Subject: kernel malloc questions
To: None <>
From: Emmanuel Dreyfus <>
List: tech-kern
Date: 07/13/2003 00:43:29

I have some diagnostic messages from kernel malloc (data modified on
freelist) which precede a panic. I would like to check for malloc
structures regularily to discover when they becomes corrupted. To do
that I have to understand how malloc structures work, as there is no
function that does this right now.

There are buckets, one for each power of 2 size. Buckets are defined by
struct kmembuckets:
struct kmembuckets bucket[MINBUCKET + 16]; 

For small sizes, buckets's kb_next field point to a list of struct
kmemusage which describe each chunk of memory in the bucket. This latter
struct has no address field. How do we find the address of the chunk?

src/sys/kern/kern_malloc.c also define struct freelist, but I have
trouble figuring how it is used. I suspect that there is the link with
the address problem, but reading kernel malloc's code, I fail to
understand how.

Emmanuel Dreyfus