kernel memory allocator
() function allocates uninitialized
memory in kernel address space for an object whose size is specified by
releases memory at address addr
previously allocated by malloc
() for re-use.
argument further qualifies malloc's
operational characteristics as follows:
- The same as having no other
flags specified. If memory is currently
unavailable, malloc() may call sleep to wait
for resources to be released by other processes.
- Causes malloc() to return
NULL if the request cannot be
immediately fulfilled due to resource shortage. One of
M_WAITOK must be specified.
- In the
M_WAITOK case, if
not enough memory is available, return
NULL instead of calling
M_CANFAIL has no effect if
M_NOWAIT is specified.
- Causes malloc() to return
argument broadly identifies the kernel
subsystem for which the allocated memory was needed, and is commonly used to
maintain statistics about kernel memory usage. These statistics can be
of the kernel
The following types are currently defined:
() returns a kernel virtual address that is
suitably aligned for storage of any type of object.
A kernel compiled with the
configuration option attempts to detect memory corruption caused by such
things as writing outside the allocated area and unbalanced calls to the
() and free
functions. Failing consistency checks will cause a panic or a system console
- panic: “malloc - bogus type”
- panic: “malloc: out of space in
- panic: “malloc: allocation too large”
- panic: “malloc: wrong bucket”
- panic: “malloc: lost data”
- panic: “free: unaligned addr”
- panic: “free: duplicated free”
- panic: “free: multiple frees”
- panic: “kmeminit: minbucket too small/struct
freelist too big”
- “multiply freed item
- “Data modified on freelist: ⟨data object
A kernel compiled with the MALLOC_DEBUG
allows for more extensive debugging of memory allocations. The
variables choose which
allocation to debug. debug_malloc_type
be set to the memory type and
should be set to the memory
size to debug. 0 can be used as a wildcard.
can be used to specify a
range of sizes if the exact size to debug is not known. When those are used,
needs to be set to the
can also be specified as
an allocation type to force allocation with debugging.
Every call to malloc
() with a memory type and size
that matches the debugged type and size will allocate two virtual pages. The
pointer returned will be aligned so that the requested area will end at the
page boundary and the second virtual page will be left unmapped. This way we
can catch reads and writes outside the allocated area.
Every call to free
() with memory that was returned
by the debugging malloc will cause the memory area to become unmapped so that
we can catch dangling reads and writes to freed memory.
There are no special diagnostics if any errors are caught by the debugging
malloc. The errors will look like normal access to unmapped memory. On a
memory access error, the show malloc
can be invoked
to see what memory areas are allocated and freed. If the faulting address is
within two pages from an address on the allocated list, there was an access
outside the allocated area. If the faulting address is within two pages from
an address on the free list, there was an access to freed memory.
Care needs to be taken when using the MALLOC_DEBUG
option: the memory consumption can run away pretty quickly and there is a
severe performance degradation when allocating and freeing debugged memory