Remove mprotecting of struct dir_info introduced in previous commit

(MALLOC_OPTIONS=L). It was too slow to turn on by default, and we don't do optional security. requested by deraadt@ grumbling ok otto@
author: djm <> 2008-12-30 07:44:51 +0000
committer: djm <> 2008-12-30 07:44:51 +0000
commit: 8723e630fb3ff019db40af226409ed529c731fe6 (patch)
tree: 2e9b38b54fe87b89b1a0258d12507c5b5e197c7e /src/lib/libc/stdlib/malloc.c
parent: fd51a00555abf87dae44d852272f90de6709895d (diff)
download: openbsd-8723e630fb3ff019db40af226409ed529c731fe6.tar.gz
openbsd-8723e630fb3ff019db40af226409ed529c731fe6.tar.bz2
openbsd-8723e630fb3ff019db40af226409ed529c731fe6.zip
1 files changed, 2 insertions, 37 deletions
diff --git a/src/lib/libc/stdlib/malloc.c b/src/lib/libc/stdlib/malloc.c
index e15a64ac72..3d2e3dd29a 100644
--- a/src/lib/libc/stdlib/malloc.c
+++ b/src/lib/libc/stdlib/malloc.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: malloc.c,v 1.112 2008/12/29 22:25:50 djm Exp $        */
+/*      $OpenBSD: malloc.c,v 1.113 2008/12/30 07:44:51 djm Exp $        */
 /*
 * Copyright (c) 2008 Otto Moerbeek <otto@drijf.net>
 *
@@ -88,23 +88,6 @@
 #define MMAPA(a,sz)     mmap((a), (size_t)(sz), PROT_READ | PROT_WRITE, \
    MAP_ANON | MAP_PRIVATE, -1, (off_t) 0)
-/* Protect and unprotect g_pool structure as we enter/exit the allocator */
-#define DIR_INFO_RSZ    ((sizeof(struct dir_info) + PAGE_MASK) & ~PAGE_MASK)
-#define PROTECT_G_POOL() \
-        do { \
-                if (g_pool != NULL && mopts.malloc_poolprot) { \
-                        mprotect((void *)((uintptr_t)g_pool & ~PAGE_MASK), \
-                            DIR_INFO_RSZ, PROT_NONE); \
-                } \
-        } while (0)
-#define UNPROTECT_G_POOL() \
-        do { \
-                if (g_pool != NULL && mopts.malloc_poolprot) { \
-                        mprotect((void *)((uintptr_t)g_pool & ~PAGE_MASK), \
-                            DIR_INFO_RSZ, PROT_READ | PROT_WRITE); \
-                } \
-        } while (0)
 struct region_info {
        void *p;                /* page; low bits used to mark chunks */
        uintptr_t size;         /* size for pages, or chunk_info pointer */
@@ -142,7 +125,7 @@ struct dir_info {
 #endif /* MALLOC_STATS */
        u_int32_t canary2;
 };
+#define DIR_INFO_RSZ    ((sizeof(struct dir_info) + PAGE_MASK) & ~PAGE_MASK)
 /*
 * This structure describes a page worth of chunks.
@@ -165,7 +148,6 @@ struct chunk_info {
 struct malloc_readonly {
        struct dir_info *g_pool;        /* Main bookkeeping information */
        int     malloc_abort;           /* abort() on error */
-        int     malloc_poolprot;        /* mprotect heap PROT_NONE? */
        int     malloc_freeprot;        /* mprotect free pages PROT_NONE? */
        int     malloc_hint;            /* call madvice on free pages?  */
        int     malloc_junk;            /* junk fill? */
@@ -653,12 +635,6 @@ omalloc_init(struct dir_info **dp)
                        case 'J':
                                mopts.malloc_junk = 1;
                                break;
-                        case 'l':
-                                mopts.malloc_poolprot = 0;
-                                break;
-                        case 'L':
-                                mopts.malloc_poolprot = 1;
-                                break;
                        case 'n':
                        case 'N':
                                break;
@@ -1214,7 +1190,6 @@ malloc_recurse(void)
                wrterror("recursive call");
        }
        malloc_active--;
-        PROTECT_G_POOL();
        _MALLOC_UNLOCK();
        errno = EDEADLK;
 }
@@ -1223,7 +1198,6 @@ static void
 malloc_global_corrupt(void)
 {
        wrterror("global malloc data corrupt");
-        PROTECT_G_POOL();
        _MALLOC_UNLOCK();
        errno = EINVAL;
 }
@@ -1248,7 +1222,6 @@ malloc(size_t size)
        int saved_errno = errno;
        _MALLOC_LOCK();
-        UNPROTECT_G_POOL();
        malloc_func = " in malloc():";
        if (g_pool == NULL) {
                if (malloc_init() != 0)
@@ -1260,7 +1233,6 @@ malloc(size_t size)
        }
        r = omalloc(size, mopts.malloc_zero);
        malloc_active--;
-        PROTECT_G_POOL();
        _MALLOC_UNLOCK();
        if (r == NULL && mopts.malloc_xmalloc) {
                wrterror("out of memory");
@@ -1349,7 +1321,6 @@ free(void *ptr)
                return;
        _MALLOC_LOCK();
-        UNPROTECT_G_POOL();
        malloc_func = " in free():";  
        if (g_pool == NULL) {
                _MALLOC_UNLOCK();
@@ -1362,7 +1333,6 @@ free(void *ptr)
        }
        ofree(ptr);
        malloc_active--;
-        PROTECT_G_POOL();
        _MALLOC_UNLOCK();
        errno = saved_errno;
 }
@@ -1466,7 +1436,6 @@ realloc(void *ptr, size_t size)
        int saved_errno = errno;
  
        _MALLOC_LOCK();
-        UNPROTECT_G_POOL();
        malloc_func = " in realloc():";  
        if (g_pool == NULL) {
                if (malloc_init() != 0)
@@ -1479,7 +1448,6 @@ realloc(void *ptr, size_t size)
        r = orealloc(ptr, size);
  
        malloc_active--;
-        PROTECT_G_POOL();
        _MALLOC_UNLOCK();
        if (r == NULL && mopts.malloc_xmalloc) {
                wrterror("out of memory");
@@ -1500,7 +1468,6 @@ calloc(size_t nmemb, size_t size)
        int saved_errno = errno;
        _MALLOC_LOCK();
-        UNPROTECT_G_POOL();
        malloc_func = " in calloc():";  
        if (g_pool == NULL) {
                if (malloc_init() != 0)
@@ -1508,7 +1475,6 @@ calloc(size_t nmemb, size_t size)
        }
        if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
            nmemb > 0 && SIZE_MAX / nmemb < size) {
-                PROTECT_G_POOL();
                _MALLOC_UNLOCK();
                if (mopts.malloc_xmalloc)
                        wrterror("out of memory");
@@ -1525,7 +1491,6 @@ calloc(size_t nmemb, size_t size)
        r = omalloc(size, 1);
  
        malloc_active--;
-        PROTECT_G_POOL();
        _MALLOC_UNLOCK();
        if (r == NULL && mopts.malloc_xmalloc) {
                wrterror("out of memory");
author	djm <>	2008-12-30 07:44:51 +0000
committer	djm <>	2008-12-30 07:44:51 +0000
commit	8723e630fb3ff019db40af226409ed529c731fe6 (patch)
tree	2e9b38b54fe87b89b1a0258d12507c5b5e197c7e /src/lib/libc/stdlib/malloc.c
parent	fd51a00555abf87dae44d852272f90de6709895d (diff)
download	openbsd-8723e630fb3ff019db40af226409ed529c731fe6.tar.gz openbsd-8723e630fb3ff019db40af226409ed529c731fe6.tar.bz2 openbsd-8723e630fb3ff019db40af226409ed529c731fe6.zip

diff --git a/src/lib/libc/stdlib/malloc.c b/src/lib/libc/stdlib/malloc.c index e15a64ac72..3d2e3dd29a 100644 --- a/src/lib/libc/stdlib/malloc.c +++ b/src/lib/libc/stdlib/malloc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: malloc.c,v 1.112 2008/12/29 22:25:50 djm Exp $ */	1	/* $OpenBSD: malloc.c,v 1.113 2008/12/30 07:44:51 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2008 Otto Moerbeek <otto@drijf.net>	3	* Copyright (c) 2008 Otto Moerbeek <otto@drijf.net>
4	*	4	*
@@ -88,23 +88,6 @@
88	#define MMAPA(a,sz) mmap((a), (size_t)(sz), PROT_READ \| PROT_WRITE, \	88	#define MMAPA(a,sz) mmap((a), (size_t)(sz), PROT_READ \| PROT_WRITE, \
89	MAP_ANON \| MAP_PRIVATE, -1, (off_t) 0)	89	MAP_ANON \| MAP_PRIVATE, -1, (off_t) 0)
90		90
91	/* Protect and unprotect g_pool structure as we enter/exit the allocator */
92	#define DIR_INFO_RSZ ((sizeof(struct dir_info) + PAGE_MASK) & ~PAGE_MASK)
93	#define PROTECT_G_POOL() \
94	do { \
95	if (g_pool != NULL && mopts.malloc_poolprot) { \
96	mprotect((void *)((uintptr_t)g_pool & ~PAGE_MASK), \
97	DIR_INFO_RSZ, PROT_NONE); \
98	} \
99	} while (0)
100	#define UNPROTECT_G_POOL() \
101	do { \
102	if (g_pool != NULL && mopts.malloc_poolprot) { \
103	mprotect((void *)((uintptr_t)g_pool & ~PAGE_MASK), \
104	DIR_INFO_RSZ, PROT_READ \| PROT_WRITE); \
105	} \
106	} while (0)
107
108	struct region_info {	91	struct region_info {
109	void p; / page; low bits used to mark chunks */	92	void p; / page; low bits used to mark chunks */
110	uintptr_t size; /* size for pages, or chunk_info pointer */	93	uintptr_t size; /* size for pages, or chunk_info pointer */
@@ -142,7 +125,7 @@ struct dir_info {
142	#endif /* MALLOC_STATS */	125	#endif /* MALLOC_STATS */
143	u_int32_t canary2;	126	u_int32_t canary2;
144	};	127	};
145		128	#define DIR_INFO_RSZ ((sizeof(struct dir_info) + PAGE_MASK) & ~PAGE_MASK)
146		129
147	/*	130	/*
148	* This structure describes a page worth of chunks.	131	* This structure describes a page worth of chunks.
@@ -165,7 +148,6 @@ struct chunk_info {
165	struct malloc_readonly {	148	struct malloc_readonly {
166	struct dir_info g_pool; / Main bookkeeping information */	149	struct dir_info g_pool; / Main bookkeeping information */
167	int malloc_abort; /* abort() on error */	150	int malloc_abort; /* abort() on error */
168	int malloc_poolprot; /* mprotect heap PROT_NONE? */
169	int malloc_freeprot; /* mprotect free pages PROT_NONE? */	151	int malloc_freeprot; /* mprotect free pages PROT_NONE? */
170	int malloc_hint; /* call madvice on free pages? */	152	int malloc_hint; /* call madvice on free pages? */
171	int malloc_junk; /* junk fill? */	153	int malloc_junk; /* junk fill? */
@@ -653,12 +635,6 @@ omalloc_init(struct dir_info **dp)
653	case 'J':	635	case 'J':
654	mopts.malloc_junk = 1;	636	mopts.malloc_junk = 1;
655	break;	637	break;
656	case 'l':
657	mopts.malloc_poolprot = 0;
658	break;
659	case 'L':
660	mopts.malloc_poolprot = 1;
661	break;
662	case 'n':	638	case 'n':
663	case 'N':	639	case 'N':
664	break;	640	break;
@@ -1214,7 +1190,6 @@ malloc_recurse(void)
1214	wrterror("recursive call");	1190	wrterror("recursive call");
1215	}	1191	}
1216	malloc_active--;	1192	malloc_active--;
1217	PROTECT_G_POOL();
1218	_MALLOC_UNLOCK();	1193	_MALLOC_UNLOCK();
1219	errno = EDEADLK;	1194	errno = EDEADLK;
1220	}	1195	}
@@ -1223,7 +1198,6 @@ static void
1223	malloc_global_corrupt(void)	1198	malloc_global_corrupt(void)
1224	{	1199	{
1225	wrterror("global malloc data corrupt");	1200	wrterror("global malloc data corrupt");
1226	PROTECT_G_POOL();
1227	_MALLOC_UNLOCK();	1201	_MALLOC_UNLOCK();
1228	errno = EINVAL;	1202	errno = EINVAL;
1229	}	1203	}
@@ -1248,7 +1222,6 @@ malloc(size_t size)
1248	int saved_errno = errno;	1222	int saved_errno = errno;
1249		1223
1250	_MALLOC_LOCK();	1224	_MALLOC_LOCK();
1251	UNPROTECT_G_POOL();
1252	malloc_func = " in malloc():";	1225	malloc_func = " in malloc():";
1253	if (g_pool == NULL) {	1226	if (g_pool == NULL) {
1254	if (malloc_init() != 0)	1227	if (malloc_init() != 0)
@@ -1260,7 +1233,6 @@ malloc(size_t size)
1260	}	1233	}
1261	r = omalloc(size, mopts.malloc_zero);	1234	r = omalloc(size, mopts.malloc_zero);
1262	malloc_active--;	1235	malloc_active--;
1263	PROTECT_G_POOL();
1264	_MALLOC_UNLOCK();	1236	_MALLOC_UNLOCK();
1265	if (r == NULL && mopts.malloc_xmalloc) {	1237	if (r == NULL && mopts.malloc_xmalloc) {
1266	wrterror("out of memory");	1238	wrterror("out of memory");
@@ -1349,7 +1321,6 @@ free(void *ptr)
1349	return;	1321	return;
1350		1322
1351	_MALLOC_LOCK();	1323	_MALLOC_LOCK();
1352	UNPROTECT_G_POOL();
1353	malloc_func = " in free():";	1324	malloc_func = " in free():";
1354	if (g_pool == NULL) {	1325	if (g_pool == NULL) {
1355	_MALLOC_UNLOCK();	1326	_MALLOC_UNLOCK();
@@ -1362,7 +1333,6 @@ free(void *ptr)
1362	}	1333	}
1363	ofree(ptr);	1334	ofree(ptr);
1364	malloc_active--;	1335	malloc_active--;
1365	PROTECT_G_POOL();
1366	_MALLOC_UNLOCK();	1336	_MALLOC_UNLOCK();
1367	errno = saved_errno;	1337	errno = saved_errno;
1368	}	1338	}
@@ -1466,7 +1436,6 @@ realloc(void *ptr, size_t size)
1466	int saved_errno = errno;	1436	int saved_errno = errno;
1467		1437
1468	_MALLOC_LOCK();	1438	_MALLOC_LOCK();
1469	UNPROTECT_G_POOL();
1470	malloc_func = " in realloc():";	1439	malloc_func = " in realloc():";
1471	if (g_pool == NULL) {	1440	if (g_pool == NULL) {
1472	if (malloc_init() != 0)	1441	if (malloc_init() != 0)
@@ -1479,7 +1448,6 @@ realloc(void *ptr, size_t size)
1479	r = orealloc(ptr, size);	1448	r = orealloc(ptr, size);
1480		1449
1481	malloc_active--;	1450	malloc_active--;
1482	PROTECT_G_POOL();
1483	_MALLOC_UNLOCK();	1451	_MALLOC_UNLOCK();
1484	if (r == NULL && mopts.malloc_xmalloc) {	1452	if (r == NULL && mopts.malloc_xmalloc) {
1485	wrterror("out of memory");	1453	wrterror("out of memory");
@@ -1500,7 +1468,6 @@ calloc(size_t nmemb, size_t size)
1500	int saved_errno = errno;	1468	int saved_errno = errno;
1501		1469
1502	_MALLOC_LOCK();	1470	_MALLOC_LOCK();
1503	UNPROTECT_G_POOL();
1504	malloc_func = " in calloc():";	1471	malloc_func = " in calloc():";
1505	if (g_pool == NULL) {	1472	if (g_pool == NULL) {
1506	if (malloc_init() != 0)	1473	if (malloc_init() != 0)
@@ -1508,7 +1475,6 @@ calloc(size_t nmemb, size_t size)
1508	}	1475	}
1509	if ((nmemb >= MUL_NO_OVERFLOW \|\| size >= MUL_NO_OVERFLOW) &&	1476	if ((nmemb >= MUL_NO_OVERFLOW \|\| size >= MUL_NO_OVERFLOW) &&
1510	nmemb > 0 && SIZE_MAX / nmemb < size) {	1477	nmemb > 0 && SIZE_MAX / nmemb < size) {
1511	PROTECT_G_POOL();
1512	_MALLOC_UNLOCK();	1478	_MALLOC_UNLOCK();
1513	if (mopts.malloc_xmalloc)	1479	if (mopts.malloc_xmalloc)
1514	wrterror("out of memory");	1480	wrterror("out of memory");
@@ -1525,7 +1491,6 @@ calloc(size_t nmemb, size_t size)
1525	r = omalloc(size, 1);	1491	r = omalloc(size, 1);
1526		1492
1527	malloc_active--;	1493	malloc_active--;
1528	PROTECT_G_POOL();
1529	_MALLOC_UNLOCK();	1494	_MALLOC_UNLOCK();
1530	if (r == NULL && mopts.malloc_xmalloc) {	1495	if (r == NULL && mopts.malloc_xmalloc) {
1531	wrterror("out of memory");	1496	wrterror("out of memory");