Commit Graph

612 Commits

Author SHA1 Message Date
Jason Evans
b74d3e0c37 Revert to preferring mmap(2) over sbrk(2) when mapping memory, due to
potential extreme contention in the kernel for multi-threaded applications
on SMP systems.

Reported by:	kris
2008-11-03 21:17:18 +00:00
Alexander Leidinger
1455fd2638 MTC r183949:
Allow to define MALLOC_PRODUCTION with a make variable instead of polluting
 the global CFLAGS.

Reviewed by:	jasone
2008-10-17 08:30:20 +00:00
Jason Evans
bf5b19279d Use PAGE_{SIZE,MASK,SHIFT} from machine/param.h rather than hard-coding
page size and using sysconf(3).

Suggested by:	marcel
2008-09-10 14:27:34 +00:00
Marcel Moolenaar
93bf4a8436 Unbreak ia64: pges are 8KB. 2008-09-06 05:26:31 +00:00
Jason Evans
d6742bfbd3 Add thread-specific caching for small size classes, based on magazines.
This caching allows for completely lock-free allocation/deallocation in the
steady state, at the expense of likely increased memory use and
fragmentation.

Reduce the default number of arenas to 2*ncpus, since thread-specific
caching typically reduces arena contention.

Modify size class spacing to include ranges of 2^n-spaced, quantum-spaced,
cacheline-spaced, and subpage-spaced size classes.  The advantages are:
fewer size classes, reduced false cacheline sharing, and reduced internal
fragmentation for allocations that are slightly over 512, 1024, etc.

Increase RUN_MAX_SMALL, in order to limit fragmentation for the
subpage-spaced size classes.

Add a size-->bin lookup table for small sizes to simplify translating sizes
to size classes.  Include a hard-coded constant table that is used unless
custom size class spacing is specified at run time.

Add the ability to disable tiny size classes at compile time via
MALLOC_TINY.
2008-08-27 02:00:53 +00:00
Ed Schouten
f0c96ff802 Remove grantpt.c, which should have been deleted in the MPSAFE TTY commit.
The routines in grantpt.c have been moved to ptsname.c in the MPSAFE TTY
layer, because grantpt() is now effectively a no-op. I forgot to remove
the corresponding source file from libc.
2008-08-20 09:43:46 +00:00
Ed Schouten
bc093719ca Integrate the new MPSAFE TTY layer to the FreeBSD operating system.
The last half year I've been working on a replacement TTY layer for the
FreeBSD kernel. The new TTY layer was designed to improve the following:

- Improved driver model:

  The old TTY layer has a driver model that is not abstract enough to
  make it friendly to use. A good example is the output path, where the
  device drivers directly access the output buffers. This means that an
  in-kernel PPP implementation must always convert network buffers into
  TTY buffers.

  If a PPP implementation would be built on top of the new TTY layer
  (still needs a hooks layer, though), it would allow the PPP
  implementation to directly hand the data to the TTY driver.

- Improved hotplugging:

  With the old TTY layer, it isn't entirely safe to destroy TTY's from
  the system. This implementation has a two-step destructing design,
  where the driver first abandons the TTY. After all threads have left
  the TTY, the TTY layer calls a routine in the driver, which can be
  used to free resources (unit numbers, etc).

  The pts(4) driver also implements this feature, which means
  posix_openpt() will now return PTY's that are created on the fly.

- Improved performance:

  One of the major improvements is the per-TTY mutex, which is expected
  to improve scalability when compared to the old Giant locking.
  Another change is the unbuffered copying to userspace, which is both
  used on TTY device nodes and PTY masters.

Upgrading should be quite straightforward. Unlike previous versions,
existing kernel configuration files do not need to be changed, except
when they reference device drivers that are listed in UPDATING.

Obtained from:		//depot/projects/mpsafetty/...
Approved by:		philip (ex-mentor)
Discussed:		on the lists, at BSDCan, at the DevSummit
Sponsored by:		Snow B.V., the Netherlands
dcons(4) fixed by:	kan
2008-08-20 08:31:58 +00:00
Jason Evans
6f14f9b656 Move CPU_SPINWAIT into the innermost spin loop, in order to allow faster
preemption while busy-waiting.

Submitted by:	Mike Schuster <schuster@adobe.com>
2008-08-14 17:31:42 +00:00
Jason Evans
52d7a117c0 Re-order the terms of an expression in arena_run_reg_dalloc() to correctly
detect whether the integer division table is large enough to handle the
divisor.  Before this change, the last two table elements were never used,
thus causing the slow path to be used for those divisors.
2008-08-14 17:03:29 +00:00
Colin Percival
c123de30b6 Remove variables which are assigned values and never used thereafter.
Found by:	LLVM/Clang Static Checker
Approved by:	jasone
2008-08-08 20:42:42 +00:00
Sean Farley
ee2889cb98 Restructure and use different variables in the tests that involve
environ[0] to be more obvious that environ is not NULL before environ[0]
is tested.  Although I believe the previous code worked, this change
improves code maintainability.

Reviewed by:	ache
MFC after:	3 days
2008-08-03 22:47:23 +00:00
Sean Farley
3522c38bbe Detect if the application has cleared the environ variable by setting
the first value (environ[0]) to NULL.  This is in addition to the
current detection of environ being replaced, which includes being set to
NULL.  Without this fix, the environment is not truly wiped, but appears
to be by getenv() until an *env() call is made to alter the enviroment.

This change is necessary to support those applications that use this
method for clearing environ such as Dovecot and Postfix.  Applications
such as Sendmail and the base system's env replace environ (already
detected).  While neither of these methods are defined by SUSv3, it is
best to support them due to historic reasons and in lieu of a clean,
defined method.

Add extra units tests for clearing environ using four different methods:
1. Set environ to NULL pointer.
2. Set environ[0] to NULL pointer.
3. Set environ to calloc()'d NULL-terminated array.
4. Set environ to static NULL-terminated array.

Noticed by:	Timo Sirainen

MFC after:	3 days
2008-08-02 02:34:35 +00:00
Jason Evans
2bb0f7ba54 Enhance arena_chunk_map_t to directly support run coalescing, and use
the chunk map instead of red-black trees where possible.  Remove the
red-black trees and node objects that are obsoleted by this change.  The
net result is a ~1-2% memory savings, and a substantial allocation speed
improvement.
2008-07-18 19:35:44 +00:00
Daniel Gerzo
5fd5badfa9 - This code was intially obtained from NetBSD, but it's missing licence
statement. Add the one from the current NetBSD version.
- Also bump a date to reflect my content changes I have done in previous
  revision

Approved by:	imp
MFC after:	3 days
2008-07-06 17:03:37 +00:00
Daniel Gerzo
6d05da1dc9 - Add description about a missing return value
PR:		docs/75995
Submitted by:	Tarc <tarc@po.cs.msu.su>
MFC after:	3 days
2008-07-06 12:17:53 +00:00
Daniel Gerzo
408425ce37 - remove superfluous word
- remove contractions

MFC after:	3 days
2008-07-06 11:31:20 +00:00
Daniel Gerzo
91bc389e54 Mark the section describing return values with an appropriate section flag.
PR:		docs/122818
MFC after:	3 days
2008-06-26 08:24:59 +00:00
Ed Schouten
e3580e9d91 Don't export the unused __use_pts() routine.
The __use_pts() routine was once probably used by libutil to determine
if we are using BSD or UNIX98 style PTY device names. It doesn't seem to
be used outside grantpt.c, which means we can make it static and remove
it from the Symbol.map.

Reviewed by:	cognet, kib
Approved by:	philip (mentor)
2008-06-17 14:05:03 +00:00
Jason Evans
b1c8b30f55 In the error path through base_alloc(), release base_mtx [1].
Fix bit vector initialization for run headers.

Submitted by:	[1] Mike Schuster <schuster@adobe.com>
2008-06-10 15:46:18 +00:00
Jason Evans
2e78350530 Clean up cpp logic and comments. 2008-05-14 18:33:13 +00:00
Jason Evans
4788234366 Fix a comment. 2008-05-03 17:49:16 +00:00
Jason Evans
9007109030 Add a separate tree to track arena chunks that contain dirty pages.
This substantially improves worst case allocation performance, since
O(lg n) tree search can be used instead of O(n) tree iteration.

Use rb_wrap() instead of directly calling rb_*() macros.
2008-05-01 17:25:55 +00:00
Jason Evans
21162484ae Add rb_wrap(), which creates C function wrappers for most rb_*()
macros.

Add rb_foreach_next() and rb_foreach_reverse_prev(), which make it
possible to re-synchronize tree iteration after the tree has been
modified.

Rename rb_tree_new() to rb_new().
2008-05-01 17:24:37 +00:00
Oleksandr Tymoshenko
00fb5362ba Set QUANTUM_2POW_MIN and SIZEOF_PTR_2POW parameters for MIPS
Approved by: imp
2008-04-29 22:56:05 +00:00
Jason Evans
e3085308be Check for integer overflow before calling sbrk(2), since it uses a
signed increment argument, but the size is an unsigned integer.
2008-04-29 01:32:42 +00:00
Ruslan Ermilov
eff93c8073 Stricter check for integer overflow. 2008-04-24 07:49:00 +00:00
Jason Evans
e5bf0d71c9 Implement red-black trees without using parent pointers, and store the
color bit in the least significant bit of the right child pointer, in
order to reduce red-black tree linkage overhead by ~2X as compared to
sys/tree.h.

Use the new red-black tree implementation in malloc, which drops
memory usage by ~0.5 or ~1%, for 32- and 64-bit systems, respectively.
2008-04-23 16:09:18 +00:00
Ruslan Ermilov
5b30d6ca77 Don't forget to free() currency_symbol and asciivalue when multiple
conversion specifiers for them are present.

Submitted by:	Maxim Dounin <mdounin@mdounin.ru>
Obtained from:	NetBSD (partially)
MFC after:	3 days
2008-04-19 07:22:58 +00:00
Ruslan Ermilov
3890416f9c Better strfmon(3) conversion specifiers sanity checking.
There were no checks for left and right precisions at all, and
a check for field width had integer overflow bug.

Reported by:	Maksymilian Arciemowicz
Security:	http://securityreason.com/achievement_securityalert/53
Submitted by:	Maxim Dounin <mdounin@mdounin.ru>
MFC after:	3 days
2008-04-19 07:18:22 +00:00
Xin LI
92226c92f3 Use calloc() instaed of zeroing memory ourselves. 2008-04-13 08:05:08 +00:00
Jason Evans
f2ec9c0c86 Remove stale #include <machine/atomic.h>, which as needed by lazy
deallocation.
2008-03-07 16:54:03 +00:00
Sean Farley
7f08f0dd77 Replace the use of warnx() with direct output to stderr using _write().
This reduces the size of a statically-linked binary by approximately 100KB
in a trivial "return (0)" test application.  readelf -S was used to verify
that the .text section was reduced and that using strlen() saved a few
more bytes over using sizeof().  Since the section of code is only called
when environ is corrupt (program bug), I went with fewer bytes over fewer
cycles.

I made minor edits to the submitted patch to make the output resemble
warnx().

Submitted by:	kib bz
Approved by:	wes (mentor)
MFC after:	5 days
2008-02-28 04:09:08 +00:00
Jason Evans
1945c7bd47 Fix a race condition in arena_ralloc() for shrinking in-place large
reallocation, when junk filling is enabled.  Junk filling must occur
prior to shrinking, since any deallocated trailing pages are immediately
available for use by other threads.

Reported by:	Mats Palmgren <mats.palmgren@bredband.net>
2008-02-17 18:34:17 +00:00
Jason Evans
196d0d4b59 Remove support for lazy deallocation. Benchmarks across a wide range of
allocation patterns, number of CPUs, and MALLOC_OPTIONS settings indicate
that lazy deallocation has the potential to worsen throughput dramatically.
Performance degradation occurs when multiple threads try to clear the lazy
free cache simultaneously.  Various experiments to avoid this bottleneck
failed to completely solve this problem, while adding yet more complexity.
2008-02-17 17:09:24 +00:00
Jason Evans
157d89fe25 Fix a bug in lazy deallocation that was introduced when
arena_dalloc_lazy_hard() was split out of arena_dalloc_lazy() in revision
1.162.

Reduce thundering herd problems in lazy deallocation by randomly varying
how many probes a thread does before taking the slow path.
2008-02-08 08:02:34 +00:00
Jason Evans
97091a2dd7 Clean up manipulation of chunk page map elements to remove some tenuous
assumptions about whether bits are set at various times.  This makes
adding other flags safe.

Reorganize functions in order to inline i{m,c,p,s,re}alloc().  This
allows the entire fast-path call chains for malloc() and free() to be
inlined. [1]

Suggested by:	[1] Stuart Parmenter <stuart@mozilla.com>
2008-02-08 00:35:56 +00:00
Jason Evans
baad859d16 Track dirty unused pages so that they can be purged if they exceed a
threshold, according to the 'F' MALLOC_OPTIONS flag.  This obsoletes the
'H' flag.

Try to realloc() large objects in place.  This substantially speeds up
incremental large reallocations in the common case.

Fix a bug in arena_ralloc() that caused relocation of sub-page objects
even if the old and new sizes were in the same size class.

Maintain trees of runs and simplify the per-chunk page map.  This allows
logarithmic-time searching for sufficiently large runs in
arena_run_alloc(), whereas the previous algorithm required linear time
in the worst case.

Break various large functions into smaller sub-functions, and inline
only the functions that are in the fast path for small object
allocation/deallocation.

Remove an unnecessary check in base_pages_alloc_mmap().

Avoid integer division in choose_arena() for the NO_TLS case on
single-CPU systems.
2008-02-06 02:59:54 +00:00
John Baldwin
c7716170ef Remove some now-unused macros.
MFC after:	1 week
2008-01-15 18:55:52 +00:00
John Baldwin
c50897c392 Put back the openpty(3) and ptsname(3) fixes but don't disable ptsname(3)
on pts(4) devices this time.  This fixes the issues while leaving pts(4)
enabled on HEAD.
2008-01-15 15:36:23 +00:00
Colin Percival
d3f576839b Back out last commit, since it accidentally broke pts.
The security fix will be re-committed soon, hopefully without breaking
anything.
2008-01-15 13:59:13 +00:00
Colin Percival
160e76972a Fix issues which allow snooping on ptys. [08:01]
Fix an off-by-one error in inet_network(3). [08:02]

Security: FreeBSD-SA-08:01.pty
Security: FreeBSD-SA-08:02.libc
2008-01-14 22:56:05 +00:00
David Schultz
ac48ad2e5e Changing 'r' to a size_t in the previous commit turned quicksort
into slowsort for some sequences because different parts of the
code used 'r' to store two different things, one of which was
signed. Clean things up by splitting 'r' into two variables, and
use a more meaningful name.
2008-01-14 09:21:34 +00:00
David Schultz
badf97cd55 Use size_t to avoid overflow when sorting arrays larger than 2 GB.
PR:		111085
MFC after:	2 weeks
2008-01-13 02:11:10 +00:00
Jason Evans
f38512f4af Enable both sbrk(2)- and mmap(2)-based memory acquisition methods by
default.  This has the disadvantage of rendering the datasize resource
limit irrelevant, but without this change, legitimate uses of more
memory than will fit in the data segment are thwarted by default.

Fix chunk_alloc_mmap() to work correctly if initial mapping is not
chunk-aligned and mapping extension fails.
2008-01-03 23:22:13 +00:00
Jason Evans
36ac4cc502 Fix a major chunk-related memory leak in chunk_dealloc_dss_record(). [1]
Clean up DSS-related locking and protect all pertinent variables with
dss_mtx (remove dss_chunks_mtx).  This fixes race conditions that could
cause chunk leaks.

Reported by:	[1] kris
2007-12-31 06:19:48 +00:00
Jason Evans
07aa172f11 Fix a bug related to sbrk() calls that could cause address space leaks.
This is a long-standing bug, but until recent changes it was difficult
to trigger, and even then its impact was non-catastrophic, with the
exception of revision 1.157.

Optimize chunk_alloc_mmap() to avoid the need for unmapping pages in the
common case.  Thanks go to Kris Kennaway for a patch that inspired this
change.

Do not maintain a record of previously mmap'ed chunk address ranges.
The original intent was to avoid the extra system call overhead in
chunk_alloc_mmap(), which is no longer a concern.  This also allows some
simplifications for the tree of unused DSS chunks.

Introduce huge_mtx and dss_chunks_mtx to replace chunks_mtx.  There was
no compelling reason to use the same mutex for these disjoint purposes.

Avoid memset() for huge allocations when possible.

Maintain two trees instead of one for tracking unused DSS address
ranges.  This allows scalable allocation of multi-chunk huge objects in
the DSS.  Previously, multi-chunk huge allocation requests failed if the
DSS could not be extended.
2007-12-31 00:59:16 +00:00
Jason Evans
14a7e7b5e1 Back out premature commit of previous version. 2007-12-28 09:21:12 +00:00
Jason Evans
03947063d0 Maintain two trees instead of one (old_chunks --> old_chunks_{ad,szad}) in
order to support re-use of multi-chunk unused regions within the DSS for
huge allocations.  This generalization is important to correct function
when mmap-based allocation is disabled.

Avoid zeroing re-used memory in the DSS unless it really needs to be
zeroed.
2007-12-28 07:24:19 +00:00
Jason Evans
3762647250 Release chunks_mtx for all paths through chunk_dealloc().
Reported by:	kris
2007-12-28 02:15:08 +00:00
Jason Evans
ebc87e7e0b Add the 'D' and 'M' run time options, and use them to control whether
memory is acquired from the system via sbrk(2) and/or mmap(2).  By default,
use sbrk(2) only, in order to support traditional use of resource limits.
Additionally, when both options are enabled, prefer the data segment to
anonymous mappings, in order to coexist better with large file mappings
in applications on 32-bit platforms.  This change has the potential to
increase memory fragmentation due to the linear nature of the data
segment, but from a performance perspective this is mitigated by the use
of madvise(2). [1]

Add the ability to interpret integer prefixes in MALLOC_OPTIONS
processing.  For example, MALLOC_OPTIONS=lllllllll can now be specified as
MALLOC_OPTIONS=9l.

Reported by:	[1] rwatson
Design review:	[1] alc, peter, rwatson
2007-12-27 23:29:44 +00:00