malloc: Remove corrupt arena flag

This is no longer needed because we now abort immediately
once heap corruption is detected.
This commit is contained in:
Florian Weimer 2017-08-30 17:16:08 +02:00
parent ac3ed168d0
commit a9da0bb266
3 changed files with 10 additions and 31 deletions

View File

@ -1,3 +1,11 @@
2017-08-30 Florian Weimer <fweimer@redhat.com>
* malloc/malloc.c (ARENA_CORRUPTION_BIT, arena_is_corrupt)
(set_arena_corrupt): Remove definitions.
(mtrim): Do not check for corrupt arena.
* malloc/arena.c (arena_lock, reused_arena, arena_get_retry):
Likewise.
2017-08-30 Florian Weimer <fweimer@redhat.com> 2017-08-30 Florian Weimer <fweimer@redhat.com>
[BZ #21754] [BZ #21754]

View File

@ -116,7 +116,7 @@ int __malloc_initialized = -1;
} while (0) } while (0)
#define arena_lock(ptr, size) do { \ #define arena_lock(ptr, size) do { \
if (ptr && !arena_is_corrupt (ptr)) \ if (ptr) \
__libc_lock_lock (ptr->mutex); \ __libc_lock_lock (ptr->mutex); \
else \ else \
ptr = arena_get2 ((size), NULL); \ ptr = arena_get2 ((size), NULL); \
@ -832,7 +832,7 @@ reused_arena (mstate avoid_arena)
result = next_to_use; result = next_to_use;
do do
{ {
if (!arena_is_corrupt (result) && !__libc_lock_trylock (result->mutex)) if (!__libc_lock_trylock (result->mutex))
goto out; goto out;
/* FIXME: This is a data race, see _int_new_arena. */ /* FIXME: This is a data race, see _int_new_arena. */
@ -845,18 +845,6 @@ reused_arena (mstate avoid_arena)
if (result == avoid_arena) if (result == avoid_arena)
result = result->next; result = result->next;
/* Make sure that the arena we get is not corrupted. */
mstate begin = result;
while (arena_is_corrupt (result) || result == avoid_arena)
{
result = result->next;
if (result == begin)
/* We looped around the arena list. We could not find any
arena that was either not corrupted or not the one we
wanted to avoid. */
return NULL;
}
/* No arena available without contention. Wait for the next in line. */ /* No arena available without contention. Wait for the next in line. */
LIBC_PROBE (memory_arena_reuse_wait, 3, &result->mutex, result, avoid_arena); LIBC_PROBE (memory_arena_reuse_wait, 3, &result->mutex, result, avoid_arena);
__libc_lock_lock (result->mutex); __libc_lock_lock (result->mutex);
@ -953,10 +941,6 @@ arena_get_retry (mstate ar_ptr, size_t bytes)
if (ar_ptr != &main_arena) if (ar_ptr != &main_arena)
{ {
__libc_lock_unlock (ar_ptr->mutex); __libc_lock_unlock (ar_ptr->mutex);
/* Don't touch the main arena if it is corrupt. */
if (arena_is_corrupt (&main_arena))
return NULL;
ar_ptr = &main_arena; ar_ptr = &main_arena;
__libc_lock_lock (ar_ptr->mutex); __libc_lock_lock (ar_ptr->mutex);
} }

View File

@ -1647,15 +1647,6 @@ typedef struct malloc_chunk *mfastbinptr;
#define set_noncontiguous(M) ((M)->flags |= NONCONTIGUOUS_BIT) #define set_noncontiguous(M) ((M)->flags |= NONCONTIGUOUS_BIT)
#define set_contiguous(M) ((M)->flags &= ~NONCONTIGUOUS_BIT) #define set_contiguous(M) ((M)->flags &= ~NONCONTIGUOUS_BIT)
/* ARENA_CORRUPTION_BIT is set if a memory corruption was detected on the
arena. Such an arena is no longer used to allocate chunks. Chunks
allocated in that arena before detecting corruption are not freed. */
#define ARENA_CORRUPTION_BIT (4U)
#define arena_is_corrupt(A) (((A)->flags & ARENA_CORRUPTION_BIT))
#define set_arena_corrupt(A) ((A)->flags |= ARENA_CORRUPTION_BIT)
/* Maximum size of memory handled in fastbins. */ /* Maximum size of memory handled in fastbins. */
static INTERNAL_SIZE_T global_max_fast; static INTERNAL_SIZE_T global_max_fast;
@ -4727,10 +4718,6 @@ _int_memalign (mstate av, size_t alignment, size_t bytes)
static int static int
mtrim (mstate av, size_t pad) mtrim (mstate av, size_t pad)
{ {
/* Don't touch corrupt arenas. */
if (arena_is_corrupt (av))
return 0;
/* Ensure initialization/consolidation */ /* Ensure initialization/consolidation */
malloc_consolidate (av); malloc_consolidate (av);