【Linux内存源码分析】SLUB分配算法(6)

前面已经分析了slub算法的初始化、缓存区的创建、对象的分配、对象的回收,最后分析一下slub分配算法的slab销毁具体实现。

Slab销毁的入口函数为kmem_cache_destroy(),其实现:

【file:/mm/slab_common.c】
void kmem_cache_destroy(struct kmem_cache *s)
{
	/* Destroy all the children caches if we aren't a memcg cache */
	kmem_cache_destroy_memcg_children(s);

	get_online_cpus();
	mutex_lock(&slab_mutex);
	s->refcount--;
	if (!s->refcount) {
		list_del(&s->list);

		if (!__kmem_cache_shutdown(s)) {
			memcg_unregister_cache(s);
			mutex_unlock(&slab_mutex);
			if (s->flags & SLAB_DESTROY_BY_RCU)
				rcu_barrier();

			memcg_free_cache_params(s);
			kfree(s->name);
			kmem_cache_free(kmem_cache, s);
		} else {
			list_add(&s->list, &slab_caches);
			mutex_unlock(&slab_mutex);
			printk(KERN_ERR "kmem_cache_destroy %s: Slab cache still has objects\n",
				s->name);
			dump_stack();
		}
	} else {
		mutex_unlock(&slab_mutex);
	}
	put_online_cpus();
}

该函数中kmem_cache_destroy_memcg_children()删除memcg中相关联的子cache数据,而get_online_cpus()是对cpu_online_map的加锁,其与末尾的put_online_cpus()是配对使用的。接着的mutex_lock()用于获取slab_mutex互斥锁,该锁主要用于全局资源保护。然后对kmem_cache的引用计数refcount自减操作,如果自减后if (!s->refcount)true,即引用计数为0,表示该缓冲区不存在slab别名挂靠的情况,那么其kmem_cache结构可以删除,否则表示有其他缓冲区别名挂靠,仍有依赖,那么将会解锁slab_mutexput_online_cpus()释放cpu_online_map锁,然后退出。

if (!s->refcount)为true的分支中,先list_del()将该slab管理结构kmem_cacheslab_caches全局链表中摘除,然后__kmem_cache_shutdown()删除kmem_cache结构信息。如果__kmem_cache_shutdown()执行成功则将返回0,继而if (!__kmem_cache_shutdown(s))true,将会通过memcg_unregister_cache()去注册memcgcache,并且memcg_free_cache_params()释放创建时申请的memcg_params资源空间,而kfree()kmem_cache_free()释放slub的名称空间以及slab空间。如果__kmem_cache_shutdown()执行失败,那么将会把slab重新挂回至slab_caches链表,同时记录日志信息。

由此slab销毁完毕。

kmem_cache_destroy()的核心函数是__kmem_cache_shutdown(),深入分析__kmem_cache_shutdown()的实现:

【file:/mm/slub.c】
int __kmem_cache_shutdown(struct kmem_cache *s)
{
	int rc = kmem_cache_close(s);

	if (!rc) {
		/*
		 * We do the same lock strategy around sysfs_slab_add, see
		 * __kmem_cache_create. Because this is pretty much the last
		 * operation we do and the lock will be released shortly after
		 * that in slab_common.c, we could just move sysfs_slab_remove
		 * to a later point in common code. We should do that when we
		 * have a common sysfs framework for all allocators.
		 */
		mutex_unlock(&slab_mutex);
		sysfs_slab_remove(s);
		mutex_lock(&slab_mutex);
	}

	return rc;
}

该函数主要通过kmem_cache_close()删除slab的管理数据kmem_cache,如果执行成功,继而进入if分支对sysfs模块的slab做移除操作。

具体看一下kmem_cache_close()的实现:

【file:/mm/slub.c】
/*
 * Release all resources used by a slab cache.
 */
static inline int kmem_cache_close(struct kmem_cache *s)
{
	int node;

	flush_all(s);
	/* Attempt to free all objects */
	for_each_node_state(node, N_NORMAL_MEMORY) {
		struct kmem_cache_node *n = get_node(s, node);

		free_partial(s, n);
		if (n->nr_partial || slabs_node(s, node))
			return 1;
	}
	free_percpu(s->cpu_slab);
	free_kmem_cache_nodes(s);
	return 0;
}

该函数通过flush_all()释放本地CPU的缓存区,即kmem_cache_cpu管理的缓存区空间;然后通过for_each_node_state()遍历各节点,转而get_node()获取节点下的kmem_cache_node管理结构,然后将其半满队列中的缓存区进行释放free_partial();最后将kmem_cache的每CPU缓存管理kmem_cache_cpu通过free_percpu()归还给系统,同时通过free_kmem_cache_nodes()释放各内存节点node的缓存管理结构kmem_cache_node占用的空间释放。

最后分析一下较为复杂的flush_all()的实现:

【file:/mm/slub.c】
static void flush_all(struct kmem_cache *s)
{
	on_each_cpu_cond(has_cpu_slab, flush_cpu_slab, s, 1, GFP_ATOMIC);
}

看似封装了on_each_cpu_cond()函数,实际上on_each_cpu_cond()并不执行任何与资源释放的操作,其主要是遍历各个CPU,然后执行作为入参传入的函数has_cpu_slab(),以判断各个处理器上的资源是否存在,如果存在,继而将会通过flush_cpu_slab()对该处理器上的资源进行释放处理。

照例,还是详细看一下on_each_cpu_cond()函数实现:

【file:/mm/slub.c】
/*
 * on_each_cpu_cond(): Call a function on each processor for which
 * the supplied function cond_func returns true, optionally waiting
 * for all the required CPUs to finish. This may include the local
 * processor.
 * @cond_func:	A callback function that is passed a cpu id and
 *		the the info parameter. The function is called
 *		with preemption disabled. The function should
 *		return a blooean value indicating whether to IPI
 *		the specified CPU.
 * @func:	The function to run on all applicable CPUs.
 *		This must be fast and non-blocking.
 * @info:	An arbitrary pointer to pass to both functions.
 * @wait:	If true, wait (atomically) until function has
 *		completed on other CPUs.
 * @gfp_flags:	GFP flags to use when allocating the cpumask
 *		used internally by the function.
 *
 * The function might sleep if the GFP flags indicates a non 
 * atomic allocation is allowed.
 *
 * Preemption is disabled to protect against CPUs going offline but not online.
 * CPUs going online during the call will not be seen or sent an IPI.
 *
 * You must not call this function with disabled interrupts or
 * from a hardware interrupt handler or from a bottom half handler.
 */
void on_each_cpu_cond(bool (*cond_func)(int cpu, void *info),
			smp_call_func_t func, void *info, bool wait,
			gfp_t gfp_flags)
{
	cpumask_var_t cpus;
	int cpu, ret;

	might_sleep_if(gfp_flags & __GFP_WAIT);

	if (likely(zalloc_cpumask_var(&cpus, (gfp_flags|__GFP_NOWARN)))) {
		preempt_disable();
		for_each_online_cpu(cpu)
			if (cond_func(cpu, info))
				cpumask_set_cpu(cpu, cpus);
		on_each_cpu_mask(cpus, func, info, wait);
		preempt_enable();
		free_cpumask_var(cpus);
	} else {
		/*
		 * No free cpumask, bother. No matter, we'll
		 * just have to IPI them one by one.
		 */
		preempt_disable();
		for_each_online_cpu(cpu)
			if (cond_func(cpu, info)) {
				ret = smp_call_function_single(cpu, func,
								info, wait);
				WARN_ON_ONCE(!ret);
			}
		preempt_enable();
	}
}

该函数的入参cond_func是一个钩子函数,用于根据调用者传入的CPU信息参数来判断是否需要打断该CPU以执行入参func的操作;而入参info是作为cond_funcfunc处理函数的入参;至于入参wait则是一个bool类型,用以判断是否需要等待func在各CPU上执行完毕,如果为true将会等待;最后的gfp_flags入参是作为申请cpumask空间的标识。

了解完参数的意思,那么具体看一下其实现,首先might_sleep_if()判断是否需要休眠等待,继而通过zalloc_cpumask_var()申请cpumask的空间;申请到空间后,preempt_disable()禁止内核抢占后,将for_each_online_cpu()遍历各个CPU,根据cond_func()(即has_cpu_slab())判断是否需要对该CPU进行打断处理,如果需要则cpumask_set_cpu()对该CPU进行标志;标志完后,根据前面的标志,通过on_each_cpu_mask()打断各个标志位对应的CPU去执行func()的操作(即flush_cpu_slab());完了将会恢复抢占,释放cpumask空间。至于zalloc_cpumask_var()申请不到空间,将会逐个处理器进行打断再进行处理,其最终功能和作用与申请到空间的情况都是一致的,具体实现就不分析了。

相应看一下作为on_each_cpu_cond()入参的钩子函数has_cpu_slab()的实现:

【file:/mm/slub.c】
static bool has_cpu_slab(int cpu, void *info)
{
	struct kmem_cache *s = info;
	struct kmem_cache_cpu *c = per_cpu_ptr(s->cpu_slab, cpu);

	return c->page || c->partial;
}

可以看到该函数主要是用于判断本地CPU是否占有缓存区,如果有则返回true。也即意味着该CPU需要被打断去执行其本地的缓存区释放操作。

至于on_each_cpu_cond()另一钩子函数flush_cpu_slab()的实现:

【file:/mm/slub.c】
static void flush_cpu_slab(void *d)
{
	struct kmem_cache *s = d;

	__flush_cpu_slab(s, smp_processor_id());
}

该函数封装了__flush_cpu_slab(),实现为:

【file:/mm/slub.c】
/*
 * Flush cpu slab.
 *
 * Called from IPI handler with interrupts disabled.
 */
static inline void __flush_cpu_slab(struct kmem_cache *s, int cpu)
{
	struct kmem_cache_cpu *c = per_cpu_ptr(s->cpu_slab, cpu);

	if (likely(c)) {
		if (c->page)
			flush_slab(s, c);

		unfreeze_partials(s, c);
	}
}

函数实现很简单,主要用于将本地CPU的缓存区进行释放。其首先获取本地CPUkmem_cache_cpu管理结构,如果本地CPU存在缓存区的占用,将会通过flush_slab()去释放本地缓存区,继而通过unfreeze_partials()将本地CPU半满缓存列表进行释放。

flush_slab()具体实现:

【file:/mm/slub.c】
static inline void flush_slab(struct kmem_cache *s, struct kmem_cache_cpu *c)
{
	stat(s, CPUSLAB_FLUSH);
	deactivate_slab(s, c->page, c->freelist);

	c->tid = next_tid(c->tid);
	c->page = NULL;
	c->freelist = NULL;
}

其主要是通过deactivate_slab()去激活本地缓存区,也即是将缓存区进行释放操作。具体deactivate_slab()的实现:

【file:/mm/slub.c】
/*
 * Remove the cpu slab
 */
static void deactivate_slab(struct kmem_cache *s, struct page *page,
				void *freelist)
{
	enum slab_modes { M_NONE, M_PARTIAL, M_FULL, M_FREE };
	struct kmem_cache_node *n = get_node(s, page_to_nid(page));
	int lock = 0;
	enum slab_modes l = M_NONE, m = M_NONE;
	void *nextfree;
	int tail = DEACTIVATE_TO_HEAD;
	struct page new;
	struct page old;

	if (page->freelist) {
		stat(s, DEACTIVATE_REMOTE_FREES);
		tail = DEACTIVATE_TO_TAIL;
	}

	/*
	 * Stage one: Free all available per cpu objects back
	 * to the page freelist while it is still frozen. Leave the
	 * last one.
	 *
	 * There is no need to take the list->lock because the page
	 * is still frozen.
	 */
	while (freelist && (nextfree = get_freepointer(s, freelist))) {
		void *prior;
		unsigned long counters;

		do {
			prior = page->freelist;
			counters = page->counters;
			set_freepointer(s, freelist, prior);
			new.counters = counters;
			new.inuse--;
			VM_BUG_ON(!new.frozen);

		} while (!__cmpxchg_double_slab(s, page,
			prior, counters,
			freelist, new.counters,
			"drain percpu freelist"));

		freelist = nextfree;
	}

	/*
	 * Stage two: Ensure that the page is unfrozen while the
	 * list presence reflects the actual number of objects
	 * during unfreeze.
	 *
	 * We setup the list membership and then perform a cmpxchg
	 * with the count. If there is a mismatch then the page
	 * is not unfrozen but the page is on the wrong list.
	 *
	 * Then we restart the process which may have to remove
	 * the page from the list that we just put it on again
	 * because the number of objects in the slab may have
	 * changed.
	 */
redo:

	old.freelist = page->freelist;
	old.counters = page->counters;
	VM_BUG_ON(!old.frozen);

	/* Determine target state of the slab */
	new.counters = old.counters;
	if (freelist) {
		new.inuse--;
		set_freepointer(s, freelist, old.freelist);
		new.freelist = freelist;
	} else
		new.freelist = old.freelist;

	new.frozen = 0;

	if (!new.inuse && n->nr_partial > s->min_partial)
		m = M_FREE;
	else if (new.freelist) {
		m = M_PARTIAL;
		if (!lock) {
			lock = 1;
			/*
			 * Taking the spinlock removes the possiblity
			 * that acquire_slab() will see a slab page that
			 * is frozen
			 */
			spin_lock(&n->list_lock);
		}
	} else {
		m = M_FULL;
		if (kmem_cache_debug(s) && !lock) {
			lock = 1;
			/*
			 * This also ensures that the scanning of full
			 * slabs from diagnostic functions will not see
			 * any frozen slabs.
			 */
			spin_lock(&n->list_lock);
		}
	}

	if (l != m) {

		if (l == M_PARTIAL)

			remove_partial(n, page);

		else if (l == M_FULL)

			remove_full(s, n, page);

		if (m == M_PARTIAL) {

			add_partial(n, page, tail);
			stat(s, tail);

		} else if (m == M_FULL) {

			stat(s, DEACTIVATE_FULL);
			add_full(s, n, page);

		}
	}

	l = m;
	if (!__cmpxchg_double_slab(s, page,
				old.freelist, old.counters,
				new.freelist, new.counters,
				"unfreezing slab"))
		goto redo;

	if (lock)
		spin_unlock(&n->list_lock);

	if (m == M_FREE) {
		stat(s, DEACTIVATE_EMPTY);
		discard_slab(s, page);
		stat(s, FREE_SLAB);
	}
}

if
(page->freelist)判断slab的空闲链表freelist是否为空,如果为空,意味着该缓存区的对象已经全部分配到了CPUkmem_cache_cpufreelist链表中;如果不为空,那么表示该CPUslab对象被其他CPU释放了,将会更新统计同时设置tail标识为DEACTIVATE_TO_TAIL

接下来的while循环是去激活本地CPUslab步骤一,其主要是通过while循环遍历CPU上的freelist链表get_freepointer()获取空闲对象,继而通过内部的do-while循环,借用__cmpxchg_double_slab()比较交换将对象以插入缓存区页面的freelist空闲链表头的方式归还回去。__cmpxchg_double_slab()前面已经介绍过了的原子操作,这里将不再赘述。不过有个点值得注意的是该步骤的释放操作,其并未将所有的对象都归还回去,这是由于nextfree = get_freepointer(s, freelist)该步骤取下一个空闲对象时得到空指针,那么将会退出while循环;也就意味着如果deactivate_slab()入参中freelist不为空,那么while循环退出时,其也必定不为空,其具体用意稍后再分析。简而言之该步骤其目的是,当页面还处于冻结状态,将会释放每CPU的所有可用的对象回到缓冲区的空闲列表中。

然后是步骤二,即redo标签以下的动作,其首先将缓存区的freelist以及counters信息存到临时old结构中以备后用,接着if (freelist)如果为true,将会把前面步骤一未被归还的那个对象归还到缓冲区中,同时更新new信息,此时new.freelist持有该缓存区的所有空闲对象。往下new.frozen = 0将临时缓存区状态设置为非冻结;然后if
(!new.inuse && n->nr_partial > s->min_partial)
表示该slab缓存区中无对象被使用,且部分满slab个数大于最小值,意味着该缓存区需要被销毁,标识mM_FREE;而else if
(new.freelist)
表示freelist不为空,仅使用了部分对象,则标识mM_PARTIAL;至于最后的else分支,表示freelist为空,该缓存区所有对象均已被使用,m标识为M_FULL。再往下if (l != m)的比较是用于判断上一次的缓存区状态l与接下来的操作状态m是否一致,不一致则意味着需要发生变更,其将会先判断l的状态为M_PARTIALM_FULL,继而采取对应的remove_partial()remove_full()链表摘除操作;继而根据m的状态,往半满链表中添加add_partial()还是往满载链表中添加add_full(),接着将l的状态更新为m。现在到了if (!__cmpxchg_double_slab()),这里是用于判断自redo到此,缓存区是否发生过对象操作变更,如果没发生过的话,将会把new暂存的空闲对象挂载到缓存区中以及更新counters,否则将会跳转回redo标签重新执行前面的操作。至此,顺利的话,缓存区已经去激活完毕了。

最后如果m的状态为M_FREE,则表示该缓存区不需要再使用了,将通过discard_slab()将其销毁。

至此,slub算法分析完毕。

2 replies on “【Linux内存源码分析】SLUB分配算法(6)”

  1. 电话接线员说道:

    看了你写的系列的文章,针对最新的代码都进行了分析,写的超级详细,但是感觉代码处理过程中为什么这么去做,这么做的原因描述的不多,看起来好像是在描述函数的处理流程,作者要是能参照蜗窝科技类似把每一个函数里面为什么这么处理进行详细的介绍,感觉是一个超级棒的系列文章

    • JeanLeo说道:

      你的建议我会考虑的,后期我把内存相关的代码分析完后将会深度分析一下相关代码的实现意图

发表评论

电子邮件地址不会被公开。 必填项已用*标注