Commit Graph

726 Commits (main)

Author SHA1 Message Date
Daniel Micay bc75c4db7b realloc: use copy_size to check for canaries
This avoids unnecessarily copying the canary when doing a realloc from a
small size to a large size. It also avoids trying to copy a non-existent
canary out of a zero-size allocation, which are memory protected.
2019-06-17 00:28:10 -04:00
Daniel Micay 37474e117c limit precision for fragmentation in table 2019-06-12 13:29:04 -04:00
Daniel Micay 12525f2861 work around old glibc releases without threads.h 2019-06-06 08:10:57 -04:00
Daniel Micay 5449f4a94e use safe_flag for -fno-plt
This isn't supported by the ancient Clang release in Debian Stable.
2019-06-06 07:33:39 -04:00
Daniel Micay 64a1f59020 note about getrandom with syscall whitelists 2019-06-02 22:24:25 -04:00
Daniel Micay b40ba9754b add malloc_info test 2019-05-05 08:37:55 -04:00
Daniel Micay f6f4402ff3 expand test gitignore 2019-05-05 08:37:55 -04:00
Daniel Micay 2ae0ed4674 add large array growth test 2019-05-05 08:37:55 -04:00
Daniel Micay ae4142c2d1 note that arenas are isolated from each other 2019-04-23 02:01:44 -04:00
Daniel Micay 18f36c3e8d expand description of randomized delay free 2019-04-23 01:59:31 -04:00
Daniel Micay 7f0bbddfca merge points about out-of-line / protected state 2019-04-23 01:58:37 -04:00
Daniel Micay 409a639312 provide working malloc_info outside Android too 2019-04-19 16:56:07 -04:00
Daniel Micay 494436c904 implement options handling for malloc_info 2019-04-19 16:23:14 -04:00
Daniel Micay 13ee04c8c3 fill CSPRNG caches lazily to speed up early init 2019-04-15 07:23:30 -04:00
Daniel Micay a13db3fc68 initialize size class CSPRNGs from init CSPRNG
This avoids making a huge number of getrandom system calls during
initialization. The init CSPRNG is unmapped before initialization
finishes and these are still reseeded from the OS. The purpose of the
independent CSPRNGs is simply to avoid the massive performance hit of
synchronization and there's no harm in doing it this way.

Keeping around the init CSPRNG and reseeding from it would defeat the
purpose of reseeding, and it isn't a measurable performance issue since
it can just be tuned to reseed less often.
2019-04-15 06:50:24 -04:00
Daniel Micay c7e2cb82f4 add generic get_random_bytes function 2019-04-15 06:07:28 -04:00
Daniel Micay f115be8392 shrink initial region table size to fit in 1 page 2019-04-15 00:04:00 -04:00
Daniel Micay e7eeb3f35c avoid reading thread_local more than once 2019-04-14 20:26:14 -04:00
Daniel Micay 7e465c621e use allocate_large directly in large remap path 2019-04-14 19:46:22 -04:00
Daniel Micay 1c899657c1 add is_init check to mallinfo functions 2019-04-14 19:12:38 -04:00
Daniel Micay 8774065b13 fix non-init size for malloc_object_size extension 2019-04-14 19:01:25 -04:00
Daniel Micay 84a25ec83e fix build with CONFIG_STATS enabled 2019-04-11 00:51:34 -04:00
Daniel Micay 34b6754f70 enable CONFIG_STATS by default for Android
The tiny performance cost might as well be accepted now because this
will be needed for Android Q. It's also quite possible that some apps
make use of the features based on this including malloc_info.
2019-04-10 17:12:17 -04:00
Daniel Micay d4b8fee1c4 allow using the largest slab allocation size 2019-04-10 16:54:58 -04:00
Daniel Micay 086eb1fee4 at a final spacing class of 1 slot size classes 2019-04-10 16:32:24 -04:00
Daniel Micay 7a89a7b8c5 support for slabs with 1 slot for largest sizes 2019-04-10 16:26:49 -04:00
Daniel Micay b31e8dacb1 document extended size classes 2019-04-10 08:42:32 -04:00
Daniel Micay 6c31f6710a support extended range of small size classes 2019-04-10 08:31:51 -04:00
Daniel Micay 1b34fd4a69 enable 4 arenas by default 2019-04-10 08:12:59 -04:00
Daniel Micay d5f18c47b3 micro-optimize initialization with arenas 2019-04-10 08:07:24 -04:00
Daniel Micay 62c73d8b41 harden thread_arena check 2019-04-10 07:40:29 -04:00
Daniel Micay d5c00b4d0d disable current in-place growth code path for now 2019-04-09 19:20:34 -04:00
Daniel Micay d5c1bca915 use round-robin assignment to arenas
The initial implementation was a temporary hack rather than a serious
implementation of random arena selection. It may still make sense to
offer it but it should be implemented via the CSPRNG instead of this
silly hack. It would also make sense to offer dynamic load balancing,
particularly with sched_getcpu().

This results in a much more predictable spread across arenas. This is
one place where randomization probably isn't a great idea because it
makes the benefits of arenas unpredictable in programs not creating a
massive number of threads. The security benefits of randomization for
this are also quite small. It's not certain that randomization is even a
net win for security since it's not random enough and can result in a
more interesting mix of threads in the same arena for an attacker if
they're able to attempt multiple attacks.
2019-04-09 16:54:14 -04:00
Daniel Micay 9a0de626fc move stats accounting to utility functions 2019-04-09 03:57:44 -04:00
Daniel Micay 02bfcc3b75 chacha: add constant for number of rounds 2019-04-09 01:29:35 -04:00
Daniel Micay cef7368b3c disable unusable readability-magic-numbers lint
This wouldn't be worth using even if it had a whole bunch of heuristics
like ignoring expressions in static_assert, ignoring repeated patterns
like assigning different things to sequential array indexes, etc.
2019-04-09 00:58:06 -04:00
Daniel Micay 295bfbde94 disable bugprone-too-small-loop-variable lint
This has too many false positives since it doesn't permit comparisons
against constants where the compiler can verify it doesn't overflow.
2019-04-09 00:55:16 -04:00
Daniel Micay 8b2b9d940a chacha: use C99 variable declaration style
This further aligns the code style with the rest of the project and
fixes the clang-tidy readability-isolate-declaration lint triggered by
declaring all of these variables together.
2019-04-09 00:18:17 -04:00
Daniel Micay 9453332e57 remove redundant else block 2019-04-09 00:06:17 -04:00
Daniel Micay 922c741915 it already supports Bionic, musl and glibc 2019-04-07 18:13:26 -04:00
Daniel Micay a4cff7a960 factor out slab memory_set_name into label_slab 2019-04-07 18:02:56 -04:00
Daniel Micay ef90f404a6 add sanity check for stats option 2019-04-07 09:06:03 -04:00
Daniel Micay e0891c8cfc implement the option of large size classes
This extends the size class scheme used for slab allocations to large
allocations. This drastically improves performance for many real world
programs using incremental realloc growth instead of using proper growth
factors. There are 4 size classes for every doubling in size, resulting
in a worst case of ~20% extra virtual memory being reserved and a huge
increase in performance for pathological cases. For example, growing
from 4MiB to 8MiB by calling realloc in increments of 32 bytes will only
need to do work beyond looking up the size 4 times instead of 1024 times
with 4096 byte granularity.
2019-04-07 08:52:17 -04:00
Daniel Micay 7a7126e780 add infrastructure for a larger guard size option 2019-04-07 06:07:09 -04:00
Daniel Micay c68de6141d factor out duplicated code in malloc/realloc 2019-04-07 05:48:10 -04:00
Daniel Micay ce36d0c826 split out allocate_large function 2019-04-07 05:44:09 -04:00
Daniel Micay 3d18fb8074 implement Android M_PURGE mallopt via malloc_trim 2019-04-07 03:35:26 -04:00
Daniel Micay 4f08e40fe5 move thread sealing implementation 2019-04-07 00:50:26 -04:00
Daniel Micay 55891357ff clean up the exported API section of the code 2019-04-07 00:36:53 -04:00
Daniel Micay 0651c819e3 clarify hardened_malloc extensions section 2019-04-07 00:34:13 -04:00