summaryrefslogtreecommitdiff
path: root/src/malloc/expand_heap.c
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2015-06-14 01:59:02 +0000
committerRich Felker <dalias@aerifal.cx>2015-06-14 01:59:02 +0000
commite3bc22f1eff87b8f029a6ab31f1a269d69e4b053 (patch)
treed0fc5ca6b5a1a5740f739a37ff5d8c7446fbfd9a /src/malloc/expand_heap.c
parent4ef9b828c1f39553a69e0635ac91f0fcadd6e8c6 (diff)
downloadmusl-e3bc22f1eff87b8f029a6ab31f1a269d69e4b053.tar.gz
refactor malloc's expand_heap to share with __simple_malloc
this extends the brk/stack collision protection added to full malloc in commit 276904c2f6bde3a31a24ebfa201482601d18b4f9 to also protect the __simple_malloc function used in static-linked programs that don't reference the free function. it also extends support for using mmap when brk fails, which full malloc got in commit 5446303328adf4b4e36d9fba21848e6feb55fab4, to __simple_malloc. since __simple_malloc may expand the heap by arbitrarily large increments, the stack collision detection is enhanced to detect interval overlap rather than just proximity of a single address to the stack. code size is increased a bit, but this is partly offset by the sharing of code between the two malloc implementations, which due to linking semantics, both get linked in a program that needs the full malloc with realloc/free support.
Diffstat (limited to 'src/malloc/expand_heap.c')
-rw-r--r--src/malloc/expand_heap.c72
1 files changed, 72 insertions, 0 deletions
diff --git a/src/malloc/expand_heap.c b/src/malloc/expand_heap.c
new file mode 100644
index 00000000..d8c0be74
--- /dev/null
+++ b/src/malloc/expand_heap.c
@@ -0,0 +1,72 @@
+#include <limits.h>
+#include <stdint.h>
+#include <errno.h>
+#include <sys/mman.h>
+#include "libc.h"
+#include "syscall.h"
+
+/* This function returns true if the interval [old,new]
+ * intersects the 'len'-sized interval below &libc.auxv
+ * (interpreted as the main-thread stack) or below &b
+ * (the current stack). It is used to defend against
+ * buggy brk implementations that can cross the stack. */
+
+static int traverses_stack_p(uintptr_t old, uintptr_t new)
+{
+ const uintptr_t len = 8<<20;
+ uintptr_t a, b;
+
+ b = (uintptr_t)libc.auxv;
+ a = b > len ? b-len : 0;
+ if (new>a && old<b) return 1;
+
+ b = (uintptr_t)&b;
+ a = b > len ? b-len : 0;
+ if (new>a && old<b) return 1;
+
+ return 0;
+}
+
+void *__mmap(void *, size_t, int, int, int, off_t);
+
+/* Expand the heap in-place if brk can be used, or otherwise via mmap,
+ * using an exponential lower bound on growth by mmap to make
+ * fragmentation asymptotically irrelevant. The size argument is both
+ * an input and an output, since the caller needs to know the size
+ * allocated, which will be larger than requested due to page alignment
+ * and mmap minimum size rules. The caller is responsible for locking
+ * to prevent concurrent calls. */
+
+void *__expand_heap(size_t *pn)
+{
+ static uintptr_t brk;
+ static unsigned mmap_step;
+ size_t n = *pn;
+
+ if (n > SIZE_MAX/2 - PAGE_SIZE) {
+ errno = ENOMEM;
+ return 0;
+ }
+ n += -n & PAGE_SIZE-1;
+
+ if (!brk) {
+ brk = __syscall(SYS_brk, 0);
+ brk += -brk & PAGE_SIZE-1;
+ }
+
+ if (n < SIZE_MAX-brk && !traverses_stack_p(brk, brk+n)
+ && __syscall(SYS_brk, brk+n)==brk+n) {
+ *pn = n;
+ brk += n;
+ return (void *)(brk-n);
+ }
+
+ size_t min = (size_t)PAGE_SIZE << mmap_step/2;
+ if (n < min) n = min;
+ void *area = __mmap(0, n, PROT_READ|PROT_WRITE,
+ MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
+ if (area == MAP_FAILED) return 0;
+ *pn = n;
+ mmap_step++;
+ return area;
+}