Commit Graph

588 Commits

Author SHA1 Message Date
ru
27e53e835a Don't forget to free() currency_symbol and asciivalue when multiple
conversion specifiers for them are present.

Submitted by:	Maxim Dounin <mdounin@mdounin.ru>
Obtained from:	NetBSD (partially)
MFC after:	3 days
2008-04-19 07:22:58 +00:00
ru
b15775c48a Better strfmon(3) conversion specifiers sanity checking.
There were no checks for left and right precisions at all, and
a check for field width had integer overflow bug.

Reported by:	Maksymilian Arciemowicz
Security:	http://securityreason.com/achievement_securityalert/53
Submitted by:	Maxim Dounin <mdounin@mdounin.ru>
MFC after:	3 days
2008-04-19 07:18:22 +00:00
delphij
b612c0d58d Use calloc() instaed of zeroing memory ourselves. 2008-04-13 08:05:08 +00:00
jasone
423cb10cb4 Remove stale #include <machine/atomic.h>, which as needed by lazy
deallocation.
2008-03-07 16:54:03 +00:00
scf
7ee4756ce9 Replace the use of warnx() with direct output to stderr using _write().
This reduces the size of a statically-linked binary by approximately 100KB
in a trivial "return (0)" test application.  readelf -S was used to verify
that the .text section was reduced and that using strlen() saved a few
more bytes over using sizeof().  Since the section of code is only called
when environ is corrupt (program bug), I went with fewer bytes over fewer
cycles.

I made minor edits to the submitted patch to make the output resemble
warnx().

Submitted by:	kib bz
Approved by:	wes (mentor)
MFC after:	5 days
2008-02-28 04:09:08 +00:00
jasone
2bc29a1530 Fix a race condition in arena_ralloc() for shrinking in-place large
reallocation, when junk filling is enabled.  Junk filling must occur
prior to shrinking, since any deallocated trailing pages are immediately
available for use by other threads.

Reported by:	Mats Palmgren <mats.palmgren@bredband.net>
2008-02-17 18:34:17 +00:00
jasone
b08b976e68 Remove support for lazy deallocation. Benchmarks across a wide range of
allocation patterns, number of CPUs, and MALLOC_OPTIONS settings indicate
that lazy deallocation has the potential to worsen throughput dramatically.
Performance degradation occurs when multiple threads try to clear the lazy
free cache simultaneously.  Various experiments to avoid this bottleneck
failed to completely solve this problem, while adding yet more complexity.
2008-02-17 17:09:24 +00:00
jasone
f6ce9fe601 Fix a bug in lazy deallocation that was introduced when
arena_dalloc_lazy_hard() was split out of arena_dalloc_lazy() in revision
1.162.

Reduce thundering herd problems in lazy deallocation by randomly varying
how many probes a thread does before taking the slow path.
2008-02-08 08:02:34 +00:00
jasone
c614695539 Clean up manipulation of chunk page map elements to remove some tenuous
assumptions about whether bits are set at various times.  This makes
adding other flags safe.

Reorganize functions in order to inline i{m,c,p,s,re}alloc().  This
allows the entire fast-path call chains for malloc() and free() to be
inlined. [1]

Suggested by:	[1] Stuart Parmenter <stuart@mozilla.com>
2008-02-08 00:35:56 +00:00
jasone
44c343f8fa Track dirty unused pages so that they can be purged if they exceed a
threshold, according to the 'F' MALLOC_OPTIONS flag.  This obsoletes the
'H' flag.

Try to realloc() large objects in place.  This substantially speeds up
incremental large reallocations in the common case.

Fix a bug in arena_ralloc() that caused relocation of sub-page objects
even if the old and new sizes were in the same size class.

Maintain trees of runs and simplify the per-chunk page map.  This allows
logarithmic-time searching for sufficiently large runs in
arena_run_alloc(), whereas the previous algorithm required linear time
in the worst case.

Break various large functions into smaller sub-functions, and inline
only the functions that are in the fast path for small object
allocation/deallocation.

Remove an unnecessary check in base_pages_alloc_mmap().

Avoid integer division in choose_arena() for the NO_TLS case on
single-CPU systems.
2008-02-06 02:59:54 +00:00
jhb
184b0a421c Remove some now-unused macros.
MFC after:	1 week
2008-01-15 18:55:52 +00:00
jhb
c02890da0b Put back the openpty(3) and ptsname(3) fixes but don't disable ptsname(3)
on pts(4) devices this time.  This fixes the issues while leaving pts(4)
enabled on HEAD.
2008-01-15 15:36:23 +00:00
cperciva
2f49f42d98 Back out last commit, since it accidentally broke pts.
The security fix will be re-committed soon, hopefully without breaking
anything.
2008-01-15 13:59:13 +00:00
cperciva
533f13b8b2 Fix issues which allow snooping on ptys. [08:01]
Fix an off-by-one error in inet_network(3). [08:02]

Security: FreeBSD-SA-08:01.pty
Security: FreeBSD-SA-08:02.libc
2008-01-14 22:56:05 +00:00
das
00c36da743 Changing 'r' to a size_t in the previous commit turned quicksort
into slowsort for some sequences because different parts of the
code used 'r' to store two different things, one of which was
signed. Clean things up by splitting 'r' into two variables, and
use a more meaningful name.
2008-01-14 09:21:34 +00:00
das
1daf1db8d4 Use size_t to avoid overflow when sorting arrays larger than 2 GB.
PR:		111085
MFC after:	2 weeks
2008-01-13 02:11:10 +00:00
jasone
6aea4f4c16 Enable both sbrk(2)- and mmap(2)-based memory acquisition methods by
default.  This has the disadvantage of rendering the datasize resource
limit irrelevant, but without this change, legitimate uses of more
memory than will fit in the data segment are thwarted by default.

Fix chunk_alloc_mmap() to work correctly if initial mapping is not
chunk-aligned and mapping extension fails.
2008-01-03 23:22:13 +00:00
jasone
573b21b457 Fix a major chunk-related memory leak in chunk_dealloc_dss_record(). [1]
Clean up DSS-related locking and protect all pertinent variables with
dss_mtx (remove dss_chunks_mtx).  This fixes race conditions that could
cause chunk leaks.

Reported by:	[1] kris
2007-12-31 06:19:48 +00:00
jasone
1f55b95c0b Fix a bug related to sbrk() calls that could cause address space leaks.
This is a long-standing bug, but until recent changes it was difficult
to trigger, and even then its impact was non-catastrophic, with the
exception of revision 1.157.

Optimize chunk_alloc_mmap() to avoid the need for unmapping pages in the
common case.  Thanks go to Kris Kennaway for a patch that inspired this
change.

Do not maintain a record of previously mmap'ed chunk address ranges.
The original intent was to avoid the extra system call overhead in
chunk_alloc_mmap(), which is no longer a concern.  This also allows some
simplifications for the tree of unused DSS chunks.

Introduce huge_mtx and dss_chunks_mtx to replace chunks_mtx.  There was
no compelling reason to use the same mutex for these disjoint purposes.

Avoid memset() for huge allocations when possible.

Maintain two trees instead of one for tracking unused DSS address
ranges.  This allows scalable allocation of multi-chunk huge objects in
the DSS.  Previously, multi-chunk huge allocation requests failed if the
DSS could not be extended.
2007-12-31 00:59:16 +00:00
jasone
138c627354 Back out premature commit of previous version. 2007-12-28 09:21:12 +00:00
jasone
c907683663 Maintain two trees instead of one (old_chunks --> old_chunks_{ad,szad}) in
order to support re-use of multi-chunk unused regions within the DSS for
huge allocations.  This generalization is important to correct function
when mmap-based allocation is disabled.

Avoid zeroing re-used memory in the DSS unless it really needs to be
zeroed.
2007-12-28 07:24:19 +00:00
jasone
93c7f7517b Release chunks_mtx for all paths through chunk_dealloc().
Reported by:	kris
2007-12-28 02:15:08 +00:00
jasone
15ff969441 Add the 'D' and 'M' run time options, and use them to control whether
memory is acquired from the system via sbrk(2) and/or mmap(2).  By default,
use sbrk(2) only, in order to support traditional use of resource limits.
Additionally, when both options are enabled, prefer the data segment to
anonymous mappings, in order to coexist better with large file mappings
in applications on 32-bit platforms.  This change has the potential to
increase memory fragmentation due to the linear nature of the data
segment, but from a performance perspective this is mitigated by the use
of madvise(2). [1]

Add the ability to interpret integer prefixes in MALLOC_OPTIONS
processing.  For example, MALLOC_OPTIONS=lllllllll can now be specified as
MALLOC_OPTIONS=9l.

Reported by:	[1] rwatson
Design review:	[1] alc, peter, rwatson
2007-12-27 23:29:44 +00:00
jhb
590aeb53cc Clean up some of the pts(4) vs pty(4) stuff in grantpt(3) and friends:
- Use PTY* for all pty(4) related constants.
- Use PTMX* for all pts(4) related constants.
- Consistently use _PATH_DEV PTMX rather than "/dev/ptmx".
- Revert 1.7 and properly fix it by using the correct prefix string for
  pts(4) masters.

MFC after:	3 days
2007-12-21 21:26:08 +00:00
jasone
b720912697 Use fixed point integer math instead of floating point math when
calculating run sizes.  Use of the floating point unit was a potential
pessimization to context switching for applications that do not otherwise
use floating point math. [1]

Reformat cpp macro-related comments to improve consistency.

Submitted by:	das
2007-12-18 05:27:57 +00:00
jasone
65edaae0a7 Refactor features a bit in order to make it possible to disable lazy
deallocation and dynamic load balancing via the MALLOC_LAZY_FREE and
MALLOC_BALANCE knobs.  This is a non-functional change, since these
features are still enabled when possible.

Clean up a few things that more pedantic compiler settings would cause
complaints over.
2007-12-17 01:20:04 +00:00
das
bb384eba43 Implement and document nan(), nanf(), and nanl(). This commit
adds two new directories in msun: ld80 and ld128. These are for
long double functions specific to the 80-bit long double format
used on x86-derived architectures, and the 128-bit format used on
sparc64, respectively.
2007-12-16 21:19:28 +00:00
jhb
4a8d2d68f1 Update posix_openpt(3) to handle 512 ptys. This was missed in the earlier
pty(4) changes.

MFC after:	3 days
2007-12-13 00:08:59 +00:00
ache
7ec3418f8e Fix typo in the comment 2007-12-11 20:39:32 +00:00
jasone
f7cf554c6b Only zero large allocations when necessary (for calloc()). 2007-11-28 00:17:34 +00:00
jasone
afb1c25b9f Document the B and L MALLOC_OPTIONS. 2007-11-27 03:18:26 +00:00
jasone
4db288d2b3 Implement dynamic load balancing of thread-->arena mapping, based on lock
contention.  The intent is to dynamically adjust to load imbalances, which
can cause severe contention.

Use pthread mutexes where possible instead of libc "spinlocks" (they aren't
actually spin locks).  Conceptually, this change is meant only to support
the dynamic load balancing code by enabling the use of spin locks, but it
has the added apparent benefit of substantially improving performance due to
reduced context switches when there is moderate arena lock contention.

Proper tuning parameter configuration for this change is a finicky business,
and it is very much machine-dependent.  One seemingly promising solution
would be to run a tuning program during operating system installation that
computes appropriate settings for load balancing.  (The pthreads adaptive
spin locks should probably be similarly tuned.)
2007-11-27 03:17:30 +00:00
jasone
2dd595aefe Implement lazy deallocation of small objects. For each arena, maintain a
vector of slots for lazily freed objects.  For each deallocation, before
doing the hard work of locking the arena and deallocating, try several times
to randomly insert the object into the vector using atomic operations.

This approach is particularly effective at reducing contention for
multi-threaded applications that use the producer-consumer model, wherein
one producer thread allocates objects, then multiple consumer threads
deallocate those objects.
2007-11-27 03:13:15 +00:00
jasone
305f155400 Avoid re-zeroing memory in calloc() when possible. 2007-11-27 03:12:15 +00:00
jasone
6aa187a4bf Fix stats printing of the amount of memory currently consumed by huge
allocations. [1]

Fix calculation of the number of arenas when 'n' is specified via
MALLOC_OPTIONS.

Clean up various style inconsistencies.

Obtained from:	[1] NetBSD
2007-11-27 03:09:23 +00:00
davidxu
728449ebd6 Remove out of date notes, the atoi code is thread-safe and async-cancel
safe.

Discussed with: desichen
2007-10-19 06:23:39 +00:00
scf
c96f51e4b8 The precision for a string argument in a call to warnx() needs to be cast
to an int to remove the warning from using a size_t variable on 64-bit
platforms.

Submitted by:	Xin LI <delphij@FreeBSD.org>
Approved by:	wes
Approved by:	re (kensmith)
2007-09-22 02:30:44 +00:00
scf
1de7e4d9a4 Skip rebuilding environ in setenv() only upon reuse of an active variable;
inactive variables should cause a rebuild of environ, otherwise, exec()'d
processes will be missing a variable in environ that has been unset then
set.

Submitted by:	Taku Yamamoto <taku@tackymt.homeip.net>
Reviewed by:	ache
Approved by:	wes (mentor)
Approved by:	re (kensmith)
2007-09-15 21:48:54 +00:00
scf
8db32e8a1e Added environ-replacement detection. For programs that "clean" (i.e., su)
or replace (i.e., zdump) the environment after a call to setenv(), putenv()
or unsetenv() has been made, a few changes were made.
  - getenv() will return the value from the new environ array.
  - setenv() was split into two functions:  __setenv() which is most of the
    previous setenv() without checks on the name and setenv() which
    contains the checks before calling __setenv().
  - setenv(), putenv() and unsetenv() will unset all previous values and
    call __setenv() on all entries in the new environ array which in turn
    adds them to the end of the envVars array.  Calling __setenv() instead
    of setenv() is done to avoid the temporary replacement of the '=' in a
    string with a NUL byte.  Some strings may be read-only data.

Added more regression checks for clearing the environment array.

Replaced gettimeofday() with getrusage() in timing regression check for
better accuracy.

Fixed an off-by-one bug in __remove_putenv() in the use of memmove().  This
went unnoticed due to the allocation of double the number of environ
entries when building envVars.

Fixed a few spelling mistakes in the comments.

Reviewed by:	ache
Approved by:	wes
Approved by:	re (kensmith)
2007-07-20 23:30:13 +00:00
scf
196b6346ba Significantly reduce the memory leak as noted in BUGS section for
setenv(3) by tracking the size of the memory allocated instead of using
strlen() on the current value.

Convert all calls to POSIX from historic BSD API:
 - unsetenv returns an int.
 - putenv takes a char * instead of const char *.
 - putenv no longer makes a copy of the input string.
 - errno is set appropriately for POSIX.  Exceptions involve bad environ
   variable and internal initialization code.  These both set errno to
   EFAULT.

Several patches to base utilities to handle the POSIX changes from
Andrey Chernov's previous commit.  A few I re-wrote to use setenv()
instead of putenv().

New regression module for tools/regression/environ to test these
functions.  It also can be used to test the performance.

Bump __FreeBSD_version to 700050 due to API change.

PR:		kern/99826
Approved by:	wes
Approved by:	re (kensmith)
2007-07-04 00:00:41 +00:00
jasone
3f7b9ec5f3 Add information about the implications of using mmap(2) instead of sbrk(2).
Submitted by:	bmah, jhb
2007-06-15 22:32:33 +00:00
jasone
a3eda1cfc4 Fix junk/zero filling for realloc(). Junk filling was missing in one case,
and zero filling was broken in a way that could cause memory corruption.

Update comments.
2007-06-15 22:00:16 +00:00
jon
50945671cb Backout 1.5 as requested by deischen 2007-05-22 05:28:40 +00:00
jon
f4c0271704 __cleanup() is needed for ports/devel/valgrind, export it. 2007-05-22 03:03:28 +00:00
ache
6ccaf050cc Back out all POSIXified *env() changes.
Not because I admit they are technically wrong and not because of bug
reports (I receive nothing). But because I surprisingly meets so
strong opposition and resistance so lost any desire to continue that.

Anyone who interested in POSIX can dig out what changes and how
through cvs diffs.
2007-05-01 16:02:44 +00:00
ache
55677ed894 Bump .Dd
Suggested by: Henrik Brix Andersen <henrik@brixandersen.dk>
2007-04-30 19:37:10 +00:00
ache
c0dd4e798d Add phrase
"so altering the argument shall change the environment."
into putenv description.
2007-04-30 18:01:51 +00:00
ache
d85104099a Make putenv() fully conforms to Open Group specs Issue 6
(also IEEE Std 1003.1-2001)

The specs explicitly says that altering passed string
should change the environment, i.e. putenv() directly puts its arg
into environment (unlike setenv() which just copies it there).
It means that putenv() can't be implemented via setenv()
(like we have before) at all. Putenv() value lives (allows modifying)
up to the next putenv() or setenv() call.
2007-04-30 16:56:18 +00:00
ache
c323ce85c0 Remove special case skipping initial '=' of the setenv() value "for
compatibility with the different environment conventions" (man page).
With the standards, we don't have them different anymore and
IEEE Std 1003.1-2001 says that

"The values that the environment variables may be assigned are not
restricted except that they are considered to end with a null byte"
2007-04-30 03:47:31 +00:00
ache
df3730247f Make setenv, putenv, getenv and unsetenv conforming to Open Group specs
Issue 6 (also IEEE Std 1003.1-2001) in following areas:
args, return, errors.

Putenv still needs rewriting because specs explicitly says that
altering passed string later should change the environment (currently we
copy the string so can't provide that).
2007-04-30 02:25:02 +00:00