Commit Graph

149 Commits (af866a7faa79c47baafea829bbd1ccb69288e909)

Author SHA1 Message Date
Daniel Micay 64dad0a69f drop legacy glibc support 2023-06-10 14:04:46 -04:00
Daniel Micay d3152b8e8f preserve errno for free calls
This is a future POSIX requirement recently implemented by musl and
glibc.
2023-02-17 13:07:26 -05:00
Daniel Micay 2e9daf3122 merge fprintf/fputs calls in malloc_info 2023-02-17 13:07:26 -05:00
Daniel Micay 2250130c53 remove unnecessary UNUSED marker 2022-09-16 01:03:47 -04:00
Daniel Micay 8f38bbdee6 add configuration for self-init
This needs to be disabled for compatibility with the exploit protection
compatibility mode on GrapheneOS. hardened_malloc shouldn't be trying to
initialize itself when exploit protection compatibility mode is enabled.
This has to be handled in our Bionic integration instead.
2022-09-14 03:41:31 -04:00
jvoisin b511696c55 clean up includes and remove non-portable includes
This marginally increases the portability of hardened_malloc,
eg. on OSX.
2022-02-07 07:14:51 -05:00
Daniel Micay 448170a412 fix case for non-macro constant 2022-01-21 23:59:37 -05:00
Daniel Micay 995ce07d45 add is_init likely/unlikely markers 2022-01-21 19:46:49 -05:00
Daniel Micay c9d1abcd7e explicitly mark fatal error conditions unlikely 2022-01-21 19:45:05 -05:00
Daniel Micay 8f0b252c33 mark more out-of-memory conditions as unlikely 2022-01-21 19:03:02 -05:00
Daniel Micay 3cffc1e1af treat zero size malloc as unlikely
Calls to malloc with a zero size are extremely rare relative to normal
usage of the API. It's generally only done by inefficient C code with
open coded dynamic array implementations where they aren't handling zero
size as a special case for their usage of malloc/realloc. Efficient code
wouldn't be making these allocations. It doesn't make sense to optimize
for the performance of rare edge cases caused by inefficient code.
2022-01-21 18:27:04 -05:00
Daniel Micay b3d78bd5f6 use static const for local constants 2022-01-16 21:02:17 -05:00
Daniel Micay 8d61e63274 add comment about special small size classes 2022-01-16 20:50:49 -05:00
Daniel Micay 81cf2f27a0 calculate slab size class instead of array loop 2022-01-16 16:18:14 -05:00
Daniel Micay d8cb2d9f7a use consistent wrappers around clz/ffs 2022-01-16 15:39:59 -05:00
Daniel Micay 86f9c739ee define constant for u64 bit width 2022-01-16 15:06:36 -05:00
Daniel Micay 536f852538 reuse a single size alignment implementation 2022-01-16 14:44:28 -05:00
Daniel Micay 2a5662948e rename bitmap manipulation functions 2022-01-04 12:14:55 -05:00
Daniel Micay d1c39edc9b use const for malloc_object_size API 2022-01-04 10:14:41 -05:00
Daniel Micay 5f32942263 get rid of canary_value when canaries are disabled 2022-01-03 20:39:30 -05:00
Daniel Micay 3696f071a4 use SLAB_CANARY for conditional checks 2022-01-03 02:17:04 -05:00
Daniel Micay 8ae78237ae avoid unnecessarily mixing 32-bit and 64-bit ints
It's ever so slightly faster to stick to stick to 64-bit arithmetic and
it avoids clang tidy being unhappy about the implicit widening.
2022-01-03 00:54:43 -05:00
Daniel Micay 3f8e9d3184 make MREMAP_MOVE_THRESHOLD into size_t constant
This avoids a clang-tidy warning and is a bit cleaner.
2022-01-03 00:32:06 -05:00
jvoisin 9142a9376b Add a bunch of const qualifiers 2021-12-30 21:25:16 -05:00
jvoisin 0655c1d024 Add a missing const 2021-12-26 18:19:59 -05:00
Daniel Micay e41d37c3de remove unnecessary else 2021-09-30 10:57:05 -04:00
Daniel Micay be6dde66f9 fix missing include for Intel MPK support 2021-05-21 09:07:28 -04:00
Daniel Micay 27fcfccb67 make __GLIBC_PREREQ check for mallinfo2 portable 2021-05-12 22:53:20 -04:00
Daniel Micay da190f1469 mark pvalloc error path as unlikely 2021-05-12 21:01:13 -04:00
Daniel Micay b0f81365a8 reuse code for aligned allocation API entry points 2021-05-12 20:59:04 -04:00
Daniel Micay c9820b6e37 mark alloc_aligned_simple error path unlikely 2021-05-12 20:41:46 -04:00
Daniel Micay f1cdc1e484 remove disconcerting newline 2021-05-12 20:34:18 -04:00
Daniel Micay 26b74b87bf improve code reuse for malloc API entry points 2021-05-12 20:28:50 -04:00
Daniel Micay 89faba4232 set errno in malloc_get_state to match glibc 2021-05-12 20:19:12 -04:00
Daniel Micay a45dacc57b add support for glibc mallinfo2 2021-05-12 20:07:15 -04:00
Daniel Micay f9a8e7216b purge slab memory even if using MAP_FIXED fails 2021-05-12 00:45:19 -04:00
Daniel Micay 5c974bdf82 use region quarantine even if MAP_FIXED call fails
This is a more sensible way of handling an out-of-memory failure in this
edge case. It doesn't matter much in practice.
2021-05-12 00:20:03 -04:00
Daniel Micay 2335f56713 add wrapper function for getting slot count 2021-05-10 07:04:50 -04:00
Daniel Micay 13a3aa16d0 improve naming of adjust_size_for_canaries 2021-05-07 04:23:49 -04:00
Daniel Micay 8bfa1a7dd5 use 1 slot for all extended size classes
This reduces memory usage and improves security in combination with the
guard slab feature.
2021-05-01 22:10:20 -04:00
Daniel Micay 3952645318 avoid unused variable for some configurations 2021-03-31 12:12:49 -04:00
Daniel Micay f773a96b59 remove unnecessary sys/mman.h include 2021-03-22 12:25:22 -04:00
Daniel Micay b84af9b499 add wrapper for madvise 2021-03-22 12:24:26 -04:00
Daniel Micay e77ffa76d9 add initial malloc_trim slab quarantine purging
This currently only purges the quarantines for extended size classes.
2021-03-22 11:16:57 -04:00
Daniel Micay 86b0b3e452 fix !CONFIG_EXTENDED_SIZE_CLASSES configuration 2021-03-21 18:09:02 -04:00
Daniel Micay a3b4c163eb drop unused header 2021-03-05 00:35:10 -05:00
Daniel Micay ddd14bc421 avoid type comparison warning on some platforms 2021-02-16 17:18:35 -05:00
Daniel Micay 29b09648d6 avoid undefined clz and shift in edge cases
This is triggered when get_large_size_class is called with a size in the
range [1,4]. This can occur with aligned_alloc(8192, size). In practice,
it doesn't appear to cause any harm, but we shouldn't have any undefined
behavior for well-defined usage of the API. It also occurs if the caller
passes a pointer outside the slab region to free_sized but the expected
size is in the range [1,4]. That usage of free_sized is already going to
be considered undefined, but we should avoid undefined behavior in the
caller from triggering more undefined behavior when it's avoidable.
2021-02-16 08:31:17 -05:00
Thibaut Sautereau 1984cb3b3d malloc_object_size: avoid fault for invalid region
It's the region pointer that can be NULL here, and p was checked at the
beginning of the function.
2021-02-10 17:43:36 -05:00
Thibaut Sautereau 76860c72e1 malloc_usable_size: clean abort on invalid region
It's the region pointer that can be NULL here, and p was checked at the
beginning of the function. Also fix the test accordingly.
2021-02-10 17:41:17 -05:00