1 /* SPDX-License-Identifier: MIT */
2 /* SPDX-FileCopyrightText: 2024 Mathieu Desnoyers <mathieu.desnoyers@efficios.com> */
4 #ifndef _RSEQ_MEMPOOL_H
5 #define _RSEQ_MEMPOOL_H
7 #include <rseq/compiler.h>
14 * rseq/mempool.h: rseq memory pool allocator.
16 * The rseq memory pool allocator can be configured as either a global
17 * allocator (default) or a per-CPU memory allocator.
19 * The rseq global memory allocator allows the application to request
20 * memory pools of global memory each of containing objects of a
21 * given size (rounded to next power of 2), reserving a given virtual
22 * address size of the requested stride.
24 * The rseq per-CPU memory allocator allows the application the request
25 * memory pools of CPU-Local memory each of containing objects of a
26 * given size (rounded to next power of 2), reserving a given virtual
27 * address size per CPU, for a given maximum number of CPUs.
29 * The per-CPU memory allocator is analogous to TLS (Thread-Local
30 * Storage) memory: TLS is Thread-Local Storage, whereas the per-CPU
31 * memory allocator provides CPU-Local Storage.
33 * Memory pool sets can be created by adding one or more pools into
34 * them. They can be used to perform allocation of variable length
43 * The percpu offset stride can be overridden by the user code.
44 * The stride *must* match for all objects belonging to a given pool
45 * between arguments to:
47 * - rseq_mempool_create(),
48 * - rseq_percpu_ptr().
49 * - rseq_mempool_percpu_free(),
51 #define RSEQ_MEMPOOL_STRIDE (1U << 16) /* stride: 64kB */
54 * Tag pointers returned by:
55 * - rseq_mempool_percpu_malloc(),
56 * - rseq_mempool_percpu_zmalloc(),
57 * - rseq_mempool_percpu_malloc_init(),
58 * - rseq_mempool_set_percpu_malloc(),
59 * - rseq_mempool_set_percpu_zmalloc(),
60 * - rseq_mempool_set_percpu_malloc_init().
62 * and passed as parameter to:
63 * - rseq_percpu_ptr(),
64 * - rseq_mempool_percpu_free().
66 * with __rseq_percpu for use by static analyzers.
70 struct rseq_mempool_attr
;
74 * rseq_mempool_create: Create a memory pool.
76 * Create a memory pool for items of size @item_len (rounded to
79 * The @attr pointer used to specify the pool attributes. If NULL, use a
80 * default attribute values. The @attr can be destroyed immediately
81 * after rseq_mempool_create() returns. The caller keeps ownership
82 * of @attr. Default attributes select a global mempool type.
84 * The argument @pool_name can be used to given a name to the pool for
85 * debugging purposes. It can be NULL if no name is given.
87 * Returns a pointer to the created percpu pool. Return NULL on error,
88 * with errno set accordingly:
90 * EINVAL: Invalid argument.
91 * ENOMEM: Not enough resources (memory or pool indexes) available to
94 * In addition, if the attr mmap callback fails, NULL is returned and
95 * errno is propagated from the callback. The default callback can
96 * return errno=ENOMEM.
98 * This API is MT-safe.
100 struct rseq_mempool
*rseq_mempool_create(const char *pool_name
,
101 size_t item_len
, const struct rseq_mempool_attr
*attr
);
104 * rseq_mempool_destroy: Destroy a per-cpu memory pool.
106 * Destroy a per-cpu memory pool, unmapping its memory and removing the
107 * pool entry from the global index. No pointers allocated from the
108 * pool should be used when it is destroyed. This includes rseq_percpu_ptr().
110 * Argument @pool is a pointer to the per-cpu pool to destroy.
112 * Return values: 0 on success, -1 on error, with errno set accordingly:
114 * ENOENT: Trying to free a pool which was not allocated.
116 * If the munmap_func callback fails, -1 is returned and errno is
117 * propagated from the callback. The default callback can return
120 * This API is MT-safe.
122 int rseq_mempool_destroy(struct rseq_mempool
*pool
);
125 * rseq_mempool_percpu_malloc: Allocate memory from a per-cpu pool.
127 * Allocate an item from a per-cpu @pool. The allocation will reserve
128 * an item of the size specified by @item_len (rounded to next power of
129 * two) at pool creation. This effectively reserves space for this item
132 * On success, return a "__rseq_percpu" encoded pointer to the pool
133 * item. This encoded pointer is meant to be passed to rseq_percpu_ptr()
134 * to be decoded to a valid address before being accessed.
136 * Return NULL (errno=ENOMEM) if there is not enough space left in the
137 * pool to allocate an item.
139 * This API is MT-safe.
141 void __rseq_percpu
*rseq_mempool_percpu_malloc(struct rseq_mempool
*pool
);
144 * rseq_mempool_percpu_zmalloc: Allocate zero-initialized memory from a per-cpu pool.
146 * Allocate memory for an item within the pool, and zero-initialize its
147 * memory on all CPUs. See rseq_mempool_percpu_malloc for details.
149 * This API is MT-safe.
151 void __rseq_percpu
*rseq_mempool_percpu_zmalloc(struct rseq_mempool
*pool
);
154 * rseq_mempool_percpu_malloc_init: Allocate initialized memory from a per-cpu pool.
156 * Allocate memory for an item within the pool, and initialize its
157 * memory on all CPUs with content from @init_ptr of length @init_len.
158 * See rseq_mempool_percpu_malloc for details.
160 * Return NULL (errno=ENOMEM) if there is not enough space left in the
161 * pool to allocate an item. Return NULL (errno=EINVAL) if init_len is
162 * larger than the pool item_len.
164 * This API is MT-safe.
166 void __rseq_percpu
*rseq_mempool_percpu_malloc_init(struct rseq_mempool
*pool
,
167 void *init_ptr
, size_t init_len
);
170 * rseq_mempool_malloc: Allocate memory from a global pool.
172 * Wrapper to allocate memory from a global pool, which can be
173 * used directly without per-cpu indexing. Would normally be used
174 * with pools created with max_nr_cpus=1.
177 void *rseq_mempool_malloc(struct rseq_mempool
*pool
)
179 return (void *) rseq_mempool_percpu_malloc(pool
);
183 * rseq_mempool_zmalloc: Allocate zero-initialized memory from a global pool.
185 * Wrapper to allocate memory from a global pool, which can be
186 * used directly without per-cpu indexing. Would normally be used
187 * with pools created with max_nr_cpus=1.
190 void *rseq_mempool_zmalloc(struct rseq_mempool
*pool
)
192 return (void *) rseq_mempool_percpu_zmalloc(pool
);
196 * rseq_mempool_malloc_init: Allocate initialized memory from a global pool.
198 * Wrapper to allocate memory from a global pool, which can be
199 * used directly without per-cpu indexing. Would normally be used
200 * with pools created with max_nr_cpus=1.
203 void *rseq_mempool_malloc_init(struct rseq_mempool
*pool
,
204 void *init_ptr
, size_t init_len
)
206 return (void *) rseq_mempool_percpu_malloc_init(pool
, init_ptr
, init_len
);
210 * rseq_mempool_percpu_free: Free memory from a per-cpu pool.
212 * Free an item pointed to by @ptr from its per-cpu pool.
214 * The @ptr argument is a __rseq_percpu encoded pointer returned by
217 * - rseq_mempool_percpu_malloc(),
218 * - rseq_mempool_percpu_zmalloc(),
219 * - rseq_mempool_percpu_malloc_init(),
220 * - rseq_mempool_set_percpu_malloc(),
221 * - rseq_mempool_set_percpu_zmalloc(),
222 * - rseq_mempool_set_percpu_malloc_init().
224 * The @stride optional argument to rseq_percpu_free() is a configurable
225 * stride, which must match the stride received by pool creation.
226 * If the argument is not present, use the default RSEQ_MEMPOOL_STRIDE.
228 * This API is MT-safe.
230 void librseq_mempool_percpu_free(void __rseq_percpu
*ptr
, size_t stride
);
232 #define rseq_mempool_percpu_free(_ptr, _stride...) \
233 librseq_mempool_percpu_free(_ptr, RSEQ_PARAM_SELECT_ARG1(_, ##_stride, RSEQ_MEMPOOL_STRIDE))
236 * rseq_free: Free memory from a global pool.
238 * Free an item pointed to by @ptr from its global pool. Would normally
239 * be used with pools created with max_nr_cpus=1.
241 * The @ptr argument is a pointer returned by either:
243 * - rseq_mempool_malloc(),
244 * - rseq_mempool_zmalloc(),
245 * - rseq_mempool_malloc_init(),
246 * - rseq_mempool_set_malloc(),
247 * - rseq_mempool_set_zmalloc(),
248 * - rseq_mempool_set_malloc_init().
250 * The @stride optional argument to rseq_free() is a configurable
251 * stride, which must match the stride received by pool creation. If
252 * the argument is not present, use the default RSEQ_MEMPOOL_STRIDE.
253 * The stride is needed even for a global pool to know the mapping
256 * This API is MT-safe.
258 #define rseq_mempool_free(_ptr, _stride...) \
259 librseq_percpu_free((void __rseq_percpu *) _ptr, RSEQ_PARAM_SELECT_ARG1(_, ##_stride, RSEQ_MEMPOOL_STRIDE))
262 * rseq_percpu_ptr: Offset a per-cpu pointer for a given CPU.
264 * Offset a per-cpu pointer @ptr to get the associated pointer for the
265 * given @cpu. The @ptr argument is a __rseq_percpu pointer returned by
268 * - rseq_mempool_percpu_malloc(),
269 * - rseq_mempool_percpu_zmalloc(),
270 * - rseq_mempool_percpu_malloc_init(),
271 * - rseq_mempool_set_percpu_malloc(),
272 * - rseq_mempool_set_percpu_zmalloc(),
273 * - rseq_mempool_set_percpu_malloc_init().
275 * The macro rseq_percpu_ptr() preserves the type of the @ptr parameter
276 * for the returned pointer, but removes the __rseq_percpu annotation.
278 * The macro rseq_percpu_ptr() takes an optional @stride argument. If
279 * the argument is not present, use the default RSEQ_MEMPOOL_STRIDE.
280 * This must match the stride used for pool creation.
282 * This API is MT-safe.
284 #define rseq_percpu_ptr(_ptr, _cpu, _stride...) \
285 ((__typeof__(*(_ptr)) *) ((uintptr_t) (_ptr) + \
286 ((unsigned int) (_cpu) * \
287 (uintptr_t) RSEQ_PARAM_SELECT_ARG1(_, ##_stride, RSEQ_MEMPOOL_STRIDE))))
290 * rseq_mempool_set_create: Create a pool set.
292 * Create a set of pools. Its purpose is to offer a memory allocator API
293 * for variable-length items (e.g. variable length strings). When
294 * created, the pool set has no pool. Pools can be created and added to
295 * the set. One common approach would be to create pools for each
296 * relevant power of two allocation size useful for the application.
297 * Only one pool can be added to the pool set for each power of two
300 * Returns a pool set pointer on success, else returns NULL with
301 * errno=ENOMEM (out of memory).
303 * This API is MT-safe.
305 struct rseq_mempool_set
*rseq_mempool_set_create(void);
308 * rseq_mempool_set_destroy: Destroy a pool set.
310 * Destroy a pool set and its associated resources. The pools that were
311 * added to the pool set are destroyed as well.
313 * Returns 0 on success, -1 on failure (or partial failure), with errno
314 * set by rseq_percpu_pool_destroy(). Using a pool set after destroy
315 * failure is undefined.
317 * This API is MT-safe.
319 int rseq_mempool_set_destroy(struct rseq_mempool_set
*pool_set
);
322 * rseq_mempool_set_add_pool: Add a pool to a pool set.
324 * Add a @pool to the @pool_set. On success, its ownership is handed
325 * over to the pool set, so the caller should not destroy it explicitly.
326 * Only one pool can be added to the pool set for each power of two
329 * Returns 0 on success, -1 on error with the following errno:
330 * - EBUSY: A pool already exists in the pool set for this power of two
333 * This API is MT-safe.
335 int rseq_mempool_set_add_pool(struct rseq_mempool_set
*pool_set
,
336 struct rseq_mempool
*pool
);
339 * rseq_mempool_set_percpu_malloc: Allocate memory from a per-cpu pool set.
341 * Allocate an item from a per-cpu @pool. The allocation will reserve
342 * an item of the size specified by @len (rounded to next power of
343 * two). This effectively reserves space for this item on all CPUs.
345 * The space reservation will search for the smallest pool within
346 * @pool_set which respects the following conditions:
348 * - it has an item size large enough to fit @len,
349 * - it has space available.
351 * On success, return a "__rseq_percpu" encoded pointer to the pool
352 * item. This encoded pointer is meant to be passed to rseq_percpu_ptr()
353 * to be decoded to a valid address before being accessed.
355 * Return NULL (errno=ENOMEM) if there is not enough space left in the
356 * pool to allocate an item.
358 * This API is MT-safe.
360 void __rseq_percpu
*rseq_mempool_set_percpu_malloc(struct rseq_mempool_set
*pool_set
, size_t len
);
363 * rseq_mempool_set_percpu_zmalloc: Allocate zero-initialized memory from a per-cpu pool set.
365 * Allocate memory for an item within the pool, and zero-initialize its
366 * memory on all CPUs. See rseq_mempool_set_percpu_malloc for details.
368 * This API is MT-safe.
370 void __rseq_percpu
*rseq_mempool_set_percpu_zmalloc(struct rseq_mempool_set
*pool_set
, size_t len
);
373 * rseq_mempool_set_percpu_malloc_init: Allocate initialized memory from a per-cpu pool set.
375 * Allocate memory for an item within the pool, and initialize its
376 * memory on all CPUs with content from @init_ptr of length @len.
377 * See rseq_mempool_set_percpu_malloc for details.
379 * This API is MT-safe.
381 void __rseq_percpu
*rseq_mempool_set_percpu_malloc_init(struct rseq_mempool_set
*pool_set
,
382 void *init_ptr
, size_t len
);
385 * rseq_mempool_set_malloc: Allocate memory from a global pool set.
387 * Wrapper to allocate memory from a global pool, which can be
388 * used directly without per-cpu indexing. Would normally be used
389 * with pools created with max_nr_cpus=1.
392 void *rseq_mempool_set_malloc(struct rseq_mempool_set
*pool_set
, size_t len
)
394 return (void *) rseq_mempool_set_percpu_malloc(pool_set
, len
);
398 * rseq_mempool_set_zmalloc: Allocate zero-initialized memory from a global pool set.
400 * Wrapper to allocate memory from a global pool, which can be
401 * used directly without per-cpu indexing. Would normally be used
402 * with pools created with max_nr_cpus=1.
405 void *rseq_mempool_set_zmalloc(struct rseq_mempool_set
*pool_set
, size_t len
)
407 return (void *) rseq_mempool_set_percpu_zmalloc(pool_set
, len
);
411 * rseq_mempool_set_malloc_init: Allocate initialized memory from a global pool set.
413 * Wrapper to allocate memory from a global pool, which can be
414 * used directly without per-cpu indexing. Would normally be used
415 * with pools created with max_nr_cpus=1.
418 void *rseq_mempool_set_malloc_init(struct rseq_mempool_set
*pool_set
, void *init_ptr
, size_t len
)
420 return (void *) rseq_mempool_set_percpu_malloc_init(pool_set
, init_ptr
, len
);
425 * rseq_mempool_init_numa: Move pages to the NUMA node associated to their CPU topology.
427 * For pages allocated within @pool, invoke move_pages(2) with the given
428 * @numa_flags to move the pages to the NUMA node associated to their
431 * Argument @numa_flags are passed to move_pages(2). The expected flags are:
432 * MPOL_MF_MOVE: move process-private pages to cpu-specific numa nodes.
433 * MPOL_MF_MOVE_ALL: move shared pages to cpu-specific numa nodes
434 * (requires CAP_SYS_NICE).
436 * Returns 0 on success, else return -1 with errno set by move_pages(2).
438 int rseq_mempool_init_numa(struct rseq_mempool
*pool
, int numa_flags
);
441 * rseq_mempool_attr_create: Create a pool attribute structure.
443 struct rseq_mempool_attr
*rseq_mempool_attr_create(void);
446 * rseq_mempool_attr_destroy: Destroy a pool attribute structure.
448 void rseq_mempool_attr_destroy(struct rseq_mempool_attr
*attr
);
451 * rseq_mempool_attr_set_init: Set pool attribute structure memory init functions.
453 * The @init_func callback used to initialized memory after allocation
454 * for the pool. The @cpu argument of @init_func, if >= 0, is the cpu to
455 * which belongs the range starting at @addr of length @len. If cpu is
456 * -1, it means the range belongs to a global pool. The @init_func
457 * callback must return 0 on success, -1 on error with errno set. If
458 * @init_func returns failure, the allocation of the pool memory fails,
459 * which either causes the pool creation to fail or memory allocation to
460 * fail (for extensible memory pools).
462 * The @init_priv argument is a private data pointer passed to the
463 * @init_func callback.
465 * Returns 0 on success, -1 with errno=EINVAL if arguments are invalid.
467 int rseq_mempool_attr_set_init(struct rseq_mempool_attr
*attr
,
468 int (*init_func
)(void *priv
, void *addr
, size_t len
, int cpu
),
472 * rseq_mempool_attr_set_robust: Set pool robust attribute.
474 * The robust pool attribute enables runtime validation of the pool:
476 * - Check for double-free of pointers.
478 * - Detect memory leaks on pool destruction.
480 * - Detect free-list corruption on pool destruction.
482 * - Detect poison value corruption on allocation and pool destruction.
484 * There is a marginal runtime overhead on malloc/free operations.
486 * The memory overhead is (pool->percpu_len / pool->item_len) / CHAR_BIT
487 * bytes, over the lifetime of the pool.
489 * Returns 0 on success, -1 with errno=EINVAL if arguments are invalid.
491 int rseq_mempool_attr_set_robust(struct rseq_mempool_attr
*attr
);
494 * rseq_mempool_attr_set_percpu: Set pool type as percpu.
496 * A pool created with this type is a per-cpu memory pool. The reserved
497 * allocation size is @stride, and the maximum CPU value expected
498 * is (@max_nr_cpus - 1). A @stride of 0 uses the default
499 * RSEQ_MEMPOOL_STRIDE.
501 * Returns 0 on success, -1 with errno=EINVAL if arguments are invalid.
503 int rseq_mempool_attr_set_percpu(struct rseq_mempool_attr
*attr
,
504 size_t stride
, int max_nr_cpus
);
507 * rseq_mempool_attr_set_global: Set pool type as global.
509 * A pool created with this type is a global memory pool. The reserved
510 * allocation size is @stride. A @stride of 0 uses the default
511 * RSEQ_MEMPOOL_STRIDE.
513 * Returns 0 on success, -1 with errno=EINVAL if arguments are invalid.
515 int rseq_mempool_attr_set_global(struct rseq_mempool_attr
*attr
, size_t stride
);
518 * rseq_mempool_attr_set_max_nr_ranges: Set upper-limit to range allocation.
520 * Set an upper-limit to range allocation. A @max_nr_ranges value of
521 * 0 means no limit (default).
523 * Returns 0 on success, -1 with errno=EINVAL if arguments are invalid.
525 int rseq_mempool_attr_set_max_nr_ranges(struct rseq_mempool_attr
*attr
,
526 unsigned long max_nr_ranges
);
529 * rseq_mempool_attr_set_poison: Set pool poison value.
531 * Set a poison value to be set over freed pool entries. This can be
532 * used to anonymize freed memory, and for memory corruption checks
533 * with the robust attribute.
535 * Returns 0 on success, -1 with errno=EINVAL if arguments are invalid.
537 int rseq_mempool_attr_set_poison(struct rseq_mempool_attr
*attr
,
540 enum rseq_mempool_populate_policy
{
542 * RSEQ_MEMPOOL_POPULATE_PRIVATE_NONE (default):
543 * Do not populate pages for any of the CPUs when creating the
544 * mempool. Rely on copy-on-write (COW) of per-cpu pages to
545 * populate per-cpu pages from the initial values pages on
546 * first write. This mempool is only meant for single-process
547 * use (private mapping).
549 RSEQ_MEMPOOL_POPULATE_PRIVATE_NONE
= 0,
551 * RSEQ_MEMPOOL_POPULATE_PRIVATE_ALL:
552 * Populate pages for all CPUs from 0 to (max_nr_cpus - 1)
553 * when creating the mempool. This mempool is only meant for
554 * single-process use (private mapping).
556 RSEQ_MEMPOOL_POPULATE_PRIVATE_ALL
= 1,
560 * rseq_mempool_attr_set_populate_policy: Set pool page populate policy.
562 * Set page populate policy for the mempool.
564 * Returns 0 on success, -1 with errno=EINVAL if arguments are invalid.
566 int rseq_mempool_attr_set_populate_policy(struct rseq_mempool_attr
*attr
,
567 enum rseq_mempool_populate_policy policy
);
570 * rseq_mempool_range_init_numa: NUMA initialization helper for memory range.
572 * Helper which can be used from mempool_attr @init_func to move a CPU
573 * memory range to the NUMA node associated to its topology.
575 * Returns 0 on success, -1 with errno set by move_pages(2) on error.
576 * Returns -1, errno=ENOSYS if NUMA support is not present.
578 int rseq_mempool_range_init_numa(void *addr
, size_t len
, int cpu
, int numa_flags
);
581 * rseq_mempool_get_max_nr_cpus: Get the max_nr_cpus value configured for a pool.
583 * Returns a value >= 0 for a per-cpu pool.
584 * Returns -1, errno=EINVAL if the mempool is NULL or if the pool has a
587 int rseq_mempool_get_max_nr_cpus(struct rseq_mempool
*mempool
);
593 #endif /* _RSEQ_MEMPOOL_H */