aboutsummaryrefslogtreecommitdiff
path: root/malloc
AgeCommit message (Collapse)AuthorFilesLines
2023-05-08aligned_alloc: conform to C17DJ Delorie5-6/+116
This patch adds the strict checking for power-of-two alignments in aligned_alloc(), and updates the manual accordingly. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2023-05-02malloc: Really fix tst-memalign-3 link against threadsSamuel Thibault1-1/+2
All the tst malloc variants need the thread linking flags.
2023-05-02malloc: Fix tst-memalign-3 link against threadsSamuel Thibault1-0/+1
2023-04-20malloc: Add missing shared thread library flagsAdhemerval Zanella1-0/+1
So tst-memalign-3 builds on Hurd.
2023-04-18malloc: set NON_MAIN_ARENA flag for reclaimed memalign chunk (BZ #30101)DJ Delorie4-82/+268
Based on these comments in malloc.c: size field is or'ed with NON_MAIN_ARENA if the chunk was obtained from a non-main arena. This is only set immediately before handing the chunk to the user, if necessary. The NON_MAIN_ARENA flag is never set for unsorted chunks, so it does not have to be taken into account in size comparisons. When we pull a chunk off the unsorted list (or any list) we need to make sure that flag is set properly before returning the chunk. Use the rounded-up size for chunk_ok_for_memalign() Do not scan the arena for reusable chunks if there's no arena. Account for chunk overhead when determining if a chunk is a reuse candidate. mcheck interferes with memalign, so skip mcheck variants of memalign tests. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
2023-04-05malloc: Only set pragma weak for rpc freemem if requiredAdhemerval Zanella1-2/+4
Both __rpc_freemem and __rpc_thread_destroy are only used if the the compat symbols are required.
2023-03-29memalign: Support scanning for aligned chunks.DJ Delorie3-28/+390
This patch adds a chunk scanning algorithm to the _int_memalign code path that reduces heap fragmentation by reusing already aligned chunks instead of always looking for chunks of larger sizes and splitting them. The tcache macros are extended to allow removing a chunk from the middle of the list. The goal is to fix the pathological use cases where heaps grow continuously in workloads that are heavy users of memalign. Note that tst-memalign-2 checks for tcache operation, which malloc-check bypasses. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-03-29malloc: Use C11 atomics on memusageAdhemerval Zanella1-82/+111
Checked on x86_64-linux-gnu. Reviewed-by: DJ Delorie <dj@redhat.com>
2023-03-29Remove --enable-tunables configure optionAdhemerval Zanella Netto4-137/+5
And make always supported. The configure option was added on glibc 2.25 and some features require it (such as hwcap mask, huge pages support, and lock elisition tuning). It also simplifies the build permutations. Changes from v1: * Remove glibc.rtld.dynamic_sort changes, it is orthogonal and needs more discussion. * Cleanup more code. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-03-29Remove --disable-experimental-malloc optionAdhemerval Zanella1-4/+0
It is the default since 2.26 and it has bitrotten over the years, By using it multiple malloc tests fails: FAIL: malloc/tst-memalign-2 FAIL: malloc/tst-memalign-2-malloc-hugetlb1 FAIL: malloc/tst-memalign-2-malloc-hugetlb2 FAIL: malloc/tst-memalign-2-mcheck FAIL: malloc/tst-mxfast-malloc-hugetlb1 FAIL: malloc/tst-mxfast-malloc-hugetlb2 FAIL: malloc/tst-tcfree2 FAIL: malloc/tst-tcfree2-malloc-hugetlb1 FAIL: malloc/tst-tcfree2-malloc-hugetlb2 Checked on x86_64-linux-gnu. Reviewed-by: DJ Delorie <dj@redhat.com>
2023-03-28Allow building with --disable-nscd againFlavio Cruz1-0/+6
The change 88677348b4de breaks the build with undefiend references to the NSCD functions.
2023-03-27Move libc_freeres_ptrs and libc_subfreeres to hidden/weak functionsAdhemerval Zanella Netto2-29/+136
They are both used by __libc_freeres to free all library malloc allocated resources to help tooling like mtrace or valgrind with memory leak tracking. The current scheme uses assembly markers and linker script entries to consolidate the free routine function pointers in the RELRO segment and to be freed buffers in BSS. This patch changes it to use specific free functions for libc_freeres_ptrs buffers and call the function pointer array directly with call_function_static_weak. It allows the removal of both the internal macros and the linker script sections. Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2023-03-08malloc: Fix transposed arguments in sysmalloc_mmap_fallback callRobert Morell1-2/+2
git commit 0849eed45daa ("malloc: Move MORECORE fallback mmap to sysmalloc_mmap_fallback") moved a block of code from sysmalloc to a new helper function sysmalloc_mmap_fallback(), but 'pagesize' is used for the 'minsize' argument and 'MMAP_AS_MORECORE_SIZE' for the 'pagesize' argument. Fixes: 0849eed45daa ("malloc: Move MORECORE fallback mmap to sysmalloc_mmap_fallback") Signed-off-by: Robert Morell <rmorell@nvidia.com> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-02-22malloc: remove redundant check of unsorted bin corruptionAyush Mittal1-2/+0
* malloc/malloc.c (_int_malloc): remove redundant check of unsorted bin corruption With commit "b90ddd08f6dd688e651df9ee89ca3a69ff88cd0c" (malloc: Additional checks for unsorted bin integrity), same check of (bck->fd != victim) is added before checking of unsorted chunk corruption, which was added in "bdc3009b8ff0effdbbfb05eb6b10966753cbf9b8" (Added check before removing from unsorted list). .. 3773 if (__glibc_unlikely (bck->fd != victim) 3774 || __glibc_unlikely (victim->fd != unsorted_chunks (av))) 3775 malloc_printerr ("malloc(): unsorted double linked list corrupted"); .. .. 3815 /* remove from unsorted list */ 3816 if (__glibc_unlikely (bck->fd != victim)) 3817 malloc_printerr ("malloc(): corrupted unsorted chunks 3"); 3818 unsorted_chunks (av)->bk = bck; .. So this extra check can be removed. Signed-off-by: Maninder Singh <maninder1.s@samsung.com> Signed-off-by: Ayush Mittal <ayush.m@samsung.com> Reviewed-by: DJ Delorie <dj@redhat.com>
2023-01-06Update copyright dates not handled by scripts/update-copyrightsJoseph Myers3-3/+3
I've updated copyright dates in glibc for 2023. This is the patch for the changes not generated by scripts/update-copyrights and subsequent build / regeneration of generated files.
2023-01-06Update copyright dates with scripts/update-copyrightsJoseph Myers87-87/+87
2022-12-22Avoid use of atoi in mallocJoseph Myers1-7/+12
This patch is analogous to commit a3708cf6b0a5a68e2ed1ce3db28a03ed21d368d2. atoi has undefined behavior on out-of-range input, which makes it problematic to use anywhere in glibc that might be processing input out-of-range for atoi but not specified to produce undefined behavior for the function calling atoi. In conjunction with the C2x strtol changes, use of atoi in libc can also result in localplt test failures because the redirection for strtol does not interact properly with the libc_hidden_proto call for __isoc23_strtol for the call in the inline atoi implementation. In malloc/arena.c, this issue shows up for atoi calls that are only compiled for --disable-tunables (thus with the x86_64-linux-gnu-minimal configuration of build-many-glibcs.py, for example). Change those atoi calls to use strtol directly, as in the previous such changes. Tested for x86_64 (--disable-tunables).
2022-12-08realloc: Return unchanged if request is within usable sizeSiddhesh Poyarekar2-0/+33
If there is enough space in the chunk to satisfy the new size, return the old pointer as is, thus avoiding any locks or reallocations. The only real place this has a benefit is in large chunks that tend to get satisfied with mmap, since there is a large enough spare size (up to a page) for it to matter. For allocations on heap, the extra size is typically barely a few bytes (up to 15) and it's unlikely that it would make much difference in performance. Also added a smoke test to ensure that the old pointer is returned unchanged if the new size to realloc is within usable size of the old pointer. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: DJ Delorie <dj@redhat.com>
2022-11-01malloc: Use uintptr_t for pointer alignmentCarlos Eduardo Seo1-3/+3
Avoid integer casts that assume unsigned long can represent pointers. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2022-10-28Remove unused scratch_buffer_dupfreeSzabolcs Nagy4-63/+0
Turns out scratch_buffer_dupfree internal API was unused since commit ef0700004bf0dccf493a5e8e21f71d9e7972ea9f stdlib: Simplify buffer management in canonicalize And the related test in malloc/tst-scratch_buffer had issues so it's better to remove it completely. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2022-10-28malloc: Use uintptr_t in alloc_bufferSzabolcs Nagy1-3/+3
The values represnt pointers and not sizes. The members of struct alloc_buffer are already uintptr_t. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2022-10-13malloc: Switch global_max_fast to uint8_tFlorian Weimer1-1/+1
MAX_FAST_SIZE is 160 at most, so a uint8_t is sufficient. This makes it harder to use memory corruption, by overwriting global_max_fast with a large value, to fundamentally alter malloc behavior. Reviewed-by: DJ Delorie <dj@redhat.com>
2022-09-26Use atomic_exchange_release/acquireWilco Dijkstra1-1/+1
Rename atomic_exchange_rel/acq to use atomic_exchange_release/acquire since these map to the standard C11 atomic builtins. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2022-09-22malloc: Print error when oldsize is not equal to the current size.Qingqing Li1-1/+2
This is used to detect errors early. The read of the oldsize is not protected by any lock, so check this value to avoid causing bigger mistakes. Reviewed-by: DJ Delorie <dj@redhat.com>
2022-09-09Use C11 atomics instead of atomic_decrement(_val)Wilco Dijkstra1-1/+1
Replace atomic_decrement and atomic_decrement_val with atomic_fetch_add_relaxed. Reviewed-by: DJ Delorie <dj@redhat.com>
2022-09-09Use C11 atomics instead atomic_add(_zero)Wilco Dijkstra1-1/+1
Replace atomic_add and atomic_add_zero with atomic_fetch_add_relaxed. Reviewed-by: DJ Delorie <dj@redhat.com>
2022-09-06malloc: Use C11 atomics rather than atomic_exchange_and_addWilco Dijkstra1-3/+3
Replace a few counters using atomic_exchange_and_add with atomic_fetch_add_relaxed. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2022-08-15malloc: Do not use MAP_NORESERVE to allocate heap segmentsFlorian Weimer2-8/+1
Address space for heap segments is reserved in a mmap call with MAP_ANONYMOUS | MAP_PRIVATE and protection flags PROT_NONE. This reservation does not count against the RSS limit of the process or system. Backing memory is allocated using mprotect in alloc_new_heap and grow_heap, and at this point, the allocator expects the kernel to provide memory (subject to memory overcommit). The SIGSEGV that might generate due to MAP_NORESERVE (according to the mmap manual page) does not seem to occur in practice, it's always SIGKILL from the OOM killer. Even if there is a way that SIGSEGV could be generated, it is confusing to applications that this only happens for secondary heaps, not for large mmap-based allocations, and not for the main arena. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2022-08-03assert: Do not use stderr in libc-internal assertFlorian Weimer1-16/+0
Redirect internal assertion failures to __libc_assert_fail, based on based on __libc_message, which writes directly to STDERR_FILENO and calls abort. Also disable message translation and reword the error message slightly (adjusting stdlib/tst-bz20544 accordingly). As a result of these changes, malloc no longer needs its own redefinition of __assert_fail. __libc_assert_fail needs to be stubbed out during rtld dependency analysis because the rtld rebuilds turn __libc_assert_fail into __assert_fail, which is unconditionally provided by elf/dl-minimal.c. This change is not possible for the public assert macro and its __assert_fail function because POSIX requires that the diagnostic is written to stderr. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2022-08-03stdio: Clean up __libc_message after unconditional abortFlorian Weimer1-3/+2
Since commit ec2c1fcefb200c6cb7e09553f3c6af8815013d83 ("malloc: Abort on heap corruption, without a backtrace [BZ #21754]"), __libc_message always terminates the process. Since commit a289ea09ea843ced6e5277c2f2e63c357bc7f9a3 ("Do not print backtraces on fatal glibc errors"), the backtrace facility has been removed. Therefore, remove enum __libc_message_action and the action argument of __libc_message, and mark __libc_message as _No_return. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2022-08-01malloc: Use __getrandom_nocancel during tcache initiailizationFlorian Weimer1-1/+2
Cancellation currently cannot happen at this point because dlopen as used by the unwind link always performs additional allocations for libgcc_s.so.1, even if it has been loaded already as a dependency of the main executable. But it seems prudent not to rely on this quirk. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2022-08-01Remove spurious references to _dl_open_hookFlorian Weimer1-5/+0
_dl_open_hook was removed in commit 466c1ea15f461edb8e3ffaf5d86d708 ("dlfcn: Rework static dlopen hooks"). Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2022-07-22stdlib: Add arc4random, arc4random_buf, and arc4random_uniform (BZ #4417)Adhemerval Zanella Netto1-1/+1
The implementation is based on scalar Chacha20 with per-thread cache. It uses getrandom or /dev/urandom as fallback to get the initial entropy, and reseeds the internal state on every 16MB of consumed buffer. To improve performance and lower memory consumption the per-thread cache is allocated lazily on first arc4random functions call, and if the memory allocation fails getentropy or /dev/urandom is used as fallback. The cache is also cleared on thread exit iff it was initialized (so if arc4random is not called it is not touched). Although it is lock-free, arc4random is still not async-signal-safe (the per thread state is not updated atomically). The ChaCha20 implementation is based on RFC8439 [1], omitting the final XOR of the keystream with the plaintext because the plaintext is a stream of zeros. This strategy is similar to what OpenBSD arc4random does. The arc4random_uniform is based on previous work by Florian Weimer, where the algorithm is based on Jérémie Lumbroso paper Optimal Discrete Uniform Generation from Coin Flips, and Applications (2013) [2], who credits Donald E. Knuth and Andrew C. Yao, The complexity of nonuniform random number generation (1976), for solving the general case. The main advantage of this method is the that the unit of randomness is not the uniform random variable (uint32_t), but a random bit. It optimizes the internal buffer sampling by initially consuming a 32-bit random variable and then sampling byte per byte. Depending of the upper bound requested, it might lead to better CPU utilization. Checked on x86_64-linux-gnu, aarch64-linux, and powerpc64le-linux-gnu. Co-authored-by: Florian Weimer <fweimer@redhat.com> Reviewed-by: Yann Droneaud <ydroneaud@opteya.com> [1] https://datatracker.ietf.org/doc/html/rfc8439 [2] https://arxiv.org/pdf/1304.1916.pdf
2022-07-21malloc: Simplify implementation of __malloc_assertFlorian Weimer1-10/+5
It is prudent not to run too much code after detecting heap corruption, and __fxprintf is really complex. The line number and file name do not carry much information, so it is not included in the error message. (__libc_message only supports %s formatting.) The function name and assertion should provide some context. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2022-07-05malloc: Simplify checked_request2size interfaceFlorian Weimer2-15/+18
In-band signaling avoids an uninitialized variable warning when building with -Og and GCC 12. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2022-03-23malloc: Fix duplicate inline for do_set_mxfastAdhemerval Zanella1-2/+1
2022-03-10malloc: Exit early on test failure in tst-reallocFlorian Weimer1-31/+15
This addresses more (correct) use-after-free warnings reported by GCC 12 on some targets. Fixes commit c094c232eb3246154265bb035182f92fe1b17ab8 ("Avoid -Wuse-after-free in tests [BZ #26779]."). Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2022-02-25build: Properly generate .d dependency files [BZ #28922]H.J. Lu1-1/+1
1. Also generate .d dependency files for $(tests-container) and $(tests-printers). 2. elf: Add tst-auditmod17.os to extra-test-objs. 3. iconv: Add tst-gconv-init-failure-mod.os to extra-test-objs. 4. malloc: Rename extra-tests-objs to extra-test-objs. 5. linux: Add tst-sysconf-iov_max-uapi.o to extra-test-objs. 6. x86_64: Add tst-x86_64mod-1.o, tst-platformmod-2.o, test-libmvec.o, test-libmvec-avx.o, test-libmvec-avx2.o and test-libmvec-avx512f.o to extra-test-objs. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2022-02-10malloc: Remove LD_TRACE_PRELINKING usage from mtraceAdhemerval Zanella1-24/+31
The fix for BZ#22716 replacde LD_TRACE_LOADED_OBJECTS with LD_TRACE_PRELINKING so mtrace could record executable address position. To provide the same information, LD_TRACE_LOADED_OBJECTS is extended where a value or '2' also prints the executable address as well. It avoid adding another loader environment variable to be used solely for mtrace. The vDSO will be printed as a default library (with '=>' pointing the same name), which is ok since both mtrace and ldd already handles it. The mtrace script is changed to also parse the new format. To correctly support PIE and non-PIE executables, both the default mtrace address and the one calculated as used (it fixes mtrace for non-PIE exectuable as for BZ#22716 for PIE). Checked on x86_64-linux-gnu. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2022-02-01malloc: Fix tst-mallocalign1 macro spacing.Carlos O'Donell1-1/+1
Reported by Andreas Schwab <schwab@linux-m68k.org>
2022-01-31malloc: Fix -Wuse-after-free warning in tst-mallocalign1 [BZ #26779]Carlos O'Donell1-9/+11
The test leaks bits from the freed pointer via the return value in ret, and the compiler correctly identifies this issue. We switch the test to use TEST_VERIFY and terminate the test if any of the pointers return an unexpected alignment. This fixes another -Wuse-after-free error when compiling glibc with gcc 12. Tested on x86_64 and i686 without regression. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2022-01-26Avoid -Wuse-after-free in tests [BZ #26779].Martin Sebor5-1/+58
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2022-01-01Update copyright dates not handled by scripts/update-copyrights.Paul Eggert3-3/+3
I've updated copyright dates in glibc for 2022. This is the patch for the changes not generated by scripts/update-copyrights and subsequent build / regeneration of generated files. As well as the usual annual updates, mainly dates in --version output (minus csu/version.c which previously had to be handled manually but is now successfully updated by update-copyrights), there is a small change to the copyright notice in NEWS which should let NEWS get updated automatically next year. Please remember to include 2022 in the dates for any new files added in future (which means updating any existing uncommitted patches you have that add new files to use the new copyright dates in them).
2022-01-01Update copyright dates with scripts/update-copyrightsPaul Eggert88-88/+88
I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 7061 files FOO. I then removed trailing white space from math/tgmath.h, support/tst-support-open-dev-null-range.c, and sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following obscure pre-commit check failure diagnostics from Savannah. I don't know why I run into these diagnostics whereas others evidently do not. remote: *** 912-#endif remote: *** 913: remote: *** 914- remote: *** error: lines with trailing whitespace found ... remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
2021-12-28malloc: Remove memusage.hAdhemerval Zanella1-6/+7
And use machine-sp.h instead. The Linux implementation is based on already provided CURRENT_STACK_FRAME (used on nptl code) and STACK_GROWS_UPWARD is replaced with _STACK_GROWS_UP.
2021-12-28malloc: Use hp-timing on libmemusageAdhemerval Zanella1-3/+21
Instead of reimplemeting on GETTIME macro.
2021-12-28malloc: Remove atomic_* usageAdhemerval Zanella1-18/+18
These typedef are used solely on memusage and can be replaced with generic types.
2021-12-27malloc: Add missing shared thread library flagsSamuel Thibault1-0/+16
2021-12-16Remove upper limit on tunable MALLOC_MMAP_THRESHOLDPatrick McGehearty1-10/+5
The current limit on MALLOC_MMAP_THRESHOLD is either 1 Mbyte (for 32-bit apps) or 32 Mbytes (for 64-bit apps). This value was set by a patch dated 2006 (15 years ago). Attempts to set the threshold higher are currently ignored. The default behavior is appropriate for many highly parallel applications where many processes or threads are sharing RAM. In other situations where the number of active processes or threads closely matches the number of cores, a much higher limit may be desired by the application designer. By today's standards on personal computers and small servers, 2 Gbytes of RAM per core is commonly available. On larger systems 4 Gbytes or more of RAM is sometimes available. Instead of raising the limit to match current needs, this patch proposes to remove the limit of the tunable, leaving the decision up to the user of a tunable to judge the best value for their needs. This patch does not change any of the defaults for malloc tunables, retaining the current behavior of the dynamic malloc mmap threshold. bugzilla 27801 - Remove upper limit on tunable MALLOC_MMAP_THRESHOLD Reviewed-by: DJ Delorie <dj@redhat.com> malloc/ malloc.c changed do_set_mmap_threshold to remove test for HEAP_MAX_SIZE.
2021-12-15malloc: Enable huge page support on main arenaAdhemerval Zanella3-6/+14
This patch adds support huge page support on main arena allocation, enable with tunable glibc.malloc.hugetlb=2. The patch essentially disable the __glibc_morecore() sbrk() call (similar when memory tag does when sbrk() call does not support it) and fallback to default page size if the memory allocation fails. Checked on x86_64-linux-gnu. Reviewed-by: DJ Delorie <dj@redhat.com>