Page MenuHomeFreeBSD
Differential D45812

malloc(9): extend contigmalloc(9) by a "slab cookie"
ClosedPublic
Actions

Authored by bz on Jun 30 2024, 7:27 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Sep 28, 2:48 PM
Unknown Object (File)
Sat, Sep 21, 1:56 PM
Unknown Object (File)
Fri, Sep 20, 5:54 PM
Unknown Object (File)
Fri, Sep 20, 5:54 PM
Unknown Object (File)
Fri, Sep 20, 5:54 PM
Unknown Object (File)
Fri, Sep 20, 5:54 PM
Unknown Object (File)
Fri, Sep 20, 5:54 PM
Unknown Object (File)
Fri, Sep 20, 5:32 PM
View All 27 Files
Subscribers
cperciva
imp
olce
rwatson

Details

Reviewers
jhb
markj
kib
Commits
rGd2587a699e37: malloc(9): extend contigmalloc(9) by a "slab cookie"
rG1eb6c9cfc9b0: malloc(9): extend contigmalloc(9) by a "slab cookie"
rG9e6544dd6e02: malloc(9): extend contigmalloc(9) by a "slab cookie"
Summary

Extend kern_malloc.c internals to also cover contigmalloc(9) by a
"slab cookie" and not just malloc/malloc_large. This allows us to
call free(9) even on contigmalloc(9) addresses.
Extend the contigmalloc(9) man page with a small additional note that
free(9) also works now.

The implementation also adds additional chacks now under INVARIANTS;
e.g. validity of a cookie (allocation type) in various places as well
as size and allocation type checks for contigfree(9).

The way this is done (free working for contigmalloc) will hide the
UMA/VM bits from a consumer which may otherwise need to know whether
the original allocation was by malloc or contigmalloc by looking at
the cookie (likely via an accessor function). This simplifies
the implementation of consumers of mixed environments a lot.

This is preliminary work to allow LinuxKPI to be adjusted to better
play by the rules Linux puts out for various allocations.
Most of this was described/explained to me by jhb.

One may observe that realloc(9) is currently unchanged (and contrary
to [contig]malloc/[contig]free an implementation may need access
the "slab cookie" information given it will likely be implementation
dependent which allocation to use if size changes beyond the usable
size of the initial allocation).

Described by: jhb
Sponsored by: The FreeBSD Foundation
MFC after: 3 days

Test Plan

I've been running with this + LinuxKPI changes for a good month
and a bit now.
I wonder whom to ask to micro-benchmark this?

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

bz created this revision.Jun 30 2024, 7:27 PM
Herald added subscribers: olce, imp. · View Herald TranscriptJun 30 2024, 7:27 PM
bz requested review of this revision.Jun 30 2024, 7:27 PM
Harbormaster completed remote builds in B58429: Diff 140405.Jun 30 2024, 7:27 PM
bz added a child revision: D45813: LinuxKPI: skbuff: adjust to updated malloc/contigmalloc and free(9)..Jun 30 2024, 7:52 PM
bz mentioned this in D45815: LinuxKPI: move __kmalloc from slab.h to slab.c.Jun 30 2024, 8:49 PM
bz added a child revision: D45815: LinuxKPI: move __kmalloc from slab.h to slab.c.Jun 30 2024, 9:09 PM
markj added inline comments.Jul 1 2024, 3:02 PM
share/man/man9/contigmalloc.9
121

Can't we always use free() now? If so, I would prefer to eliminate contigfree().

sys/kern/kern_malloc.c
472

KASSERT strings don't need a newline.

491

This line is too long. It would be good to introduce a macro to provide this cookie instead of manually constructing it.

536

Panic strings shouldn't end with a newline or a period. I see a couple of preexisting strings which have them but that's just a bug.

951

If you introduce a macro to extract the cookie type, the code will be a bit neater and then you don't need the slab_cookie helper variable.

952

It would be preferable to keep the branch hint. I believe you can annotate case statements the same way, i.e., case __predict_true(SLAB_COOKIE_SLAB_PTR):.

1021

There's no need to do anything special for KASAN here, it'll be handled in the kmem_* layer.

1181

I'd suggest simply replacing this case with __assert_unreachable();. You lose the panic string, but the info there is not very useful anyway.

bz planned changes to this revision.Jul 22 2024, 7:19 PM

Mark state to address Mark's comments.

bz marked 8 inline comments as done.Jul 22 2024, 8:33 PM

I've locally implemented all the suggestions (Thanks a lot!).

I'll update the review in a bit; the rebase takes a bits longer to recompile after having been mostly offline for a bit.

share/man/man9/contigmalloc.9
121

I'll mark it "deprecated" in this change and we can do the sweep over the tree in a separate pass (I am all for it if we easily can).

bz updated this revision to Diff 141251.Jul 23 2024, 11:05 AM
bz marked an inline comment as done.

Try to address all the comments from @markj

Harbormaster completed remote builds in B58768: Diff 141251.Jul 23 2024, 11:05 AM
kib accepted this revision.Jul 23 2024, 12:03 PM
kib added inline comments.
sys/kern/kern_malloc.c
1022

IMO it makes sense to bzero whole page(s) from contigmalloc, not only the allocated size, if bzero-ing.

BTW why do we bzero the stuff on deallocation?

This revision is now accepted and ready to land.Jul 23 2024, 12:03 PM
bz added inline comments.Jul 23 2024, 12:22 PM
sys/kern/kern_malloc.c
1022

I was wondering while updating the patch but left it for simplicity. I'll adjust it.
Would it be save to assume passing the rouded up size into kmem_free() is okay (given kmem_free does the same rounding as the very first thing)?

I assume zfree was introduced to wipe sensitive data right away when it is no longer needed.

markj accepted this revision.Jul 23 2024, 12:59 PM

Looks good, I like this change.

sys/kern/kern_malloc.c
123

Extra newline.

127

I think this line needs to be wrapped.

kib added inline comments.Jul 23 2024, 1:17 PM
sys/kern/kern_malloc.c
1022

I was wondering while updating the patch but left it for simplicity. I'll adjust it.
Would it be save to assume passing the rouded up size into kmem_free() is okay (given kmem_free does the same rounding as the very first thing)?

Sure.

I assume zfree was introduced to wipe sensitive data right away when it is no longer needed.

But most data is not sensitive, so it is extra unneeded work for common case.

bz updated this revision to Diff 141285.Jul 23 2024, 4:29 PM
bz marked 4 inline comments as done.

Address comments from @markj and @kib

This revision now requires review to proceed.Jul 23 2024, 4:29 PM
Harbormaster completed remote builds in B58790: Diff 141285.Jul 23 2024, 4:29 PM
bz added inline comments.Jul 23 2024, 4:29 PM
sys/kern/kern_malloc.c
1022

It's zfree not free, so the caller decides. It's just now also supporting contigmalloc based allocations on free. All the other bits been there since 45035becfe8aed04d0da70585e7c8bc07a385980 .

kib added inline comments.Jul 23 2024, 5:01 PM
sys/kern/kern_malloc.c
1022

I see. The code is copy/pasted between free and zfree.

Could we then provide static __always_inline zfree1() that takes bool argument to indicate if the memory needs zeroing? Then free() would be zfree1(..., false) and zfree be zfree1(,,,, true). Clang is usually quite good at removing the unused code bracketed by if (false).

Perhaps this should be a preliminary commit.

bz added a comment.Jul 23 2024, 6:25 PM

If this version is still good it would be great to just get that checkbox again and I'll put the 3 suggested follow-up changes out as well.

sys/kern/kern_malloc.c
1022

I'll be happy to have multiple follow-up commits (I'll put them out on top of this):

  • remove contigfree from the tree
  • cleanup the other KASSERT/panic strings '\n' or '.' as @markj had pointed out
  • help folding zfree and free together with a small wrapper (like contigfree is now or even as a macro?) -- I think doing it afterwards is easier as the switch() makes the code more similar?

All of this is not needed for this to proceed I would say though. But this blocks some LinuxKPI fixes which need to be done for WiFi.

bz mentioned this in D46093: kern_malloc: remove '.' and '\n' from KASSERT/panic.Jul 23 2024, 6:29 PM
kib accepted this revision.Jul 23 2024, 6:31 PM
This revision is now accepted and ready to land.Jul 23 2024, 6:31 PM
markj accepted this revision.Jul 23 2024, 6:36 PM
Closed by commit rG9e6544dd6e02: malloc(9): extend contigmalloc(9) by a "slab cookie" (authored by bz). · Explain WhyJul 24 2024, 10:20 AM
This revision was automatically updated to reflect the committed changes.
bz added a commit: rG9e6544dd6e02: malloc(9): extend contigmalloc(9) by a "slab cookie".
bz mentioned this in rGc0df224ba5b1: kern_malloc: remove '.' and '\n' from KASSERT/panic.
bz mentioned this in D46101: kern_malloc: fold free and zfree together into one __always_inline func.Jul 24 2024, 3:59 PM
bz mentioned this in rG4fab5f005482: kern_malloc: fold free and zfree together into one __always_inline func.Jul 26 2024, 10:48 AM
bz added a commit: rG1eb6c9cfc9b0: malloc(9): extend contigmalloc(9) by a "slab cookie".Sat, Sep 28, 10:38 AM
bz mentioned this in rG1364bc30deec: kern_malloc: remove '.' and '\n' from KASSERT/panic.
bz mentioned this in rG87d3af98590b: kern_malloc: fold free and zfree together into one __always_inline func.
bz added a commit: rGd2587a699e37: malloc(9): extend contigmalloc(9) by a "slab cookie".Sat, Sep 28, 9:53 PM
bz mentioned this in rGef3fefe03103: kern_malloc: remove '.' and '\n' from KASSERT/panic.
bz mentioned this in rGd7670d965c3f: kern_malloc: fold free and zfree together into one __always_inline func.

Revision Contents
Changeset List

PathSize
share/
man/
man9/
9 lines
sys/
kern/
128 lines

Diff 141303

View Options

share/man/man9/contigmalloc.9

Loading...
View Options

sys/kern/kern_malloc.c

Loading...