|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| ... |  | 
| | 
| 
| 
| 
| 
| 
| | Use arc4random_uniform() when the desired random number upper bound
is not a power of two
ok deraadt@ millert@ | 
| | 
| 
| 
| 
| | prevents a few "cannot free mem because i need mem to free mem"
scenarios (one found by weingart@). ok weingart@ millert@ miod@ | 
| | |  | 
| | 
| 
| 
| | done by arc4random(); ok millert@ deraadt@ | 
| | 
| 
| 
| | in low-mem conditions; ok dim@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | create special allocators for pginfo and pgfree structs instead of imalloc.
this keeps them separated from application memory.
for chunks, to prevent deterministic reuse, keep a small array
and swizzle the to be freed chunk with a random previously freed chunk.
this last bit only for chunks because keeping arbitrarily large regions
of pages around may cause out of memory issues (and pages are, to some
extent, returned in random order).
all changes enabled by default.
thanks to ben for pointing out these issues.
ok tech@ | 
| | 
| 
| 
| 
| 
| | requires memory; try to make sure we have it. If all fails, leak
instead of crash. Test case originally found by cloder@, fix tested
by many. | 
| | 
| 
| 
| 
| 
| 
| | region succeeds, but allocation a required page dir failed. This
can happen if we're really close to ulimit after allocation the
region of the size requested.  See malloc_ulimit1 regress test.
Tested by many; thanks. | 
| | 
| 
| 
| | tested by quite a few developers. ok deraadt@ | 
| | 
| 
| 
| | `looks to be safe' millert, okay tedu. | 
| | 
| 
| 
| 
| | Patch by Leonardo Chiquitto Filho <leonardo@iken.com.br>
Thanks. | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| | Kill old files that are no longer compiled.
okay theo | 
| | 
| 
| 
| | Prodded by art@ and fgsch@, ok deraadt@ | 
| | 
| 
| 
| | should be generally usable, split this out into option 'P'. ok deraadt | 
| | 
| 
| 
| | they get a whole page and go right at the end of it. ok deraadt tdeval | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| | The mmap(2) code is cool and it has already uncovered some bugs in other code.
But some issues remain on some archs, and we can't afford that for production.
Don't worry, it will be back soon... I'll make sure of it... | 
| | 
| 
| 
| 
| 
| | - When malloc_abort==0 (MALLOC_OPTIONS=a), don't abort in wrterror().
fine deraadt@ | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | using mmap(2) instead of sbrk(2).
To make a long story short, using mmap(2) in malloc(3) allows us to draw
all the benefits from our mmap(2)'s randomization feature, closing the
effort we did for returning memory blocks from random addresses.
Tested for a long time by many, thanks to them.
Go for it ! deraadt@ | 
| | 
| 
| 
| 
| 
| 
| | This allows for safe abort handling, without tripping into
false recursivity problems.
Ok tedu@, deraadt@ | 
| | 
| 
| 
| | reviewed by deraadt@, tedu@ | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| | page after each page size allocation to detect overrun.  this is
somewhat electric fence like, while attempting to be mostly usable in
production.  also, use tdeval's chunk randomization code.
enabled with the G option.
ok deraadt and co. | 
| | 
| 
| 
| 
| | actually an error, A still applies full effect.
suggested by phk. ok deraadt@ tdeval@ | 
| | 
| 
| 
| 
| | lock before setting malloc_func, not after.
ok cloder@ deraadt@ | 
| | 
| 
| 
| | with error messages elsewhere.  requested ok deraadt@ henning@ | 
| | 
| 
| 
| | ok deraadt@ henning@ millert@ | 
| | 
| 
| 
| | ok tdeval@ | 
| | 
| 
| 
| 
| 
| | - extend_pgdir and malloc_make_chunks return int, not void*
ok tedu@ | 
| | 
| 
| 
| | ok tdeval@ henning@ millert@ | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| | Also fix a signed vs. unsigned issue while I am at it.
Found by Jim Geovedi.  OK deraadt@ | 
| | |  | 
| | 
| 
| 
| 
| 
| | STDERR_FILENO instead of 2.
OK millert@ | 
| | 
| 
| 
| | Thanks to miod@ for m68k and vax fixes | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| | alpha (millert@), i386 (marc@), m68k (millert@ and miod@),
powerpc (drahn@ and dhartmei@), sparc (millert@ and marc@),
sparc64 (marc@), and vax (millert@ and miod@).
Thanks to millert@, miod@, and mickey@ for fixes along the way. | 
| | |  | 
| | 
| 
| 
| | hand editing to make comments line up correctly.  Another pass is forthcoming that handles the cases that could not be done automatically. | 
| | |  | 
| | 
| 
| 
| | OK deraadt@ | 
| | |  | 
| | 
| 
| 
| 
| | to such, permitting them to be discovered, instead of exploited as the ssh
crc insertion detector was.  Idea by theo, written by tdeval. | 
| | |  | 
| | 
| 
| 
| | (the code was already there, just not enabled). | 
| | |  |