1 files changed, 118 insertions, 6 deletions
diff --git a/src/lib/libc/stdlib/malloc.3 b/src/lib/libc/stdlib/malloc.3
index c0472ee2b9..49a5b993f4 100644
--- a/src/lib/libc/stdlib/malloc.3
+++ b/src/lib/libc/stdlib/malloc.3
@@ -30,7 +30,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     $OpenBSD: malloc.3,v 1.120 2018/11/21 06:57:04 otto Exp $
+.\"     $OpenBSD: malloc.3,v 1.121 2018/11/21 09:22:58 jmc Exp $
 .\"
 .Dd $Mdocdate: November 21 2018 $
 .Dt MALLOC 3
@@ -234,6 +234,115 @@ If
 is not a multiple of
 .Fa alignment ,
 behavior is undefined.
+.Sh MALLOC OPTIONS
+Upon the first call to the
+.Fn malloc
+family of functions, an initialization sequence inspects the
+value of the
+.Va vm.malloc_conf
+.Xr sysctl 2 ,
+next checks the environment for a variable called
+.Ev MALLOC_OPTIONS ,
+and finally looks at the global variable
+.Va malloc_options
+in the program.
+Each is scanned for the flags documented below.
+Unless otherwise noted uppercase means on, lowercase means off.
+.Bl -tag -width indent
+.It Cm C
+.Dq Canaries .
+Add canaries at the end of allocations in order to detect
+heap overflows.
+The canary's content is checked when
+.Nm free
+is called.
+If it has been corrupted, the process is aborted.
+.It Cm D
+.Dq Dump .
+.Fn malloc
+will dump statistics to the file
+.Pa ./malloc.out ,
+if it already exists,
+at exit.
+This option requires the library to have been compiled with -DMALLOC_STATS in
+order to have any effect.
+.It Cm F
+.Dq Freecheck .
+Enable more extensive double free and use after free detection.
+All chunks in the delayed free list will be checked for double frees.
+Unused pages on the freelist are read and write protected to
+cause a segmentation fault upon access.
+.It Cm G
+.Dq Guard .
+Enable guard pages.
+Each page size or larger allocation is followed by a guard page that will
+cause a segmentation fault upon any access.
+.It Cm J
+.Dq More junking .
+Increase the junk level by one if it is smaller than 2.
+.It Cm j
+.Dq Less junking .
+Decrease the junk level by one if it is larger than 0.
+Junking writes some junk bytes into the area allocated.
+Junk is bytes of 0xdb when allocating;
+freed chunks are filled with 0xdf.
+By default the junk level is 1: after free,
+small chunks are completely junked;
+for pages the first part is junked.
+After a delay,
+the filling pattern is validated and the process is aborted if the pattern
+was modified.
+For junk level 2, junking is done on allocation as well and without size
+restrictions.
+If the junk level is zero, no junking is performed.
+.It Cm R
+.Dq realloc .
+Always reallocate when
+.Fn realloc
+is called, even if the initial allocation was big enough.
+.\".Pp
+.\".It Cm U
+.\".Dq utrace .
+.\"Generate entries for
+.\".Xr ktrace 1
+.\"for all operations.
+.\"Consult the source for this one.
+.It Cm S
+Enable all options suitable for security auditing.
+.It Cm U
+.Dq Free unmap .
+Enable use after free protection for larger allocations.
+Unused pages on the freelist are read and write protected to
+cause a segmentation fault upon access.
+.It Cm X
+.Dq xmalloc .
+Rather than return failure,
+.Xr abort 3
+the program with a diagnostic message on stderr.
+It is the intention that this option be set at compile time by
+including in the source:
+.Bd -literal -offset indent
+extern char *malloc_options;
+malloc_options = "X";
+.Ed
+.Pp
+Note that this will cause code that is supposed to handle
+out-of-memory conditions gracefully to abort instead.
+.It Cm <
+.Dq Halve the cache size .
+Decrease the size of the free page cache by a factor of two.
+.It Cm >
+.Dq Double the cache size .
+Increase the size of the free page cache by a factor of two.
+.El
+.Pp
+If a program changes behavior if any of these options (except
+.Cm X )
+are used,
+it is buggy.
+.Pp
+The default number of free pages cached is 64 per malloc pool.
+Multi-threaded programs use multiple pools.
 .Sh RETURN VALUES
 Upon successful completion, the allocation functions
 return a pointer to the allocated space; otherwise,
@@ -404,8 +513,7 @@ Deallocation of such an object should be done by calling
 .Sh ENVIRONMENT
 .Bl -tag -width "MALLOC_OPTIONS"
 .It Ev MALLOC_OPTIONS
-String of flags documented in
+String of option flags.
-.Xr malloc.conf 5 .
 .El
 .Sh EXAMPLES
 If
@@ -460,6 +568,11 @@ or at the cost of initialization:
 if ((p = calloc(num, size)) == NULL)
        err(1, NULL);
 .Ed
+.Pp
+Set a systemwide reduction of the cache to a quarter of the
+default size and use guard pages:
+.Pp
+.Dl # sysctl vm.malloc_conf='G<<'
 .Sh DIAGNOSTICS
 If any of the functions detect an error condition,
 a message will be printed to file descriptor
@@ -525,11 +638,10 @@ consult sources and/or wizards.
 .Xr brk 2 ,
 .Xr mmap 2 ,
 .Xr munmap 2 ,
+.Xr sysctl 2 ,
 .Xr alloca 3 ,
 .Xr getpagesize 3 ,
-.Xr posix_memalign 3 ,
+.Xr posix_memalign 3
-.Xr sysconf 3 ,
-.Xr malloc.conf 5
 .Sh STANDARDS
 The
 .Fn malloc ,

diff --git a/src/lib/libc/stdlib/malloc.3 b/src/lib/libc/stdlib/malloc.3 index c0472ee2b9..49a5b993f4 100644 --- a/src/lib/libc/stdlib/malloc.3 +++ b/src/lib/libc/stdlib/malloc.3
@@ -30,7 +30,7 @@
30	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF	30	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31	.\" SUCH DAMAGE.	31	.\" SUCH DAMAGE.
32	.\"	32	.\"
33	.\" $OpenBSD: malloc.3,v 1.120 2018/11/21 06:57:04 otto Exp $	33	.\" $OpenBSD: malloc.3,v 1.121 2018/11/21 09:22:58 jmc Exp $
34	.\"	34	.\"
35	.Dd $Mdocdate: November 21 2018 $	35	.Dd $Mdocdate: November 21 2018 $
36	.Dt MALLOC 3	36	.Dt MALLOC 3
@@ -234,6 +234,115 @@ If
234	is not a multiple of	234	is not a multiple of
235	.Fa alignment ,	235	.Fa alignment ,
236	behavior is undefined.	236	behavior is undefined.
		237	.Sh MALLOC OPTIONS
		238	Upon the first call to the
		239	.Fn malloc
		240	family of functions, an initialization sequence inspects the
		241	value of the
		242	.Va vm.malloc_conf
		243	.Xr sysctl 2 ,
		244	next checks the environment for a variable called
		245	.Ev MALLOC_OPTIONS ,
		246	and finally looks at the global variable
		247	.Va malloc_options
		248	in the program.
		249	Each is scanned for the flags documented below.
		250	Unless otherwise noted uppercase means on, lowercase means off.
		251	.Bl -tag -width indent
		252	.It Cm C
		253	.Dq Canaries .
		254	Add canaries at the end of allocations in order to detect
		255	heap overflows.
		256	The canary's content is checked when
		257	.Nm free
		258	is called.
		259	If it has been corrupted, the process is aborted.
		260	.It Cm D
		261	.Dq Dump .
		262	.Fn malloc
		263	will dump statistics to the file
		264	.Pa ./malloc.out ,
		265	if it already exists,
		266	at exit.
		267	This option requires the library to have been compiled with -DMALLOC_STATS in
		268	order to have any effect.
		269	.It Cm F
		270	.Dq Freecheck .
		271	Enable more extensive double free and use after free detection.
		272	All chunks in the delayed free list will be checked for double frees.
		273	Unused pages on the freelist are read and write protected to
		274	cause a segmentation fault upon access.
		275	.It Cm G
		276	.Dq Guard .
		277	Enable guard pages.
		278	Each page size or larger allocation is followed by a guard page that will
		279	cause a segmentation fault upon any access.
		280	.It Cm J
		281	.Dq More junking .
		282	Increase the junk level by one if it is smaller than 2.
		283	.It Cm j
		284	.Dq Less junking .
		285	Decrease the junk level by one if it is larger than 0.
		286	Junking writes some junk bytes into the area allocated.
		287	Junk is bytes of 0xdb when allocating;
		288	freed chunks are filled with 0xdf.
		289	By default the junk level is 1: after free,
		290	small chunks are completely junked;
		291	for pages the first part is junked.
		292	After a delay,
		293	the filling pattern is validated and the process is aborted if the pattern
		294	was modified.
		295	For junk level 2, junking is done on allocation as well and without size
		296	restrictions.
		297	If the junk level is zero, no junking is performed.
		298	.It Cm R
		299	.Dq realloc .
		300	Always reallocate when
		301	.Fn realloc
		302	is called, even if the initial allocation was big enough.
		303	.\".Pp
		304	.\".It Cm U
		305	.\".Dq utrace .
		306	.\"Generate entries for
		307	.\".Xr ktrace 1
		308	.\"for all operations.
		309	.\"Consult the source for this one.
		310	.It Cm S
		311	Enable all options suitable for security auditing.
		312	.It Cm U
		313	.Dq Free unmap .
		314	Enable use after free protection for larger allocations.
		315	Unused pages on the freelist are read and write protected to
		316	cause a segmentation fault upon access.
		317	.It Cm X
		318	.Dq xmalloc .
		319	Rather than return failure,
		320	.Xr abort 3
		321	the program with a diagnostic message on stderr.
		322	It is the intention that this option be set at compile time by
		323	including in the source:
		324	.Bd -literal -offset indent
		325	extern char *malloc_options;
		326	malloc_options = "X";
		327	.Ed
		328	.Pp
		329	Note that this will cause code that is supposed to handle
		330	out-of-memory conditions gracefully to abort instead.
		331	.It Cm <
		332	.Dq Halve the cache size .
		333	Decrease the size of the free page cache by a factor of two.
		334	.It Cm >
		335	.Dq Double the cache size .
		336	Increase the size of the free page cache by a factor of two.
		337	.El
		338	.Pp
		339	If a program changes behavior if any of these options (except
		340	.Cm X )
		341	are used,
		342	it is buggy.
		343	.Pp
		344	The default number of free pages cached is 64 per malloc pool.
		345	Multi-threaded programs use multiple pools.
237	.Sh RETURN VALUES	346	.Sh RETURN VALUES
238	Upon successful completion, the allocation functions	347	Upon successful completion, the allocation functions
239	return a pointer to the allocated space; otherwise,	348	return a pointer to the allocated space; otherwise,
@@ -404,8 +513,7 @@ Deallocation of such an object should be done by calling
404	.Sh ENVIRONMENT	513	.Sh ENVIRONMENT
405	.Bl -tag -width "MALLOC_OPTIONS"	514	.Bl -tag -width "MALLOC_OPTIONS"
406	.It Ev MALLOC_OPTIONS	515	.It Ev MALLOC_OPTIONS
407	String of flags documented in	516	String of option flags.
408	.Xr malloc.conf 5 .
409	.El	517	.El
410	.Sh EXAMPLES	518	.Sh EXAMPLES
411	If	519	If
@@ -460,6 +568,11 @@ or at the cost of initialization:
460	if ((p = calloc(num, size)) == NULL)	568	if ((p = calloc(num, size)) == NULL)
461	err(1, NULL);	569	err(1, NULL);
462	.Ed	570	.Ed
		571	.Pp
		572	Set a systemwide reduction of the cache to a quarter of the
		573	default size and use guard pages:
		574	.Pp
		575	.Dl # sysctl vm.malloc_conf='G<<'
463	.Sh DIAGNOSTICS	576	.Sh DIAGNOSTICS
464	If any of the functions detect an error condition,	577	If any of the functions detect an error condition,
465	a message will be printed to file descriptor	578	a message will be printed to file descriptor
@@ -525,11 +638,10 @@ consult sources and/or wizards.
525	.Xr brk 2 ,	638	.Xr brk 2 ,
526	.Xr mmap 2 ,	639	.Xr mmap 2 ,
527	.Xr munmap 2 ,	640	.Xr munmap 2 ,
		641	.Xr sysctl 2 ,
528	.Xr alloca 3 ,	642	.Xr alloca 3 ,
529	.Xr getpagesize 3 ,	643	.Xr getpagesize 3 ,
530	.Xr posix_memalign 3 ,	644	.Xr posix_memalign 3
531	.Xr sysconf 3 ,
532	.Xr malloc.conf 5
533	.Sh STANDARDS	645	.Sh STANDARDS
534	The	646	The
535	.Fn malloc ,	647	.Fn malloc ,