| /* |
| * Copyright 2017, Data61, CSIRO (ABN 41 687 119 230) |
| * |
| * SPDX-License-Identifier: BSD-2-Clause |
| */ |
| |
| /** |
| * @file allocman.h |
| * |
| * @brief The allocman is system for resolving dependencies between allocators for different resources |
| * |
| * Allocations need to go via the allocation manager in order to ensure |
| * the correct watermark levels of resources are maintained. While an |
| * individual manager is free to directly give away resources, if it |
| * calls into the allocation manager then that manager may be recursively |
| * invoked. Performing allocations from the allocation manager is also |
| * the only way to allocate the final watermark resources when memory |
| * becomes exhausted. |
| * |
| * It is generally desirable that a free operation does not have any |
| * allocation calls in it. If an allocator does wish to allocate a |
| * resource when performing a free it must accept that its allocation |
| * function could be called as a result. In a similar manner if your |
| * allocation function frees resources your free function may be recursively |
| * called. |
| * |
| * There are (generally) two different types of allocators. Those that are |
| * linked to an allocation manager, and those that are not. Typically the |
| * only sort of manager you would not want linked to an allocation manager |
| * is a cspace manager (if you are managing a clients cspace). Although you |
| * could also create an untyped manager if you do not want to give clients |
| * untypeds directly, but still want to have a fixed untyped pool reserved |
| * for it. |
| * |
| * Possibility exists for much foot shooting with any allocators. A typical |
| * desire might be to create a sub allocator (such as a cspace manager), |
| * use an already existing allocation manager to back all of its allocations, |
| * and then destroy that cspace manager at some point to release all its resources. |
| * There are no guarantees that this will work. If all requests to the sub allocator |
| * use the same allocation manager to perform book keeping requests, and the |
| * sub allocator is told to free using that same allocation manager then all |
| * should work. But this is strictly up to using your allocators correctly, |
| * and knowing how they work. |
| */ |
| |
| #pragma once |
| |
| #include <assert.h> |
| #include <autoconf.h> |
| #include <sel4/types.h> |
| #include <allocman/util.h> |
| #include <allocman/cspace/cspace.h> |
| #include <allocman/mspace/mspace.h> |
| #include <allocman/utspace/utspace.h> |
| #include <vka/cspacepath_t.h> |
| #include <sel4platsupport/timer.h> |
| |
| /** |
| * Describes a reservation chunk for the memory system. |
| * Used by {@link #allocman_configure_mspace_reserve} |
| */ |
| struct allocman_mspace_chunk { |
| size_t size; |
| size_t count; |
| }; |
| |
| /** |
| * Describes a reservation chunk for the untyped system. |
| * Used by {@link #allocman_configure_utspace_reserve} |
| */ |
| struct allocman_utspace_chunk { |
| size_t size_bits; |
| seL4_Word type; |
| size_t count; |
| }; |
| |
| /** |
| * Internal data structure for describing an untyped allocation in |
| * the reservation system |
| */ |
| struct allocman_utspace_allocation { |
| seL4_Word cookie; |
| cspacepath_t slot; |
| }; |
| |
| struct allocman_freed_mspace_chunk { |
| void *ptr; |
| size_t size; |
| }; |
| |
| struct allocman_freed_utspace_chunk { |
| size_t size_bits; |
| seL4_Word cookie; |
| }; |
| |
| /** |
| * The allocman itself. This is generally the only type you will need to pass around |
| * to deal with allocation. It is declared in full here so that the compiler is able |
| * to calculate its size so it can be allocated on stacks/globals etc as required |
| */ |
| typedef struct allocman { |
| /* link to our underlying allocators. some are lazily added. the mspace will always be here, |
| * and have_mspace can be used to check if the allocman is initialized at all */ |
| int have_mspace; |
| struct mspace_interface mspace; |
| int have_cspace; |
| struct cspace_interface cspace; |
| int have_utspace; |
| struct utspace_interface utspace; |
| |
| /* Flag that tracks whether any alloc/free/other function has been entered yet */ |
| int in_operation; |
| |
| /* Counts that track re-entry into each specific alloc/free function */ |
| size_t cspace_alloc_depth; |
| size_t cspace_free_depth; |
| size_t utspace_alloc_depth; |
| size_t utspace_free_depth; |
| size_t mspace_alloc_depth; |
| size_t mspace_free_depth; |
| |
| /* Track whether the watermark is currently refilled so we don't recursively do it */ |
| int refilling_watermark; |
| /* Has a watermark resource been used. This is just an optimization */ |
| int used_watermark; |
| |
| /* track resources that we have not yet been able to free due to circular dependencies */ |
| size_t desired_freed_slots; |
| size_t num_freed_slots; |
| cspacepath_t *freed_slots; |
| |
| size_t desired_freed_mspace_chunks; |
| size_t num_freed_mspace_chunks; |
| struct allocman_freed_mspace_chunk *freed_mspace_chunks; |
| |
| size_t desired_freed_utspace_chunks; |
| size_t num_freed_utspace_chunks; |
| struct allocman_freed_utspace_chunk *freed_utspace_chunks; |
| |
| /* cspace watermark resources */ |
| size_t desired_cspace_slots; |
| size_t num_cspace_slots; |
| cspacepath_t *cspace_slots; |
| |
| /* mspace watermark resources */ |
| size_t num_mspace_chunks; |
| struct allocman_mspace_chunk *mspace_chunk; |
| size_t *mspace_chunk_count; |
| void ***mspace_chunks; |
| |
| /* utspace watermark resources */ |
| size_t num_utspace_chunks; |
| struct allocman_utspace_chunk *utspace_chunk; |
| size_t *utspace_chunk_count; |
| struct allocman_utspace_allocation **utspace_chunks; |
| } allocman_t; |
| |
| /** |
| * Allocates 'real' memory from the allocator |
| * |
| * @param alloc Allocman to allocate from |
| * @param bytes Size in bytes to allocate |
| * @param _error (Optional) set to 0 on success |
| * |
| * @return returns pointer to allocated memory |
| */ |
| void *allocman_mspace_alloc(allocman_t *alloc, size_t bytes, int *_error); |
| |
| /** |
| * Frees 'real' memory, as previously allocated by {@link #allocman_mspace_alloc} |
| * |
| * @param alloc Allocman to allocate from |
| * @param ptr Allocated memory (as returned by {@link #allocman_mspace_alloc} |
| * @param bytes Size in bytes of the allocation to free. Allocations cannot be partially freed |
| */ |
| void allocman_mspace_free(allocman_t *alloc, void *ptr, size_t bytes); |
| |
| /** |
| * Allocates a cslot from the allocator |
| * |
| * @param alloc Allocman to allocate from |
| * @param slot Stores details of the allocated slot |
| * |
| * @return returns 0 on sucess |
| */ |
| int allocman_cspace_alloc(allocman_t *alloc, cspacepath_t *slot); |
| |
| /** |
| * Frees a cslot from the allocator, as previously allocated by {@link #allocman_cspace_alloc}. |
| * To avoid the need to keep cspacepath_t's laying around, it is guaruanteed that |
| * (*slot) == allocman_cspace_make_path(alloc, slot->capPtr). So if needed you can simply store |
| * the capPtr and reconstruct the path before calling free. |
| * |
| * @param alloc Allocman to allocate from |
| * @param slot The slot to free. |
| * |
| * @return returns 0 on sucess |
| */ |
| void allocman_cspace_free(allocman_t *alloc, const cspacepath_t *slot); |
| |
| /** |
| * Converts a seL4_CPtr into a cspacepath_t using the cspace attached to the allocman. |
| * If the slot is not valid in that cspace then the return path is completely undefined. |
| * |
| * @param alloc Allocman to allocate from |
| * @param slot The slot to convert |
| * |
| * @return cspacepath_t of the given slot |
| */ |
| static inline cspacepath_t allocman_cspace_make_path(allocman_t *alloc, seL4_CPtr slot) { |
| assert(alloc->have_cspace); |
| return alloc->cspace.make_path(alloc->cspace.cspace, slot); |
| } |
| |
| /** |
| * Allocates a portion of untyped memory, and retypes it into the desired object for you. |
| * |
| * @param alloc Allocman to allocate from |
| * @param size_bits The size in bits of the memory that will be required to store this object. |
| This is different to seL4_Untyped_Retype for allocating seL4_CapTableObjects |
| * @param type The seL4 type of the object being allocated |
| * @param path A path to a location to put the allocated object (this must be a valid empty slot) |
| * @param paddr The desired physical address of the start of this object. A value of '1' indicates do not care |
| * as '1' can never be a valid object base address |
| * @param canBeDev Whether this allocation can be satisified from a device region, provided that |
| * region is known to be actual RAM. Objects from device regions are not initialized (i.e. not zeroed) |
| * @param _error (Optional) set to 0 on success |
| * |
| * @return Returns a cookie that can be used in future to free this allocation |
| */ |
| seL4_Word allocman_utspace_alloc_at(allocman_t *alloc, size_t size_bits, seL4_Word type, const cspacepath_t *path, uintptr_t paddr, bool canBeDev, int *_error); |
| |
| /** |
| * Allocates a portion of untyped memory, and retypes it into the desired object for you. |
| * |
| * @param alloc Allocman to allocate from |
| * @param size_bits The size in bits of the memory that will be required to store this object. |
| This is different to seL4_Untyped_Retype for allocating seL4_CapTableObjects |
| * @param type The seL4 type of the object being allocated |
| * @param path A path to a location to put the allocated object (this must be a valid empty slot) |
| * @param canBeDev Whether this allocation can be satisified from a device region, provided that |
| * region is known to be actual RAM. Objects from device regions are not initialized (i.e. not zeroed) |
| * @param _error (Optional) set to 0 on success |
| * |
| * @return Returns a cookie that can be used in future to free this allocation |
| */ |
| static inline |
| seL4_Word allocman_utspace_alloc(allocman_t *alloc, size_t size_bits, seL4_Word type, const cspacepath_t *path, bool canBeDev, int *_error) |
| { |
| return allocman_utspace_alloc_at(alloc, size_bits, type, path, ALLOCMAN_NO_PADDR, canBeDev, _error); |
| } |
| |
| /** |
| * Returns a portion of untyped memory back to the allocator. It is assumed that this |
| * memory is now unused, and every capability to this memory has been deleted (including |
| * the one created by {@link allocman_utspace_alloc} |
| * |
| * @param alloc Allocman to allocate from |
| * @param size_bits The size in bits of the memory that was required to store this object. |
| This is different to seL4_Untyped_Retype for seL4_CapTableObjects |
| * @param cookie The cookie representing this allocation (as returned by {@link allocman_utspace_alloc} |
| */ |
| void allocman_utspace_free(allocman_t *alloc, seL4_Word cookie, size_t size_bits); |
| |
| /** |
| * Initialize a new allocman. all it requires is a memory allocator, everything will be boot strapped from it |
| * |
| * @param alloc Allocman structure to initialize |
| * @param mspace Memory allocator. This will be permanently linked to this allocator and must keep existing |
| * |
| * @return returns 0 on success |
| */ |
| int allocman_create(allocman_t *alloc, struct mspace_interface mspace); |
| |
| /** |
| * Attempts to fill the reserves of the allocator. This can be used if the underlying allocators have been modified, |
| * for instance by having resources added, or as a way to query the health of the allocman |
| * |
| * @param alloc The allocman to fill reserves of |
| * |
| * @return returns 0 if reserves are full |
| */ |
| int allocman_fill_reserves(allocman_t *alloc); |
| |
| /** |
| * Attach an untyped allocator to an allocman. |
| * |
| * @param alloc The allocman to attach to |
| * @param utspace untyped allocator to attach. This wil lbe permanently linked to this allocator and must keep existing |
| * |
| * @return returns 0 on success |
| */ |
| int allocman_attach_utspace(allocman_t *alloc, struct utspace_interface utspace); |
| |
| /** |
| * Attach a cspace manager to an allocman. |
| * |
| * @param alloc The allocman to attach to |
| * @param cspace The cspace manager to attach. This wil lbe permanently linked to this allocator and must keep existing |
| * |
| * @return returns 0 on success |
| */ |
| int allocman_attach_cspace(allocman_t *alloc, struct cspace_interface cspace); |
| |
| /** |
| * Configure the memory reserve for the allocator |
| * |
| * @param alloc The allocman to configure |
| * @param chunk Description of the memory reserve |
| * |
| * @return returns 0 on success |
| */ |
| int allocman_configure_mspace_reserve(allocman_t *alloc, struct allocman_mspace_chunk chunk); |
| |
| /** |
| * Configure the untyped reserve for the allocator |
| * |
| * @param alloc The allocman to configure |
| * @param chunk Description of the untyped reserve |
| * |
| * @return returns 0 on success |
| */ |
| int allocman_configure_utspace_reserve(allocman_t *alloc, struct allocman_utspace_chunk chunk); |
| |
| /** |
| * Configure the cspace reserve for the allocator |
| * |
| * @param alloc The allocman to configure |
| * @param num Number of cslots to hold in reserve |
| * |
| * @return returns 0 on success |
| */ |
| int allocman_configure_cspace_reserve(allocman_t *alloc, size_t num); |
| |
| /** |
| * Configure the maximul number of freed cptrs we can store. This is required for |
| * scenarios where an allocator cannot handle a recursive call, but we would like to not |
| * leak memory |
| * |
| * @param alloc The allocman to configure |
| * @param num Maximum number of slots to handle |
| * |
| * @return returns 0 on success |
| */ |
| int allocman_configure_max_freed_slots(allocman_t *alloc, size_t num); |
| |
| /** |
| * Configure the maximul number of freed memory objects we can store. This is required for |
| * scenarios where an allocator cannot handle a recursive call, but we would like to not |
| * leak memory |
| * |
| * @param alloc The allocman to configure |
| * @param num Maxmimum number of chunks to handle |
| * |
| * @return returns 0 on success |
| */ |
| int allocman_configure_max_freed_memory_chunks(allocman_t *alloc, size_t num); |
| |
| /** |
| * Configure the maximul number of freed untyped objects we can store. This is required for |
| * scenarios where an allocator cannot handle a recursive call, but we would like to not |
| * leak memory |
| * |
| * @param alloc The allocman to configure |
| * @param num Maxmimum number of chunks to handle |
| * |
| * @return returns 0 on success |
| */ |
| int allocman_configure_max_freed_untyped_chunks(allocman_t *alloc, size_t num); |
| |
| /** |
| * Add additional untyped objects to the underlying untyped manager. This allows additional |
| * resources to be injected after the allocman has started |
| * |
| * @param alloc The allocman to add to |
| * @param num Number of untypeds to add |
| * @param uts Path to each of the untyped to add. untyped is assumed to be at depth 32 from this threads cspace_root |
| * @param size_bits Size, in bits, of each of the untypeds |
| * @param paddr Optional parameter specifying the physical address of each of the untypeds |
| * @param utType The type of all untypeds being added. One of (ALLOCMAN_UT_KERNEL, ALLOCMAN_UT_DEV, ALLOCMAN_UT_DEV_MEM) |
| * |
| * @return returns 0 on success |
| */ |
| static inline int allocman_utspace_add_uts(allocman_t *alloc, size_t num, const cspacepath_t *uts, size_t *size_bits, uintptr_t *paddr, int utType) { |
| int error; |
| assert(alloc->have_utspace); |
| error = alloc->utspace.add_uts(alloc, alloc->utspace.utspace, num, uts, size_bits, paddr, utType); |
| if (error) { |
| return error; |
| } |
| allocman_fill_reserves(alloc); |
| return 0; |
| } |
| |
| /** |
| * Retrieves the physical address for an allocated untyped object |
| * |
| * @param alloc The allocman to query |
| * @param cookie Cookie to the allocated untyped object |
| * @param size_bits Size of the allocated untyped object |
| * |
| * @return Physical address of the object |
| */ |
| static inline uintptr_t allocman_utspace_paddr(allocman_t *alloc, seL4_Word cookie, size_t size_bits) { |
| assert(alloc->have_utspace); |
| return alloc->utspace.paddr(alloc->utspace.utspace, cookie, size_bits); |
| } |
| |
| /** |
| * Helper function for adding device untypeds from platform specific timer objects |
| * |
| * @param alloc The allocman to query |
| * @param to struct containing untyped metadata |
| * |
| * @return 0 on success, otherwise error. |
| */ |
| int allocman_add_untypeds_from_timer_objects(allocman_t *alloc, timer_objects_t *to); |
| |