Commit Graph

757 Commits

Author SHA1 Message Date
Arjun Shankar
34697694e8 Fix integer overflow in malloc when tcache is enabled [BZ #22375]
When the per-thread cache is enabled, __libc_malloc uses request2size (which
does not perform an overflow check) to calculate the chunk size from the
requested allocation size. This leads to an integer overflow causing malloc
to incorrectly return the last successfully allocated block when called with
a very large size argument (close to SIZE_MAX).

This commit uses checked_request2size instead, removing the overflow.
2017-11-30 13:42:53 +01:00
Florian Weimer
0a947e061d malloc: Call tcache destructor in arena_thread_freeres
It does not make sense to register separate cleanup functions for arena
and tcache since they're always going to be called together.  Call the
tcache cleanup function from within arena_thread_freeres since it at
least makes the order of those cleanups clear in the code.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2017-11-23 14:47:31 +01:00
Siddhesh Poyarekar
a306c790a8 Prefer https for Sourceware links
Update all sourceware links to https.  The website redirects
everything to https anyway so let the web server do a bit less work.
The only reference that remains unchanged is the one in the old
ChangeLog, since it didn't seem worth changing it.

	* NEWS: Update sourceware link to https.
	* configure.ac: Likewise.
	* crypt/md5test-giant.c: Likewise.
	* dlfcn/bug-atexit1.c: Likewise.
	* dlfcn/bug-atexit2.c: Likewise.
	* localedata/README: Likewise.
	* malloc/tst-mallocfork.c: Likewise.
	* manual/install.texi: Likewise.
	* nptl/tst-pthread-getattr.c: Likewise.
	* stdio-common/tst-fgets.c: Likewise.
	* stdio-common/tst-fwrite.c: Likewise.
	* sunrpc/Makefile: Likewise.
	* sysdeps/arm/armv7/multiarch/memcpy_impl.S: Likewise.
	* wcsmbs/tst-mbrtowc2.c: Likewise.
	* configure: Regenerate.
	* INSTALL: Regenerate.
2017-11-16 11:49:26 +05:30
Florian Weimer
34eb41579c malloc: Account for all heaps in an arena in malloc_info [BZ #22439]
This commit adds a "subheaps" field to the malloc_info output that
shows the number of heaps that were allocated to extend a non-main
arena.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2017-11-15 11:40:41 +01:00
Florian Weimer
7a9368a117 malloc: Add missing arena lock in malloc_info [BZ #22408]
Obtain the size information while the arena lock is acquired, and only
print it later.
2017-11-15 11:39:01 +01:00
Wilco Dijkstra
905a7725e9 Add single-threaded path to _int_malloc
This patch adds single-threaded fast paths to _int_malloc.

	* malloc/malloc.c (_int_malloc): Add SINGLE_THREAD_P path.
2017-10-24 12:43:05 +01:00
Wilco Dijkstra
3f6bb8a32e Add single-threaded path to malloc/realloc/calloc/memalloc
This patch adds a single-threaded fast path to malloc, realloc,
calloc and memalloc.  When we're single-threaded, we can bypass
arena_get (which always locks the arena it returns) and just use
the main arena.  Also avoid retrying a different arena since
there is just the main arena.

	* malloc/malloc.c (__libc_malloc): Add SINGLE_THREAD_P path.
	(__libc_realloc): Likewise.
	(_mid_memalign): Likewise.
	(__libc_calloc): Likewise.
2017-10-24 12:39:24 +01:00
Wilco Dijkstra
6d43de4b85 Fix build issue with SINGLE_THREAD_P
Add sysdep-cancel.h include.

	* malloc/malloc.c (sysdep-cancel.h): Add include.
2017-10-20 17:39:47 +01:00
Wilco Dijkstra
a15d53e2de Add single-threaded path to _int_free
This patch adds single-threaded fast paths to _int_free.
Bypass the explicit locking for larger allocations.

	* malloc/malloc.c (_int_free): Add SINGLE_THREAD_P fast paths.
2017-10-20 17:31:06 +01:00
Wilco Dijkstra
d74e6f6c0d Fix deadlock in _int_free consistency check
This patch fixes a deadlock in the fastbin consistency check.
If we fail the fast check due to concurrent modifications to
the next chunk or system_mem, we should not lock if we already
have the arena lock.  Simplify the check to make it obviously
correct.

	* malloc/malloc.c (_int_free): Fix deadlock bug in consistency check.
2017-10-19 18:19:55 +01:00
Wilco Dijkstra
2c2245b92c Fix build failure on tilepro due to unsupported atomics
* malloc/malloc.c (malloc_state): Use int for have_fastchunks since
        not all targets support atomics on bool.
2017-10-18 12:20:55 +01:00
Wilco Dijkstra
3381be5cde Improve malloc initialization sequence
The current malloc initialization is quite convoluted. Instead of
sometimes calling malloc_consolidate from ptmalloc_init, call
malloc_init_state early so that the main_arena is always initialized.
The special initialization can now be removed from malloc_consolidate.
This also fixes BZ #22159.

Check all calls to malloc_consolidate and remove calls that are
redundant initialization after ptmalloc_init, like in int_mallinfo
and __libc_mallopt (but keep the latter as consolidation is required for
set_max_fast).  Update comments to improve clarity.

Remove impossible initialization check from _int_malloc, fix assert
in do_check_malloc_state to ensure arena->top != 0.  Fix the obvious bugs
in do_check_free_chunk and do_check_remalloced_chunk to enable single
threaded malloc debugging (do_check_malloc_state is not thread safe!).

	[BZ #22159]
	* malloc/arena.c (ptmalloc_init): Call malloc_init_state.
	* malloc/malloc.c (do_check_free_chunk): Fix build bug.
	(do_check_remalloced_chunk): Fix build bug.
	(do_check_malloc_state): Add assert that checks arena->top.
	(malloc_consolidate): Remove initialization.
	(int_mallinfo): Remove call to malloc_consolidate.
	(__libc_mallopt): Clarify why malloc_consolidate is needed.
2017-10-17 18:55:16 +01:00
Wilco Dijkstra
e956075a5a Use relaxed atomics for malloc have_fastchunks
Currently free typically uses 2 atomic operations per call.  The have_fastchunks
flag indicates whether there are recently freed blocks in the fastbins.  This
is purely an optimization to avoid calling malloc_consolidate too often and
avoiding the overhead of walking all fast bins even if all are empty during a
sequence of allocations.  However using catomic_or to update the flag is
completely unnecessary since it can be changed into a simple boolean and
accessed using relaxed atomics.  There is no change in multi-threaded behaviour
given the flag is already approximate (it may be set when there are no blocks in
any fast bins, or it may be clear when there are free blocks that could be
consolidated).

Performance of malloc/free improves by 27% on a simple benchmark on AArch64
(both single and multithreaded). The number of load/store exclusive instructions
is reduced by 33%. Bench-malloc-thread speeds up by ~3% in all cases.

	* malloc/malloc.c (FASTCHUNKS_BIT): Remove.
	(have_fastchunks): Remove.
	(clear_fastchunks): Remove.
	(set_fastchunks): Remove.
	(malloc_state): Add have_fastchunks.
	(malloc_init_state): Use have_fastchunks.
	(do_check_malloc_state): Remove incorrect invariant checks.
	(_int_malloc): Use have_fastchunks.
	(_int_free): Likewise.
	(malloc_consolidate): Likewise.
2017-10-17 18:43:31 +01:00
Wilco Dijkstra
e4dd4ace56 Inline tcache functions
The functions tcache_get and tcache_put show up in profiles as they
are a critical part of the tcache code.  Inline them to give tcache
a 16% performance gain.  Since this improves multi-threaded cases
as well, it helps offset any potential performance loss due to adding
single-threaded fast paths.

	* malloc/malloc.c (tcache_put): Inline.
	(tcache_get): Inline.
2017-10-17 18:25:43 +01:00
Florian Weimer
7ece6cd509 malloc: Use compat_symbol_reference in libmcheck [BZ #22050]
Since glibc 2.24, __malloc_initialize_hook is a compat symbol.  As a
result, the link editor does not export a definition of
__malloc_initialize_hook from the main program, so that it no longer
interposes the variable definition in libc.so.  Specifying the symbol
version restores the exported symbol.
2017-10-16 20:52:34 +02:00
Florian Weimer
d8287b36ab malloc: Do not compile mcheck-init.o as libc module
Otherwise, this will lead to a link failure because the reference
to mcheck is hidden.
2017-10-16 20:50:04 +02:00
H.J. Lu
8e57c9432a Silence -O3 -Wall warning in malloc/hooks.c with GCC 7 [BZ #22052]
realloc_check has

  unsigned char *magic_p;
...
  __libc_lock_lock (main_arena.mutex);
  const mchunkptr oldp = mem2chunk_check (oldmem, &magic_p);
  __libc_lock_unlock (main_arena.mutex);
  if (!oldp)
    malloc_printerr ("realloc(): invalid pointer");
...
  if (newmem == NULL)
    *magic_p ^= 0xFF;

with

static void malloc_printerr(const char *str) __attribute__ ((noreturn));

GCC 7 -O3 warns

hooks.c: In function ‘realloc_check’:
hooks.c:352:14: error: ‘magic_p’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
     *magic_p ^= 0xFF;

due to the GCC bug:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82090

This patch silences GCC 7 by using DIAG_IGNORE_NEEDS_COMMENT.

	[BZ #22052]
	* malloc/hooks.c (realloc_check): Use DIAG_IGNORE_NEEDS_COMMENT
	to silence -O3 -Wall warning with GCC 7.
2017-10-15 08:16:37 -07:00
Carlos O'Donell
1e26d35193 malloc: Fix tcache leak after thread destruction [BZ #22111]
The malloc tcache added in 2.26 will leak all of the elements remaining
in the cache and the cache structure itself when a thread exits. The
defect is that we do not set tcache_shutting_down early enough, and the
thread simply recreates the tcache and places the elements back onto a
new tcache which is subsequently lost as the thread exits (unfreed
memory). The fix is relatively simple, move the setting of
tcache_shutting_down earlier in tcache_thread_freeres. We add a test
case which uses mallinfo and some heuristics to look for unaccounted for
memory usage between the start and end of a thread start/join loop. It
is very reliable at detecting that there is a leak given the number of
iterations.  Without the fix the test will consume 122MiB of leaked
memory.
2017-10-06 09:31:52 -07:00
H.J. Lu
825adeeed1 Mark __dso_handle as hidden [BZ #18822]
Since __dso_handle is always defined by either crtbegin.o from GCC or
dso_handle.c, it should be marked as hidden and be passed directly.

	[BZ #18822]
	* dlfcn/modatexit.c (foo): Remove __dso_handle check.
	* dlfcn/modcxaatexit.c: Include <dso_handle.h>.
	(__dso_handle): Remove declaration.
	* dlfcn/tstatexit.c (__dso_handle): Removed.
	(main): Don't check __dso_handle.
	* dlfcn/tstcxaatexit.c (__dso_handle): Removed.
	(main): Don't check __dso_handle.
	* include/dso_handle.h: New file.
	* malloc/mtrace.c: Include <dso_handle.h>.
	(mtrace): Pass __dso_handle directly.
	* nptl/pthread_atfork.c: Include <dso_handle.h>.
	(__dso_handle): Remove declaration.
	(__pthread_atfork): Pass __dso_handle directly.
	* nptl/tst-atfork2mod.c: Include <dso_handle.h>.
	(__dso_handle): Removed.
	* posix/wordexp-test.c: Include <dso_handle.h>.
	(__dso_handle): Remove declaration.
	(__app_register_atfork): Pass __dso_handle directly.
	* stdlib/at_quick_exit.c: Include <dso_handle.h>.
	(__dso_handle): Remove declaration.
	(at_quick_exit): Pass __dso_handle directly.
	* stdlib/atexit.c: Include <dso_handle.h>.
	(__dso_handle): Remove declaration.
	(atexit): Pass __dso_handle directly.
	* stdlib/tst-tls-atexit-lib.c: Include <dso_handle.h>.
	(__dso_handle): Removed.
2017-09-26 16:53:44 -07:00
Adhemerval Zanella
5f9f31ad12 scratch_buffer: use union for internal buffer
Problem reported by Florian Weimer [1] and solution suggested by
Andreas Schwab [2].  It also set the same buffer size independent
of architecture max_align_t size.

Checked on x86_64-linux-gnu and i686-linux-gnu.

	* lib/malloc/scratch_buffer.h (struct scratch_buffer):
	Use an union instead of a max_align_t array for __space,
	so that __space is the same size on all platforms.
	* malloc/scratch_buffer_grow_preserve.c
	(__libc_scratch_buffer_grow_preserve): Likewise.

[1] https://sourceware.org/ml/libc-alpha/2017-09/msg00693.html
[2] https://sourceware.org/ml/libc-alpha/2017-09/msg00695.html
2017-09-25 18:04:22 -07:00
Adhemerval Zanella
e00f242599 Sync scratch_buffer with gnulib
This patch syncs the scratch_buffer grom gnulib commit 3866ef6 with
GLIBC code.

Checked on x86_64-linux-gnu and on a build using build-many-glibcs.py
for all major architectures.

	* include/scratch_buffer.h (scratch_buffer): Use a C99 align method
	instead of GCC extension.
	* malloc/scratch_buffer_grow.c [!_LIBC]: Include libc-config.h.
	* malloc/scratch_buffer_grow_preserve.c [!_LIBC]: Likewise.
	* malloc/scratch_buffer_set_array_size.c [!_LIBC]: Likewise.
2017-09-08 15:51:34 +02:00
Florian Weimer
ab5ac271e6 __libc_dynarray_emplace_enlarge: Add missing else
Before, arrays of small elements received a starting allocation size of
8, not 16.
2017-09-06 16:03:28 +02:00
Steve Ellcey
05b38d64b1 Fix tests that are testing obsoleted functionality
* include/shlib-compat.h (TEST_COMPAT): New Macro.
	* malloc/tst-mallocstate.c: Convert from test-skeleton
	to test-driver.  Ifdef code using TEST_COMPAT macro.
	* math/test-matherr-2.c: Ifdef test using TEST_COMPAT macro.
	* math/test-matherr.c: Likewise.
2017-09-05 12:24:00 -07:00
Florian Weimer
0c71122c0c malloc: Remove the internal_function attribute 2017-08-31 15:59:06 +02:00
Florian Weimer
24cffce736 malloc: Resolve compilation failure in NDEBUG mode
In _int_free, the locked variable is not used if NDEBUG is defined.
2017-08-31 15:34:22 +02:00
Florian Weimer
5129873a8e malloc: Change top_check return type to void
After commit ec2c1fcefb,
(malloc: Abort on heap corruption, without a backtrace), the function
always returns 0.
2017-08-31 14:16:52 +02:00
Florian Weimer
5898f4548e dynarray: Set errno on overflow-induced allocation failure
This allows the caller to return directly on such an error, with an
appropriate errno value.
2017-08-30 20:10:56 +02:00
Florian Weimer
a9da0bb266 malloc: Remove corrupt arena flag
This is no longer needed because we now abort immediately
once heap corruption is detected.
2017-08-30 20:08:34 +02:00
Florian Weimer
ac3ed168d0 malloc: Remove check_action variable [BZ #21754]
Clean up calls to malloc_printerr and trim its argument list.

This also removes a few bits of work done before calling
malloc_printerr (such as unlocking operations).

The tunable/environment variable still enables the lightweight
additional malloc checking, but mallopt (M_CHECK_ACTION)
no longer has any effect.
2017-08-30 20:08:34 +02:00
Florian Weimer
ec2c1fcefb malloc: Abort on heap corruption, without a backtrace [BZ #21754]
The stack trace printing caused deadlocks and has been itself been
targeted by code execution exploits.
2017-08-30 16:39:41 +02:00
Florian Weimer
eac43cbb8d malloc: Avoid optimizer warning with GCC 7 and -O3 2017-08-10 15:58:28 +02:00
Joseph Myers
f17a42333f Do not use __ptr_t.
sys/cdefs.h has a macro __ptr_t, which a few places in glibc use
instead of void *.  void * is a well-understood standard type for that
purpose and in a post-C89 context there is no need for a macro for it;
this patch changes those places to use void * directly instead.

Unlike __long_double_t, __ptr_t is widely used outside glibc (or at
least has many hits on codesearch.debian.net).  I don't know how many
of those uses would break if sys/cdefs.h ceased to define the macro,
but there's enough risk that this patch leaves the definition and just
removes the uses within glibc; removal of the definition can be
considered separately if desired.

Tested for x86_64, and with build-many-glibcs.py.

	* malloc/mcheck.c (old_free_hook): Use void * instead of __ptr_t.
	(old_malloc_hook): Likewise.
	(old_memalign_hook): Likewise.
	(old_realloc_hook): Likewise.
	(struct hdr): Likewise.
	(flood): Likewise.
	(freehook): Likewise.
	(mallochook): Likewise.
	(memalignhook): Likewise.
	(reallochook): Likewise.
	(mprobe): Likewise.
	* malloc/mtrace.c (mallwatch): Likewise.
	(tr_old_free_hook): Likewise.
	(tr_old_malloc_hook): Likewise.
	(tr_old_realloc_hook): Likewise.
	(tr_old_memalign_hook): Likewise.
	(tr_where): Likewise.
	(lock_and_info): Likewise.
	(tr_freehook): Likewise.
	(tr_mallochook): Likewise.
	(tr_reallochook): Likewise.
	(tr_memalignhook): Likewise.
	* misc/err.h [!__GNUC_VA_LIST] (__gnuc_va_list): Likewise.
	* misc/mmap.c (__mmap): Likewise.
	* misc/mmap64.c (__mmap64): Likewise.
	* misc/mprotect.c (__mprotect): Likewise.
	* misc/msync.c (msync): Likewise.
	* misc/munmap.c (__munmap): Likewise.
	* posix/posix_madvise.c (posix_madvise): Likewise.
	* socket/send.c (__send): Likewise.
	* socket/sendto.c (__sendto): Likewise.
	* socket/setsockopt.c (__setsockopt): Likewise.
	* string/memcmp.c (__ptr_t): Remove macro.
	(MEMCMP): Use void * instead of ptr_t.
	* string/memrchr.c (__ptr_t): Remove macro.
	(__memrchr): Use void * instead of ptr_t.
	* sysdeps/mach/hurd/dl-sysdep.c (__mmap): Likewise.
	* sysdeps/mach/hurd/mmap.c (__mmap): Likewise.
	* sysdeps/mach/hurd/mmap64.c (__mmap64): Likewise.
	* sysdeps/mach/mprotect.c (__mprotect): Likewise.
	* sysdeps/mach/msync.c (msync): Likewise.
	* sysdeps/mach/munmap.c (__munmap): Likewise.
	* sysdeps/mips/bits/setjmp.h (struct __jmp_buf_internal_tag):
	Likewise.
	* sysdeps/posix/getcwd.c (__getcwd): Likewise.
	* sysdeps/powerpc/powerpc32/memset.S (memset): Likewise.
	* sysdeps/powerpc/powerpc32/power4/memcpy.S (memcpy): Likewise.
	* sysdeps/powerpc/powerpc32/power4/memset.S (memset): Likewise.
	* sysdeps/powerpc/powerpc32/power6/memcpy.S (memcpy): Likewise.
	* sysdeps/powerpc/powerpc32/power6/memset.S (memset): Likewise.
	* sysdeps/powerpc/powerpc32/power7/memcpy.S (memcpy): Likewise.
	* sysdeps/powerpc/powerpc32/power7/mempcpy.S (__mempcpy):
	Likewise.
	* sysdeps/powerpc/powerpc32/power7/memset.S (memset): Likewise.
	* sysdeps/powerpc/powerpc64/memcpy.S (memcpy): Likewise.
	* sysdeps/powerpc/powerpc64/memset.S (memset): Likewise.
	* sysdeps/powerpc/powerpc64/power4/memcpy.S (memcpy): Likewise.
	* sysdeps/powerpc/powerpc64/power4/memset.S (memset): Likewise.
	* sysdeps/powerpc/powerpc64/power6/memcpy.S (memcpy): Likewise.
	* sysdeps/powerpc/powerpc64/power6/memset.S (memset): Likewise.
	* sysdeps/powerpc/powerpc64/power7/memcpy.S (memcpy): Likewise.
	* sysdeps/powerpc/powerpc64/power7/mempcpy.S (__mempcpy):
	Likewise.
	* sysdeps/powerpc/powerpc64/power7/memset.S (memset): Likewise.
	* sysdeps/powerpc/powerpc64/power8/memset.S (memset): Likewise.
	* sysdeps/tile/memcmp.c (__ptr_t): Remove macro.
	(MEMCMP): Use void * instead of ptr_t.
	* sysdeps/unix/sysv/linux/alpha/oldglob.c (old_glob_t): Likewise.
	* sysdeps/unix/sysv/linux/mmap.c (__mmap): Likewise.
2017-08-08 17:14:49 +00:00
Andreas Schwab
d5afb38503 Fix missing redirects in testsuite targets 2017-08-07 18:13:36 +02:00
H.J. Lu
ed421fca42 Avoid backtrace from __stack_chk_fail [BZ #12189]
__stack_chk_fail is called on corrupted stack.  Stack backtrace is very
unreliable against corrupted stack.  __libc_message is changed to accept
enum __libc_message_action and call BEFORE_ABORT only if action includes
do_backtrace.  __fortify_fail_abort is added to avoid backtrace from
__stack_chk_fail.

	[BZ #12189]
	* debug/Makefile (CFLAGS-tst-ssp-1.c): New.
	(tests): Add tst-ssp-1 if -fstack-protector works.
	* debug/fortify_fail.c: Include <stdbool.h>.
	(_fortify_fail_abort): New function.
	(__fortify_fail): Call _fortify_fail_abort.
	(__fortify_fail_abort): Add a hidden definition.
	* debug/stack_chk_fail.c: Include <stdbool.h>.
	(__stack_chk_fail): Call __fortify_fail_abort, instead of
	__fortify_fail.
	* debug/tst-ssp-1.c: New file.
	* include/stdio.h (__libc_message_action): New enum.
	(__libc_message): Replace int with enum __libc_message_action.
	(__fortify_fail_abort): New hidden prototype.
	* malloc/malloc.c (malloc_printerr): Update __libc_message calls.
	* sysdeps/posix/libc_fatal.c (__libc_message): Replace int
	with enum __libc_message_action.  Call BEFORE_ABORT only if
	action includes do_backtrace.
	(__libc_fatal): Update __libc_message call.
2017-07-11 07:44:14 -07:00
DJ Delorie
d5c3fafc43 Add per-thread cache to malloc
* config.make.in: Enable experimental malloc option.
* configure.ac: Likewise.
* configure: Regenerate.
* manual/install.texi: Document it.
* INSTALL: Regenerate.
* malloc/Makefile: Likewise.
* malloc/malloc.c: Add per-thread cache (tcache).
(tcache_put): New.
(tcache_get): New.
(tcache_thread_freeres): New.
(tcache_init): New.
(__libc_malloc): Use cached chunks if available.
(__libc_free): Initialize tcache if needed.
(__libc_realloc): Likewise.
(__libc_calloc): Likewise.
(_int_malloc): Prefill tcache when appropriate.
(_int_free): Likewise.
(do_set_tcache_max): New.
(do_set_tcache_count): New.
(do_set_tcache_unsorted_limit): New.
* manual/probes.texi: Document new probes.
* malloc/arena.c: Add new tcache tunables.
* elf/dl-tunables.list: Likewise.
* manual/tunables.texi: Document them.
* NEWS: Mention the per-thread cache.
2017-07-06 13:37:30 -04:00
H.J. Lu
4e61a6be44 i386: Increase MALLOC_ALIGNMENT to 16 [BZ #21120]
GCC 7 changed the definition of max_align_t on i386:

https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=9b5c49ef97e63cc63f1ffa13baf771368105ebe2

As a result, glibc malloc no longer returns memory blocks which are as
aligned as max_align_t requires.

This causes malloc/tst-malloc-thread-fail to fail with an error like this
one:

error: allocation function 0, size 144 not aligned to 16

This patch moves the MALLOC_ALIGNMENT definition to <malloc-alignment.h>
and increases the malloc alignment to 16 for i386.

	[BZ #21120]
	* malloc/malloc-internal.h (MALLOC_ALIGNMENT): Moved to ...
	* sysdeps/generic/malloc-alignment.h: Here.  New file.
	* sysdeps/i386/malloc-alignment.h: Likewise.
	* sysdeps/generic/malloc-machine.h: Include <malloc-alignment.h>.
2017-06-30 09:11:24 -07:00
Tulio Magno Quites Machado Filho
d54bb9b1d3 Prevent an implicit int promotion in malloc/tst-alloc_buffer.c
According to ISO C11, section 6.5.3.3 "Unary arithmetic operators", the
result of the ~ operator is the bitwise complement of its (promoted)
operand.
This can lead to a comparison of a char with another integer type.

Tested on powerpc, powerpc64 and powerpc64le.

	* malloc/tst-alloc_buffer.c (test_misaligned): Cast to char
	before comparing with another char.
2017-06-26 09:56:26 -03:00
Florian Weimer
4dd8e7c0ce Implement allocation buffers for internal use
This commit adds fixed-size allocation buffers.  The primary use
case is in NSS modules, where dynamically sized data is stored
in a fixed-size buffer provided by the caller.

Other uses include a replacement of mempcpy cascades (which is
safer due to the size checking inherent to allocation buffers).
2017-06-21 22:43:57 +02:00
Florian Weimer
5b83faf6a7 dynarray: Use libc_hidden_proto only for !_ISOMAC
With this change, it is possible to use dynarray from non-internal
tests.
2017-06-19 12:58:08 +02:00
Florian Weimer
f8bf87face dynarray: Implement begin/end functions in the spirit of C++ 2017-06-13 21:55:10 +02:00
Florian Weimer
990c32b93a malloc: Remove tst-dynarray, tst-dynarray-fail from test-srcs
They are already covered through the tests variable.
2017-06-09 14:08:57 +02:00
Siddhesh Poyarekar
44330b6d32 tunables: Clean up hooks to get and set tunables
The TUNABLE_SET_VALUE and family of macros (and my later attempt to
add a TUNABLE_GET) never quite went together very well because the
overall interface was not clearly defined.  This patch is an attempt
to do just that.

This patch consolidates the API to two simple sets of macros,
TUNABLE_GET* and TUNABLE_SET*.  If TUNABLE_NAMESPACE is defined,
TUNABLE_GET takes just the tunable name, type and a (optionally NULL)
callback function to get the value of the tunable.  The callback
function, if non-NULL, is called if the tunable was externally set
(i.e. via GLIBC_TUNABLES or any future mechanism).  For example:

    val = TUNABLE_GET (check, int32_t, check_callback)

returns the value of the glibc.malloc.check tunable (assuming
TUNABLE_NAMESPACE is set to malloc) as an int32_t into VAL after
calling check_callback.

Likewise, TUNABLE_SET can be used to set the value of the tunable,
although this is currently possible only in the dynamic linker before
it relocates itself.  For example:

  TUNABLE_SET (check, int32_t, 2)

will set glibc.malloc.check to 2.  Of course, this is not possible
since we set (or read) glibc.malloc.check long after it is relocated.

To access or set a tunable outside of TUNABLE_NAMESPACE, use the
TUNABLE_GET_FULL and TUNABLE_SET_FULL macros, which have the following
prototype:

  TUNABLE_GET_FULL (glibc, tune, hwcap_mask, uint64_t, NULL)
  TUNABLE_SET_FULL (glibc, tune, hwcap_mask, uint64_t, 0xffff)

In future the tunable list may get split into mutable and immutable
tunables where mutable tunables can be modified by the library and
userspace after relocation as well and TUNABLE_SET will be more useful
than it currently is.  However whenever we actually do that split, we
will have to ensure that the mutable tunables are protected with
locks.

	* elf/Versions (__tunable_set_val): Rename to __tunable_get_val.
	* elf/dl-tunables.c: Likewise.
	(do_tunable_update_val): New function.
	(__tunable_set_val): New function.
	(__tunable_get_val): Call CB only if the tunable was externally
	initialized.
	(tunables_strtoul): Replace strval with initialized.
	* elf/dl-tunables.h (strval): Replace with a bool initialized.
	(TUNABLE_ENUM_NAME, TUNABLE_ENUM_NAME1): Adjust names to
	prevent collision.
	(__tunable_set_val): New function.
	(TUNABLE_GET, TUNABLE_GET_FULL): New macros.
	(TUNABLE_SET, TUNABLE_SET_FULL): Likewise.
	(TUNABLE_SET_VAL): Remove.
	(TUNABLE_SET_VAL_WITH_CALLBACK): Likewise.
	* README.tunables: Document the new macros.
	* malloc/arena.c (ptmalloc_init): Adjust.
2017-06-07 11:11:36 +05:30
Florian Weimer
91b6eb1140 Add internal facility for dynamic array handling
This is intended as a type-safe alternative to obstacks and
hand-written realloc constructs.  The implementation avoids
writing function pointers to the heap.
2017-06-02 11:59:28 +02:00
Dennis Wölfing
2e0bbbfbf9 Add reallocarray function
The reallocarray function is an extension from OpenBSD.  It is an
integer-overflow-safe replacement for realloc(p, X*Y) and
malloc(X*Y) (realloc(NULL, X*Y)).  It can therefore help in preventing
certain security issues in code.

This is an updated version of a patch originally submitted by Rüdiger
Sonderfeld in May 2014 [1].

Checked on i686-linux-gnu and x86_64-linux-gnu.

[1] <https://sourceware.org/ml/libc-alpha/2014-05/msg00481.html>.

2017-05-30  Dennis Wölfing  <denniswoelfing@gmx.de>
            Rüdiger Sonderfeld  <ruediger@c-plusplus.de>

	* include/stdlib.h (__libc_reallocarray): New declaration.
	* malloc/Makefile (routines): Add reallocarray.
	(tests): Add tst-reallocarray.c.
	* malloc/Versions: Add reallocarray and __libc_reallocarray.
	* malloc/malloc-internal.h (check_mul_overflow_size_t): New inline
	function.
	* malloc/malloc.h (reallocarray): New declaration.
	* stdlib/stdlib.h (reallocarray): Likewise.
	* malloc/reallocarray.c: New file.
	* malloc/tst-reallocarray.c: New test file.
	* manual/memory.texi: Document reallocarray.
	* sysdeps/unix/sysv/linux/aarch64/libc.abilist: Add reallocarray.
	* sysdeps/unix/sysv/linux/alpha/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/arm/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/hppa/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/i386/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/ia64/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/microblaze/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/mips/mips32/nofpu/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/nios2/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist:
	Likewise.
	* sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist:
	Likewise.
	* sysdeps/unix/sysv/linux/powerpc/powerpc64/libc-le.abilist: Likewise.
	* sysdeps/unix/sysv/linux/powerpc/powerpc64/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/sh/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/tile/tilegx/tilegx32/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/tile/tilegx/tilegx64/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/tilepro/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/x86_64/64/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist: Likewise.
2017-05-30 18:27:57 -03:00
Zack Weinberg
7c3018f9e4 Suppress internal declarations for most of the testsuite.
This patch adds a new build module called 'testsuite'.
IS_IN (testsuite) implies _ISOMAC, as do IS_IN_build and __cplusplus
(which means several ad-hoc tests for __cplusplus can go away).
libc-symbols.h now suppresses almost all of *itself* when _ISOMAC is
defined; in particular, _ISOMAC mode does not get config.h
automatically anymore.

There are still quite a few tests that need to see internal gunk of
one variety or another.  For them, we now have 'tests-internal' and
'test-internal-extras'; files in this category will still be compiled
with MODULE_NAME=nonlib, and everything proceeds as it always has.
The bulk of this patch is moving tests from 'tests' to
'tests-internal'.  There is also 'tests-static-internal', which has
the same effect on files in 'tests-static', and 'modules-names-tests',
which has the *inverse* effect on files in 'modules-names' (it's
inverted because most of the things in modules-names are *not* tests).
For both of these, the file must appear in *both* the new variable and
the old one.

There is also now a special case for when libc-symbols.h is included
without MODULE_NAME being defined at all.  (This happens during the
creation of libc-modules.h, and also when preprocessing Versions
files.)  When this happens, IS_IN is set to be always false and
_ISOMAC is *not* defined, which was the status quo, but now it's
explicit.

The remaining changes to C source files in this patch seemed likely to
cause problems in the absence of the main change.  They should be
relatively self-explanatory.  In a few cases I duplicated a definition
from an internal header rather than move the test to tests-internal;
this was a judgement call each time and I'm happy to change those
however reviewers feel is more appropriate.

	* Makerules: New subdir configuration variables 'tests-internal'
	and 'test-internal-extras'.  Test files in these categories will
	still be compiled with MODULE_NAME=nonlib.  Test files in the
	existing categories (tests, xtests, test-srcs, test-extras) are
	now compiled with MODULE_NAME=testsuite.
	New subdir configuration variable 'modules-names-tests'.  Files
	which are in both 'modules-names' and 'modules-names-tests' will
	be compiled with MODULE_NAME=testsuite instead of
	MODULE_NAME=extramodules.
	(gen-as-const-headers): Move to tests-internal.
	(do-tests-clean, common-mostlyclean): Support tests-internal.
	* Makeconfig (built-modules): Add testsuite.
	* Makefile: Change libof-check-installed-headers-c and
	libof-check-installed-headers-cxx to 'testsuite'.
	* Rules: Likewise.  Support tests-internal.
	* benchtests/strcoll-inputs/filelist#en_US.UTF-8:
	Remove extra-modules.mk.

	* config.h.in: Don't check for __OPTIMIZE__ or __FAST_MATH__ here.
	* include/libc-symbols.h: Move definitions of _GNU_SOURCE,
	PASTE_NAME, PASTE_NAME1, IN_MODULE, IS_IN, and IS_IN_LIB to the
	very top of the file and rationalize their order.
	If MODULE_NAME is not defined at all, define IS_IN to always be
	false, and don't define _ISOMAC.
	If any of IS_IN (testsuite), IS_IN_build, or __cplusplus are
	true, define _ISOMAC and suppress everything else in this file,
	starting with the inclusion of config.h.
	Do check for inappropriate definitions of __OPTIMIZE__ and
	__FAST_MATH__ here, but only if _ISOMAC is not defined.
        Correct some out-of-date commentary.

	* include/math.h: If _ISOMAC is defined, undefine NO_LONG_DOUBLE
	and _Mlong_double_ before including math.h.
	* include/string.h: If _ISOMAC is defined, don't expose
	_STRING_ARCH_unaligned. Move a comment to a more appropriate
	location.

	* include/errno.h, include/stdio.h, include/stdlib.h, include/string.h
	* include/time.h, include/unistd.h, include/wchar.h: No need to
	check __cplusplus nor use __BEGIN_DECLS/__END_DECLS.

	* misc/sys/cdefs.h (__NTHNL): New macro.
	* sysdeps/m68k/m680x0/fpu/bits/mathinline.h
	(__m81_defun): Use __NTHNL to avoid errors with GCC 6.

	* elf/tst-env-setuid-tunables.c: Include config.h with _LIBC
	defined, for HAVE_TUNABLES.
	* inet/tst-checks-posix.c: No need to define _ISOMAC.
	* intl/tst-gettext2.c: Provide own definition of N_.
	* math/test-signgam-finite-c99.c: No need to define _ISOMAC.
	* math/test-signgam-main.c: No need to define _ISOMAC.
	* stdlib/tst-strtod.c: Convert to test-driver. Split locale_test to...
	* stdlib/tst-strtod1i.c: ...this new file.
	* stdlib/tst-strtod5.c: Convert to test-driver and add copyright notice.
        Split tests of __strtod_internal to...
	* stdlib/tst-strtod5i.c: ...this new file.
	* string/test-string.h: Include stdint.h. Duplicate definition of
	inhibit_loop_to_libcall here (from libc-symbols.h).
	* string/test-strstr.c: Provide dummy definition of
	libc_hidden_builtin_def when including strstr.c.
	* sysdeps/ia64/fpu/libm-symbols.h: Suppress entire file in _ISOMAC
	mode; no need to test __STRICT_ANSI__ nor __cplusplus as well.
	* sysdeps/x86_64/fpu/math-tests-arch.h: Include cpu-features.h.
	Don't include init-arch.h.
	* sysdeps/x86_64/multiarch/test-multiarch.h: Include cpu-features.h.
	Don't include init-arch.h.

	* elf/Makefile: Move tst-ptrguard1-static, tst-stackguard1-static,
	tst-tls1-static, tst-tls2-static, tst-tls3-static, loadtest,
	unload, unload2, circleload1, neededtest, neededtest2,
	neededtest3, neededtest4, tst-tls1, tst-tls2, tst-tls3,
	tst-tls6, tst-tls7, tst-tls8, tst-dlmopen2, tst-ptrguard1,
	tst-stackguard1, tst-_dl_addr_inside_object, and all of the
	ifunc tests to tests-internal.
	Don't add $(modules-names) to test-extras.
	* inet/Makefile: Move tst-inet6_scopeid_pton to tests-internal.
	Add tst-deadline to tests-static-internal.
	* malloc/Makefile: Move tst-mallocstate and tst-scratch_buffer to
	tests-internal.
	* misc/Makefile: Move tst-atomic and tst-atomic-long to tests-internal.
	* nptl/Makefile: Move tst-typesizes, tst-rwlock19, tst-sem11,
	tst-sem12, tst-sem13, tst-barrier5, tst-signal7, tst-tls3,
	tst-tls3-malloc, tst-tls5, tst-stackguard1, tst-sem11-static,
	tst-sem12-static, and tst-stackguard1-static to tests-internal.
        Link tests-internal with libpthread also.
	Don't add $(modules-names) to test-extras.
	* nss/Makefile: Move tst-field to tests-internal.
	* posix/Makefile: Move bug-regex5, bug-regex20, bug-regex33,
	tst-rfc3484, tst-rfc3484-2, and tst-rfc3484-3 to tests-internal.
	* stdlib/Makefile: Move tst-strtod1i, tst-strtod3, tst-strtod4,
	tst-strtod5i, tst-tls-atexit, and tst-tls-atexit-nodelete to
	tests-internal.
        * sunrpc/Makefile: Move tst-svc_register to tests-internal.
	* sysdeps/powerpc/Makefile: Move test-get_hwcap and
	test-get_hwcap-static to tests-internal.
	* sysdeps/unix/sysv/linux/Makefile: Move tst-setgetname to
	tests-internal.
	* sysdeps/x86_64/fpu/Makefile: Add all libmvec test modules to
	modules-names-tests.
2017-05-11 19:27:59 -04:00
Zack Weinberg
2bfdaeddaa Rename cppflags-iterator.mk to libof-iterator.mk, remove extra-modules.mk.
cppflags-iterator.mk no longer has anything to do with CPPFLAGS; all
it does is set libof-$(foo) for a list of files.  extra-modules.mk
does the same thing, but with a different input variable, and doesn't
let the caller control the module.  Therefore, this patch gives
cppflags-iterator.mk a better name, removes extra-modules.mk, and
updates all uses of both.

	* extra-modules.mk: Delete file.
	* cppflags-iterator.mk: Rename to ...
	* libof-iterator.mk: ...this.  Adjust comments.

	* Makerules, extra-lib.mk, benchtests/Makefile, elf/Makefile
	* elf/rtld-Rules, iconv/Makefile, locale/Makefile, malloc/Makefile
	* nscd/Makefile, sunrpc/Makefile, sysdeps/s390/Makefile:
	Use libof-iterator.mk instead of cppflags-iterator.mk or
	extra-modules.mk.

	* benchtests/strcoll-inputs/filelist#en_US.UTF-8: Remove
	extra-modules.mk and cppflags-iterator.mk, add libof-iterator.mk.
2017-05-09 07:06:29 -04:00
DJ Delorie
3b5f801ddb Tweak realloc/MREMAP comment to be more accurate.
MMap'd memory isn't shrunk without MREMAP, but IIRC this is intentional for
performance reasons.  Regardless, this patch tweaks the existing comment to
be more accurate wrt the existing code.

	[BZ #21411]
	* malloc/malloc.c: Tweak realloc/MREMAP comment to be more accurate.
2017-05-03 16:28:01 -04:00
Florian Weimer
cef9b65376 Assume that O_CLOEXEC is always defined and works 2017-04-18 14:56:51 +02:00
Florian Weimer
025b33ae84 malloc: Turn cfree into a compatibility symbol 2017-04-18 11:50:58 +02:00
Wladimir J. van der Laan
622222846a Call the right helper function when setting mallopt M_ARENA_MAX (BZ #21338)
Fixes a typo introduced in commit
be7991c070. This caused
mallopt(M_ARENA_MAX) as well as the environment variable
MALLOC_ARENA_MAX to not work as intended because it set the
wrong internal parameter.

 	[BZ #21338]
	* malloc/malloc.c: Call do_set_arena_max for M_ARENA_MAX
	instead of incorrect do_set_arena_test
2017-04-01 12:39:10 +05:30