Mark Johnston 9f9c9b22ec Reimplement brk() and sbrk() to avoid the use of _end.
Previously, libc.so would initialize its notion of the break address
using _end, a special symbol emitted by the static linker following
the bss section.  Compatibility issues between lld and ld.bfd could
cause the wrong definition of _end (libc.so's definition rather than
that of the executable) to be used, breaking the brk()/sbrk()
interface.

Avoid this problem and future interoperability issues by simply not
relying on _end.  Instead, modify the break() system call to return
the kernel's view of the current break address, and have libc
initialize its state using an extra syscall upon the first use of the
interface.  As a side effect, this appears to fix brk()/sbrk() usage
in executables run with rtld direct exec, since the kernel and libc.so
no longer maintain separate views of the process' break address.

PR:		228574
Reviewed by:	kib (previous version)
MFC after:	2 months
Differential Revision:	https://reviews.freebsd.org/D15663
2018-06-04 19:35:15 +00:00

191 lines
4.7 KiB
Groff

.\" Copyright (c) 1980, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. Neither the name of the University nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" @(#)brk.2 8.4 (Berkeley) 5/1/95
.\" $FreeBSD$
.\"
.Dd June 2, 2018
.Dt BRK 2
.Os
.Sh NAME
.Nm brk ,
.Nm sbrk
.Nd change data segment size
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In unistd.h
.Ft int
.Fn brk "const void *addr"
.Ft void *
.Fn sbrk "intptr_t incr"
.Sh DESCRIPTION
.Bf -symbolic
The
.Fn brk
and
.Fn sbrk
functions are legacy interfaces from before the
advent of modern virtual memory management.
They are deprecated and not present on the arm64 or riscv architectures.
The
.Xr mmap 2
interface should be used to allocate pages instead.
.Ef
.Pp
The
.Fn brk
and
.Fn sbrk
functions are used to change the amount of memory allocated in a
process's data segment.
They do this by moving the location of the
.Dq break .
The break is the first address after the end of the process's
uninitialized data segment (also known as the
.Dq BSS ) .
.Pp
The
.Fn brk
function
sets the break to
.Fa addr .
.Pp
The
.Fn sbrk
function raises the break by
.Fa incr
bytes, thus allocating at least
.Fa incr
bytes of new memory in the data segment.
If
.Fa incr
is negative,
the break is lowered by
.Fa incr
bytes.
.Sh NOTES
While the actual process data segment size maintained by the kernel will only
grow or shrink in page sizes, these functions allow setting the break
to unaligned values (i.e., it may point to any address inside the last
page of the data segment).
.Pp
The current value of the program break may be determined by calling
.Fn sbrk 0 .
See also
.Xr end 3 .
.Pp
The
.Xr getrlimit 2
system call may be used to determine
the maximum permissible size of the
data segment.
It will not be possible to set the break
beyond
.Dq Va etext No + Va rlim.rlim_max
where the
.Va rlim.rlim_max
value is returned from a call to
.Fn getrlimit RLIMIT_DATA &rlim .
(See
.Xr end 3
for the definition of
.Va etext ) .
.Sh RETURN VALUES
.Rv -std brk
.Pp
The
.Fn sbrk
function returns the prior break value if successful;
otherwise the value
.Po Vt "void *" Pc Ns \-1
is returned and the global variable
.Va errno
is set to indicate the error.
.Sh ERRORS
The
.Fn brk
and
.Fn sbrk
functions
will fail if:
.Bl -tag -width Er
.It Bq Er EINVAL
The requested break value was beyond the beginning of the data segment.
.It Bq Er ENOMEM
The data segment size limit, as set by
.Xr setrlimit 2 ,
was exceeded.
.It Bq Er ENOMEM
Insufficient space existed in the swap area
to support the expansion of the data segment.
.El
.Sh SEE ALSO
.Xr execve 2 ,
.Xr getrlimit 2 ,
.Xr mmap 2 ,
.Xr end 3 ,
.Xr free 3 ,
.Xr malloc 3
.Sh HISTORY
The
.Fn brk
function appeared in
.At v7 .
.Fx 11.0
introduced the arm64 and riscv architectures which do not support
.Fn brk
or
.Fn sbrk .
.Sh BUGS
Mixing
.Fn brk
or
.Fn sbrk
with
.Xr malloc 3 ,
.Xr free 3 ,
or similar functions will result in non-portable program behavior.
.Pp
Setting the break may fail due to a temporary lack of
swap space.
It is not possible to distinguish this
from a failure caused by exceeding the maximum size of
the data segment without consulting
.Xr getrlimit 2 .
.Pp
.Fn sbrk
is sometimes used to monitor heap use by calling with an argument of 0.
The result is unlikely to reflect actual utilization in combination with an
.Xr mmap 2
based malloc.
.Pp
.Fn brk
and
.Fn sbrk
are not thread-safe.