about summary refs log tree commit diff
path: root/malloc/hooks.c
Commit message (Collapse)AuthorAgeFilesLines
* malloc: preserve errno on mcheck hooks [BZ #17924]Adhemerval Zanella2020-12-301-5/+11
| | | | | | | | | Similar to the fix 69fda43b8d, save and restore errno for the hook functions used for MALLOC_CHECK_=3. It fixes the malloc/tst-free-errno-mcheck regression. Checked on x86_64-linux-gnu.
* MTE: Do not pad size in realloc_checkSiddhesh Poyarekar2020-12-241-4/+5
| | | | | | | | | | The MTE patch to add malloc support incorrectly padded the size passed to _int_realloc by SIZE_SZ when it ought to have sent just the chunksize. Revert that bit of the change so that realloc works correctly with MALLOC_CHECK_ set. This also brings the realloc_check implementation back in sync with libc_realloc.
* malloc: Basic support for memory tagging in the malloc() familyRichard Earnshaw2020-12-211-27/+52
| | | | | | | | | | | | | | | | | This patch adds the basic support for memory tagging. Various flavours are supported, particularly being able to turn on tagged memory at run-time: this allows the same code to be used on systems where memory tagging support is not present without neededing a separate build of glibc. Also, depending on whether the kernel supports it, the code will use mmap for the default arena if morecore does not, or cannot support tagged memory (on AArch64 it is not available). All the hooks use function pointers to allow this to work without needing ifuncs. Reviewed-by: DJ Delorie <dj@redhat.com>
* Update copyright dates with scripts/update-copyrights.Joseph Myers2020-01-011-1/+1
|
* Prefer https to http for gnu.org and fsf.org URLsPaul Eggert2019-09-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also, change sources.redhat.com to sourceware.org. This patch was automatically generated by running the following shell script, which uses GNU sed, and which avoids modifying files imported from upstream: sed -ri ' s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g ' \ $(find $(git ls-files) -prune -type f \ ! -name '*.po' \ ! -name 'ChangeLog*' \ ! -path COPYING ! -path COPYING.LIB \ ! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \ ! -path manual/texinfo.tex ! -path scripts/config.guess \ ! -path scripts/config.sub ! -path scripts/install-sh \ ! -path scripts/mkinstalldirs ! -path scripts/move-if-change \ ! -path INSTALL ! -path locale/programs/charmap-kw.h \ ! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \ ! '(' -name configure \ -execdir test -f configure.ac -o -f configure.in ';' ')' \ ! '(' -name preconfigure \ -execdir test -f preconfigure.ac ';' ')' \ -print) and then by running 'make dist-prepare' to regenerate files built from the altered files, and then executing the following to cleanup: chmod a+x sysdeps/unix/sysv/linux/riscv/configure # Omit irrelevant whitespace and comment-only changes, # perhaps from a slightly-different Autoconf version. git checkout -f \ sysdeps/csky/configure \ sysdeps/hppa/configure \ sysdeps/riscv/configure \ sysdeps/unix/sysv/linux/csky/configure # Omit changes that caused a pre-commit check to fail like this: # remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines git checkout -f \ sysdeps/powerpc/powerpc64/ppc-mcount.S \ sysdeps/unix/sysv/linux/s390/s390-64/syscall.S # Omit change that caused a pre-commit check to fail like this: # remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
* malloc: make malloc fail with requests larger than PTRDIFF_MAX (BZ#23741)Adhemerval Zanella2019-04-181-7/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As discussed previously on libc-alpha [1], this patch follows up the idea and add both the __attribute_alloc_size__ on malloc functions (malloc, calloc, realloc, reallocarray, valloc, pvalloc, and memalign) and limit maximum requested allocation size to up PTRDIFF_MAX (taking into consideration internal padding and alignment). This aligns glibc with gcc expected size defined by default warning -Walloc-size-larger-than value which warns for allocation larger than PTRDIFF_MAX. It also aligns with gcc expectation regarding libc and expected size, such as described in PR#67999 [2] and previously discussed ISO C11 issues [3] on libc-alpha. From the RFC thread [4] and previous discussion, it seems that consensus is only to limit such requested size for malloc functions, not the system allocation one (mmap, sbrk, etc.). The implementation changes checked_request2size to check for both overflow and maximum object size up to PTRDIFF_MAX. No additional checks are done on sysmalloc, so it can still issue mmap with values larger than PTRDIFF_T depending on the requested size. The __attribute_alloc_size__ is for functions that return a pointer only, which means it cannot be applied to posix_memalign (see remarks in GCC PR#87683 [5]). The runtimes checks to limit maximum requested allocation size does applies to posix_memalign. Checked on x86_64-linux-gnu and i686-linux-gnu. [1] https://sourceware.org/ml/libc-alpha/2018-11/msg00223.html [2] https://gcc.gnu.org/bugzilla//show_bug.cgi?id=67999 [3] https://sourceware.org/ml/libc-alpha/2011-12/msg00066.html [4] https://sourceware.org/ml/libc-alpha/2018-11/msg00224.html [5] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87683 [BZ #23741] * malloc/hooks.c (malloc_check, realloc_check): Use __builtin_add_overflow on overflow check and adapt to checked_request2size change. * malloc/malloc.c (__libc_malloc, __libc_realloc, _mid_memalign, __libc_pvalloc, __libc_calloc, _int_memalign): Limit maximum allocation size to PTRDIFF_MAX. (REQUEST_OUT_OF_RANGE): Remove macro. (checked_request2size): Change to inline function and limit maximum requested size to PTRDIFF_MAX. (__libc_malloc, __libc_realloc, _int_malloc, _int_memalign): Limit maximum allocation size to PTRDIFF_MAX. (_mid_memalign): Use _int_memalign call for overflow check. (__libc_pvalloc): Use __builtin_add_overflow on overflow check. (__libc_calloc): Use __builtin_mul_overflow for overflow check and limit maximum requested size to PTRDIFF_MAX. * malloc/malloc.h (malloc, calloc, realloc, reallocarray, memalign, valloc, pvalloc): Add __attribute_alloc_size__. * stdlib/stdlib.h (malloc, realloc, reallocarray, valloc): Likewise. * malloc/tst-malloc-too-large.c (do_test): Add check for allocation larger than PTRDIFF_MAX. * malloc/tst-memalign.c (do_test): Disable -Walloc-size-larger-than= around tests of malloc with negative sizes. * malloc/tst-posix_memalign.c (do_test): Likewise. * malloc/tst-pvalloc.c (do_test): Likewise. * malloc/tst-valloc.c (do_test): Likewise. * malloc/tst-reallocarray.c (do_test): Replace call to reallocarray with resulting size allocation larger than PTRDIFF_MAX with reallocarray_nowarn. (reallocarray_nowarn): New function. * NEWS: Mention the malloc function semantic change.
* Update copyright dates with scripts/update-copyrights.Joseph Myers2019-01-011-1/+1
| | | | | | | * All files with FSF copyright notices: Update copyright dates using scripts/update-copyrights. * locale/programs/charmap-kw.h: Regenerated. * locale/programs/locfile-kw.h: Likewise.
* malloc: Update heap dumping/undumping comments [BZ #23351]Florian Weimer2018-06-291-36/+6
| | | | | | Also remove a few now-unused declarations and definitions. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* Update copyright dates with scripts/update-copyrights.Joseph Myers2018-01-011-1/+1
| | | | | | | * All files with FSF copyright notices: Update copyright dates using scripts/update-copyrights. * locale/programs/charmap-kw.h: Regenerated. * locale/programs/locfile-kw.h: Likewise.
* Silence -O3 -Wall warning in malloc/hooks.c with GCC 7 [BZ #22052]H.J. Lu2017-10-151-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | realloc_check has unsigned char *magic_p; ... __libc_lock_lock (main_arena.mutex); const mchunkptr oldp = mem2chunk_check (oldmem, &magic_p); __libc_lock_unlock (main_arena.mutex); if (!oldp) malloc_printerr ("realloc(): invalid pointer"); ... if (newmem == NULL) *magic_p ^= 0xFF; with static void malloc_printerr(const char *str) __attribute__ ((noreturn)); GCC 7 -O3 warns hooks.c: In function ‘realloc_check’: hooks.c:352:14: error: ‘magic_p’ may be used uninitialized in this function [-Werror=maybe-uninitialized] *magic_p ^= 0xFF; due to the GCC bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82090 This patch silences GCC 7 by using DIAG_IGNORE_NEEDS_COMMENT. [BZ #22052] * malloc/hooks.c (realloc_check): Use DIAG_IGNORE_NEEDS_COMMENT to silence -O3 -Wall warning with GCC 7.
* malloc: Remove the internal_function attributeFlorian Weimer2017-08-311-2/+0
|
* malloc: Change top_check return type to voidFlorian Weimer2017-08-311-14/+12
| | | | | | After commit ec2c1fcefb200c6cb7e09553f3c6af8815013d83, (malloc: Abort on heap corruption, without a backtrace), the function always returns 0.
* malloc: Remove check_action variable [BZ #21754]Florian Weimer2017-08-301-50/+5
| | | | | | | | | | | Clean up calls to malloc_printerr and trim its argument list. This also removes a few bits of work done before calling malloc_printerr (such as unlocking operations). The tunable/environment variable still enables the lightweight additional malloc checking, but mallopt (M_CHECK_ACTION) no longer has any effect.
* Update copyright dates with scripts/update-copyrights.Joseph Myers2017-01-011-1/+1
|
* malloc: Use accessors for chunk metadata accessFlorian Weimer2016-10-281-4/+4
| | | | | This change allows us to change the encoding of these struct members in a centralized fashion.
* malloc: Remove malloc_get_state, malloc_set_state [BZ #19473]Florian Weimer2016-10-261-49/+14
| | | | | | | | | | | | After the removal of __malloc_initialize_hook, newly compiled Emacs binaries are no longer able to use these interfaces. malloc_get_state is only used during the Emacs build process, so we provide a stub implementation only. Existing Emacs binaries will not call this stub function, but still reference the symbol. The rewritten tst-mallocstate test constructs a dumped heap which should approximates what existing Emacs binaries pass to glibc malloc.
* malloc: Automated part of conversion to __libc_lockFlorian Weimer2016-09-061-14/+14
|
* malloc: Correct malloc alignment on 32-bit architectures [BZ #6527]Florian Weimer2016-05-241-1/+1
| | | | | | | | | | | | | | | | After the heap rewriting added in commit 4cf6c72fd2a482e7499c29162349810029632c3f (malloc: Rewrite dumped heap for compatibility in __malloc_set_state), we can change malloc alignment for new allocations because the alignment of old allocations no longer matters. We need to increase the malloc state version number, so that binaries containing dumped heaps of the new layout will not try to run on previous versions of glibc, resulting in obscure crashes. This commit addresses a failure of tst-malloc-thread-fail on the affected architectures (32-bit ppc and mips) because the test checks pointer alignment.
* malloc: Rewrite dumped heap for compatibility in __malloc_set_stateFlorian Weimer2016-05-131-100/+50
| | | | | | | | | | | | | | | | | This will allow us to change many aspects of the malloc implementation while preserving compatibility with existing Emacs binaries. As a result, existing Emacs binaries will have a larger RSS, and Emacs needs a few more milliseconds to start. This overhead is specific to Emacs (and will go away once Emacs switches to its internal malloc). The new checks to make free and realloc compatible with the dumped heap are confined to the mmap paths, which are already quite slow due to the munmap overhead. This commit weakens some security checks, but only for heap pointers in the dumped main arena. By default, this area is empty, so those checks are as effective as before.
* malloc: Remove max_total_mem member form struct malloc_parFlorian Weimer2016-02-191-1/+1
| | | | | Also note that sumblks in struct mallinfo is always 0. No functional change.
* Update copyright dates with scripts/update-copyrights.Joseph Myers2016-01-041-1/+1
|
* Fix for test "malloc_usable_size: expected 7 but got 11"James Lemke2015-05-191-24/+38
| | | | | | [BZ #17581] The checking chain of unused chunks was terminated by a hash of the block pointer, which was sometimes confused with the chunk length byte. We now avoid using a length byte equal to the magic byte.
* Avoid deadlock in malloc on backtrace (BZ #16159)Siddhesh Poyarekar2015-05-191-4/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the malloc subsystem detects some kind of memory corruption, depending on the configuration it prints the error, a backtrace, a memory map and then aborts the process. In this process, the backtrace() call may result in a call to malloc, resulting in various kinds of problematic behavior. In one case, the malloc it calls may detect a corruption and call backtrace again, and a stack overflow may result due to the infinite recursion. In another case, the malloc it calls may deadlock on an arena lock with the malloc (or free, realloc, etc.) that detected the corruption. In yet another case, if the program is linked with pthreads, backtrace may do a pthread_once initialization, which deadlocks on itself. In all these cases, the program exit is not as intended. This is avoidable by marking the arena that malloc detected a corruption on, as unusable. The following patch does that. Features of this patch are as follows: - A flag is added to the mstate struct of the arena to indicate if the arena is corrupt. - The flag is checked whenever malloc functions try to get a lock on an arena. If the arena is unusable, a NULL is returned, causing the malloc to use mmap or try the next arena. - malloc_printerr sets the corrupt flag on the arena when it detects a corruption - free does not concern itself with the flag at all. It is not important since the backtrace workflow does not need free. A free in a parallel thread may cause another corruption, but that's not new - The flag check and set are not atomic and may race. This is fine since we don't care about contention during the flag check. We want to make sure that the malloc call in the backtrace does not trip on itself and all that action happens in the same thread and not across threads. I verified that the test case does not show any regressions due to this patch. I also ran the malloc benchmarks and found an insignificant difference in timings (< 2%). * malloc/Makefile (tests): New test case tst-malloc-backtrace. * malloc/arena.c (arena_lock): Check if arena is corrupt. (reused_arena): Find a non-corrupt arena. (heap_trim): Pass arena to unlink. * malloc/hooks.c (malloc_check_get_size): Pass arena to malloc_printerr. (top_check): Likewise. (free_check): Likewise. (realloc_check): Likewise. * malloc/malloc.c (malloc_printerr): Add arena argument. (unlink): Likewise. (munmap_chunk): Adjust. (ARENA_CORRUPTION_BIT): New macro. (arena_is_corrupt): Likewise. (set_arena_corrupt): Likewise. (sysmalloc): Use mmap if there are no usable arenas. (_int_malloc): Likewise. (__libc_malloc): Don't fail if arena_get returns NULL. (_mid_memalign): Likewise. (__libc_calloc): Likewise. (__libc_realloc): Adjust for additional argument to malloc_printerr. (_int_free): Likewise. (malloc_consolidate): Likewise. (_int_realloc): Likewise. (_int_memalign): Don't touch corrupt arenas. * malloc/tst-malloc-backtrace.c: New test case.
* Update copyright dates with scripts/update-copyrights.Joseph Myers2015-01-021-1/+1
|
* Fix for test "malloc_usable_size: expected 7 but got 11"James Lemke2014-12-111-44/+35
| | | | [BZ #17581] Revert this fix while investigating a problem.
* Fix for test "malloc_usable_size: expected 7 but got 11"James Lemke2014-12-011-35/+44
| | | | | | [BZ #17581] The checking chain of unused chunks was terminated by a hash of the block pointer, which was sometimes confused with the chunk length byte. The chain is now terminated by a NULL byte.
* Reformat malloc to gnu style.Ondřej Bílka2014-01-021-294/+354
|
* Update copyright notices with scripts/update-copyrightsAllan McRae2014-01-011-1/+1
|
* Expand MALLOC_COPY and MALLOC_ZERO to memcpy and memset.Ondřej Bílka2013-12-101-1/+1
|
* Drop PER_THREAD conditionals from malloc.Ondřej Bílka2013-12-101-4/+0
|
* Replace malloc force_reg by atomic_forced_read.Ondřej Bílka2013-12-091-1/+1
|
* Consolidate valloc/pvalloc code.Ondřej Bílka2013-11-201-0/+7
| | | | | To make malloc code more maintainable we make malloc and pvalloc share logic with memalign.
* malloc: Fix for infinite loop in memalign/posix_memalign.Will Newton2013-10-301-0/+8
| | | | | | | | | | | | | | | | | | | A very large alignment argument passed to mealign/posix_memalign causes _int_memalign to enter an infinite loop. Limit the maximum alignment value to the maximum representable power of two to prevent this from happening. Changelog: 2013-10-30 Will Newton <will.newton@linaro.org> [BZ #16038] * malloc/hooks.c (memalign_check): Limit alignment to the maximum representable power of two. * malloc/malloc.c (__libc_memalign): Likewise. * malloc/tst-memalign.c (do_test): Add test for very large alignment values. * malloc/tst-posix_memalign.c (do_test): Likewise.
* malloc/hooks.c: Correct check for overflow in memalign_check.Will Newton2013-10-101-4/+7
| | | | | | | | | | | | | A large value of bytes passed to memalign_check can cause an integer overflow in _int_memalign and heap corruption. This issue can be exposed by running tst-memalign with MALLOC_CHECK_=3. ChangeLog: 2013-10-10 Will Newton <will.newton@linaro.org> * malloc/hooks.c (memalign_check): Ensure the value of bytes passed to _int_memalign does not overflow.
* Use (void) in no-arguments function definitions.Joseph Myers2013-06-081-1/+1
|
* Remove __malloc_ptr_t.Joseph Myers2013-03-081-3/+3
|
* Update copyright notices with scripts/update-copyrights.Joseph Myers2013-01-021-1/+1
|
* Return requested size for malloc_usable_size when MALLOC_CHECK_ > 0Siddhesh Poyarekar2012-09-051-1/+30
| | | | | | | | | | | [BZ #1349] malloc_usable_size returns the usable size in an allocated chunk, which may be >= the requested size. In the case of MALLOC_CHECK_ being exported to > 0 however, only the requested size is usable, since a magic value is written at the end of the request size to trap writes beyond request bounds. Hence, when MALLOC_CHECK_ is exported to > 0, malloc_usable_size() should return the request size.
* Replace FSF snail mail address with URLs.Paul Eggert2012-02-091-3/+2
|
* Cleanups of mallocUlrich Drepper2012-01-311-6/+6
| | | | Remove ugly names and unnecessary wrappers.
* Minor cleanups of malloc codeUlrich Drepper2012-01-161-3/+3
|
* Remove MALLOC_FAILURE_ACTION use in mallocUlrich Drepper2011-09-101-4/+4
|
* Simplify malloc initializationUlrich Drepper2011-09-101-2/+2
| | | | | | Singificantly reduce the code needed at malloc initialization. In the process getpagesize is simplified by always initializing GLRO(dl_pagesize).
* Simplify malloc codeUlrich Drepper2011-09-101-169/+21
| | | | Remove all kinds of unused configuration options and dead code.
* Remove support for !USE___THREADUlrich Drepper2011-09-101-1/+1
|
* (memalign_check): No need to use checked_request2size.Ulrich Drepper2011-07-081-3/+1
|
* Restore locking in free_check.Ulrich Drepper2009-11-011-17/+20
| | | | | | This code is only used when MALLOC_CHECK_ is used. Then some bogus crashes and/or assert could result from the locking changes. The code ain't fast.
* (top_check): Force hook value into register.Ulrich Drepper2009-04-171-1/+1
|
* [BZ #9957]Ulrich Drepper2009-04-161-6/+7
| | | | | | | | | | | | | | | | | | | | | | | | 2009-04-16 Ulrich Drepper <drepper@redhat.com> [BZ #9957] * malloc/malloc.c (force_reg): Define. (sYSMALLOc): Load hook variable into variable before test and force into register. (sYSTRIm): Likewise. (public_mALLOc): Force hook value into register. (public_fREe): Likewise. (public_rEALLOc): Likewise. (public_mEMALIGn): Likewise. (public_vALLOc): Likewise. (public_pVALLOc): Likewise. (public_cALLOc): Likewise. (__posix_memalign): Likewise. * malloc/arena.c (ptmalloc_init): Load hook variable into variable before test and force into register. * malloc/hooks.c (top_check): Likewise. (public_s_ET_STATe): Pretty printing. * resolv/res_send.c (send_dg): Don't just ignore the result we got in case we only receive one reply in single-request mode.
* * malloc/malloc.c (_int_realloc): Add parameter with old blockUlrich Drepper2009-04-081-3/+23
| | | | | | size. Remove duplicated test. Don't handle mmap'ed blocks here. Adjust all callers. * malloc/hooks.c (realloc_check): Adjust _int_realloc call.