aboutsummaryrefslogtreecommitdiff
path: root/malloc/malloc.c
AgeCommit message (Collapse)AuthorFilesLines
2015-05-19Avoid deadlock in malloc on backtrace (BZ #16159)Siddhesh Poyarekar1-67/+106
When the malloc subsystem detects some kind of memory corruption, depending on the configuration it prints the error, a backtrace, a memory map and then aborts the process. In this process, the backtrace() call may result in a call to malloc, resulting in various kinds of problematic behavior. In one case, the malloc it calls may detect a corruption and call backtrace again, and a stack overflow may result due to the infinite recursion. In another case, the malloc it calls may deadlock on an arena lock with the malloc (or free, realloc, etc.) that detected the corruption. In yet another case, if the program is linked with pthreads, backtrace may do a pthread_once initialization, which deadlocks on itself. In all these cases, the program exit is not as intended. This is avoidable by marking the arena that malloc detected a corruption on, as unusable. The following patch does that. Features of this patch are as follows: - A flag is added to the mstate struct of the arena to indicate if the arena is corrupt. - The flag is checked whenever malloc functions try to get a lock on an arena. If the arena is unusable, a NULL is returned, causing the malloc to use mmap or try the next arena. - malloc_printerr sets the corrupt flag on the arena when it detects a corruption - free does not concern itself with the flag at all. It is not important since the backtrace workflow does not need free. A free in a parallel thread may cause another corruption, but that's not new - The flag check and set are not atomic and may race. This is fine since we don't care about contention during the flag check. We want to make sure that the malloc call in the backtrace does not trip on itself and all that action happens in the same thread and not across threads. I verified that the test case does not show any regressions due to this patch. I also ran the malloc benchmarks and found an insignificant difference in timings (< 2%). * malloc/Makefile (tests): New test case tst-malloc-backtrace. * malloc/arena.c (arena_lock): Check if arena is corrupt. (reused_arena): Find a non-corrupt arena. (heap_trim): Pass arena to unlink. * malloc/hooks.c (malloc_check_get_size): Pass arena to malloc_printerr. (top_check): Likewise. (free_check): Likewise. (realloc_check): Likewise. * malloc/malloc.c (malloc_printerr): Add arena argument. (unlink): Likewise. (munmap_chunk): Adjust. (ARENA_CORRUPTION_BIT): New macro. (arena_is_corrupt): Likewise. (set_arena_corrupt): Likewise. (sysmalloc): Use mmap if there are no usable arenas. (_int_malloc): Likewise. (__libc_malloc): Don't fail if arena_get returns NULL. (_mid_memalign): Likewise. (__libc_calloc): Likewise. (__libc_realloc): Adjust for additional argument to malloc_printerr. (_int_free): Likewise. (malloc_consolidate): Likewise. (_int_realloc): Likewise. (_int_memalign): Don't touch corrupt arenas. * malloc/tst-malloc-backtrace.c: New test case.
2015-02-18Consolidate arena_lookup and arena_lock into a single arena_getSiddhesh Poyarekar1-2/+1
This seems to have been left behind as an artifact of some old changes and can now be merged. Verified that the only generated code change on x86_64 is that of line numbers in asserts, like so: @@ -27253,7 +27253,7 @@ Disassembly of section .text: 416f09: 48 89 42 20 mov %rax,0x20(%rdx) 416f0d: e9 7e f6 ff ff jmpq 416590 <_int_free+0x230> 416f12: b9 3f 9f 4a 00 mov $0x4a9f3f,%ecx - 416f17: ba d5 0f 00 00 mov $0xfd5,%edx + 416f17: ba d6 0f 00 00 mov $0xfd6,%edx 416f1c: be a8 9b 4a 00 mov $0x4a9ba8,%esi 416f21: bf 6a 9c 4a 00 mov $0x4a9c6a,%edi 416f26: e8 45 e8 ff ff callq 415770 <__malloc_assert>
2015-02-17Use alignment macros, pagesize and powerof2.Carlos O'Donell1-20/+22
We are replacing all of the bespoke alignment code with ALIGN_UP, ALIGN_DOWN, PTR_ALIGN_UP, and PTR_ALIGN_DOWN. This cleans up malloc/malloc.c, malloc/arena.c, and elf/dl-reloc.c. It also makes all the code consistently use pagesize, and powerof2 as required. Code size is reduced with the removal of precomputed pagemask, and use of pagesize instead. No measurable difference in performance. No regressions on x86_64.
2015-01-02Update copyright dates with scripts/update-copyrights.Joseph Myers1-1/+1
2014-12-17Remove explicit inline on malloc perturb functions.Roland McGrath1-2/+2
2014-12-112014-12-11 Steve Ellcey <sellcey@imgtec.com>Steve Ellcey1-1/+1
* malloc/malloc.c: Fix powerof2 check.
2014-11-12Fix malloc_info namespace (bug 17570).Joseph Myers1-1/+2
malloc_info is defined in the same file as malloc and free, but is not an ISO C function, so should be a weak symbol. This patch makes it so. Tested for x86_64 (testsuite, and that disassembly of installed shared libraries is unchanged by the patch). [BZ #17570] * malloc/malloc.c (malloc_info): Rename to __malloc_info and define as weak alias of __malloc_info.
2014-09-11malloc: additional unlink hardening for non-small bins [BZ #17344]Florian Weimer1-2/+4
Turn two asserts into a conditional call to malloc_printerr. The memory locations are accessed later anyway, so the performance impact is minor.
2014-08-12malloc: fix comment typoSean Anderson1-1/+1
2014-06-19malloc/malloc.c: Avoid calling sbrk unnecessarily with zeroWill Newton1-0/+3
Due to my bad review suggestion for the fix for BZ #15089 a check was removed from systrim to prevent sbrk being called with a zero argument. Add the check back to avoid this useless work. ChangeLog: 2014-06-19 Will Newton <will.newton@linaro.org> * malloc/malloc.c (systrim): If extra is zero then return early.
2014-06-02Fix format specifier for n_mmapsSiddhesh Poyarekar1-1/+1
2014-05-30Fix formatting in malloc_infoSiddhesh Poyarekar1-10/+10
2014-05-30Add mmap usage in malloc_info outputSiddhesh Poyarekar1-0/+2
The current malloc_info xml output only has information about allocations on the heap. Display information about number of mappings and total mmapped size to this to complete the picture.
2014-05-30Remove mi_arena nested function.Ondřej Bílka1-121/+117
2014-05-30revert commit fdfd175d46ac6a810ebdeb2a2936e6d7d13995abOndřej Bílka1-135/+125
2014-05-26Remove nested function mi_arena from malloc_info.Carlos O'Donell1-125/+135
The nested function mi_arena was removed from malloc_info and made into a non-nested static inline function of the same name with the correct set of arguments passed from malloc_info. This enables building glibc with compilers that don't support nested functions. Future work on malloc_info should remove these functions entirely to support JSON format output. Therefore we do the minimum required to remove the nested function.
2014-04-11malloc: Fix MALLOC_DEBUG -Wundef warningWill Newton1-1/+5
MALLOC_DEBUG is set optionally on the command line. Default the value to zero if it is not set on the command line, and test its value with #if rather than #ifdef. Verified the code is identical before and after this change apart from line numbers. ChangeLog: 2014-04-11 Will Newton <will.newton@linaro.org> * malloc/malloc.c [!MALLOC_DEBUG]: #define MALLOC_DEBUG to zero if it is not defined elsewhere. (mtrim): Test the value of MALLOC_DEBUG with #if rather than #ifdef.
2014-03-03Revert 4248f0da6ff9e7dd63464cdecec2dec332dfc2f0.Carlos O'Donell1-6/+109
Objections were raised surrounding the calloc simplification and it is better to revert the patch, continue discussions and then submit a new patch for inclusion with all issues fully addressed.
2014-02-26Simplify calloc implementation.Ondřej Bílka1-109/+6
To make future improvements of allocator simpler we could for now calloc just call malloc and memset. With that we could omit a changes that would duplicate malloc changes anyway.
2014-02-10Use glibc_likely instead __builtin_expect.Ondřej Bílka1-7/+7
2014-02-10Remove THREAD_STATS.Ondřej Bílka1-40/+0
A THREAD_STATS macro duplicates gathering information that could be obtained by systemtap probes instead.
2014-01-02Reformat malloc to gnu style.Ondřej Bílka1-2069/+2214
2014-01-01Update copyright notices with scripts/update-copyrightsAllan McRae1-1/+1
2013-12-24Fix race in free() of fastbin chunk: BZ #15073Maxim Kuvyrkov1-8/+12
Perform sanity check only if we have_lock. Due to lockless nature of fastbins we need to be careful derefencing pointers to fastbin entries (chunksize(old) in this case) in multithreaded environments. The fix is to add have_lock to the if-condition checks. The rest of the patch only makes code more readable. * malloc/malloc.c (_int_free): Perform sanity check only if we have_lock.
2013-12-10Expand MALLOC_COPY and MALLOC_ZERO to memcpy and memset.Ondřej Bílka1-18/+5
2013-12-10Drop PER_THREAD conditionals from malloc.Ondřej Bílka1-15/+0
2013-12-09Simplify perturb_byte logic.Ondřej Bílka1-21/+24
2013-12-09Replace malloc force_reg by atomic_forced_read.Ondřej Bílka1-15/+8
2013-12-06Fix BZ #15089: malloc_trim always trim for large padding.Fernando J. V. da Silva1-33/+35
2013-11-28Make memset in calloc a tail call.Ondřej Bílka1-2/+2
2013-11-21Add missing #include for malloc/hooks.c code.Roland McGrath1-2/+3
2013-11-20Consolidate valloc/pvalloc code.Ondřej Bílka1-109/+26
To make malloc code more maintainable we make malloc and pvalloc share logic with memalign.
2013-11-01Fix malloc_info statistic. Fixes bug 16112Ondřej Bílka1-16/+4
2013-10-30malloc: Fix for infinite loop in memalign/posix_memalign.Will Newton1-0/+8
A very large alignment argument passed to mealign/posix_memalign causes _int_memalign to enter an infinite loop. Limit the maximum alignment value to the maximum representable power of two to prevent this from happening. Changelog: 2013-10-30 Will Newton <will.newton@linaro.org> [BZ #16038] * malloc/hooks.c (memalign_check): Limit alignment to the maximum representable power of two. * malloc/malloc.c (__libc_memalign): Likewise. * malloc/tst-memalign.c (do_test): Add test for very large alignment values. * malloc/tst-posix_memalign.c (do_test): Likewise.
2013-10-30Use atomic operations to track memory. Fixes bug 11087Ondřej Bílka1-12/+11
2013-10-18Remove assert in malloc statistic. Fixes bug 12486.Ondřej Bílka1-9/+0
2013-09-20Add malloc probes for sbrk and heap resizing.Alexandre Oliva1-1/+5
for ChangeLog * malloc/arena.c (new_heap): New memory_heap_new probe. (grow_heap): New memory_heap_more probe. (shrink_heap): New memory_heap_less probe. (heap_trim): New memory_heap_free probe. * malloc/malloc.c (sysmalloc): New memory_sbrk_more probe. (systrim): New memory_sbrk_less probe. * manual/probes.texi: Document them.
2013-09-20Add probes for malloc retries.Alexandre Oliva1-0/+6
for ChangeLog * malloc/malloc.c (__libc_malloc): Add memory_malloc_retry probe. (__libc_realloc): Add memory_realloc_retry probe. (__libc_memalign): Add memory_memalign_retry probe. (__libc_valloc): Add memory_valloc_retry probe. (__libc_pvalloc): Add memory_pvalloc_retry probe. (__libc_calloc): Add memory_calloc_retry probe. * manual/probes.texi: Document them.
2013-09-20Add probes for malloc arena changes.Alexandre Oliva1-0/+1
for ChangeLog * malloc/arena.c (get_free_list): Add probe memory_arena_reuse_free_list. (reused_arena) [PER_THREAD]: Add probes memory_arena_reuse_wait and memory_arena_reuse. (arena_get2) [!PER_THREAD]: Likewise. * malloc/malloc.c (__libc_realloc) [!PER_THREAD]: Add probe memory_arena_reuse_realloc. * manual/probes.texi: Document them.
2013-09-20Add probes for all changes to malloc options.Alexandre Oliva1-5/+25
for ChangeLog * malloc/malloc.c (__libc_free): Add memory_mallopt_free_dyn_thresholds probe. (__libc_mallopt): Add multiple memory_mallopt probes. * manual/probes.texi: Document them.
2013-09-20Add first set of memory probes.Alexandre Oliva1-0/+4
for ChangeLog * malloc/malloc.c: Include stap-probe.h. (__libc_mallopt): Add memory_mallopt probe. * malloc/arena.c (_int_new_arena): Add memory_arena_new probe. * manual/probes.texi: New. * manual/Makefile (chapters): Add probes. * manual/threads.texi: Set next node.
2013-09-11malloc: Check for integer overflow in memalign.Will Newton1-0/+7
A large bytes parameter to memalign could cause an integer overflow and corrupt allocator internals. Check the overflow does not occur before continuing with the allocation. ChangeLog: 2013-09-11 Will Newton <will.newton@linaro.org> [BZ #15857] * malloc/malloc.c (__libc_memalign): Check the value of bytes does not overflow.
2013-09-11malloc: Check for integer overflow in valloc.Will Newton1-0/+7
A large bytes parameter to valloc could cause an integer overflow and corrupt allocator internals. Check the overflow does not occur before continuing with the allocation. ChangeLog: 2013-09-11 Will Newton <will.newton@linaro.org> [BZ #15856] * malloc/malloc.c (__libc_valloc): Check the value of bytes does not overflow.
2013-09-11malloc: Check for integer overflow in pvalloc.Will Newton1-0/+7
A large bytes parameter to pvalloc could cause an integer overflow and corrupt allocator internals. Check the overflow does not occur before continuing with the allocation. ChangeLog: 2013-09-11 Will Newton <will.newton@linaro.org> [BZ #15855] * malloc/malloc.c (__libc_pvalloc): Check the value of bytes does not overflow.
2013-08-29Fix typos.Ondřej Bílka1-1/+1
2013-06-08Use (void) in no-arguments function definitions.Joseph Myers1-1/+1
2013-03-08Remove __malloc_ptr_t.Joseph Myers1-19/+19
2013-01-17Add HAVE_MREMAP for mremap usagePino Toscano1-8/+4
Introduce (only on Linux) and use a HAVE_MREMAP symbol to advertize mremap availability. Move the malloc-sysdep.h include from arena.c to malloc.c, since what is provided by malloc-sysdep.h is needed earlier in malloc.c, before the inclusion of arena.c.
2013-01-07Clean up __MALLOC_* macros.Joseph Myers1-15/+11
2013-01-02Update copyright notices with scripts/update-copyrights.Joseph Myers1-1/+1