This is an archive of the discontinued LLVM Phabricator instance.

Differential D41200

[scudo] Refactor ScudoChunk
ClosedPublic

Authored by cryptoad on Dec 13 2017, 1:30 PM.

Details

Reviewers
alekseyshl
flowerhack
Commits
rGefe3d3436ac8: [scudo] Refactor ScudoChunk
rL320745: [scudo] Refactor ScudoChunk
rCRT320745: [scudo] Refactor ScudoChunk
Summary

The initial implementation used an ASan like Chunk class that was deriving from
a Header class. Due to potential races, we ended up working with local copies
of the Header and never using the parent class fields. ScudoChunk was never
constructed but cast, and we were using this as the pointer needed for our
computations. This was meh.

So we refactored ScudoChunk to be now a series of static functions within the
namespace __scudo::Chunk that take a "user" pointer as first parameter (former
this). A compiled binary doesn't really change, but the code is more sensible.

Clang tends to inline all those small function (in -O2), but GCC left a few not
inlined, so we add the INLINE keyword to all.

Since we don't have ScudoChunk pointers anymore, a few variables were renamed
here and there to introduce a clearer distinction between a user pointer
(usually Ptr) and a backend pointer (BackendPtr).

Diff Detail

Event Timeline

cryptoad created this revision.Dec 13 2017, 1:30 PM
Harbormaster completed remote builds in B13083: Diff 126828.Dec 13 2017, 1:30 PM
Herald added a subscriber: Restricted Project. · View Herald TranscriptDec 13 2017, 1:30 PM
alekseyshl accepted this revision.Dec 14 2017, 11:44 AM
This revision is now accepted and ready to land.Dec 14 2017, 11:44 AM
Closed by commit rCRT320745: [scudo] Refactor ScudoChunk (authored by cryptoad). · Explain WhyDec 14 2017, 1:33 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
lib/
scudo/
236 lines

Diff 126828

lib/scudo/scudo_allocator.cpp

Show First 20 LinesShow All 56 Lines▼ Show 20 Lines#else
for (uptr i = 0; i < ArraySize; i++) for (uptr i = 0; i < ArraySize; i++)
Crc = computeSoftwareCRC32(Crc, Array[i]); Crc = computeSoftwareCRC32(Crc, Array[i]);
return Crc; return Crc;
#endif // defined(__SSE4_2__) || defined(__ARM_FEATURE_CRC32) #endif // defined(__SSE4_2__) || defined(__ARM_FEATURE_CRC32)
} }
static ScudoBackendAllocator &getBackendAllocator(); static ScudoBackendAllocator &getBackendAllocator();
struct ScudoChunk : UnpackedHeader { namespace Chunk {
// We can't use the offset member of the chunk itself, as we would double // We can't use the offset member of the chunk itself, as we would double
// fetch it without any warranty that it wouldn't have been tampered. To // fetch it without any warranty that it wouldn't have been tampered. To
// prevent this, we work with a local copy of the header. // prevent this, we work with a local copy of the header.
void *getBackendPtr(UnpackedHeader *Header) { static INLINE void *getBackendPtr(const void *Ptr, UnpackedHeader *Header) {
return reinterpret_cast<void *>( return reinterpret_cast<void *>(reinterpret_cast<uptr>(Ptr) -
reinterpret_cast<uptr>(this) - (Header->Offset << MinAlignmentLog)); AlignedChunkHeaderSize -
(Header->Offset << MinAlignmentLog));
}
static INLINE AtomicPackedHeader *getAtomicHeader(void *Ptr) {
return reinterpret_cast<AtomicPackedHeader *>(reinterpret_cast<uptr>(Ptr) -
AlignedChunkHeaderSize);
}
static INLINE
const AtomicPackedHeader *getConstAtomicHeader(const void *Ptr) {
return reinterpret_cast<const AtomicPackedHeader *>(
reinterpret_cast<uptr>(Ptr) - AlignedChunkHeaderSize);
}
static INLINE bool isAligned(const void *Ptr) {
return IsAligned(reinterpret_cast<uptr>(Ptr), MinAlignment);
} }
// Returns the usable size for a chunk, meaning the amount of bytes from the // Returns the usable size for a chunk, meaning the amount of bytes from the
// beginning of the user data to the end of the backend allocated chunk. // beginning of the user data to the end of the backend allocated chunk.
uptr getUsableSize(UnpackedHeader *Header) { static INLINE uptr getUsableSize(const void *Ptr, UnpackedHeader *Header) {
const uptr Size = const uptr Size = getBackendAllocator().getActuallyAllocatedSize(
getBackendAllocator().getActuallyAllocatedSize(getBackendPtr(Header), getBackendPtr(Ptr, Header), Header->ClassId);
Header->ClassId);
if (Size == 0) if (Size == 0)
return 0; return 0;
return Size - AlignedChunkHeaderSize - (Header->Offset << MinAlignmentLog); return Size - AlignedChunkHeaderSize - (Header->Offset << MinAlignmentLog);
} }
// Compute the checksum of the Chunk pointer and its ChunkHeader. // Compute the checksum of the chunk pointer and its header.
u16 computeChecksum(UnpackedHeader *Header) const { static INLINE u16 computeChecksum(const void *Ptr, UnpackedHeader *Header) {
UnpackedHeader ZeroChecksumHeader = *Header; UnpackedHeader ZeroChecksumHeader = *Header;
ZeroChecksumHeader.Checksum = 0; ZeroChecksumHeader.Checksum = 0;
uptr HeaderHolder[sizeof(UnpackedHeader) / sizeof(uptr)]; uptr HeaderHolder[sizeof(UnpackedHeader) / sizeof(uptr)];
memcpy(&HeaderHolder, &ZeroChecksumHeader, sizeof(HeaderHolder)); memcpy(&HeaderHolder, &ZeroChecksumHeader, sizeof(HeaderHolder));
u32 Crc = computeCRC32(Cookie, reinterpret_cast<uptr>(this), HeaderHolder, const u32 Crc = computeCRC32(Cookie, reinterpret_cast<uptr>(Ptr),
ARRAY_SIZE(HeaderHolder)); HeaderHolder, ARRAY_SIZE(HeaderHolder));
return static_cast<u16>(Crc); return static_cast<u16>(Crc);
} }
// Checks the validity of a chunk by verifying its checksum. It doesn't // Checks the validity of a chunk by verifying its checksum. It doesn't
// incur termination in the event of an invalid chunk. // incur termination in the event of an invalid chunk.
bool isValid() { static INLINE bool isValid(const void *Ptr) {
UnpackedHeader NewUnpackedHeader; PackedHeader NewPackedHeader =
const AtomicPackedHeader *AtomicHeader = atomic_load_relaxed(getConstAtomicHeader(Ptr));
reinterpret_cast<const AtomicPackedHeader *>(this); UnpackedHeader NewUnpackedHeader =
PackedHeader NewPackedHeader = atomic_load_relaxed(AtomicHeader); bit_cast<UnpackedHeader>(NewPackedHeader);
NewUnpackedHeader = bit_cast<UnpackedHeader>(NewPackedHeader); return (NewUnpackedHeader.Checksum ==
return (NewUnpackedHeader.Checksum == computeChecksum(&NewUnpackedHeader)); computeChecksum(Ptr, &NewUnpackedHeader));
} }
// Nulls out a chunk header. When returning the chunk to the backend, there // Nulls out a chunk header. When returning the chunk to the backend, there
// is no need to store a valid ChunkAvailable header, as this would be // is no need to store a valid ChunkAvailable header, as this would be
// computationally expensive. Zeroing out serves the same purpose by making // computationally expensive. Zeroing out serves the same purpose by making
// the header invalid. In the extremely rare event where 0 would be a valid // the header invalid. In the extremely rare event where 0 would be a valid
// checksum for the chunk, the state of the chunk is ChunkAvailable anyway. // checksum for the chunk, the state of the chunk is ChunkAvailable anyway.
COMPILER_CHECK(ChunkAvailable == 0); COMPILER_CHECK(ChunkAvailable == 0);
void eraseHeader() { static INLINE void eraseHeader(void *Ptr) {
PackedHeader NullPackedHeader = 0; const PackedHeader NullPackedHeader = 0;
AtomicPackedHeader *AtomicHeader = atomic_store_relaxed(getAtomicHeader(Ptr), NullPackedHeader);
reinterpret_cast<AtomicPackedHeader *>(this);
atomic_store_relaxed(AtomicHeader, NullPackedHeader);
} }
// Loads and unpacks the header, verifying the checksum in the process. // Loads and unpacks the header, verifying the checksum in the process.
void loadHeader(UnpackedHeader *NewUnpackedHeader) const { static INLINE
const AtomicPackedHeader *AtomicHeader = void loadHeader(const void *Ptr, UnpackedHeader *NewUnpackedHeader) {
reinterpret_cast<const AtomicPackedHeader *>(this); PackedHeader NewPackedHeader =
PackedHeader NewPackedHeader = atomic_load_relaxed(AtomicHeader); atomic_load_relaxed(getConstAtomicHeader(Ptr));
*NewUnpackedHeader = bit_cast<UnpackedHeader>(NewPackedHeader); *NewUnpackedHeader = bit_cast<UnpackedHeader>(NewPackedHeader);
if (UNLIKELY(NewUnpackedHeader->Checksum != if (UNLIKELY(NewUnpackedHeader->Checksum !=
computeChecksum(NewUnpackedHeader))) { computeChecksum(Ptr, NewUnpackedHeader))) {
dieWithMessage("ERROR: corrupted chunk header at address %p\n", this); dieWithMessage("ERROR: corrupted chunk header at address %p\n", Ptr);
} }
} }
// Packs and stores the header, computing the checksum in the process. // Packs and stores the header, computing the checksum in the process.
void storeHeader(UnpackedHeader *NewUnpackedHeader) { static INLINE void storeHeader(void *Ptr, UnpackedHeader *NewUnpackedHeader) {
NewUnpackedHeader->Checksum = computeChecksum(NewUnpackedHeader); NewUnpackedHeader->Checksum = computeChecksum(Ptr, NewUnpackedHeader);
PackedHeader NewPackedHeader = bit_cast<PackedHeader>(*NewUnpackedHeader); PackedHeader NewPackedHeader = bit_cast<PackedHeader>(*NewUnpackedHeader);
AtomicPackedHeader *AtomicHeader = atomic_store_relaxed(getAtomicHeader(Ptr), NewPackedHeader);
reinterpret_cast<AtomicPackedHeader *>(this);
atomic_store_relaxed(AtomicHeader, NewPackedHeader);
} }
// Packs and stores the header, computing the checksum in the process. We // Packs and stores the header, computing the checksum in the process. We
// compare the current header with the expected provided one to ensure that // compare the current header with the expected provided one to ensure that
// we are not being raced by a corruption occurring in another thread. // we are not being raced by a corruption occurring in another thread.
void compareExchangeHeader(UnpackedHeader *NewUnpackedHeader, static INLINE void compareExchangeHeader(void *Ptr,
UnpackedHeader *NewUnpackedHeader,
UnpackedHeader *OldUnpackedHeader) { UnpackedHeader *OldUnpackedHeader) {
NewUnpackedHeader->Checksum = computeChecksum(NewUnpackedHeader); NewUnpackedHeader->Checksum = computeChecksum(Ptr, NewUnpackedHeader);
PackedHeader NewPackedHeader = bit_cast<PackedHeader>(*NewUnpackedHeader); PackedHeader NewPackedHeader = bit_cast<PackedHeader>(*NewUnpackedHeader);
PackedHeader OldPackedHeader = bit_cast<PackedHeader>(*OldUnpackedHeader); PackedHeader OldPackedHeader = bit_cast<PackedHeader>(*OldUnpackedHeader);
AtomicPackedHeader *AtomicHeader = if (UNLIKELY(!atomic_compare_exchange_strong(
reinterpret_cast<AtomicPackedHeader *>(this); getAtomicHeader(Ptr), &OldPackedHeader, NewPackedHeader,
if (UNLIKELY(!atomic_compare_exchange_strong(AtomicHeader,
&OldPackedHeader,
NewPackedHeader,
memory_order_relaxed))) { memory_order_relaxed))) {
dieWithMessage("ERROR: race on chunk header at address %p\n", this); dieWithMessage("ERROR: race on chunk header at address %p\n", Ptr);
}
} }
};
INLINE ScudoChunk *getScudoChunk(uptr UserBeg) {
return reinterpret_cast<ScudoChunk *>(UserBeg - AlignedChunkHeaderSize);
} }
} // namespace Chunk
struct QuarantineCallback { struct QuarantineCallback {
explicit QuarantineCallback(AllocatorCache *Cache) explicit QuarantineCallback(AllocatorCache *Cache)
: Cache_(Cache) {} : Cache_(Cache) {}
// Chunk recycling function, returns a quarantined chunk to the backend, // Chunk recycling function, returns a quarantined chunk to the backend,
// first making sure it hasn't been tampered with. // first making sure it hasn't been tampered with.
void Recycle(ScudoChunk *Chunk) { void Recycle(void *Ptr) {
UnpackedHeader Header; UnpackedHeader Header;
Chunk->loadHeader(&Header); Chunk::loadHeader(Ptr, &Header);
if (UNLIKELY(Header.State != ChunkQuarantine)) { if (UNLIKELY(Header.State != ChunkQuarantine)) {
dieWithMessage("ERROR: invalid chunk state when recycling address %p\n", dieWithMessage("ERROR: invalid chunk state when recycling address %p\n",
Chunk); Ptr);
} }
Chunk->eraseHeader(); Chunk::eraseHeader(Ptr);
void *Ptr = Chunk->getBackendPtr(&Header); void *BackendPtr = Chunk::getBackendPtr(Ptr, &Header);
if (Header.ClassId) if (Header.ClassId)
getBackendAllocator().deallocatePrimary(Cache_, Ptr, Header.ClassId); getBackendAllocator().deallocatePrimary(Cache_, BackendPtr,
Header.ClassId);
else else
getBackendAllocator().deallocateSecondary(Ptr); getBackendAllocator().deallocateSecondary(BackendPtr);
} }
// Internal quarantine allocation and deallocation functions. We first check // Internal quarantine allocation and deallocation functions. We first check
// that the batches are indeed serviced by the Primary. // that the batches are indeed serviced by the Primary.
// TODO(kostyak): figure out the best way to protect the batches. // TODO(kostyak): figure out the best way to protect the batches.
void *Allocate(uptr Size) { void *Allocate(uptr Size) {
return getBackendAllocator().allocatePrimary(Cache_, BatchClassId); return getBackendAllocator().allocatePrimary(Cache_, BatchClassId);
} }
void Deallocate(void *Ptr) { void Deallocate(void *Ptr) {
getBackendAllocator().deallocatePrimary(Cache_, Ptr, BatchClassId); getBackendAllocator().deallocatePrimary(Cache_, Ptr, BatchClassId);
} }
AllocatorCache *Cache_; AllocatorCache *Cache_;
COMPILER_CHECK(sizeof(QuarantineBatch) < SizeClassMap::kMaxSize); COMPILER_CHECK(sizeof(QuarantineBatch) < SizeClassMap::kMaxSize);
const uptr BatchClassId = SizeClassMap::ClassID(sizeof(QuarantineBatch)); const uptr BatchClassId = SizeClassMap::ClassID(sizeof(QuarantineBatch));
}; };
typedef Quarantine<QuarantineCallback, ScudoChunk> ScudoQuarantine; typedef Quarantine<QuarantineCallback, void> ScudoQuarantine;
typedef ScudoQuarantine::Cache ScudoQuarantineCache; typedef ScudoQuarantine::Cache ScudoQuarantineCache;
COMPILER_CHECK(sizeof(ScudoQuarantineCache) <= COMPILER_CHECK(sizeof(ScudoQuarantineCache) <=
sizeof(ScudoTSD::QuarantineCachePlaceHolder)); sizeof(ScudoTSD::QuarantineCachePlaceHolder));
ScudoQuarantineCache *getQuarantineCache(ScudoTSD *TSD) { ScudoQuarantineCache *getQuarantineCache(ScudoTSD *TSD) {
return reinterpret_cast<ScudoQuarantineCache *>( return reinterpret_cast<ScudoQuarantineCache *>(
TSD->QuarantineCachePlaceHolder); TSD->QuarantineCachePlaceHolder);
} }
▲ Show 20 LinesShow All 90 Lines▼ Show 20 Lines void init() {
} }
CheckRssLimit = HardRssLimitMb || SoftRssLimitMb; CheckRssLimit = HardRssLimitMb || SoftRssLimitMb;
if (CheckRssLimit) if (CheckRssLimit)
atomic_store_relaxed(&RssLastCheckedAtNS, MonotonicNanoTime()); atomic_store_relaxed(&RssLastCheckedAtNS, MonotonicNanoTime());
} }
// Helper function that checks for a valid Scudo chunk. nullptr isn't. // Helper function that checks for a valid Scudo chunk. nullptr isn't.
bool isValidPointer(const void *UserPtr) { bool isValidPointer(const void *Ptr) {
initThreadMaybe(); initThreadMaybe();
if (UNLIKELY(!UserPtr)) if (UNLIKELY(!Ptr))
return false; return false;
uptr UserBeg = reinterpret_cast<uptr>(UserPtr); if (!Chunk::isAligned(Ptr))
if (!IsAligned(UserBeg, MinAlignment))
return false; return false;
return getScudoChunk(UserBeg)->isValid(); return Chunk::isValid(Ptr);
} }
// Opportunistic RSS limit check. This will update the RSS limit status, if // Opportunistic RSS limit check. This will update the RSS limit status, if
// it can, every 100ms, otherwise it will just return the current one. // it can, every 100ms, otherwise it will just return the current one.
bool isRssLimitExceeded() { bool isRssLimitExceeded() {
u64 LastCheck = atomic_load_relaxed(&RssLastCheckedAtNS); u64 LastCheck = atomic_load_relaxed(&RssLastCheckedAtNS);
const u64 CurrentCheck = MonotonicNanoTime(); const u64 CurrentCheck = MonotonicNanoTime();
if (LIKELY(CurrentCheck < LastCheck + (100ULL * 1000000ULL))) if (LIKELY(CurrentCheck < LastCheck + (100ULL * 1000000ULL)))
▲ Show 20 LinesShow All 46 Lines▼ Show 20 Lines if (UNLIKELY(AlignedSize >= MaxAllowedMallocSize))
return FailureHandler::OnBadRequest(); return FailureHandler::OnBadRequest();
if (CheckRssLimit && UNLIKELY(isRssLimitExceeded())) if (CheckRssLimit && UNLIKELY(isRssLimitExceeded()))
return FailureHandler::OnOOM(); return FailureHandler::OnOOM();
// Primary and Secondary backed allocations have a different treatment. We // Primary and Secondary backed allocations have a different treatment. We
// deal with alignment requirements of Primary serviced allocations here, // deal with alignment requirements of Primary serviced allocations here,
// but the Secondary will take care of its own alignment needs. // but the Secondary will take care of its own alignment needs.
void *Ptr; void *BackendPtr;
uptr BackendSize;
u8 ClassId; u8 ClassId;
uptr AllocSize;
if (PrimaryAllocator::CanAllocate(AlignedSize, MinAlignment)) { if (PrimaryAllocator::CanAllocate(AlignedSize, MinAlignment)) {
AllocSize = AlignedSize; BackendSize = AlignedSize;
ClassId = SizeClassMap::ClassID(AllocSize); ClassId = SizeClassMap::ClassID(BackendSize);
ScudoTSD *TSD = getTSDAndLock(); ScudoTSD *TSD = getTSDAndLock();
Ptr = BackendAllocator.allocatePrimary(&TSD->Cache, ClassId); BackendPtr = BackendAllocator.allocatePrimary(&TSD->Cache, ClassId);
TSD->unlock(); TSD->unlock();
} else { } else {
AllocSize = NeededSize; BackendSize = NeededSize;
ClassId = 0; ClassId = 0;
Ptr = BackendAllocator.allocateSecondary(AllocSize, Alignment); BackendPtr = BackendAllocator.allocateSecondary(BackendSize, Alignment);
} }
if (UNLIKELY(!Ptr)) if (UNLIKELY(!BackendPtr))
return FailureHandler::OnOOM(); return FailureHandler::OnOOM();
// If requested, we will zero out the entire contents of the returned chunk. // If requested, we will zero out the entire contents of the returned chunk.
if ((ForceZeroContents || ZeroContents) && ClassId) if ((ForceZeroContents || ZeroContents) && ClassId)
memset(Ptr, 0, BackendAllocator.getActuallyAllocatedSize(Ptr, ClassId)); memset(BackendPtr, 0,
BackendAllocator.getActuallyAllocatedSize(BackendPtr, ClassId));
UnpackedHeader Header = {}; UnpackedHeader Header = {};
uptr BackendPtr = reinterpret_cast<uptr>(Ptr); uptr UserPtr = reinterpret_cast<uptr>(BackendPtr) + AlignedChunkHeaderSize;
uptr UserBeg = BackendPtr + AlignedChunkHeaderSize; if (UNLIKELY(!IsAligned(UserPtr, Alignment))) {
if (UNLIKELY(!IsAligned(UserBeg, Alignment))) {
// Since the Secondary takes care of alignment, a non-aligned pointer // Since the Secondary takes care of alignment, a non-aligned pointer
// means it is from the Primary. It is also the only case where the offset // means it is from the Primary. It is also the only case where the offset
// field of the header would be non-zero. // field of the header would be non-zero.
CHECK(ClassId); DCHECK(ClassId);
UserBeg = RoundUpTo(UserBeg, Alignment); const uptr AlignedUserPtr = RoundUpTo(UserPtr, Alignment);
uptr Offset = UserBeg - AlignedChunkHeaderSize - BackendPtr; Header.Offset = (AlignedUserPtr - UserPtr) >> MinAlignmentLog;
Header.Offset = Offset >> MinAlignmentLog; UserPtr = AlignedUserPtr;
} }
CHECK_LE(UserBeg + Size, BackendPtr + AllocSize); CHECK_LE(UserPtr + Size, reinterpret_cast<uptr>(BackendPtr) + BackendSize);
Header.State = ChunkAllocated; Header.State = ChunkAllocated;
Header.AllocType = Type; Header.AllocType = Type;
if (ClassId) { if (ClassId) {
Header.ClassId = ClassId; Header.ClassId = ClassId;
Header.SizeOrUnusedBytes = Size; Header.SizeOrUnusedBytes = Size;
} else { } else {
// The secondary fits the allocations to a page, so the amount of unused // The secondary fits the allocations to a page, so the amount of unused
// bytes is the difference between the end of the user allocation and the // bytes is the difference between the end of the user allocation and the
// next page boundary. // next page boundary.
const uptr PageSize = GetPageSizeCached(); const uptr PageSize = GetPageSizeCached();
const uptr TrailingBytes = (UserBeg + Size) & (PageSize - 1); const uptr TrailingBytes = (UserPtr + Size) & (PageSize - 1);
if (TrailingBytes) if (TrailingBytes)
Header.SizeOrUnusedBytes = PageSize - TrailingBytes; Header.SizeOrUnusedBytes = PageSize - TrailingBytes;
} }
getScudoChunk(UserBeg)->storeHeader(&Header); void *Ptr = reinterpret_cast<void *>(UserPtr);
void *UserPtr = reinterpret_cast<void *>(UserBeg); Chunk::storeHeader(Ptr, &Header);
// if (&__sanitizer_malloc_hook) __sanitizer_malloc_hook(UserPtr, Size); // if (&__sanitizer_malloc_hook) __sanitizer_malloc_hook(Ptr, Size);
return UserPtr; return Ptr;
} }
// Place a chunk in the quarantine or directly deallocate it in the event of // Place a chunk in the quarantine or directly deallocate it in the event of
// a zero-sized quarantine, or if the size of the chunk is greater than the // a zero-sized quarantine, or if the size of the chunk is greater than the
// quarantine chunk size threshold. // quarantine chunk size threshold.
void quarantineOrDeallocateChunk(ScudoChunk *Chunk, UnpackedHeader *Header, void quarantineOrDeallocateChunk(void *Ptr, UnpackedHeader *Header,
uptr Size) { uptr Size) {
const bool BypassQuarantine = (AllocatorQuarantine.GetCacheSize() == 0) || const bool BypassQuarantine = (AllocatorQuarantine.GetCacheSize() == 0) ||
(Size > QuarantineChunksUpToSize); (Size > QuarantineChunksUpToSize);
if (BypassQuarantine) { if (BypassQuarantine) {
Chunk->eraseHeader(); Chunk::eraseHeader(Ptr);
void *Ptr = Chunk->getBackendPtr(Header); void *BackendPtr = Chunk::getBackendPtr(Ptr, Header);
if (Header->ClassId) { if (Header->ClassId) {
ScudoTSD *TSD = getTSDAndLock(); ScudoTSD *TSD = getTSDAndLock();
getBackendAllocator().deallocatePrimary(&TSD->Cache, Ptr, getBackendAllocator().deallocatePrimary(&TSD->Cache, BackendPtr,
Header->ClassId); Header->ClassId);
TSD->unlock(); TSD->unlock();
} else { } else {
getBackendAllocator().deallocateSecondary(Ptr); getBackendAllocator().deallocateSecondary(BackendPtr);
} }
} else { } else {
// If a small memory amount was allocated with a larger alignment, we want // If a small memory amount was allocated with a larger alignment, we want
// to take that into account. Otherwise the Quarantine would be filled // to take that into account. Otherwise the Quarantine would be filled
// with tiny chunks, taking a lot of VA memory. This is an approximation // with tiny chunks, taking a lot of VA memory. This is an approximation
// of the usable size, that allows us to not call // of the usable size, that allows us to not call
// GetActuallyAllocatedSize. // GetActuallyAllocatedSize.
uptr EstimatedSize = Size + (Header->Offset << MinAlignmentLog); uptr EstimatedSize = Size + (Header->Offset << MinAlignmentLog);
UnpackedHeader NewHeader = *Header; UnpackedHeader NewHeader = *Header;
NewHeader.State = ChunkQuarantine; NewHeader.State = ChunkQuarantine;
Chunk->compareExchangeHeader(&NewHeader, Header); Chunk::compareExchangeHeader(Ptr, &NewHeader, Header);
ScudoTSD *TSD = getTSDAndLock(); ScudoTSD *TSD = getTSDAndLock();
AllocatorQuarantine.Put(getQuarantineCache(TSD), AllocatorQuarantine.Put(getQuarantineCache(TSD),
QuarantineCallback(&TSD->Cache), QuarantineCallback(&TSD->Cache), Ptr,
Chunk, EstimatedSize); EstimatedSize);
TSD->unlock(); TSD->unlock();
} }
} }
// Deallocates a Chunk, which means adding it to the delayed free list (or // Deallocates a Chunk, which means either adding it to the quarantine or
// Quarantine). // directly returning it to the backend if criteria are met.
void deallocate(void *UserPtr, uptr DeleteSize, AllocType Type) { void deallocate(void *Ptr, uptr DeleteSize, AllocType Type) {
// For a deallocation, we only ensure minimal initialization, meaning thread // For a deallocation, we only ensure minimal initialization, meaning thread
// local data will be left uninitialized for now (when using ELF TLS). The // local data will be left uninitialized for now (when using ELF TLS). The
// fallback cache will be used instead. This is a workaround for a situation // fallback cache will be used instead. This is a workaround for a situation
// where the only heap operation performed in a thread would be a free past // where the only heap operation performed in a thread would be a free past
// the TLS destructors, ending up in initialized thread specific data never // the TLS destructors, ending up in initialized thread specific data never
// being destroyed properly. Any other heap operation will do a full init. // being destroyed properly. Any other heap operation will do a full init.
initThreadMaybe(/*MinimalInit=*/true); initThreadMaybe(/*MinimalInit=*/true);
// if (&__sanitizer_free_hook) __sanitizer_free_hook(UserPtr); // if (&__sanitizer_free_hook) __sanitizer_free_hook(Ptr);
if (UNLIKELY(!UserPtr)) if (UNLIKELY(!Ptr))
return; return;
uptr UserBeg = reinterpret_cast<uptr>(UserPtr); if (UNLIKELY(!Chunk::isAligned(Ptr))) {
if (UNLIKELY(!IsAligned(UserBeg, MinAlignment))) {
dieWithMessage("ERROR: attempted to deallocate a chunk not properly " dieWithMessage("ERROR: attempted to deallocate a chunk not properly "
"aligned at address %p\n", UserPtr); "aligned at address %p\n", Ptr);
} }
ScudoChunk *Chunk = getScudoChunk(UserBeg);
UnpackedHeader Header; UnpackedHeader Header;
Chunk->loadHeader(&Header); Chunk::loadHeader(Ptr, &Header);
if (UNLIKELY(Header.State != ChunkAllocated)) { if (UNLIKELY(Header.State != ChunkAllocated)) {
dieWithMessage("ERROR: invalid chunk state when deallocating address " dieWithMessage("ERROR: invalid chunk state when deallocating address "
"%p\n", UserPtr); "%p\n", Ptr);
} }
if (DeallocationTypeMismatch) { if (DeallocationTypeMismatch) {
// The deallocation type has to match the allocation one. // The deallocation type has to match the allocation one.
if (Header.AllocType != Type) { if (Header.AllocType != Type) {
// With the exception of memalign'd Chunks, that can be still be free'd. // With the exception of memalign'd Chunks, that can be still be free'd.
if (Header.AllocType != FromMemalign || Type != FromMalloc) { if (Header.AllocType != FromMemalign || Type != FromMalloc) {
dieWithMessage("ERROR: allocation type mismatch when deallocating " dieWithMessage("ERROR: allocation type mismatch when deallocating "
"address %p\n", UserPtr); "address %p\n", Ptr);
} }
} }
} }
uptr Size = Header.ClassId ? Header.SizeOrUnusedBytes : uptr Size = Header.ClassId ? Header.SizeOrUnusedBytes :
Chunk->getUsableSize(&Header) - Header.SizeOrUnusedBytes; Chunk::getUsableSize(Ptr, &Header) - Header.SizeOrUnusedBytes;
if (DeleteSizeMismatch) { if (DeleteSizeMismatch) {
if (DeleteSize && DeleteSize != Size) { if (DeleteSize && DeleteSize != Size) {
dieWithMessage("ERROR: invalid sized delete on chunk at address %p\n", dieWithMessage("ERROR: invalid sized delete on chunk at address %p\n",
UserPtr); Ptr);
} }
} }
quarantineOrDeallocateChunk(Chunk, &Header, Size); quarantineOrDeallocateChunk(Ptr, &Header, Size);
} }
// Reallocates a chunk. We can save on a new allocation if the new requested // Reallocates a chunk. We can save on a new allocation if the new requested
// size still fits in the chunk. // size still fits in the chunk.
void *reallocate(void *OldPtr, uptr NewSize) { void *reallocate(void *OldPtr, uptr NewSize) {
initThreadMaybe(); initThreadMaybe();
uptr UserBeg = reinterpret_cast<uptr>(OldPtr); if (UNLIKELY(!Chunk::isAligned(OldPtr))) {
if (UNLIKELY(!IsAligned(UserBeg, MinAlignment))) {
dieWithMessage("ERROR: attempted to reallocate a chunk not properly " dieWithMessage("ERROR: attempted to reallocate a chunk not properly "
"aligned at address %p\n", OldPtr); "aligned at address %p\n", OldPtr);
} }
ScudoChunk *Chunk = getScudoChunk(UserBeg);
UnpackedHeader OldHeader; UnpackedHeader OldHeader;
Chunk->loadHeader(&OldHeader); Chunk::loadHeader(OldPtr, &OldHeader);
if (UNLIKELY(OldHeader.State != ChunkAllocated)) { if (UNLIKELY(OldHeader.State != ChunkAllocated)) {
dieWithMessage("ERROR: invalid chunk state when reallocating address " dieWithMessage("ERROR: invalid chunk state when reallocating address "
"%p\n", OldPtr); "%p\n", OldPtr);
} }
if (DeallocationTypeMismatch) { if (DeallocationTypeMismatch) {
if (UNLIKELY(OldHeader.AllocType != FromMalloc)) { if (UNLIKELY(OldHeader.AllocType != FromMalloc)) {
dieWithMessage("ERROR: allocation type mismatch when reallocating " dieWithMessage("ERROR: allocation type mismatch when reallocating "
"address %p\n", OldPtr); "address %p\n", OldPtr);
} }
} }
uptr UsableSize = Chunk->getUsableSize(&OldHeader); const uptr UsableSize = Chunk::getUsableSize(OldPtr, &OldHeader);
// The new size still fits in the current chunk, and the size difference // The new size still fits in the current chunk, and the size difference
// is reasonable. // is reasonable.
if (NewSize <= UsableSize && if (NewSize <= UsableSize &&
(UsableSize - NewSize) < (SizeClassMap::kMaxSize / 2)) { (UsableSize - NewSize) < (SizeClassMap::kMaxSize / 2)) {
UnpackedHeader NewHeader = OldHeader; UnpackedHeader NewHeader = OldHeader;
NewHeader.SizeOrUnusedBytes = NewHeader.SizeOrUnusedBytes =
OldHeader.ClassId ? NewSize : UsableSize - NewSize; OldHeader.ClassId ? NewSize : UsableSize - NewSize;
Chunk->compareExchangeHeader(&NewHeader, &OldHeader); Chunk::compareExchangeHeader(OldPtr, &NewHeader, &OldHeader);
return OldPtr; return OldPtr;
} }
// Otherwise, we have to allocate a new chunk and copy the contents of the // Otherwise, we have to allocate a new chunk and copy the contents of the
// old one. // old one.
void *NewPtr = allocate(NewSize, MinAlignment, FromMalloc); void *NewPtr = allocate(NewSize, MinAlignment, FromMalloc);
if (NewPtr) { if (NewPtr) {
uptr OldSize = OldHeader.ClassId ? OldHeader.SizeOrUnusedBytes : uptr OldSize = OldHeader.ClassId ? OldHeader.SizeOrUnusedBytes :
UsableSize - OldHeader.SizeOrUnusedBytes; UsableSize - OldHeader.SizeOrUnusedBytes;
memcpy(NewPtr, OldPtr, Min(NewSize, UsableSize)); memcpy(NewPtr, OldPtr, Min(NewSize, UsableSize));
quarantineOrDeallocateChunk(Chunk, &OldHeader, OldSize); quarantineOrDeallocateChunk(OldPtr, &OldHeader, OldSize);
} }
return NewPtr; return NewPtr;
} }
// Helper function that returns the actual usable size of a chunk. // Helper function that returns the actual usable size of a chunk.
uptr getUsableSize(const void *Ptr) { uptr getUsableSize(const void *Ptr) {
initThreadMaybe(); initThreadMaybe();
if (UNLIKELY(!Ptr)) if (UNLIKELY(!Ptr))
return 0; return 0;
uptr UserBeg = reinterpret_cast<uptr>(Ptr);
ScudoChunk *Chunk = getScudoChunk(UserBeg);
UnpackedHeader Header; UnpackedHeader Header;
Chunk->loadHeader(&Header); Chunk::loadHeader(Ptr, &Header);
// Getting the usable size of a chunk only makes sense if it's allocated. // Getting the usable size of a chunk only makes sense if it's allocated.
if (UNLIKELY(Header.State != ChunkAllocated)) { if (UNLIKELY(Header.State != ChunkAllocated)) {
dieWithMessage("ERROR: invalid chunk state when sizing address %p\n", dieWithMessage("ERROR: invalid chunk state when sizing address %p\n",
Ptr); Ptr);
} }
return Chunk->getUsableSize(&Header); return Chunk::getUsableSize(Ptr, &Header);
} }
void *calloc(uptr NMemB, uptr Size) { void *calloc(uptr NMemB, uptr Size) {
initThreadMaybe(); initThreadMaybe();
if (UNLIKELY(CheckForCallocOverflow(NMemB, Size))) if (UNLIKELY(CheckForCallocOverflow(NMemB, Size)))
return FailureHandler::OnBadRequest(); return FailureHandler::OnBadRequest();
return allocate(NMemB * Size, MinAlignment, FromMalloc, true); return allocate(NMemB * Size, MinAlignment, FromMalloc, true);
} }
▲ Show 20 LinesShow All 165 LinesShow Last 20 Lines