kernel/alloc/
allocator.rs

1// SPDX-License-Identifier: GPL-2.0
2
3//! Allocator support.
4//!
5//! Documentation for the kernel's memory allocators can found in the "Memory Allocation Guide"
6//! linked below. For instance, this includes the concept of "get free page" (GFP) flags and the
7//! typical application of the different kernel allocators.
8//!
9//! Reference: <https://docs.kernel.org/core-api/memory-allocation.html>
10
11use super::Flags;
12use core::alloc::Layout;
13use core::ptr;
14use core::ptr::NonNull;
15
16use crate::alloc::{AllocError, Allocator, NumaNode};
17use crate::bindings;
18
19const ARCH_KMALLOC_MINALIGN: usize = bindings::ARCH_KMALLOC_MINALIGN;
20
21/// The contiguous kernel allocator.
22///
23/// `Kmalloc` is typically used for physically contiguous allocations up to page size, but also
24/// supports larger allocations up to `bindings::KMALLOC_MAX_SIZE`, which is hardware specific.
25///
26/// For more details see [self].
27pub struct Kmalloc;
28
29/// The virtually contiguous kernel allocator.
30///
31/// `Vmalloc` allocates pages from the page level allocator and maps them into the contiguous kernel
32/// virtual space. It is typically used for large allocations. The memory allocated with this
33/// allocator is not physically contiguous.
34///
35/// For more details see [self].
36pub struct Vmalloc;
37
38/// The kvmalloc kernel allocator.
39///
40/// `KVmalloc` attempts to allocate memory with `Kmalloc` first, but falls back to `Vmalloc` upon
41/// failure. This allocator is typically used when the size for the requested allocation is not
42/// known and may exceed the capabilities of `Kmalloc`.
43///
44/// For more details see [self].
45pub struct KVmalloc;
46
47/// # Invariants
48///
49/// One of the following: `krealloc_node_align`, `vrealloc_node_align`, `kvrealloc_node_align`.
50struct ReallocFunc(
51    unsafe extern "C" fn(
52        *const crate::ffi::c_void,
53        usize,
54        crate::ffi::c_ulong,
55        u32,
56        crate::ffi::c_int,
57    ) -> *mut crate::ffi::c_void,
58);
59
60impl ReallocFunc {
61    // INVARIANT: `krealloc_node_align` satisfies the type invariants.
62    const KREALLOC: Self = Self(bindings::krealloc_node_align);
63
64    // INVARIANT: `vrealloc_node_align` satisfies the type invariants.
65    const VREALLOC: Self = Self(bindings::vrealloc_node_align);
66
67    // INVARIANT: `kvrealloc_node_align` satisfies the type invariants.
68    const KVREALLOC: Self = Self(bindings::kvrealloc_node_align);
69
70    /// # Safety
71    ///
72    /// This method has the same safety requirements as [`Allocator::realloc`].
73    ///
74    /// # Guarantees
75    ///
76    /// This method has the same guarantees as `Allocator::realloc`. Additionally
77    /// - it accepts any pointer to a valid memory allocation allocated by this function.
78    /// - memory allocated by this function remains valid until it is passed to this function.
79    #[inline]
80    unsafe fn call(
81        &self,
82        ptr: Option<NonNull<u8>>,
83        layout: Layout,
84        old_layout: Layout,
85        flags: Flags,
86        nid: NumaNode,
87    ) -> Result<NonNull<[u8]>, AllocError> {
88        let size = layout.size();
89        let ptr = match ptr {
90            Some(ptr) => {
91                if old_layout.size() == 0 {
92                    ptr::null()
93                } else {
94                    ptr.as_ptr()
95                }
96            }
97            None => ptr::null(),
98        };
99
100        // SAFETY:
101        // - `self.0` is one of `krealloc`, `vrealloc`, `kvrealloc` and thus only requires that
102        //   `ptr` is NULL or valid.
103        // - `ptr` is either NULL or valid by the safety requirements of this function.
104        //
105        // GUARANTEE:
106        // - `self.0` is one of `krealloc`, `vrealloc`, `kvrealloc`.
107        // - Those functions provide the guarantees of this function.
108        let raw_ptr = unsafe {
109            // If `size == 0` and `ptr != NULL` the memory behind the pointer is freed.
110            self.0(ptr.cast(), size, layout.align(), flags.0, nid.0).cast()
111        };
112
113        let ptr = if size == 0 {
114            crate::alloc::dangling_from_layout(layout)
115        } else {
116            NonNull::new(raw_ptr).ok_or(AllocError)?
117        };
118
119        Ok(NonNull::slice_from_raw_parts(ptr, size))
120    }
121}
122
123impl Kmalloc {
124    /// Returns a [`Layout`] that makes [`Kmalloc`] fulfill the requested size and alignment of
125    /// `layout`.
126    pub fn aligned_layout(layout: Layout) -> Layout {
127        // Note that `layout.size()` (after padding) is guaranteed to be a multiple of
128        // `layout.align()` which together with the slab guarantees means that `Kmalloc` will return
129        // a properly aligned object (see comments in `kmalloc()` for more information).
130        layout.pad_to_align()
131    }
132}
133
134// SAFETY: `realloc` delegates to `ReallocFunc::call`, which guarantees that
135// - memory remains valid until it is explicitly freed,
136// - passing a pointer to a valid memory allocation is OK,
137// - `realloc` satisfies the guarantees, since `ReallocFunc::call` has the same.
138unsafe impl Allocator for Kmalloc {
139    const MIN_ALIGN: usize = ARCH_KMALLOC_MINALIGN;
140
141    #[inline]
142    unsafe fn realloc(
143        ptr: Option<NonNull<u8>>,
144        layout: Layout,
145        old_layout: Layout,
146        flags: Flags,
147        nid: NumaNode,
148    ) -> Result<NonNull<[u8]>, AllocError> {
149        let layout = Kmalloc::aligned_layout(layout);
150
151        // SAFETY: `ReallocFunc::call` has the same safety requirements as `Allocator::realloc`.
152        unsafe { ReallocFunc::KREALLOC.call(ptr, layout, old_layout, flags, nid) }
153    }
154}
155
156// SAFETY: `realloc` delegates to `ReallocFunc::call`, which guarantees that
157// - memory remains valid until it is explicitly freed,
158// - passing a pointer to a valid memory allocation is OK,
159// - `realloc` satisfies the guarantees, since `ReallocFunc::call` has the same.
160unsafe impl Allocator for Vmalloc {
161    const MIN_ALIGN: usize = kernel::page::PAGE_SIZE;
162
163    #[inline]
164    unsafe fn realloc(
165        ptr: Option<NonNull<u8>>,
166        layout: Layout,
167        old_layout: Layout,
168        flags: Flags,
169        nid: NumaNode,
170    ) -> Result<NonNull<[u8]>, AllocError> {
171        // SAFETY: If not `None`, `ptr` is guaranteed to point to valid memory, which was previously
172        // allocated with this `Allocator`.
173        unsafe { ReallocFunc::VREALLOC.call(ptr, layout, old_layout, flags, nid) }
174    }
175}
176
177// SAFETY: `realloc` delegates to `ReallocFunc::call`, which guarantees that
178// - memory remains valid until it is explicitly freed,
179// - passing a pointer to a valid memory allocation is OK,
180// - `realloc` satisfies the guarantees, since `ReallocFunc::call` has the same.
181unsafe impl Allocator for KVmalloc {
182    const MIN_ALIGN: usize = ARCH_KMALLOC_MINALIGN;
183
184    #[inline]
185    unsafe fn realloc(
186        ptr: Option<NonNull<u8>>,
187        layout: Layout,
188        old_layout: Layout,
189        flags: Flags,
190        nid: NumaNode,
191    ) -> Result<NonNull<[u8]>, AllocError> {
192        // `KVmalloc` may use the `Kmalloc` backend, hence we have to enforce a `Kmalloc`
193        // compatible layout.
194        let layout = Kmalloc::aligned_layout(layout);
195
196        // SAFETY: If not `None`, `ptr` is guaranteed to point to valid memory, which was previously
197        // allocated with this `Allocator`.
198        unsafe { ReallocFunc::KVREALLOC.call(ptr, layout, old_layout, flags, nid) }
199    }
200}
201
202#[macros::kunit_tests(rust_allocator)]
203mod tests {
204    use super::*;
205    use core::mem::MaybeUninit;
206    use kernel::prelude::*;
207
208    #[test]
209    fn test_alignment() -> Result {
210        const TEST_SIZE: usize = 1024;
211        const TEST_LARGE_ALIGN_SIZE: usize = kernel::page::PAGE_SIZE * 4;
212
213        // These two structs are used to test allocating aligned memory.
214        // they don't need to be accessed, so they're marked as dead_code.
215        #[expect(dead_code)]
216        #[repr(align(128))]
217        struct Blob([u8; TEST_SIZE]);
218        #[expect(dead_code)]
219        #[repr(align(8192))]
220        struct LargeAlignBlob([u8; TEST_LARGE_ALIGN_SIZE]);
221
222        struct TestAlign<T, A: Allocator>(Box<MaybeUninit<T>, A>);
223        impl<T, A: Allocator> TestAlign<T, A> {
224            fn new() -> Result<Self> {
225                Ok(Self(Box::<_, A>::new_uninit(GFP_KERNEL)?))
226            }
227
228            fn is_aligned_to(&self, align: usize) -> bool {
229                assert!(align.is_power_of_two());
230
231                let addr = self.0.as_ptr() as usize;
232                addr & (align - 1) == 0
233            }
234        }
235
236        let ta = TestAlign::<Blob, Kmalloc>::new()?;
237        assert!(ta.is_aligned_to(128));
238
239        let ta = TestAlign::<LargeAlignBlob, Kmalloc>::new()?;
240        assert!(ta.is_aligned_to(8192));
241
242        let ta = TestAlign::<Blob, Vmalloc>::new()?;
243        assert!(ta.is_aligned_to(128));
244
245        let ta = TestAlign::<LargeAlignBlob, Vmalloc>::new()?;
246        assert!(ta.is_aligned_to(8192));
247
248        let ta = TestAlign::<Blob, KVmalloc>::new()?;
249        assert!(ta.is_aligned_to(128));
250
251        let ta = TestAlign::<LargeAlignBlob, KVmalloc>::new()?;
252        assert!(ta.is_aligned_to(8192));
253
254        Ok(())
255    }
256}
kernel/alloc/allocator.rs

kernel/alloc/
allocator.rs
