0; 1124 } 1125 dump_unreclaimable_slab(void)1126 void dump_unreclaimable_slab(void) 1127 { 1128 struct kmem_cache *s; 1129 struct slabinfo sinfo; 1130 1131 /* 1132 * Here acquiring slab_mutex is risky since we don't prefer to get 1133 * sleep in oom path. But, without mutex hold, it may introduce a 1134 * risk of crash. 1135 * Use mutex_trylock to protect the list traverse, dump nothing 1136 * without acquiring the mutex. 1137 */ 1138 if (!mutex_trylock(&slab_mutex)) { 1139 pr_warn("excessive unreclaimable slab but cannot dump stats\n"); 1140 return; 1141 } 1142 1143 pr_info("Unreclaimable slab info:\n"); 1144 pr_info("Name Used Total\n"); 1145 1146 list_for_each_entry(s, &slab_caches, list) { 1147 if (s->flags & SLAB_RECLAIM_ACCOUNT) 1148 continue; 1149 1150 get_slabinfo(s, &sinfo); 1151 1152 if (sinfo.num_objs > 0) 1153 pr_info("%-17s %10luKB %10luKB\n", s->name, 1154 (sinfo.active_objs * s->size) / 1024, 1155 (sinfo.num_objs * s->size) / 1024); 1156 } 1157 mutex_unlock(&slab_mutex); 1158 } 1159 1160 /* 1161 * slabinfo_op - iterator that generates /proc/slabinfo 1162 * 1163 * Output layout: 1164 * cache-name 1165 * num-active-objs 1166 * total-objs 1167 * object size 1168 * num-active-slabs 1169 * total-slabs 1170 * num-pages-per-slab 1171 * + further values on SMP and with statistics enabled 1172 */ 1173 static const struct seq_operations slabinfo_op = { 1174 .start = slab_start, 1175 .next = slab_next, 1176 .stop = slab_stop, 1177 .show = slab_show, 1178 }; 1179 slabinfo_open(struct inode * inode,struct file * file)1180 static int slabinfo_open(struct inode *inode, struct file *file) 1181 { 1182 return seq_open(file, &slabinfo_op); 1183 } 1184 1185 static const struct proc_ops slabinfo_proc_ops = { 1186 .proc_flags = PROC_ENTRY_PERMANENT, 1187 .proc_open = slabinfo_open, 1188 .proc_read = seq_read, 1189 .proc_lseek = seq_lseek, 1190 .proc_release = seq_release, 1191 }; 1192 slab_proc_init(void)1193 static int __init slab_proc_init(void) 1194 { 1195 proc_create("slabinfo", SLABINFO_RIGHTS, NULL, &slabinfo_proc_ops); 1196 return 0; 1197 } 1198 module_init(slab_proc_init); 1199 1200 #endif /* CONFIG_SLUB_DEBUG */ 1201 1202 static __always_inline __realloc_size(2) void * __do_krealloc(const void * p,size_t new_size,gfp_t flags)1203 __do_krealloc(const void *p, size_t new_size, gfp_t flags) 1204 { 1205 void *ret; 1206 size_t ks; 1207 1208 /* Check for double-free before calling ksize. */ 1209 if (likely(!ZERO_OR_NULL_PTR(p))) { 1210 if (!kasan_check_byte(p)) 1211 return NULL; 1212 ks = ksize(p); 1213 } else 1214 ks = 0; 1215 1216 /* If the object still fits, repoison it precisely. */ 1217 if (ks >= new_size) { 1218 /* Zero out spare memory. */ 1219 if (want_init_on_alloc(flags)) { 1220 kasan_disable_current(); 1221 memset(kasan_reset_tag(p) + new_size, 0, ks - new_size); 1222 kasan_enable_current(); 1223 } 1224 1225 p = kasan_krealloc((void *)p, new_size, flags); 1226 return (void *)p; 1227 } 1228 1229 ret = kmalloc_node_track_caller_noprof(new_size, flags, NUMA_NO_NODE, _RET_IP_); 1230 if (ret && p) { 1231 /* Disable KASAN checks as the object's redzone is accessed. */ 1232 kasan_disable_current(); 1233 memcpy(ret, kasan_reset_tag(p), ks); 1234 kasan_enable_current(); 1235 } 1236 1237 return ret; 1238 } 1239 1240 /** 1241 * krealloc - reallocate memory. The contents will remain unchanged. 1242 * @p: object to reallocate memory for. 1243 * @new_size: how many bytes of memory are required. 1244 * @flags: the type of memory to allocate. 1245 * 1246 * If @p is %NULL, krealloc() behaves exactly like kmalloc(). If @new_size 1247 * is 0 and @p is not a %NULL pointer, the object pointed to is freed. 1248 * 1249 * If __GFP_ZERO logic is requested, callers must ensure that, starting with the 1250 * initial memory allocation, every subsequent call to this API for the same 1251 * memory allocation is flagged with __GFP_ZERO. Otherwise, it is possible that 1252 * __GFP_ZERO is not fully honored by this API. 1253 * 1254 * This is the case, since krealloc() only knows about the bucket size of an 1255 * allocation (but not the exact size it was allocated with) and hence 1256 * implements the following semantics for shrinking and growing buffers with 1257 * __GFP_ZERO. 1258 * 1259 * new bucket 1260 * 0 size size 1261 * |--------|----------------| 1262 * | keep | zero | 1263 * 1264 * In any case, the contents of the object pointed to are preserved up to the 1265 * lesser of the new and old sizes. 1266 * 1267 * Return: pointer to the allocated memory or %NULL in case of error 1268 */ krealloc_noprof(const void * p,size_t new_size,gfp_t flags)1269 void *krealloc_noprof(const void *p, size_t new_size, gfp_t flags) 1270 { 1271 void *ret; 1272 1273 if (unlikely(!new_size)) { 1274 kfree(p); 1275 return ZERO_SIZE_PTR; 1276 } 1277 1278 ret = __do_krealloc(p, new_size, flags); 1279 if (ret && kasan_reset_tag(p) != kasan_reset_tag(ret)) 1280 kfree(p); 1281 1282 return ret; 1283 } 1284 EXPORT_SYMBOL(krealloc_noprof); 1285 1286 /** 1287 * kfree_sensitive - Clear sensitive information in memory before freeing 1288 * @p: object to free memory of 1289 * 1290 * The memory of the object @p points to is zeroed before freed. 1291 * If @p is %NULL, kfree_sensitive() does nothing. 1292 * 1293 * Note: this function zeroes the whole allocated buffer which can be a good 1294 * deal bigger than the requested buffer size passed to kmalloc(). So be 1295 * careful when using this function in performance sensitive code. 1296 */ kfree_sensitive(const void * p)1297 void kfree_sensitive(const void *p) 1298 { 1299 size_t ks; 1300 void *mem = (void *)p; 1301 1302 ks = ksize(mem); 1303 if (ks) { 1304 kasan_unpoison_range(mem, ks); 1305 memzero_explicit(mem, ks); 1306 } 1307 kfree(mem); 1308 } 1309 EXPORT_SYMBOL(kfree_sensitive); 1310 ksize(const void * objp)1311 size_t ksize(const void *objp) 1312 { 1313 /* 1314 * We need to first check that the pointer to the object is valid. 1315 * The KASAN report printed from ksize() is more useful, then when 1316 * it's printed later when the behaviour could be undefined due to 1317 * a potential use-after-free or double-free. 1318 * 1319 * We use kasan_check_byte(), which is supported for the hardware 1320 * tag-based KASAN mode, unlike kasan_check_read/write(). 1321 * 1322 * If the pointed to memory is invalid, we return 0 to avoid users of 1323 * ksize() writing to and potentially corrupting the memory region. 1324 * 1325 * We want to perform the check before __ksize(), to avoid potentially 1326 * crashing in __ksize() due to accessing invalid metadata. 1327 */ 1328 if (unlikely(ZERO_OR_NULL_PTR(objp)) || !kasan_check_byte(objp)) 1329 return 0; 1330 1331 return kfence_ksize(objp) ?: __ksize(objp); 1332 } 1333 EXPORT_SYMBOL(ksize); 1334 1335 /* Tracepoints definitions. */ 1336 EXPORT_TRACEPOINT_SYMBOL(kmalloc); 1337 EXPORT_TRACEPOINT_SYMBOL(kmem_cache_alloc); 1338 EXPORT_TRACEPOINT_SYMBOL(kfree); 1339 EXPORT_TRACEPOINT_SYMBOL(kmem_cache_free); 1340 1341