/* SPDX-License-Identifier: GPL-2.0 */
#ifndef _LINUX_OBJPOOL_H
#define _LINUX_OBJPOOL_H
#include <linux/types.h>
#include <linux/refcount.h>
#include <linux/atomic.h>
#include <linux/cpumask.h>
#include <linux/irqflags.h>
#include <linux/smp.h>
/*
* objpool: ring-array based lockless MPMC queue
*
* Copyright: [email protected],[email protected]
*
* objpool is a scalable implementation of high performance queue for
* object allocation and reclamation, such as kretprobe instances.
*
* With leveraging percpu ring-array to mitigate hot spots of memory
* contention, it delivers near-linear scalability for high parallel
* scenarios. The objpool is best suited for the following cases:
* 1) Memory allocation or reclamation are prohibited or too expensive
* 2) Consumers are of different priorities, such as irqs and threads
*
* Limitations:
* 1) Maximum objects (capacity) is fixed after objpool creation
* 2) All pre-allocated objects are managed in percpu ring array,
* which consumes more memory than linked lists
*/
/**
* struct objpool_slot - percpu ring array of objpool
* @head: head sequence of the local ring array (to retrieve at)
* @tail: tail sequence of the local ring array (to append at)
* @last: the last sequence number marked as ready for retrieve
* @mask: bits mask for modulo capacity to compute array indexes
* @entries: object entries on this slot
*
* Represents a cpu-local array-based ring buffer, its size is specialized
* during initialization of object pool. The percpu objpool node is to be
* allocated from local memory for NUMA system, and to be kept compact in
* continuous memory: CPU assigned number of objects are stored just after
* the body of objpool_node.
*
* Real size of the ring array is far too smaller than the value range of
* head and tail, typed as uint32_t: [0, 2^32), so only lower bits (mask)
* of head and tail are used as the actual position in the ring array. In
* general the ring array is acting like a small sliding window, which is
* always moving forward in the loop of [0, 2^32).
*/
struct objpool_slot {
uint32_t head;
uint32_t tail;
uint32_t last;
uint32_t mask;
void *entries[];
} __packed;
struct objpool_head;
/*
* caller-specified callback for object initial setup, it's only called
* once for each object (just after the memory allocation of the object)
*/
typedef int (*objpool_init_obj_cb)(void *obj, void *context);
/* caller-specified cleanup callback for objpool destruction */
typedef int (*objpool_fini_cb)(struct objpool_head *head, void *context);
/**
* struct objpool_head - object pooling metadata
* @obj_size: object size, aligned to sizeof(void *)
* @nr_objs: total objs (to be pre-allocated with objpool)
* @nr_possible_cpus: cached value of num_possible_cpus()
* @capacity: max objs can be managed by one objpool_slot
* @gfp: gfp flags for kmalloc & vmalloc
* @ref: refcount of objpool
* @flags: flags for objpool management
* @cpu_slots: pointer to the array of objpool_slot
* @release: resource cleanup callback
* @context: caller-provided context
*/
struct objpool_head {
int obj_size;
int nr_objs;
int nr_possible_cpus;
int capacity;
gfp_t gfp;
refcount_t ref;
unsigned long flags;
struct objpool_slot **cpu_slots;
objpool_fini_cb release;
void *context;
};
#define OBJPOOL_NR_OBJECT_MAX (1UL << 24) /* maximum numbers of total objects */
#define OBJPOOL_OBJECT_SIZE_MAX (1UL << 16) /* maximum size of an object */
/**
* objpool_init() - initialize objpool and pre-allocated objects
* @pool: the object pool to be initialized, declared by caller
* @nr_objs: total objects to be pre-allocated by this object pool
* @object_size: size of an object (should be > 0)
* @gfp: flags for memory allocation (via kmalloc or vmalloc)
* @context: user context for object initialization callback
* @objinit: object initialization callback for extra setup
* @release: cleanup callback for extra cleanup task
*
* return value: 0 for success, otherwise error code
*
* All pre-allocated objects are to be zeroed after memory allocation.
* Caller could do extra initialization in objinit callback. objinit()
* will be called just after slot allocation and called only once for
* each object. After that the objpool won't touch any content of the
* objects. It's caller's duty to perform reinitialization after each
* pop (object allocation) or do clearance before each push (object
* reclamation).
*/
int objpool_init(struct objpool_head *pool, int nr_objs, int object_size,
gfp_t gfp, void *context, objpool_init_obj_cb objinit,
objpool_fini_cb release);
/* try to retrieve object from slot */
static inline void *__objpool_try_get_slot(struct objpool_head *pool, int cpu)
{
struct objpool_slot *slot = pool->cpu_slots[cpu];
/* load head snapshot, other cpus may change it */
uint32_t head = smp_load_acquire(&slot->head);
while (head != READ_ONCE(slot->last)) {
void *obj;
/*
* data visibility of 'last' and 'head' could be out of
* order since memory updating of 'last' and 'head' are
* performed in push() and pop() independently
*
* before any retrieving attempts, pop() must guarantee
* 'last' is behind 'head', that is to say, there must
* be available objects in slot, which could be ensured
* by condition 'last != head && last - head <= nr_objs'
* that is equivalent to 'last - head - 1 < nr_objs' as
* 'last' and 'head' are both unsigned int32
*/
if (READ_ONCE(slot->last) - head - 1 >= pool->nr_objs) {
head = READ_ONCE(slot->head);
continue;
}
/* obj must be retrieved before moving forward head */
obj = READ_ONCE(slot->entries[head & slot->mask]);
/* move head forward to mark it's consumption */
if (try_cmpxchg_release(&slot->head, &head, head + 1))
return obj;
}
return NULL;
}
/**
* objpool_pop() - allocate an object from objpool
* @pool: object pool
*
* return value: object ptr or NULL if failed
*/
static inline void *objpool_pop(struct objpool_head *pool)
{
void *obj = NULL;
unsigned long flags;
int i, cpu;
/* disable local irq to avoid preemption & interruption */
raw_local_irq_save(flags);
cpu = raw_smp_processor_id();
for (i = 0; i < pool->nr_possible_cpus; i++) {
obj = __objpool_try_get_slot(pool, cpu);
if (obj)
break;
cpu = cpumask_next_wrap(cpu, cpu_possible_mask, -1, 1);
}
raw_local_irq_restore(flags);
return obj;
}
/* adding object to slot, abort if the slot was already full */
static inline int
__objpool_try_add_slot(void *obj, struct objpool_head *pool, int cpu)
{
struct objpool_slot *slot = pool->cpu_slots[cpu];
uint32_t head, tail;
/* loading tail and head as a local snapshot, tail first */
tail = READ_ONCE(slot->tail);
do {
head = READ_ONCE(slot->head);
/* fault caught: something must be wrong */
WARN_ON_ONCE(tail - head > pool->nr_objs);
} while (!try_cmpxchg_acquire(&slot->tail, &tail, tail + 1));
/* now the tail position is reserved for the given obj */
WRITE_ONCE(slot->entries[tail & slot->mask], obj);
/* update sequence to make this obj available for pop() */
smp_store_release(&slot->last, tail + 1);
return 0;
}
/**
* objpool_push() - reclaim the object and return back to objpool
* @obj: object ptr to be pushed to objpool
* @pool: object pool
*
* return: 0 or error code (it fails only when user tries to push
* the same object multiple times or wrong "objects" into objpool)
*/
static inline int objpool_push(void *obj, struct objpool_head *pool)
{
unsigned long flags;
int rc;
/* disable local irq to avoid preemption & interruption */
raw_local_irq_save(flags);
rc = __objpool_try_add_slot(obj, pool, raw_smp_processor_id());
raw_local_irq_restore(flags);
return rc;
}
/**
* objpool_drop() - discard the object and deref objpool
* @obj: object ptr to be discarded
* @pool: object pool
*
* return: 0 if objpool was released; -EAGAIN if there are still
* outstanding objects
*
* objpool_drop is normally for the release of outstanding objects
* after objpool cleanup (objpool_fini). Thinking of this example:
* kretprobe is unregistered and objpool_fini() is called to release
* all remained objects, but there are still objects being used by
* unfinished kretprobes (like blockable function: sys_accept). So
* only when the last outstanding object is dropped could the whole
* objpool be released along with the call of objpool_drop()
*/
int objpool_drop(void *obj, struct objpool_head *pool);
/**
* objpool_free() - release objpool forcely (all objects to be freed)
* @pool: object pool to be released
*/
void objpool_free(struct objpool_head *pool);
/**
* objpool_fini() - deref object pool (also releasing unused objects)
* @pool: object pool to be dereferenced
*
* objpool_fini() will try to release all remained free objects and
* then drop an extra reference of the objpool. If all objects are
* already returned to objpool (so called synchronous use cases),
* the objpool itself will be freed together. But if there are still
* outstanding objects (so called asynchronous use cases, such like
* blockable kretprobe), the objpool won't be released until all
* the outstanding objects are dropped, but the caller must assure
* there are no concurrent objpool_push() on the fly. Normally RCU
* is being required to make sure all ongoing objpool_push() must
* be finished before calling objpool_fini(), so does test_objpool,
* kretprobe or rethook
*/
void objpool_fini(struct objpool_head *pool);
#endif /* _LINUX_OBJPOOL_H */