7d75acc62a
use strict prototype
...
h_malloc.c:83:21: error: function declaration isn’t a prototype [-Werror=strict-prototypes]
83 | static inline void *get_slab_region_end() {
| ^~~~~~~~~~~~~~~~~~~
2023-06-10 14:18:27 -04:00
64dad0a69f
drop legacy glibc support
2023-06-10 14:04:46 -04:00
d3152b8e8f
preserve errno for free calls
...
This is a future POSIX requirement recently implemented by musl and
glibc.
2023-02-17 13:07:26 -05:00
2e9daf3122
merge fprintf/fputs calls in malloc_info
2023-02-17 13:07:26 -05:00
2250130c53
remove unnecessary UNUSED marker
2022-09-16 01:03:47 -04:00
8f38bbdee6
add configuration for self-init
...
This needs to be disabled for compatibility with the exploit protection
compatibility mode on GrapheneOS. hardened_malloc shouldn't be trying to
initialize itself when exploit protection compatibility mode is enabled.
This has to be handled in our Bionic integration instead.
2022-09-14 03:41:31 -04:00
b511696c55
clean up includes and remove non-portable includes
...
This marginally increases the portability of hardened_malloc,
eg. on OSX.
2022-02-07 07:14:51 -05:00
448170a412
fix case for non-macro constant
2022-01-21 23:59:37 -05:00
995ce07d45
add is_init likely/unlikely markers
2022-01-21 19:46:49 -05:00
c9d1abcd7e
explicitly mark fatal error conditions unlikely
2022-01-21 19:45:05 -05:00
8f0b252c33
mark more out-of-memory conditions as unlikely
2022-01-21 19:03:02 -05:00
3cffc1e1af
treat zero size malloc as unlikely
...
Calls to malloc with a zero size are extremely rare relative to normal
usage of the API. It's generally only done by inefficient C code with
open coded dynamic array implementations where they aren't handling zero
size as a special case for their usage of malloc/realloc. Efficient code
wouldn't be making these allocations. It doesn't make sense to optimize
for the performance of rare edge cases caused by inefficient code.
2022-01-21 18:27:04 -05:00
b3d78bd5f6
use static const for local constants
2022-01-16 21:02:17 -05:00
8d61e63274
add comment about special small size classes
2022-01-16 20:50:49 -05:00
81cf2f27a0
calculate slab size class instead of array loop
2022-01-16 16:18:14 -05:00
d8cb2d9f7a
use consistent wrappers around clz/ffs
2022-01-16 15:39:59 -05:00
86f9c739ee
define constant for u64 bit width
2022-01-16 15:06:36 -05:00
536f852538
reuse a single size alignment implementation
2022-01-16 14:44:28 -05:00
2a5662948e
rename bitmap manipulation functions
2022-01-04 12:14:55 -05:00
d1c39edc9b
use const for malloc_object_size API
2022-01-04 10:14:41 -05:00
5f32942263
get rid of canary_value when canaries are disabled
2022-01-03 20:39:30 -05:00
3696f071a4
use SLAB_CANARY for conditional checks
2022-01-03 02:17:04 -05:00
8ae78237ae
avoid unnecessarily mixing 32-bit and 64-bit ints
...
It's ever so slightly faster to stick to stick to 64-bit arithmetic and
it avoids clang tidy being unhappy about the implicit widening.
2022-01-03 00:54:43 -05:00
3f8e9d3184
make MREMAP_MOVE_THRESHOLD into size_t constant
...
This avoids a clang-tidy warning and is a bit cleaner.
2022-01-03 00:32:06 -05:00
9142a9376b
Add a bunch of const qualifiers
2021-12-30 21:25:16 -05:00
0655c1d024
Add a missing const
2021-12-26 18:19:59 -05:00
e41d37c3de
remove unnecessary else
2021-09-30 10:57:05 -04:00
be6dde66f9
fix missing include for Intel MPK support
2021-05-21 09:07:28 -04:00
27fcfccb67
make __GLIBC_PREREQ check for mallinfo2 portable
2021-05-12 22:53:20 -04:00
da190f1469
mark pvalloc error path as unlikely
2021-05-12 21:01:13 -04:00
b0f81365a8
reuse code for aligned allocation API entry points
2021-05-12 20:59:04 -04:00
c9820b6e37
mark alloc_aligned_simple error path unlikely
2021-05-12 20:41:46 -04:00
f1cdc1e484
remove disconcerting newline
2021-05-12 20:34:18 -04:00
26b74b87bf
improve code reuse for malloc API entry points
2021-05-12 20:28:50 -04:00
89faba4232
set errno in malloc_get_state to match glibc
2021-05-12 20:19:12 -04:00
a45dacc57b
add support for glibc mallinfo2
2021-05-12 20:07:15 -04:00
f9a8e7216b
purge slab memory even if using MAP_FIXED fails
2021-05-12 00:45:19 -04:00
5c974bdf82
use region quarantine even if MAP_FIXED call fails
...
This is a more sensible way of handling an out-of-memory failure in this
edge case. It doesn't matter much in practice.
2021-05-12 00:20:03 -04:00
2335f56713
add wrapper function for getting slot count
2021-05-10 07:04:50 -04:00
13a3aa16d0
improve naming of adjust_size_for_canaries
2021-05-07 04:23:49 -04:00
8bfa1a7dd5
use 1 slot for all extended size classes
...
This reduces memory usage and improves security in combination with the
guard slab feature.
2021-05-01 22:10:20 -04:00
3952645318
avoid unused variable for some configurations
2021-03-31 12:12:49 -04:00
f773a96b59
remove unnecessary sys/mman.h include
2021-03-22 12:25:22 -04:00
b84af9b499
add wrapper for madvise
2021-03-22 12:24:26 -04:00
e77ffa76d9
add initial malloc_trim slab quarantine purging
...
This currently only purges the quarantines for extended size classes.
2021-03-22 11:16:57 -04:00
86b0b3e452
fix !CONFIG_EXTENDED_SIZE_CLASSES configuration
2021-03-21 18:09:02 -04:00
a3b4c163eb
drop unused header
2021-03-05 00:35:10 -05:00
ddd14bc421
avoid type comparison warning on some platforms
2021-02-16 17:18:35 -05:00
29b09648d6
avoid undefined clz and shift in edge cases
...
This is triggered when get_large_size_class is called with a size in the
range [1,4]. This can occur with aligned_alloc(8192, size). In practice,
it doesn't appear to cause any harm, but we shouldn't have any undefined
behavior for well-defined usage of the API. It also occurs if the caller
passes a pointer outside the slab region to free_sized but the expected
size is in the range [1,4]. That usage of free_sized is already going to
be considered undefined, but we should avoid undefined behavior in the
caller from triggering more undefined behavior when it's avoidable.
2021-02-16 08:31:17 -05:00
1984cb3b3d
malloc_object_size: avoid fault for invalid region
...
It's the region pointer that can be NULL here, and p was checked at the
beginning of the function.
2021-02-10 17:43:36 -05:00
Christian Göttsche
Daniel Micay
Daniel Micay
jvoisin
Thibaut Sautereau