Fincer
/
openntpd-openbsd
mirror of https://github.com/Fincer/openntpd-openbsd
1
0
Fork 0
Code Issues 0 Projects 0 Releases 61 Wiki Activity
Browse Source

Remove mprotecting of struct dir_info introduced in previous commit 

(MALLOC_OPTIONS=L). It was too slow to turn on by default, and we
don't do optional security.
requested by deraadt@ grumbling ok otto@
OPENBSD_4_5
djm 16 years ago
parent
b1b6e37e4e
commit
d835fe24d1
2 changed files with 4 additions and 46 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +2
    -9
      src/lib/libc/stdlib/malloc.3
  2. +2
    -37
      src/lib/libc/stdlib/malloc.c

+ 2
- 9
src/lib/libc/stdlib/malloc.3 View File

@ -30,9 +30,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $OpenBSD: malloc.3,v 1.59 2008/12/29 22:25:50 djm Exp $
.\" $OpenBSD: malloc.3,v 1.60 2008/12/30 07:44:51 djm Exp $
.\"
.Dd $Mdocdate: December 29 2008 $
.Dd $Mdocdate: December 30 2008 $
.Dt MALLOC 3
.Os
.Sh NAME
@ -249,13 +249,6 @@ Currently junk is bytes of 0xd0 when allocating; this is pronounced
.Dq Duh .
\&:-)
Freed chunks are filled with 0xdf.
.It Cm L
.Dq Lock .
Lock critical data structures using
.Xr mprotect 2
to protect against modification except by
.Nm
and related routines.
.It Cm P
.Dq Move allocations within a page.
Allocations larger than half a page but smaller than a page


+ 2
- 37
src/lib/libc/stdlib/malloc.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: malloc.c,v 1.112 2008/12/29 22:25:50 djm Exp $ */
/* $OpenBSD: malloc.c,v 1.113 2008/12/30 07:44:51 djm Exp $ */
/*
* Copyright (c) 2008 Otto Moerbeek <otto@drijf.net>
*
@ -88,23 +88,6 @@
#define MMAPA(a,sz) mmap((a), (size_t)(sz), PROT_READ | PROT_WRITE, \
MAP_ANON | MAP_PRIVATE, -1, (off_t) 0)
/* Protect and unprotect g_pool structure as we enter/exit the allocator */
#define DIR_INFO_RSZ ((sizeof(struct dir_info) + PAGE_MASK) & ~PAGE_MASK)
#define PROTECT_G_POOL() \
do { \
if (g_pool != NULL && mopts.malloc_poolprot) { \
mprotect((void *)((uintptr_t)g_pool & ~PAGE_MASK), \
DIR_INFO_RSZ, PROT_NONE); \
} \
} while (0)
#define UNPROTECT_G_POOL() \
do { \
if (g_pool != NULL && mopts.malloc_poolprot) { \
mprotect((void *)((uintptr_t)g_pool & ~PAGE_MASK), \
DIR_INFO_RSZ, PROT_READ | PROT_WRITE); \
} \
} while (0)
struct region_info {
void *p; /* page; low bits used to mark chunks */
uintptr_t size; /* size for pages, or chunk_info pointer */
@ -142,7 +125,7 @@ struct dir_info {
#endif /* MALLOC_STATS */
u_int32_t canary2;
};
#define DIR_INFO_RSZ ((sizeof(struct dir_info) + PAGE_MASK) & ~PAGE_MASK)
/*
* This structure describes a page worth of chunks.
@ -165,7 +148,6 @@ struct chunk_info {
struct malloc_readonly {
struct dir_info *g_pool; /* Main bookkeeping information */
int malloc_abort; /* abort() on error */
int malloc_poolprot; /* mprotect heap PROT_NONE? */
int malloc_freeprot; /* mprotect free pages PROT_NONE? */
int malloc_hint; /* call madvice on free pages? */
int malloc_junk; /* junk fill? */
@ -653,12 +635,6 @@ omalloc_init(struct dir_info **dp)
case 'J':
mopts.malloc_junk = 1;
break;
case 'l':
mopts.malloc_poolprot = 0;
break;
case 'L':
mopts.malloc_poolprot = 1;
break;
case 'n':
case 'N':
break;
@ -1214,7 +1190,6 @@ malloc_recurse(void)
wrterror("recursive call");
}
malloc_active--;
PROTECT_G_POOL();
_MALLOC_UNLOCK();
errno = EDEADLK;
}
@ -1223,7 +1198,6 @@ static void
malloc_global_corrupt(void)
{
wrterror("global malloc data corrupt");
PROTECT_G_POOL();
_MALLOC_UNLOCK();
errno = EINVAL;
}
@ -1248,7 +1222,6 @@ malloc(size_t size)
int saved_errno = errno;
_MALLOC_LOCK();
UNPROTECT_G_POOL();
malloc_func = " in malloc():";
if (g_pool == NULL) {
if (malloc_init() != 0)
@ -1260,7 +1233,6 @@ malloc(size_t size)
}
r = omalloc(size, mopts.malloc_zero);
malloc_active--;
PROTECT_G_POOL();
_MALLOC_UNLOCK();
if (r == NULL && mopts.malloc_xmalloc) {
wrterror("out of memory");
@ -1349,7 +1321,6 @@ free(void *ptr)
return;
_MALLOC_LOCK();
UNPROTECT_G_POOL();
malloc_func = " in free():";
if (g_pool == NULL) {
_MALLOC_UNLOCK();
@ -1362,7 +1333,6 @@ free(void *ptr)
}
ofree(ptr);
malloc_active--;
PROTECT_G_POOL();
_MALLOC_UNLOCK();
errno = saved_errno;
}
@ -1466,7 +1436,6 @@ realloc(void *ptr, size_t size)
int saved_errno = errno;
_MALLOC_LOCK();
UNPROTECT_G_POOL();
malloc_func = " in realloc():";
if (g_pool == NULL) {
if (malloc_init() != 0)
@ -1479,7 +1448,6 @@ realloc(void *ptr, size_t size)
r = orealloc(ptr, size);
malloc_active--;
PROTECT_G_POOL();
_MALLOC_UNLOCK();
if (r == NULL && mopts.malloc_xmalloc) {
wrterror("out of memory");
@ -1500,7 +1468,6 @@ calloc(size_t nmemb, size_t size)
int saved_errno = errno;
_MALLOC_LOCK();
UNPROTECT_G_POOL();
malloc_func = " in calloc():";
if (g_pool == NULL) {
if (malloc_init() != 0)
@ -1508,7 +1475,6 @@ calloc(size_t nmemb, size_t size)
}
if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
nmemb > 0 && SIZE_MAX / nmemb < size) {
PROTECT_G_POOL();
_MALLOC_UNLOCK();
if (mopts.malloc_xmalloc)
wrterror("out of memory");
@ -1525,7 +1491,6 @@ calloc(size_t nmemb, size_t size)
r = omalloc(size, 1);
malloc_active--;
PROTECT_G_POOL();
_MALLOC_UNLOCK();
if (r == NULL && mopts.malloc_xmalloc) {
wrterror("out of memory");


Write Preview
Loading…
Cancel
Save