xv6 Deep Dive table of contents
Previous post
Next post

Code: Physical memory allocator

Big picture

kalloc.c

struct run {
 struct run *next;
};

struct {
 struct spinlock lock;
 int use_lock;
 struct run *freelist;
} kmem;

Provide pages to whoever asks (kalloc()).

Sequence diagram

Rough flow. If you get lost inside the functions, glance here.

Memory layout (reprint)

The layout from the previous post; we use it a lot here.

Source: commentary/textbook

Relationship between VA and PA:

Name	Virtual address	Physical address
end	end	V2P(end)
PHYSTOP	P2V(PHYSTOP)	PHYSTOP
KERNBASE	KERNBASE	V2P(KERNBASE)

main()

main.c

int
main(void)
{
 kinit1(end, P2V(4*1024*1024)); // phys page allocator
 kvmalloc();      // kernel page table
~~~
 kinit2(P2V(4*1024*1024), P2V(PHYSTOP)); // must come after startothers()
         ~~~
}

L20: Register end–4 MB with the page allocator.

Up to L20 the PDT is entrypgdir:

main.c

// The boot page table used in entry.S and entryother.S.
// Page directories (and page tables) must start on page boundaries,
// hence the __aligned__ attribute.
// PTE_PS in a page directory entry enables 4Mbyte pages.

__attribute__((__aligned__(PGSIZE)))
pde_t entrypgdir[NPDENTRIES] = {
 // Map VA's [0, 4MB) to PA's [0, 4MB)
 [0] = (0) | PTE_P | PTE_W | PTE_PS,
 // Map VA's [KERNBASE, KERNBASE+4MB) to PA's [0, 4MB)
 [KERNBASE>>PDXSHIFT] = (0) | PTE_P | PTE_W | PTE_PS,
};

L105: VA [0, 4 MB) -> PA [0, 4 MB)
L106: VA [KERNBASE, KERNBASE+4 MB) -> PA [0, 4 MB) — both map to the same PA.

L21: Create and install the kernel PDT.
L22: Register 4 MB–PHYSTOP with the allocator.
Why split into kinit1() and kinit2()?
- entry.S only maps physical 0–4 MB, so only that range is usable at first.
- kinit1() plus later kvmalloc() sets up the real paging (needs allocator—bootstrap issue).
- kinit2() then registers everything above 4 MB.

kinit1()

kalloc.c

// Initialization happens in two phases.
// 1. main() calls kinit1() while still using entrypgdir to place just
// the pages mapped by entrypgdir on free list.
// 2. main() calls kinit2() with the rest of the physical pages
// after installing a full page table that maps them on all cores.
void
kinit1(void *vstart, void *vend)
{
 initlock(&kmem.lock, "kmem");
 kmem.use_lock = 0;
 freerange(vstart, vend);
}

vstart: end, vend: P2V(410241024)
L34-35: Initialize lock but leave it off (locking needs the allocator, so can’t use yet).
L36: Register the region (vstart–vend) in freelist.

freerange()

kalloc.c

void
freerange(void *vstart, void *vend)
{
 char *p;
 p = (char*)PGROUNDUP((uint)vstart);
 for(; p + PGSIZE <= (char*)vend; p += PGSIZE)
   kfree(p);
}

L50: Align to PGSIZE.
L51-52: Call kfree() for each page.

kfree()

Remove the page (start address) from freelist.

kalloc.c

//PAGEBREAK: 21
// Free the page of physical memory pointed at by v,
// which normally should have been returned by a
// call to kalloc().  (The exception is when
// initializing the allocator; see kinit above.)
void
kfree(char *v)
{
 struct run *r;

 if((uint)v % PGSIZE || v < end || V2P(v) >= PHYSTOP)
   panic("kfree");

 // Fill with junk to catch dangling refs.
 memset(v, 1, PGSIZE);

 if(kmem.use_lock)
   acquire(&kmem.lock);
 r = (struct run*)v;
 r->next = kmem.freelist;
 kmem.freelist = r;
 if(kmem.use_lock)
   release(&kmem.lock);
}

L64: Error checks—v must be PGSIZE-aligned and within free memory (end–P2V(PHYSTOP)).
L68: Fill with 1s up to v+PGSIZE.
L72-74: Add v to freelist.
L70-71, L75-76: Locking (to avoid corrupting the list).

kinit2()

kalloc.c

void
kinit2(void *vstart, void *vend)
{
 freerange(vstart, vend);
 kmem.use_lock = 1;
}

L42: Register physical 4 MB–PHYSTOP in the free list.
L43: Enable locking (see Locking for details).

kalloc()

Provide a physical page (PGSIZE).

kalloc.c

// Allocate one 4096-byte page of physical memory.
// Returns a pointer that the kernel can use.
// Returns 0 if the memory cannot be allocated.
char*
kalloc(void)
{
 struct run *r;

 if(kmem.use_lock)
   acquire(&kmem.lock);
 r = kmem.freelist;
 if(r)
   kmem.freelist = r->next;
 if(kmem.use_lock)
   release(&kmem.lock);
 return (char*)r;
}

L89-91: Pop one from freelist.
L87-88, L92-93: Locking.

Code: sbrk

sys_sbrk()

System call to grow/shrink the current process’s memory size.

sysproc.c

int
sys_sbrk(void)
{
 int addr;
 int n;

 if(argint(0, &n) < 0)
   return -1;
 addr = myproc()->sz;
 if(growproc(n) < 0)
   return -1;
 return addr;
}

L51-52: Parse the argument (details later).
L54: Grow memory (growproc()).

growproc()

Increase memory allocated to the running process (i.e., add paging entries).

proc.c

// Grow current process's memory by n bytes.
// Return 0 on success, -1 on failure.
int
growproc(int n)
{
 uint sz;
 struct proc *curproc = myproc();

 sz = curproc->sz;
 if(n > 0){
   if((sz = allocuvm(curproc->pgdir, sz, sz + n)) == 0)
     return -1;
 } else if(n < 0){
   if((sz = deallocuvm(curproc->pgdir, sz, sz + n)) == 0)
     return -1;
 }
 curproc->sz = sz;
 switchuvm(curproc);
 return 0;
}

L162: Get current process.
L165-167: Growing memory (allocuvm()).
L168-171: Shrinking memory (deallocuvm()).

deallocuvm()

Remove allocated physical memory from freelist.

vm.c

// Deallocate user pages to bring the process size from oldsz to
// newsz.  oldsz and newsz need not be page-aligned, nor does newsz
// need to be less than oldsz.  oldsz can be larger than the actual
// process size.  Returns the new process size.
int
deallocuvm(pde_t *pgdir, uint oldsz, uint newsz)
{
 pte_t *pte;
 uint a, pa;

 if(newsz >= oldsz)
   return oldsz;

 a = PGROUNDUP(newsz);
 for(; a  < oldsz; a += PGSIZE){
   pte = walkpgdir(pgdir, (char*)a, 0);
   if(!pte)
     a = PGADDR(PDX(a) + 1, 0, 0) - PGSIZE;
   else if((*pte & PTE_P) != 0){
     pa = PTE_ADDR(*pte);
     if(pa == 0)
       panic("kfree");
     char *v = P2V(pa);
     kfree(v);
     *pte = 0;
   }
 }
 return newsz;
}

L264: Align to PGSIZE.
L266: Look up the PTE. User virtual addresses start at 0, so oldsz/newsz are VAs. Because the third argument is 0, walkpgdir() won’t allocate if absent.
L267-268: If the PTE is missing: PDX(a)+1 is the next PDE index; PGADDR(PDX(a)+1,0,0)-PGSIZE is the address just before that next PDE’s range (minus PGSIZE because the loop adds PGSIZE next).
L269-275: If the PTE exists and PTE_P (page present) is set.

L270: Physical page start address (PTE_ADDR).

// Address in page table or page directory entry
#define PTE_ADDR(pte)   ((uint)(pte) & ~0xFFF)
#define PTE_FLAGS(pte)  ((uint)(pte) &  0xFFF)

L271-272, L275: If pa is zero that’s an error (initial PTEs are zero).
L273: freelist is managed in kernel space, so P2V() is usable.
L274: Free the physical page.

allocuvm()

Allocate new physical memory.

vm.c

// Allocate page tables and physical memory to grow process from oldsz to
// newsz, which need not be page aligned.  Returns new size or 0 on error.
int
allocuvm(pde_t *pgdir, uint oldsz, uint newsz)
{
 char *mem;
 uint a;

 if(newsz >= KERNBASE)
   return 0;
 if(newsz < oldsz)
   return oldsz;

 a = PGROUNDUP(oldsz);
 for(; a < newsz; a += PGSIZE){
   mem = kalloc();
   if(mem == 0){
     cprintf("allocuvm out of memory\n");
     deallocuvm(pgdir, newsz, oldsz);
     return 0;
   }
   memset(mem, 0, PGSIZE);
   if(mappages(pgdir, (char*)a, PGSIZE, V2P(mem), PTE_W|PTE_U) < 0){
     cprintf("allocuvm out of memory (2)\n");
     deallocuvm(pgdir, newsz, oldsz);
     kfree(mem);
     return 0;
   }
 }
 return newsz;
}

L227-230: Error checks.
L232: Align to PGSIZE.
L233-247: Allocate as many pages as needed.
L234: Get a physical page (kalloc()).
L234-239: If no memory left.
L240: Zero-initialize.
L241-246: Map the VA to the physical page (uses mappages(), deallocuvm(), kfree()).

Code: exec

System call to build the user address space.

exec.c

int
exec(char *path, char **argv)
{
 char *s, *last;
 int i, off;
 uint argc, sz, sp, ustack[3+MAXARG+1];
 struct elfhdr elf;
 struct inode *ip;
 struct proghdr ph;
 pde_t *pgdir, *oldpgdir;
 struct proc *curproc = myproc();
     ~~~ obtain inode for path
 pgdir = 0;

 // Check ELF header
     ~~~ validate ELF
 if((pgdir = setupkvm()) == 0)
   goto bad;

 // Load program into memory.
 sz = 0;
 for(i=0, off=elf.phoff; i<elf.phnum; i++, off+=sizeof(ph)){
   if(readi(ip, (char*)&ph, off, sizeof(ph)) != sizeof(ph))
     goto bad;
    ~~~ error checks
   if((sz = allocuvm(pgdir, sz, ph.vaddr + ph.memsz)) == 0)
     goto bad;
   if(ph.vaddr % PGSIZE != 0)
     goto bad;
   if(loaduvm(pgdir, (char*)ph.vaddr, ip, ph.off, ph.filesz) < 0)
     goto bad;
 }
     ~~~
 // Allocate two pages at the next page boundary.
 // Make the first inaccessible.  Use the second as the user stack.
 sz = PGROUNDUP(sz);
 if((sz = allocuvm(pgdir, sz, sz + 2*PGSIZE)) == 0)
   goto bad;
 clearpteu(pgdir, (char*)(sz - 2*PGSIZE));
 sp = sz;

 // Push argument strings, prepare rest of stack in ustack.
     ~~~ set up argv etc.
 // Save program name for debugging.
     ~~~ misc for debugging
95
 // Commit to the user image.
 oldpgdir = curproc->pgdir;
 curproc->pgdir = pgdir;
     ~~~ set various curproc fields
 switchuvm(curproc);
 freevm(oldpgdir);
 return 0;

bad:
     ~~~ error handling

L38: Map the kernel portion of memory.
L43-58: Load each ELF segment into memory.
L52: Allocate physical memory: sz = old size, ph.vaddr + ph.memsz = new size.
L56: Expand the inode data into the specified virtual address (loaduvm()).
L65-67: Allocate two pages to properly catch overly large args that span pages.

L68: Make the first of those two pages inaccessible to user mode.

vm.c

// Clear PTE_U on a page. Used to create an inaccessible
// page beneath the user stack.
void
clearpteu(pde_t *pgdir, char *uva)
{
 pte_t *pte;

 pte = walkpgdir(pgdir, uva, 0);
 if(pte == 0)
   panic("clearpteu");
 *pte &= ~PTE_U;
}

Uses walkpgdir().

L97,103: Free previously allocated physical memory.
L98: Install the newly built page table.
L102: Switch to the new page table.

loaduvm()

Expand inode data into memory.

vm.c

// Load a program segment into pgdir.  addr must be page-aligned
// and the pages from addr to addr+sz must already be mapped.
int
loaduvm(pde_t *pgdir, char *addr, struct inode *ip, uint offset, uint sz)
{
 uint i, pa, n;
 pte_t *pte;

 if((uint) addr % PGSIZE != 0)
   panic("loaduvm: addr must be page aligned");
 for(i = 0; i < sz; i += PGSIZE){
   if((pte = walkpgdir(pgdir, addr+i, 0)) == 0)
     panic("loaduvm: address should exist");
   pa = PTE_ADDR(*pte);
   if(sz - i < PGSIZE)
     n = sz - i;
   else
     n = PGSIZE;
   if(readi(ip, P2V(pa), offset+i, n) != n)
     return -1;
 }
 return 0;
}

L203: Check alignment.
L205-215: For each PGSIZE chunk, copy inode data into physical memory.
L206-208: Find the physical address from the VA (walkpgdir()).
L209-212: If less than a page remains, read only that much.
L213-214: Copy data (details in the file-system chapter): ip inode, P2V(pa) destination, offset+i offset, n size.

If you have comments or corrections, please contact me on Twitter or open an Issue.