Linux内存管理之slab机制（释放对象）-服务器评测

Linux内核中将对象释放到slab中上层所用函数为kfree()或kmem_cache_free()。两个函数都会调用__cache_free()函数。

代码执行流程：

1，当本地CPU cache中空闲对象数小于规定上限时，只需将对象放入本地CPU cache中；

2，当local cache中对象过多（大于等于规定上限），需要释放一批对象到slab三链中。由函数cache_flusharray()实现。

1）如果三链中存在共享本地cache，那么首先选择释放到共享本地cache中，能释放多少是多少；

2）如果没有shared local cache，释放对象到slab三链中，实现函数为free_block()。对于free_block()函数，当三链中的空闲对象数过多时，销毁此cache。不然，添加此slab到空闲链表。因为在分配的时候我们看到将slab结构从cache链表中脱离了，在这里，根据page描述符的lru找到slab并将它添加到三链的空闲链表中。

主实现

* Release an obj back to its cache. If the obj has a constructed state, it must

* be in this state _before_ it is released. Called with disabled ints.

static inline void __cache_free(struct kmem_cache *cachep, void *objp)

{

/* 获得本CPU的local cache */

struct array_cache *ac = cpu_cache_get(cachep);

check_irq_off();

kmemleak_free_recursive(objp, cachep->flags);

objp = cache_free_debugcheck(cachep, objp, __builtin_return_address(0));

kmemcheck_slab_free(cachep, objp, obj_size(cachep));

* Skip calling cache_free_alien() when the platform is not numa.

* This will avoid cache misses that happen while accessing slabp (which

* is per page memory reference) to get nodeid. Instead use a global

* variable to skip the call, which is mostly likely to be present in

* the cache.

*//* NUMA相关 */

if (nr_online_nodes > 1 && cache_free_alien(cachep, objp))

return;

if (likely(ac->avail < ac->limit)) {

/* local cache中的空闲对象数小于上限时

，只需将对象释放回entry数组中 */

STATS_INC_FREEHIT(cachep);

ac->entry[ac->avail++] = objp;

return;

} else {

/* 大于等于上限时， */

STATS_INC_FREEMISS(cachep);

/* local cache中对象过多，需要释放一批对象到slab三链中。*/

cache_flusharray(cachep, ac);

ac->entry[ac->avail++] = objp;

}

}

释放对象到三链中

/*local cache中对象过多，需要释放一批对象到slab三链中。*/

static void cache_flusharray(struct kmem_cache *cachep, struct array_cache *ac)

{

int batchcount;

struct kmem_list3 *l3;

int node = numa_node_id();

/* 每次释放多少个对象 */

batchcount = ac->batchcount;

#if DEBUG

BUG_ON(!batchcount || batchcount > ac->avail);

#endif

check_irq_off();

/* 获得此cache的slab三链 */

l3 = cachep->nodelists[node];

spin_lock(&l3->list_lock);

if (l3->shared) {

/* 如果存在shared local cache，将对象释放到其中 */

struct array_cache *shared_array = l3->shared;

/* 计算shared local cache中还有多少空位 */

int max = shared_array->limit – shared_array->avail;

if (max) {

/* 空位数小于要释放的对象数时，释放数等于空位数 */

if (batchcount > max)

batchcount = max;

/* 释放local cache前面的几个对象到shared local cache中

，前面的是最早不用的 */

memcpy(&(shared_array->entry[shared_array->avail]),

ac->entry, sizeof(void *) * batchcount);

/* 增加shared local cache可用对象数 */

shared_array->avail += batchcount;

goto free_done;

}

}

/* 无shared local cache，释放对象到slab三链中 */

free_block(cachep, ac->entry, batchcount, node);

free_done:

#if STATS

{

int i = 0;

struct list_head *p;

p = l3->slabs_free.next;

while (p != &(l3->slabs_free)) {

struct slab *slabp;

slabp = list_entry(p, struct slab, list);

BUG_ON(slabp->inuse);

i++;

p = p->next;

}

STATS_SET_FREEABLE(cachep, i);

}

#endif

spin_unlock(&l3->list_lock);

/* 减少local cache可用对象数*/

ac->avail -= batchcount;

/* local cache前面有batchcount个空位，将后面的对象依次前移batchcount位 */

memmove(ac->entry, &(ac->entry[batchcount]), sizeof(void *)*ac->avail);

}

无shared local cache，释放对象到slab三链中

* Caller needs to acquire correct kmem_list’s list_lock

/*释放一定数目的对象*/

static void free_block(struct kmem_cache *cachep, void **objpp, int nr_objects,

int node)

{

int i;

struct kmem_list3 *l3;

/* 逐一释放对象到slab三链中 */

for (i = 0; i < nr_objects; i++) {

void *objp = objpp[i];

struct slab *slabp;

/* 通过虚拟地址得到page，再通过page得到slab */

slabp = virt_to_slab(objp);

/* 获得slab三链 */

l3 = cachep->nodelists[node];

/* 先将对象所在的slab从链表中摘除 */

list_del(&slabp->list);

check_spinlock_acquired_node(cachep, node);

check_slabp(cachep, slabp);

/* 将对象释放到其slab中 */

slab_put_obj(cachep, slabp, objp, node);

STATS_DEC_ACTIVE(cachep);

/* 空闲对象数加一 */

l3->free_objects++;

check_slabp(cachep, slabp);

/* fixup slab chains */

if (slabp->inuse == 0) {

/* 如果slab中均为空闲对象 */

if (l3->free_objects > l3->free_limit) {

/* 如果slab三链中空闲对象数超过上限

，直接回收整个slab到内存

，空闲对象数减去每个slab中对象数 */

l3->free_objects -= cachep->num;

/* No need to drop any previously held

* lock here, even if we have a off-slab slab

* descriptor it is guaranteed to come from

* a different cache, refer to comments before

* alloc_slabmgmt.

*//* 销毁struct slab对象 */

slab_destroy(cachep, slabp);

} else {

/* 将此slab添加到空slab链表中 */

list_add(&slabp->list, &l3->slabs_free);

}

} else {

/* Unconditionally move a slab to the end of the

* partial list on free – maximum time for the

* other objects to be freed, too.

*//*将此slab添加到部分满slab链表中*/

list_add_tail(&slabp->list, &l3->slabs_partial);

}

}

}

将对象释放到其slab中

static void slab_put_obj(struct kmem_cache *cachep, struct slab *slabp,

void *objp, int nodeid)

{ /* 获得对象在kmem_bufctl_t数组中的索引 */

unsigned int objnr = obj_to_index(cachep, slabp, objp);

#if DEBUG

/* Verify that the slab belongs to the intended node */

WARN_ON(slabp->nodeid != nodeid);

if (slab_bufctl(slabp)[objnr] + 1 <= SLAB_LIMIT + 1) {

printk(KERN_ERR “slab: double free detected in cache “

“‘%s’, objp %p\n”, cachep->name, objp);

BUG();

}

#endif

/*这两步相当于静态链表的插入操作*/

/* 指向slab中原来的第一个空闲对象 */

slab_bufctl(slabp)[objnr] = slabp->free;

/* 释放的对象作为第一个空闲对象 */

slabp->free = objnr;

/* 已分配对象数减一 */

slabp->inuse–;

}

辅助函数

/* 通过虚拟地址得到page，再通过page得到slab */

static inline struct slab *virt_to_slab(const void *obj)

{

struct page *page = virt_to_head_page(obj);

return page_get_slab(page);

}

static inline struct slab *page_get_slab(struct page *page)

{

BUG_ON(!PageSlab(page));

return (struct slab *)page->lru.prev;

}

可见，用page->lru.prev得到slab，和创建slab时相呼应。

Linux内存管理之slab机制（释放对象）

相关推荐

分类

听说打赏我的人，都进福布斯排行榜啦！

支付宝扫一扫打赏

微信扫一扫打赏

QQ咨询

回顶部