diff options
| author | Rich Felker <dalias@aerifal.cx> | 2015-06-14 01:59:02 +0000 |
|---|---|---|
| committer | Rich Felker <dalias@aerifal.cx> | 2015-06-14 01:59:02 +0000 |
| commit | e3bc22f1eff87b8f029a6ab31f1a269d69e4b053 (patch) | |
| tree | d0fc5ca6b5a1a5740f739a37ff5d8c7446fbfd9a /src/malloc/expand_heap.c | |
| parent | 4ef9b828c1f39553a69e0635ac91f0fcadd6e8c6 (diff) | |
| download | musl-e3bc22f1eff87b8f029a6ab31f1a269d69e4b053.tar.gz musl-e3bc22f1eff87b8f029a6ab31f1a269d69e4b053.tar.xz musl-e3bc22f1eff87b8f029a6ab31f1a269d69e4b053.zip | |
refactor malloc's expand_heap to share with __simple_malloc
this extends the brk/stack collision protection added to full malloc in commit 276904c2f6bde3a31a24ebfa201482601d18b4f9 to also protect the __simple_malloc function used in static-linked programs that don't reference the free function. it also extends support for using mmap when brk fails, which full malloc got in commit 5446303328adf4b4e36d9fba21848e6feb55fab4, to __simple_malloc. since __simple_malloc may expand the heap by arbitrarily large increments, the stack collision detection is enhanced to detect interval overlap rather than just proximity of a single address to the stack. code size is increased a bit, but this is partly offset by the sharing of code between the two malloc implementations, which due to linking semantics, both get linked in a program that needs the full malloc with realloc/free support.
Diffstat (limited to 'src/malloc/expand_heap.c')
| -rw-r--r-- | src/malloc/expand_heap.c | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/src/malloc/expand_heap.c b/src/malloc/expand_heap.c new file mode 100644 index 00000000..d8c0be74 --- /dev/null +++ b/src/malloc/expand_heap.c @@ -0,0 +1,72 @@ +#include <limits.h> +#include <stdint.h> +#include <errno.h> +#include <sys/mman.h> +#include "libc.h" +#include "syscall.h" + +/* This function returns true if the interval [old,new] + * intersects the 'len'-sized interval below &libc.auxv + * (interpreted as the main-thread stack) or below &b + * (the current stack). It is used to defend against + * buggy brk implementations that can cross the stack. */ + +static int traverses_stack_p(uintptr_t old, uintptr_t new) +{ + const uintptr_t len = 8<<20; + uintptr_t a, b; + + b = (uintptr_t)libc.auxv; + a = b > len ? b-len : 0; + if (new>a && old<b) return 1; + + b = (uintptr_t)&b; + a = b > len ? b-len : 0; + if (new>a && old<b) return 1; + + return 0; +} + +void *__mmap(void *, size_t, int, int, int, off_t); + +/* Expand the heap in-place if brk can be used, or otherwise via mmap, + * using an exponential lower bound on growth by mmap to make + * fragmentation asymptotically irrelevant. The size argument is both + * an input and an output, since the caller needs to know the size + * allocated, which will be larger than requested due to page alignment + * and mmap minimum size rules. The caller is responsible for locking + * to prevent concurrent calls. */ + +void *__expand_heap(size_t *pn) +{ + static uintptr_t brk; + static unsigned mmap_step; + size_t n = *pn; + + if (n > SIZE_MAX/2 - PAGE_SIZE) { + errno = ENOMEM; + return 0; + } + n += -n & PAGE_SIZE-1; + + if (!brk) { + brk = __syscall(SYS_brk, 0); + brk += -brk & PAGE_SIZE-1; + } + + if (n < SIZE_MAX-brk && !traverses_stack_p(brk, brk+n) + && __syscall(SYS_brk, brk+n)==brk+n) { + *pn = n; + brk += n; + return (void *)(brk-n); + } + + size_t min = (size_t)PAGE_SIZE << mmap_step/2; + if (n < min) n = min; + void *area = __mmap(0, n, PROT_READ|PROT_WRITE, + MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); + if (area == MAP_FAILED) return 0; + *pn = n; + mmap_step++; + return area; +} |