summaryrefslogtreecommitdiff
path: root/src/lib/libc/stdlib/malloc.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove mprotecting of struct dir_info introduced in previous commitdjm2008-12-301-37/+2
| | | | | | | (MALLOC_OPTIONS=L). It was too slow to turn on by default, and we don't do optional security. requested by deraadt@ grumbling ok otto@
* extra paranoia for malloc(3):djm2008-12-291-163/+269
| | | | | | | | | | | | | | | | Move all runtime options into a structure that is made read-only (via mprotect) after initialisation to protect against attacks that overwrite options to turn off malloc protections (e.g. use-after-free) Allocate the main bookkeeping data (struct dir_info) using mmap(), thereby giving it an unpredictable address. Place a PROT_NONE guard page on either side to further frustrate attacks on it. Add a new 'L' option that maps struct dir_info PROT_NONE except when in the allocator code itself. Makes attacks on it basically impossible. feedback tedu deraadt otto canacar ok otto
* shave off more bytes than you expect by declaring a few const local arraysotto2008-12-151-4/+4
| | | | as static const
* move allocations between half a page and a page as close to the end ofotto2008-11-201-2/+2
| | | | | the page as possible (i.e. make malloc option P a default). ok art@ millert@ krw@
* Reduce the leeway malloc allows when moving allocations to the end ofotto2008-11-201-2/+2
| | | | | a page to 0. P default will be changed in a separate commit. ok millert@ art@ krw@
* To allow for easier playing with more strict settings introduceotto2008-11-131-5/+14
| | | | | a separate symbolic constant for the leeway we allow when moving allocations towards the end of a page. No functional change.
* avoid a few strlen calls for constant strings; prompted by tg; ok djm@otto2008-11-121-10/+10
|
* if the freeprot flag (F) is set, do not do delayed frees for chunksotto2008-11-061-6/+10
| | | | | | (might catch errors closer to the trouble spot) and junk fill pages just before reuse instead of immediate (we can't access the page anyway) since we set PROT_NONE in the F case. ok djm@
* remove distinction between warnings and errors, ok deraadt@ djm@otto2008-11-021-47/+20
|
* if MALLOC_STATS is defined, record how many "cheap reallocs" wereotto2008-10-291-1/+8
| | | | tried and how many actually succeeded.
* oops, assign errno the right way. caught by david running regress testsotto2008-10-201-2/+2
|
* reduce rbyte cache to 512 bytes, no measurable slowdown (even in theotto2008-10-031-2/+2
| | | | threaded case) but much smaller working set; prompted by and ok deraadt@
* save and restore errno on success. while it is not stricly needed forotto2008-10-031-4/+14
| | | | | non-syscalls, there's just too much code not doing the right thing on error paths; prompted by and ok deraadt@
* when increasing the size of a larger than a page allocation tryotto2008-10-031-3/+41
| | | | | mapping the region next to the existing one first; there's a pretty high chance there's a hole there we can use; ok deraadt@ tedu@
* avoid spitting up regions when purging stuff from the cache, it putsotto2008-10-031-17/+10
| | | | too much pressure on the amaps. ok tedu@ deraadt@
* Make all combinations of G, P, J and zero-fill work with as littleotto2008-08-251-5/+20
| | | | effort as possible in most cases; ok djm@
* unbreak MALLOC_OPTIONS=G that I broke in my last commit;djm2008-08-231-3/+3
| | | | slightly kludgey solution for until otto fixes it properly; ok otto@
* fix calloc() for MALLOC_OPTIONS=J case: SOME_JUNK was being filled intodjm2008-08-231-2/+2
| | | | | the freshly mmaped pages disrupting their pure zeroness; ok otto@ deraadt@
* make sure we always map and unmap multiples of MALLOC_PAGESIZE;otto2008-08-221-5/+14
| | | | case spotted by beck, one by me; ok deraadt@ beck@
* Smarter implementation of calloc(3), which uses the fact that mmap(2)otto2008-08-221-6/+55
| | | | | returns zero filled pages; remember to replace this function as well if you provide your own malloc implementation; ok djm@ deraadt@
* small cleanup of error/warning stringsotto2008-08-071-4/+4
|
* Almost complete rewrite of malloc, to have a more efficient dataotto2008-07-281-1443/+835
| | | | | | structure of tracking pages returned by mmap(). Lots of testing by lots of people, thanks to you all. ok djm@ (for a slighly earlier version) deraadt@
* remove _MALLOC_LOCK_INIT; major bump; ok deraadt@otto2008-06-131-3/+1
|
* remove recalloc(3); it is buggy and impossible to repair without bigotto2008-05-191-35/+15
| | | | costs; ok jmc@ for the man page bits; ok millert@ deraadt@
* Use arc4random_buf() when requesting more than a single word of outputdjm2008-04-131-2/+2
| | | | | | | Use arc4random_uniform() when the desired random number upper bound is not a power of two ok deraadt@ millert@
* use pgfree pool like other code does to reserve free list slots.otto2008-02-201-6/+6
| | | | | prevents a few "cannot free mem because i need mem to free mem" scenarios (one found by weingart@). ok weingart@ millert@ miod@
* add recaloc(3)millert2007-09-031-15/+35
|
* get cheaper random bytes, less waste and no getpid() calls, which areotto2007-02-121-2/+3
| | | | done by arc4random(); ok millert@ deraadt@
* a failed mmap returns MAP_FAILED, not NULL. found while exercising paxotto2006-12-191-3/+3
| | | | in low-mem conditions; ok dim@
* respond to ben hawkes's ruxcon presentation.tedu2006-10-241-61/+125
| | | | | | | | | | | | | create special allocators for pginfo and pgfree structs instead of imalloc. this keeps them separated from application memory. for chunks, to prevent deterministic reuse, keep a small array and swizzle the to be freed chunk with a random previously freed chunk. this last bit only for chunks because keeping arbitrarily large regions of pages around may cause out of memory issues (and pages are, to some extent, returned in random order). all changes enabled by default. thanks to ben for pointing out these issues. ok tech@
* Fix the second malloc_ulimit regression: maintaining the free listotto2006-05-141-3/+12
| | | | | | requires memory; try to make sure we have it. If all fails, leak instead of crash. Test case originally found by cloder@, fix tested by many.
* Do not leave an hole in the directory list if allocation of theotto2006-04-241-11/+32
| | | | | | | region succeeds, but allocation a required page dir failed. This can happen if we're really close to ulimit after allocation the region of the size requested. See malloc_ulimit1 regress test. Tested by many; thanks.
* delint; original from deraadt@ with fixes from tdeval@ and me;otto2006-04-181-43/+60
| | | | tested by quite a few developers. ok deraadt@
* quick path for free(0)espie2006-02-141-5/+5
| | | | `looks to be safe' millert, okay tedu.
* Remove a few warnings. Those were not apparent thanks to a bug in gcc 2.95.espie2005-10-101-3/+3
| | | | | Patch by Leonardo Chiquitto Filho <leonardo@iken.com.br> Thanks.
* further knf and cleaning; ok tdevalderaadt2005-10-051-382/+364
|
* first KNF (no binary diffs)deraadt2005-10-051-1322/+1356
|
* zap remaining rcsid.espie2005-08-081-4/+1
| | | | | | Kill old files that are no longer compiled. okay theo
* Fix the unmapping of freed pages, leaving just 64k worth of cache pages.tdeval2005-07-071-58/+136
| | | | Prodded by art@ and fgsch@, ok deraadt@
* adding pointer protection to 'G' was too heavyweight. Since malloc guardtedu2005-06-071-4/+8
| | | | should be generally usable, split this out into option 'P'. ok deraadt
* handle sizeof(void *) allocations specially when using malloc guard.tedu2005-05-241-1/+31
| | | | they get a whole page and go right at the end of it. ok deraadt tdeval
* MMAP(2) malloc, here we go again.tdeval2005-03-311-222/+591
|
* Back out to brk(2) version.tdeval2004-08-111-554/+189
| | | | | | | The mmap(2) code is cool and it has already uncovered some bugs in other code. But some issues remain on some archs, and we can't afford that for production. Don't worry, it will be back soon... I'll make sure of it...
* - Remove the userland data limit check. It's mmap(2)'s job.tdeval2004-08-051-37/+108
| | | | | | - When malloc_abort==0 (MALLOC_OPTIONS=a), don't abort in wrterror(). fine deraadt@
* Missing check for NULL.tdeval2004-08-041-2/+2
|
* After a long gestation period, here comes our custom version of malloc(3)tdeval2004-08-011-181/+475
| | | | | | | | | | using mmap(2) instead of sbrk(2). To make a long story short, using mmap(2) in malloc(3) allows us to draw all the benefits from our mmap(2)'s randomization feature, closing the effort we did for returning memory blocks from random addresses. Tested for a long time by many, thanks to them. Go for it ! deraadt@
* Clean up malloc_active state when aborting.tdeval2004-04-121-3/+5
| | | | | | | This allows for safe abort handling, without tripping into false recursivity problems. Ok tedu@, deraadt@
* Sanity fix.tdeval2004-02-191-2/+5
| | | | reviewed by deraadt@, tedu@
* only whine about recursion once, so we don't get into problems with loops.tedu2003-11-191-19/+26
|
* by popular demand, malloc guard pages. insert an unreadable/unwriteabletedu2003-10-161-4/+45
| | | | | | | | page after each page size allocation to detect overrun. this is somewhat electric fence like, while attempting to be mostly usable in production. also, use tdeval's chunk randomization code. enabled with the G option. ok deraadt and co.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 14:01:14 +0000