tequilaOS/platform_bionic
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_bionic/libc/bionic/malloc_common.cpp

399 lines
14 KiB
C++
Raw Normal View History

Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
/*
* Copyright (C) 2009 The Android Open Source Project
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
// Contains a thin layer that calls whatever real native allocator
// has been defined. For the libc shared library, this allows the
// implementation of a debug malloc that can intercept all of the allocation
// calls and add special debugging code to attempt to catch allocation
// errors. All of the debugging code is implemented in a separate shared
// library that is only loaded when the property "libc.debug.malloc.options"
Move all leak info functions to android_mallopt. Bug: 130028357 Test: malloc_hooks unit tests. Test: Enable backtrace for mediaserver, run dumpsys media.player -m Test: Enable backtrace for calendar, run am dumpheap -n <PID> <FILE> Change-Id: I6774e28ccd9b3f2310127a5b39ccd15fe696a787 Merged-In: I6774e28ccd9b3f2310127a5b39ccd15fe696a787 (cherry picked from commit 3aadc5e80a5e2cf6b6760ed90d528709223bb449)
2019-04-16 04:01:08 +02:00
// is set to a non-zero value.
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
Add malloc_info for sanitizer. Test: hwasan builds. Change-Id: I39267c642af75b1ebb99633f25959638cc39628c
2019-03-08 19:56:17 +01:00
#include <errno.h>
Refactor malloc common into distinct pieces. The pieces: - The malloc common shared by static and dynamic code (malloc_common.cpp). - The code for shared libraries that includes any dlopen'ing (malloc_common_dynamic.cpp). - The implementation of perfetto's heapprofd (malloc_heapprofd.cpp). This makes it easier to see what's going on in the many different areas. It should also make it easier to add the allocation capping option. Other related changes: - Update the unit tests for android_mallopt. All of the current options don't work on static binaries, so make sure that is reflected in the test. - A few names changes to make sure that all code is consistent. Test: Ran tests (malloc hooks/malloc debug/perfetto/bionic unit tests). Change-Id: I0893bfbc0f83d82506fac5d1f37cf92fbdef6f59
2019-02-09 02:30:58 +01:00
#include <stdint.h>
Refactor the malloc_info code. malloc_info needs to be per native allocator, but the code treated it like a global function that doesn't depend on the native memory allocator. Update malloc debug to dump the actual pointers that it has been tracking. Test: bionic-unit-tests pass. Test: malloc debug tests pass. Test: malloc hook tests pass. Change-Id: I3b0d4d748489dd84c16d16933479dc8b8d79013e Merged-In: I3b0d4d748489dd84c16d16933479dc8b8d79013e (cherry picked from commit a3656a98b10d2a4a6194a5d9705ad9c2cc5877b0)
2019-03-02 02:59:51 +01:00
#include <stdio.h>
Export malloc_iterate and friends Export malloc_iterate, malloc_enable, and malloc_disable to be used by libmemunreachable. Change-Id: I08a50349af82a95d096b6b4cbac37ababe4b9b06
2016-01-29 21:48:18 +01:00
Make bionic_malloc.h a platform header. Instead of having platform directories directly include the private header, create a platform header directory and export it. Bug: 130763340 Test: Builds. Change-Id: Ie0f092b3fe077a3de8b90266c0b28bfbc20d0dfa Merged-In: Ie0f092b3fe077a3de8b90266c0b28bfbc20d0dfa (cherry picked from commit 8f582ef2f8a77d953d0e9f33387f592d20f852e2)
2019-09-12 04:05:29 +02:00
#include <platform/bionic/malloc.h>
[Tagged Pointers] Allow probing the current TP level w/ locking. aosp/1484976 introduced a breaking change where DisableMemoryMitigations() now indiscriminately turns tagged pointers off. When android_mallopt(M_DISABLE_MEMORY_MITIGATIONS) is called, the correct behaviour is: - In SYNC/ASYNC MTE mode -> disable all tagged pointers. - If all tagged pointers are already disabled -> nop. - If we're in TBI mode -> nop (keep the TBI mode as-is). In order to do that we have to allow probing of the current heap tagging mode. In order to prevent TOCTOU between GetHeapTaggingLevel() and SetHeapTaggingLevel(), we expose a global mutex that should be held when calling these functions. Bug: 174263432 Test: atest CtsTaggingHostTestCases on Flame Change-Id: Ia96f7269d542c9041270458806aee36766d2fbbb
2020-11-26 01:48:54 +01:00
#include <private/ScopedPthreadMutexLocker.h>
#include <private/bionic_config.h>
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
[GWP-ASan] Integrate GWP-ASan into bionc's malloc() (using hooks). This patch introduces GWP-ASan - a sampled allocator framework that finds use-after-free and heap-buffer-overflow bugs in production environments. GWP-ASan is being introduced in an always-disabled mode. This means that GWP-ASan will be permanently disabled until a further patch turns on support. As such, there should be no visible functional change for the time being. GWP-ASan requires -fno-emulated-tls wherever it's linked from. We intentionally link GWP-ASan into libc so that it's part of the initial set of libraries, and thus has static TLS storage (so we can use Initial-Exec TLS instead of Global-Dynamic). As a benefit, this reduces overhead for a sampled process. GWP-ASan is always initialised via. a call to mallopt(M_INITIALIZE_GWP_ASAN, which must be done before a process is multithreaded). More information about GWP-ASan can be found in the upstream documentation: http://llvm.org/docs/GwpAsan.html Bug: 135634846 Test: atest bionic Change-Id: Ib9bd33337d17dab39ac32f4536bff71bd23498b0
2020-02-01 04:57:04 +01:00
#include "gwp_asan_wrappers.h"
Add an android_mallopt for controlling the heap tagging level. This doesn't add any functionality for now, but there are a couple of changes in flight that will want to add enumerators to the mallopt, so let's give them a place to add them. Bug: 135772972 Bug: 135754954 Change-Id: I6e810020f66070e844500c6fa99b703963365659
2020-01-09 19:48:22 +01:00
#include "heap_tagging.h"
[MemInit] Remove old API, introduce new MemInit API. Introduces new heap-zero-init API. We've realised that it's better to be able to individually control MTE and heap zero-init. Having heap-zero-init not be controllable without affecting MTE affects our ability to turn off heap-zero-init in zygote-forked applications. Bug: 135772972 Test: On FVP: atest -s localhost:5555 malloc#zero_init \ Test: malloc#disable_mte heap_tagging_level Change-Id: I8c6722502733259934c699f4f1269eaf1641a09f
2021-01-21 01:03:27 +01:00
#include "heap_zero_init.h"
Refactor malloc common into distinct pieces. The pieces: - The malloc common shared by static and dynamic code (malloc_common.cpp). - The code for shared libraries that includes any dlopen'ing (malloc_common_dynamic.cpp). - The implementation of perfetto's heapprofd (malloc_heapprofd.cpp). This makes it easier to see what's going on in the many different areas. It should also make it easier to add the allocation capping option. Other related changes: - Update the unit tests for android_mallopt. All of the current options don't work on static binaries, so make sure that is reflected in the test. - A few names changes to make sure that all code is consistent. Test: Ran tests (malloc hooks/malloc debug/perfetto/bionic unit tests). Change-Id: I0893bfbc0f83d82506fac5d1f37cf92fbdef6f59
2019-02-09 02:30:58 +01:00
#include "malloc_common.h"
Add a platform API for setting an allocation limit. Introduce an M_SET_ALLOCATION_LIMIT enumerator for android_mallopt(), which can be used to set an upper bound on the total size of all allocations made using the memory allocation APIs. This is useful for programs such as audioextractor and mediaserver which need to set such a limit as a security mitigation. Currently these programs are using setrlimit(RLIMIT_AS) which isn't exactly what these programs want to control. RLIMIT_AS is also problematic under sanitizers which allocate large amounts of address space as shadow memory, and is especially problematic under shadow call stack, which requires 16MB of address space per thread. Add new unit tests for bionic. Add new unit tests for malloc debug that verify that when the limit is enabled, malloc debug still functions for nearly every allocation function. Bug: 118642754 Test: Ran bionic-unit-tests/bionic-unit-tests-static. Test: Ran malloc debug tests and perfetto integration tests. Change-Id: I735403c4d2c87f00fb2cdef81d00af0af446b2bb
2019-02-16 03:06:15 +01:00
#include "malloc_limit.h"
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
#include "malloc_tagged_pointers.h"
Add RT signal to load heapprofd library. Tests: Ran malloc_debug_unit_tests Tests: Flashed to walleye, sent signal, observed "Unable to open shared library: heapprofd.so". Change-Id: Ia8ce216837e29e3edbda8789ca28023d53fa1fda
2018-09-01 00:36:48 +02:00
Refactor malloc common into distinct pieces. The pieces: - The malloc common shared by static and dynamic code (malloc_common.cpp). - The code for shared libraries that includes any dlopen'ing (malloc_common_dynamic.cpp). - The implementation of perfetto's heapprofd (malloc_heapprofd.cpp). This makes it easier to see what's going on in the many different areas. It should also make it easier to add the allocation capping option. Other related changes: - Update the unit tests for android_mallopt. All of the current options don't work on static binaries, so make sure that is reflected in the test. - A few names changes to make sure that all code is consistent. Test: Ran tests (malloc hooks/malloc debug/perfetto/bionic unit tests). Change-Id: I0893bfbc0f83d82506fac5d1f37cf92fbdef6f59
2019-02-09 02:30:58 +01:00
// =============================================================================
// Global variables instantations.
// =============================================================================
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
Refactor malloc common into distinct pieces. The pieces: - The malloc common shared by static and dynamic code (malloc_common.cpp). - The code for shared libraries that includes any dlopen'ing (malloc_common_dynamic.cpp). - The implementation of perfetto's heapprofd (malloc_heapprofd.cpp). This makes it easier to see what's going on in the many different areas. It should also make it easier to add the allocation capping option. Other related changes: - Update the unit tests for android_mallopt. All of the current options don't work on static binaries, so make sure that is reflected in the test. - A few names changes to make sure that all code is consistent. Test: Ran tests (malloc hooks/malloc debug/perfetto/bionic unit tests). Change-Id: I0893bfbc0f83d82506fac5d1f37cf92fbdef6f59
2019-02-09 02:30:58 +01:00
// Malloc hooks globals.
Implement malloc hooks. Use the malloc debug framework to implement the malloc debug hooks since it can introduce a performance issue. Also, modify the bionic/tests/utils.h slightly to dump an error message when the exe failed. Bug: 30561479 Test: Ran malloc hook unit tests. Test: Ran malloc debug unit tests. Test: Enabled malloc hooks and ran bionic unit tests and verified no Test: unexpected failures. Test: Enabled malloc debug and malloc hooks and verified malloc debug wins. Test: Enabled malloc debug using env, property, and property with name Test: still works. Change-Id: Ib50046a0493c5c2050cf831befb812310bdcc249 (cherry picked from commit d6a1dc23796696f73f483943534d4c5c4b312d39)
2018-02-08 03:42:14 +01:00
void* (*volatile __malloc_hook)(size_t, const void*);
void* (*volatile __realloc_hook)(void*, size_t, const void*);
void (*volatile __free_hook)(void*, const void*);
void* (*volatile __memalign_hook)(size_t, size_t, const void*);
Refactor malloc common into distinct pieces. The pieces: - The malloc common shared by static and dynamic code (malloc_common.cpp). - The code for shared libraries that includes any dlopen'ing (malloc_common_dynamic.cpp). - The implementation of perfetto's heapprofd (malloc_heapprofd.cpp). This makes it easier to see what's going on in the many different areas. It should also make it easier to add the allocation capping option. Other related changes: - Update the unit tests for android_mallopt. All of the current options don't work on static binaries, so make sure that is reflected in the test. - A few names changes to make sure that all code is consistent. Test: Ran tests (malloc hooks/malloc debug/perfetto/bionic unit tests). Change-Id: I0893bfbc0f83d82506fac5d1f37cf92fbdef6f59
2019-02-09 02:30:58 +01:00
// =============================================================================
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
// =============================================================================
// Allocation functions
// =============================================================================
extern "C" void* calloc(size_t n_elements, size_t elem_size) {
Modify malloc common function pointers. Instead of every function being its own atomic, have a single pointer that can be used to flip all pointers at once. This avoid cases where the set of pointers can be in an partial switched state. Also fix a few inconsistent naming of functions in the file. Test: Ran unit tests (malloc debug, malloc hooks, perfetto). Change-Id: I3f66da395414586a3fa87874d80dcdf5f702ed39 Merged-In: I3f66da395414586a3fa87874d80dcdf5f702ed39 (cherry picked from commit 77184aedaf973c6e81accfc737f4fc362dad31ac)
2019-02-04 21:26:02 +01:00
auto dispatch_table = GetDispatchTable();
if (__predict_false(dispatch_table != nullptr)) {
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
return MaybeTagPointer(dispatch_table->calloc(n_elements, elem_size));
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
}
Log when malloc functions fail. This shouldn't happen often, and resulting failures can be hard to debug. From the bionic unit tests now: W libc : malloc(18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 100) failed: returning null pointer W libc : calloc(1, 18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 18446744073709551615) failed: returning null pointer W libc : calloc(2, 18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 2) failed: returning null pointer W libc : memalign(4096, 18446744073709551615) failed: returning null pointer W libc : realloc(0x0, 18446744073709551615) failed: returning null pointer W libc : realloc(0x75d7526070, 18446744073709551615) failed: returning null pointer W libc : reallocaray(0x0, 9223372036854775812, 2) failed: returning null pointer W libc : reallocaray(0x0, 2, 9223372036854775812) failed: returning null pointer Bug: http://b/12821450 Test: ran tests Change-Id: Ib176814404f4ba1297416dd3e1edd721bf59aeed
2019-02-25 22:21:04 +01:00
void* result = Malloc(calloc)(n_elements, elem_size);
if (__predict_false(result == nullptr)) {
warning_log("calloc(%zu, %zu) failed: returning null pointer", n_elements, elem_size);
}
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
return MaybeTagPointer(result);
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
}
extern "C" void free(void* mem) {
Modify malloc common function pointers. Instead of every function being its own atomic, have a single pointer that can be used to flip all pointers at once. This avoid cases where the set of pointers can be in an partial switched state. Also fix a few inconsistent naming of functions in the file. Test: Ran unit tests (malloc debug, malloc hooks, perfetto). Change-Id: I3f66da395414586a3fa87874d80dcdf5f702ed39 Merged-In: I3f66da395414586a3fa87874d80dcdf5f702ed39 (cherry picked from commit 77184aedaf973c6e81accfc737f4fc362dad31ac)
2019-02-04 21:26:02 +01:00
auto dispatch_table = GetDispatchTable();
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
mem = MaybeUntagAndCheckPointer(mem);
Modify malloc common function pointers. Instead of every function being its own atomic, have a single pointer that can be used to flip all pointers at once. This avoid cases where the set of pointers can be in an partial switched state. Also fix a few inconsistent naming of functions in the file. Test: Ran unit tests (malloc debug, malloc hooks, perfetto). Change-Id: I3f66da395414586a3fa87874d80dcdf5f702ed39 Merged-In: I3f66da395414586a3fa87874d80dcdf5f702ed39 (cherry picked from commit 77184aedaf973c6e81accfc737f4fc362dad31ac)
2019-02-04 21:26:02 +01:00
if (__predict_false(dispatch_table != nullptr)) {
dispatch_table->free(mem);
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
} else {
Malloc(free)(mem);
}
}
extern "C" struct mallinfo mallinfo() {
Modify malloc common function pointers. Instead of every function being its own atomic, have a single pointer that can be used to flip all pointers at once. This avoid cases where the set of pointers can be in an partial switched state. Also fix a few inconsistent naming of functions in the file. Test: Ran unit tests (malloc debug, malloc hooks, perfetto). Change-Id: I3f66da395414586a3fa87874d80dcdf5f702ed39 Merged-In: I3f66da395414586a3fa87874d80dcdf5f702ed39 (cherry picked from commit 77184aedaf973c6e81accfc737f4fc362dad31ac)
2019-02-04 21:26:02 +01:00
auto dispatch_table = GetDispatchTable();
if (__predict_false(dispatch_table != nullptr)) {
return dispatch_table->mallinfo();
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
}
return Malloc(mallinfo)();
}
Refactor the malloc_info code. malloc_info needs to be per native allocator, but the code treated it like a global function that doesn't depend on the native memory allocator. Update malloc debug to dump the actual pointers that it has been tracking. Test: bionic-unit-tests pass. Test: malloc debug tests pass. Test: malloc hook tests pass. Change-Id: I3b0d4d748489dd84c16d16933479dc8b8d79013e Merged-In: I3b0d4d748489dd84c16d16933479dc8b8d79013e (cherry picked from commit a3656a98b10d2a4a6194a5d9705ad9c2cc5877b0)
2019-03-02 02:59:51 +01:00
extern "C" int malloc_info(int options, FILE* fp) {
auto dispatch_table = GetDispatchTable();
if (__predict_false(dispatch_table != nullptr)) {
return dispatch_table->malloc_info(options, fp);
}
return Malloc(malloc_info)(options, fp);
}
Add support for modifying decay timer. Add the mallopt function, and only a single option so far. Bug: 36401135 Test: Built and booted bullhead. Test: Ran jemalloc unit tests. Test: Ran bionic unit tests. Test: Ran a test that allocated and free'd a large piece of memory, Test: and verified that after changing the parameter, the PSS Test: sticks around (decay timer set to 1), the PSS is purged (decay Test: timer set to 0). Change-Id: I6927929b0c539c1023d34772d9e26bb6a8a45877
2017-05-16 00:50:19 +02:00
extern "C" int mallopt(int param, int value) {
Make "disable memory mitigations" and "set heap tagging level" more available. These were only available internally via android_mallopt(), but they're likely to be needed by more code in future, so move them into mallopt(). This change leaves the android_mallopt() options for now, but I plan on coming back to remove them after I've switched the handful of callers over to mallopt() instead. Bug: http://b/135772972 Test: treehugger Change-Id: Ia154614069a7623c6aca85975a91e6a156f04759
2021-01-14 22:34:20 +01:00
// Some are handled by libc directly rather than by the allocator.
if (param == M_BIONIC_SET_HEAP_TAGGING_LEVEL) {
ScopedPthreadMutexLocker locker(&g_heap_tagging_lock);
return SetHeapTaggingLevel(static_cast<HeapTaggingLevel>(value));
}
[MemInit] Remove old API, introduce new MemInit API. Introduces new heap-zero-init API. We've realised that it's better to be able to individually control MTE and heap zero-init. Having heap-zero-init not be controllable without affecting MTE affects our ability to turn off heap-zero-init in zygote-forked applications. Bug: 135772972 Test: On FVP: atest -s localhost:5555 malloc#zero_init \ Test: malloc#disable_mte heap_tagging_level Change-Id: I8c6722502733259934c699f4f1269eaf1641a09f
2021-01-21 01:03:27 +01:00
if (param == M_BIONIC_ZERO_INIT) {
return SetHeapZeroInitialize(value);
Make "disable memory mitigations" and "set heap tagging level" more available. These were only available internally via android_mallopt(), but they're likely to be needed by more code in future, so move them into mallopt(). This change leaves the android_mallopt() options for now, but I plan on coming back to remove them after I've switched the handful of callers over to mallopt() instead. Bug: http://b/135772972 Test: treehugger Change-Id: Ia154614069a7623c6aca85975a91e6a156f04759
2021-01-14 22:34:20 +01:00
}
Add android_mallopt M_GET_DECAY_TIME_ENABLED. The bionic benchmarks set the decay time in various ways, but don't necessarily restore it properly. Add a new method for getting the current decay time and then a way to restore it. Right now the assumption is that the decay time defaults to zero, but in the near future that assumption might be incorrect. Therefore using this method will future proof the code. Bug: 302212507 Test: Unit tests pass for both static and dynamic executables. Test: Ran bionic benchmarks that were modified. Change-Id: Ia77ff9ffee3081c5c1c02cb4309880f33b284e82
2023-10-27 02:00:00 +02:00
Make "disable memory mitigations" and "set heap tagging level" more available. These were only available internally via android_mallopt(), but they're likely to be needed by more code in future, so move them into mallopt(). This change leaves the android_mallopt() options for now, but I plan on coming back to remove them after I've switched the handful of callers over to mallopt() instead. Bug: http://b/135772972 Test: treehugger Change-Id: Ia154614069a7623c6aca85975a91e6a156f04759
2021-01-14 22:34:20 +01:00
// The rest we pass on...
Add android_mallopt M_GET_DECAY_TIME_ENABLED. The bionic benchmarks set the decay time in various ways, but don't necessarily restore it properly. Add a new method for getting the current decay time and then a way to restore it. Right now the assumption is that the decay time defaults to zero, but in the near future that assumption might be incorrect. Therefore using this method will future proof the code. Bug: 302212507 Test: Unit tests pass for both static and dynamic executables. Test: Ran bionic benchmarks that were modified. Change-Id: Ia77ff9ffee3081c5c1c02cb4309880f33b284e82
2023-10-27 02:00:00 +02:00
int retval;
Modify malloc common function pointers. Instead of every function being its own atomic, have a single pointer that can be used to flip all pointers at once. This avoid cases where the set of pointers can be in an partial switched state. Also fix a few inconsistent naming of functions in the file. Test: Ran unit tests (malloc debug, malloc hooks, perfetto). Change-Id: I3f66da395414586a3fa87874d80dcdf5f702ed39 Merged-In: I3f66da395414586a3fa87874d80dcdf5f702ed39 (cherry picked from commit 77184aedaf973c6e81accfc737f4fc362dad31ac)
2019-02-04 21:26:02 +01:00
auto dispatch_table = GetDispatchTable();
if (__predict_false(dispatch_table != nullptr)) {
Add android_mallopt M_GET_DECAY_TIME_ENABLED. The bionic benchmarks set the decay time in various ways, but don't necessarily restore it properly. Add a new method for getting the current decay time and then a way to restore it. Right now the assumption is that the decay time defaults to zero, but in the near future that assumption might be incorrect. Therefore using this method will future proof the code. Bug: 302212507 Test: Unit tests pass for both static and dynamic executables. Test: Ran bionic benchmarks that were modified. Change-Id: Ia77ff9ffee3081c5c1c02cb4309880f33b284e82
2023-10-27 02:00:00 +02:00
retval = dispatch_table->mallopt(param, value);
} else {
retval = Malloc(mallopt)(param, value);
Add support for modifying decay timer. Add the mallopt function, and only a single option so far. Bug: 36401135 Test: Built and booted bullhead. Test: Ran jemalloc unit tests. Test: Ran bionic unit tests. Test: Ran a test that allocated and free'd a large piece of memory, Test: and verified that after changing the parameter, the PSS Test: sticks around (decay timer set to 1), the PSS is purged (decay Test: timer set to 0). Change-Id: I6927929b0c539c1023d34772d9e26bb6a8a45877
2017-05-16 00:50:19 +02:00
}
Add android_mallopt M_GET_DECAY_TIME_ENABLED. The bionic benchmarks set the decay time in various ways, but don't necessarily restore it properly. Add a new method for getting the current decay time and then a way to restore it. Right now the assumption is that the decay time defaults to zero, but in the near future that assumption might be incorrect. Therefore using this method will future proof the code. Bug: 302212507 Test: Unit tests pass for both static and dynamic executables. Test: Ran bionic benchmarks that were modified. Change-Id: Ia77ff9ffee3081c5c1c02cb4309880f33b284e82
2023-10-27 02:00:00 +02:00
// Track the M_DECAY_TIME mallopt calls.
if (param == M_DECAY_TIME && retval == 1) {
__libc_globals.mutate([value](libc_globals* globals) {
if (value == 0) {
atomic_store(&globals->decay_time_enabled, false);
} else {
atomic_store(&globals->decay_time_enabled, true);
}
});
}
return retval;
Add support for modifying decay timer. Add the mallopt function, and only a single option so far. Bug: 36401135 Test: Built and booted bullhead. Test: Ran jemalloc unit tests. Test: Ran bionic unit tests. Test: Ran a test that allocated and free'd a large piece of memory, Test: and verified that after changing the parameter, the PSS Test: sticks around (decay timer set to 1), the PSS is purged (decay Test: timer set to 0). Change-Id: I6927929b0c539c1023d34772d9e26bb6a8a45877
2017-05-16 00:50:19 +02:00
}
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
extern "C" void* malloc(size_t bytes) {
Modify malloc common function pointers. Instead of every function being its own atomic, have a single pointer that can be used to flip all pointers at once. This avoid cases where the set of pointers can be in an partial switched state. Also fix a few inconsistent naming of functions in the file. Test: Ran unit tests (malloc debug, malloc hooks, perfetto). Change-Id: I3f66da395414586a3fa87874d80dcdf5f702ed39 Merged-In: I3f66da395414586a3fa87874d80dcdf5f702ed39 (cherry picked from commit 77184aedaf973c6e81accfc737f4fc362dad31ac)
2019-02-04 21:26:02 +01:00
auto dispatch_table = GetDispatchTable();
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
void *result;
Modify malloc common function pointers. Instead of every function being its own atomic, have a single pointer that can be used to flip all pointers at once. This avoid cases where the set of pointers can be in an partial switched state. Also fix a few inconsistent naming of functions in the file. Test: Ran unit tests (malloc debug, malloc hooks, perfetto). Change-Id: I3f66da395414586a3fa87874d80dcdf5f702ed39 Merged-In: I3f66da395414586a3fa87874d80dcdf5f702ed39 (cherry picked from commit 77184aedaf973c6e81accfc737f4fc362dad31ac)
2019-02-04 21:26:02 +01:00
if (__predict_false(dispatch_table != nullptr)) {
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
result = dispatch_table->malloc(bytes);
} else {
result = Malloc(malloc)(bytes);
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
}
Log when malloc functions fail. This shouldn't happen often, and resulting failures can be hard to debug. From the bionic unit tests now: W libc : malloc(18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 100) failed: returning null pointer W libc : calloc(1, 18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 18446744073709551615) failed: returning null pointer W libc : calloc(2, 18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 2) failed: returning null pointer W libc : memalign(4096, 18446744073709551615) failed: returning null pointer W libc : realloc(0x0, 18446744073709551615) failed: returning null pointer W libc : realloc(0x75d7526070, 18446744073709551615) failed: returning null pointer W libc : reallocaray(0x0, 9223372036854775812, 2) failed: returning null pointer W libc : reallocaray(0x0, 2, 9223372036854775812) failed: returning null pointer Bug: http://b/12821450 Test: ran tests Change-Id: Ib176814404f4ba1297416dd3e1edd721bf59aeed
2019-02-25 22:21:04 +01:00
if (__predict_false(result == nullptr)) {
warning_log("malloc(%zu) failed: returning null pointer", bytes);
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
return nullptr;
Log when malloc functions fail. This shouldn't happen often, and resulting failures can be hard to debug. From the bionic unit tests now: W libc : malloc(18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 100) failed: returning null pointer W libc : calloc(1, 18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 18446744073709551615) failed: returning null pointer W libc : calloc(2, 18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 2) failed: returning null pointer W libc : memalign(4096, 18446744073709551615) failed: returning null pointer W libc : realloc(0x0, 18446744073709551615) failed: returning null pointer W libc : realloc(0x75d7526070, 18446744073709551615) failed: returning null pointer W libc : reallocaray(0x0, 9223372036854775812, 2) failed: returning null pointer W libc : reallocaray(0x0, 2, 9223372036854775812) failed: returning null pointer Bug: http://b/12821450 Test: ran tests Change-Id: Ib176814404f4ba1297416dd3e1edd721bf59aeed
2019-02-25 22:21:04 +01:00
}
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
return MaybeTagPointer(result);
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
}
extern "C" size_t malloc_usable_size(const void* mem) {
Modify malloc common function pointers. Instead of every function being its own atomic, have a single pointer that can be used to flip all pointers at once. This avoid cases where the set of pointers can be in an partial switched state. Also fix a few inconsistent naming of functions in the file. Test: Ran unit tests (malloc debug, malloc hooks, perfetto). Change-Id: I3f66da395414586a3fa87874d80dcdf5f702ed39 Merged-In: I3f66da395414586a3fa87874d80dcdf5f702ed39 (cherry picked from commit 77184aedaf973c6e81accfc737f4fc362dad31ac)
2019-02-04 21:26:02 +01:00
auto dispatch_table = GetDispatchTable();
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
mem = MaybeUntagAndCheckPointer(mem);
Modify malloc common function pointers. Instead of every function being its own atomic, have a single pointer that can be used to flip all pointers at once. This avoid cases where the set of pointers can be in an partial switched state. Also fix a few inconsistent naming of functions in the file. Test: Ran unit tests (malloc debug, malloc hooks, perfetto). Change-Id: I3f66da395414586a3fa87874d80dcdf5f702ed39 Merged-In: I3f66da395414586a3fa87874d80dcdf5f702ed39 (cherry picked from commit 77184aedaf973c6e81accfc737f4fc362dad31ac)
2019-02-04 21:26:02 +01:00
if (__predict_false(dispatch_table != nullptr)) {
return dispatch_table->malloc_usable_size(mem);
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
}
return Malloc(malloc_usable_size)(mem);
}
extern "C" void* memalign(size_t alignment, size_t bytes) {
Modify malloc common function pointers. Instead of every function being its own atomic, have a single pointer that can be used to flip all pointers at once. This avoid cases where the set of pointers can be in an partial switched state. Also fix a few inconsistent naming of functions in the file. Test: Ran unit tests (malloc debug, malloc hooks, perfetto). Change-Id: I3f66da395414586a3fa87874d80dcdf5f702ed39 Merged-In: I3f66da395414586a3fa87874d80dcdf5f702ed39 (cherry picked from commit 77184aedaf973c6e81accfc737f4fc362dad31ac)
2019-02-04 21:26:02 +01:00
auto dispatch_table = GetDispatchTable();
if (__predict_false(dispatch_table != nullptr)) {
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
return MaybeTagPointer(dispatch_table->memalign(alignment, bytes));
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
}
Log when malloc functions fail. This shouldn't happen often, and resulting failures can be hard to debug. From the bionic unit tests now: W libc : malloc(18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 100) failed: returning null pointer W libc : calloc(1, 18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 18446744073709551615) failed: returning null pointer W libc : calloc(2, 18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 2) failed: returning null pointer W libc : memalign(4096, 18446744073709551615) failed: returning null pointer W libc : realloc(0x0, 18446744073709551615) failed: returning null pointer W libc : realloc(0x75d7526070, 18446744073709551615) failed: returning null pointer W libc : reallocaray(0x0, 9223372036854775812, 2) failed: returning null pointer W libc : reallocaray(0x0, 2, 9223372036854775812) failed: returning null pointer Bug: http://b/12821450 Test: ran tests Change-Id: Ib176814404f4ba1297416dd3e1edd721bf59aeed
2019-02-25 22:21:04 +01:00
void* result = Malloc(memalign)(alignment, bytes);
if (__predict_false(result == nullptr)) {
warning_log("memalign(%zu, %zu) failed: returning null pointer", alignment, bytes);
}
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
return MaybeTagPointer(result);
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
}
extern "C" int posix_memalign(void** memptr, size_t alignment, size_t size) {
Modify malloc common function pointers. Instead of every function being its own atomic, have a single pointer that can be used to flip all pointers at once. This avoid cases where the set of pointers can be in an partial switched state. Also fix a few inconsistent naming of functions in the file. Test: Ran unit tests (malloc debug, malloc hooks, perfetto). Change-Id: I3f66da395414586a3fa87874d80dcdf5f702ed39 Merged-In: I3f66da395414586a3fa87874d80dcdf5f702ed39 (cherry picked from commit 77184aedaf973c6e81accfc737f4fc362dad31ac)
2019-02-04 21:26:02 +01:00
auto dispatch_table = GetDispatchTable();
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
int result;
Modify malloc common function pointers. Instead of every function being its own atomic, have a single pointer that can be used to flip all pointers at once. This avoid cases where the set of pointers can be in an partial switched state. Also fix a few inconsistent naming of functions in the file. Test: Ran unit tests (malloc debug, malloc hooks, perfetto). Change-Id: I3f66da395414586a3fa87874d80dcdf5f702ed39 Merged-In: I3f66da395414586a3fa87874d80dcdf5f702ed39 (cherry picked from commit 77184aedaf973c6e81accfc737f4fc362dad31ac)
2019-02-04 21:26:02 +01:00
if (__predict_false(dispatch_table != nullptr)) {
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
result = dispatch_table->posix_memalign(memptr, alignment, size);
} else {
result = Malloc(posix_memalign)(memptr, alignment, size);
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
}
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
if (result == 0) {
*memptr = MaybeTagPointer(*memptr);
}
return result;
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
}
Add aligned_alloc to libc. Bug: 72969374 Test: Bionic unit tests pass. Test: Malloc debug unit tests pass. Change-Id: I235985bbc638855d94249c97c98f14ab2924bda0 (cherry picked from commit d69ee59594088c0d92ba9273188ef53ea5e6cd6a)
2018-02-06 03:14:55 +01:00
extern "C" void* aligned_alloc(size_t alignment, size_t size) {
Modify malloc common function pointers. Instead of every function being its own atomic, have a single pointer that can be used to flip all pointers at once. This avoid cases where the set of pointers can be in an partial switched state. Also fix a few inconsistent naming of functions in the file. Test: Ran unit tests (malloc debug, malloc hooks, perfetto). Change-Id: I3f66da395414586a3fa87874d80dcdf5f702ed39 Merged-In: I3f66da395414586a3fa87874d80dcdf5f702ed39 (cherry picked from commit 77184aedaf973c6e81accfc737f4fc362dad31ac)
2019-02-04 21:26:02 +01:00
auto dispatch_table = GetDispatchTable();
if (__predict_false(dispatch_table != nullptr)) {
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
return MaybeTagPointer(dispatch_table->aligned_alloc(alignment, size));
Add aligned_alloc to libc. Bug: 72969374 Test: Bionic unit tests pass. Test: Malloc debug unit tests pass. Change-Id: I235985bbc638855d94249c97c98f14ab2924bda0 (cherry picked from commit d69ee59594088c0d92ba9273188ef53ea5e6cd6a)
2018-02-06 03:14:55 +01:00
}
Log when malloc functions fail. This shouldn't happen often, and resulting failures can be hard to debug. From the bionic unit tests now: W libc : malloc(18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 100) failed: returning null pointer W libc : calloc(1, 18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 18446744073709551615) failed: returning null pointer W libc : calloc(2, 18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 2) failed: returning null pointer W libc : memalign(4096, 18446744073709551615) failed: returning null pointer W libc : realloc(0x0, 18446744073709551615) failed: returning null pointer W libc : realloc(0x75d7526070, 18446744073709551615) failed: returning null pointer W libc : reallocaray(0x0, 9223372036854775812, 2) failed: returning null pointer W libc : reallocaray(0x0, 2, 9223372036854775812) failed: returning null pointer Bug: http://b/12821450 Test: ran tests Change-Id: Ib176814404f4ba1297416dd3e1edd721bf59aeed
2019-02-25 22:21:04 +01:00
void* result = Malloc(aligned_alloc)(alignment, size);
if (__predict_false(result == nullptr)) {
warning_log("aligned_alloc(%zu, %zu) failed: returning null pointer", alignment, size);
}
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
return MaybeTagPointer(result);
Add aligned_alloc to libc. Bug: 72969374 Test: Bionic unit tests pass. Test: Malloc debug unit tests pass. Change-Id: I235985bbc638855d94249c97c98f14ab2924bda0 (cherry picked from commit d69ee59594088c0d92ba9273188ef53ea5e6cd6a)
2018-02-06 03:14:55 +01:00
}
Workaround ASan not knowing about reallocarray. Ensure we call realloc@plt rather than (as was previously happening) inlining realloc into reallocarray, which makes the allocation invisible to ASan. Bug: http://b/129989984 Test: objdump Change-Id: If8a43cba11aa5a2f2f62bacd02ef6ef4032e0dbb
2019-04-21 07:18:49 +02:00
extern "C" __attribute__((__noinline__)) void* realloc(void* old_mem, size_t bytes) {
Modify malloc common function pointers. Instead of every function being its own atomic, have a single pointer that can be used to flip all pointers at once. This avoid cases where the set of pointers can be in an partial switched state. Also fix a few inconsistent naming of functions in the file. Test: Ran unit tests (malloc debug, malloc hooks, perfetto). Change-Id: I3f66da395414586a3fa87874d80dcdf5f702ed39 Merged-In: I3f66da395414586a3fa87874d80dcdf5f702ed39 (cherry picked from commit 77184aedaf973c6e81accfc737f4fc362dad31ac)
2019-02-04 21:26:02 +01:00
auto dispatch_table = GetDispatchTable();
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
old_mem = MaybeUntagAndCheckPointer(old_mem);
Modify malloc common function pointers. Instead of every function being its own atomic, have a single pointer that can be used to flip all pointers at once. This avoid cases where the set of pointers can be in an partial switched state. Also fix a few inconsistent naming of functions in the file. Test: Ran unit tests (malloc debug, malloc hooks, perfetto). Change-Id: I3f66da395414586a3fa87874d80dcdf5f702ed39 Merged-In: I3f66da395414586a3fa87874d80dcdf5f702ed39 (cherry picked from commit 77184aedaf973c6e81accfc737f4fc362dad31ac)
2019-02-04 21:26:02 +01:00
if (__predict_false(dispatch_table != nullptr)) {
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
return MaybeTagPointer(dispatch_table->realloc(old_mem, bytes));
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
}
Log when malloc functions fail. This shouldn't happen often, and resulting failures can be hard to debug. From the bionic unit tests now: W libc : malloc(18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 100) failed: returning null pointer W libc : calloc(1, 18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 18446744073709551615) failed: returning null pointer W libc : calloc(2, 18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 2) failed: returning null pointer W libc : memalign(4096, 18446744073709551615) failed: returning null pointer W libc : realloc(0x0, 18446744073709551615) failed: returning null pointer W libc : realloc(0x75d7526070, 18446744073709551615) failed: returning null pointer W libc : reallocaray(0x0, 9223372036854775812, 2) failed: returning null pointer W libc : reallocaray(0x0, 2, 9223372036854775812) failed: returning null pointer Bug: http://b/12821450 Test: ran tests Change-Id: Ib176814404f4ba1297416dd3e1edd721bf59aeed
2019-02-25 22:21:04 +01:00
void* result = Malloc(realloc)(old_mem, bytes);
if (__predict_false(result == nullptr && bytes != 0)) {
warning_log("realloc(%p, %zu) failed: returning null pointer", old_mem, bytes);
}
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
return MaybeTagPointer(result);
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
}
Add reallocarray(3). Originally a BSD extension, now in glibc too. We've used it internally for a while. (cherry-pick of e4b13f7e3ca68edfcc5faedc5e7d4e13c4e8edb9.) Bug: http://b/112163459 Test: ran tests Change-Id: I813c3a62b13ddb91ba41e32a5a853d09207ea6bc Merged-In: I813c3a62b13ddb91ba41e32a5a853d09207ea6bc
2018-09-18 21:52:42 +02:00
extern "C" void* reallocarray(void* old_mem, size_t item_count, size_t item_size) {
size_t new_size;
if (__builtin_mul_overflow(item_count, item_size, &new_size)) {
Log when malloc functions fail. This shouldn't happen often, and resulting failures can be hard to debug. From the bionic unit tests now: W libc : malloc(18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 100) failed: returning null pointer W libc : calloc(1, 18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 18446744073709551615) failed: returning null pointer W libc : calloc(2, 18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 2) failed: returning null pointer W libc : memalign(4096, 18446744073709551615) failed: returning null pointer W libc : realloc(0x0, 18446744073709551615) failed: returning null pointer W libc : realloc(0x75d7526070, 18446744073709551615) failed: returning null pointer W libc : reallocaray(0x0, 9223372036854775812, 2) failed: returning null pointer W libc : reallocaray(0x0, 2, 9223372036854775812) failed: returning null pointer Bug: http://b/12821450 Test: ran tests Change-Id: Ib176814404f4ba1297416dd3e1edd721bf59aeed
2019-02-25 22:21:04 +01:00
warning_log("reallocaray(%p, %zu, %zu) failed: returning null pointer",
old_mem, item_count, item_size);
Add reallocarray(3). Originally a BSD extension, now in glibc too. We've used it internally for a while. (cherry-pick of e4b13f7e3ca68edfcc5faedc5e7d4e13c4e8edb9.) Bug: http://b/112163459 Test: ran tests Change-Id: I813c3a62b13ddb91ba41e32a5a853d09207ea6bc Merged-In: I813c3a62b13ddb91ba41e32a5a853d09207ea6bc
2018-09-18 21:52:42 +02:00
errno = ENOMEM;
return nullptr;
}
return realloc(old_mem, new_size);
}
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
#if defined(HAVE_DEPRECATED_MALLOC_FUNCS)
extern "C" void* pvalloc(size_t bytes) {
Modify malloc common function pointers. Instead of every function being its own atomic, have a single pointer that can be used to flip all pointers at once. This avoid cases where the set of pointers can be in an partial switched state. Also fix a few inconsistent naming of functions in the file. Test: Ran unit tests (malloc debug, malloc hooks, perfetto). Change-Id: I3f66da395414586a3fa87874d80dcdf5f702ed39 Merged-In: I3f66da395414586a3fa87874d80dcdf5f702ed39 (cherry picked from commit 77184aedaf973c6e81accfc737f4fc362dad31ac)
2019-02-04 21:26:02 +01:00
auto dispatch_table = GetDispatchTable();
if (__predict_false(dispatch_table != nullptr)) {
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
return MaybeTagPointer(dispatch_table->pvalloc(bytes));
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
}
Log when malloc functions fail. This shouldn't happen often, and resulting failures can be hard to debug. From the bionic unit tests now: W libc : malloc(18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 100) failed: returning null pointer W libc : calloc(1, 18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 18446744073709551615) failed: returning null pointer W libc : calloc(2, 18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 2) failed: returning null pointer W libc : memalign(4096, 18446744073709551615) failed: returning null pointer W libc : realloc(0x0, 18446744073709551615) failed: returning null pointer W libc : realloc(0x75d7526070, 18446744073709551615) failed: returning null pointer W libc : reallocaray(0x0, 9223372036854775812, 2) failed: returning null pointer W libc : reallocaray(0x0, 2, 9223372036854775812) failed: returning null pointer Bug: http://b/12821450 Test: ran tests Change-Id: Ib176814404f4ba1297416dd3e1edd721bf59aeed
2019-02-25 22:21:04 +01:00
void* result = Malloc(pvalloc)(bytes);
if (__predict_false(result == nullptr)) {
warning_log("pvalloc(%zu) failed: returning null pointer", bytes);
}
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
return MaybeTagPointer(result);
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
}
extern "C" void* valloc(size_t bytes) {
Modify malloc common function pointers. Instead of every function being its own atomic, have a single pointer that can be used to flip all pointers at once. This avoid cases where the set of pointers can be in an partial switched state. Also fix a few inconsistent naming of functions in the file. Test: Ran unit tests (malloc debug, malloc hooks, perfetto). Change-Id: I3f66da395414586a3fa87874d80dcdf5f702ed39 Merged-In: I3f66da395414586a3fa87874d80dcdf5f702ed39 (cherry picked from commit 77184aedaf973c6e81accfc737f4fc362dad31ac)
2019-02-04 21:26:02 +01:00
auto dispatch_table = GetDispatchTable();
if (__predict_false(dispatch_table != nullptr)) {
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
return MaybeTagPointer(dispatch_table->valloc(bytes));
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
}
Log when malloc functions fail. This shouldn't happen often, and resulting failures can be hard to debug. From the bionic unit tests now: W libc : malloc(18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 100) failed: returning null pointer W libc : calloc(1, 18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 18446744073709551615) failed: returning null pointer W libc : calloc(2, 18446744073709551615) failed: returning null pointer W libc : calloc(18446744073709551615, 2) failed: returning null pointer W libc : memalign(4096, 18446744073709551615) failed: returning null pointer W libc : realloc(0x0, 18446744073709551615) failed: returning null pointer W libc : realloc(0x75d7526070, 18446744073709551615) failed: returning null pointer W libc : reallocaray(0x0, 9223372036854775812, 2) failed: returning null pointer W libc : reallocaray(0x0, 2, 9223372036854775812) failed: returning null pointer Bug: http://b/12821450 Test: ran tests Change-Id: Ib176814404f4ba1297416dd3e1edd721bf59aeed
2019-02-25 22:21:04 +01:00
void* result = Malloc(valloc)(bytes);
if (__predict_false(result == nullptr)) {
warning_log("valloc(%zu) failed: returning null pointer", bytes);
}
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
return MaybeTagPointer(result);
Malloc debug rewrite. The major components of the rewrite: - Completely remove the qemu shared library code. Nobody was using it and it appears to have broken at some point. - Adds the ability to enable/disable different options independently. - Adds a new option that can enable the backtrace on alloc/free when a process gets a specific signal. - Adds a new way to enable malloc debug. If a special property is set, and the process has an environment variable set, then debug malloc will be enabled. This allows something that might be a derivative of app_process to be started with an environment variable being enabled. - get_malloc_leak_info() used to return one element for each pointer that had the exact same backtrace. The new version returns information for every one of the pointers with same backtrace. It turns out ddms already automatically coalesces these, so the old method simply hid the fact that there where multiple pointers with the same amount of backtrace. - Moved all of the malloc debug specific code into the library. Nothing related to the malloc debug data structures remains in libc. - Removed the calls to the debug malloc cleanup routine. Instead, I added an atexit call with the debug malloc cleanup routine. This gets around most problems related to the timing of doing the cleanup. The new properties and environment variables: libc.debug.malloc.options Set by option name (such as "backtrace"). Setting this to a bad value will cause a usage statement to be printed to the log. libc.debug.malloc.program Same as before. If this is set, then only the program named will be launched with malloc debug enabled. This is not a complete match, but if any part of the property is in the program name, malloc debug is enabled. libc.debug.malloc.env_enabled If set, then malloc debug is only enabled if the running process has the environment variable LIBC_DEBUG_MALLOC_ENABLE set. Bug: 19145921 Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2015-11-17 02:30:32 +01:00
}
#endif
// =============================================================================
conditional zygote child heap profiling + android_internal_mallopt On user builds, heapprofd should only be allowed to profile apps that are either debuggable, or profileable (according to the manifest). This change exposes extra zygote-specific knowledge to bionic, and makes the dedicated signal handler check for the special case of being in a zygote child. With this & the corresponding framework change, we should now be handling the 4 combinations of: {java, native} x {profile_at_runtime, profile_at_startup}. See internal go/heapprofd-java-trigger for further context. Test: on-device unit tests (shared & static) on blueline-userdebug. Test: flashed blueline-userdebug, confirmed that java profiling activates from startup and at runtime. Bug: 120409382 Change-Id: Ic251afeca4324dc650ac1d4f46976b526eae692a (cherry picked from commit 998792e2b6e1b84222b5d124f13ecdcb446cb22f) Merged-In: Ic251afeca4324dc650ac1d4f46976b526eae692a
2018-12-14 16:57:21 +01:00
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
struct CallbackWrapperArg {
void (*callback)(uintptr_t base, size_t size, void* arg);
void* arg;
};
void CallbackWrapper(uintptr_t base, size_t size, void* arg) {
CallbackWrapperArg* wrapper_arg = reinterpret_cast<CallbackWrapperArg*>(arg);
wrapper_arg->callback(
reinterpret_cast<uintptr_t>(MaybeTagPointer(reinterpret_cast<void*>(base))),
size, wrapper_arg->arg);
}
Export malloc_iterate and friends Export malloc_iterate, malloc_enable, and malloc_disable to be used by libmemunreachable. Change-Id: I08a50349af82a95d096b6b4cbac37ababe4b9b06
2016-01-29 21:48:18 +01:00
// =============================================================================
// Exported for use by libmemunreachable.
// =============================================================================
// Calls callback for every allocation in the anonymous heap mapping
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
// [base, base+size). Must be called between malloc_disable and malloc_enable.
// `base` in this can take either a tagged or untagged pointer, but we always
// provide a tagged pointer to the `base` argument of `callback` if the kernel
// supports tagged pointers.
Export malloc_iterate and friends Export malloc_iterate, malloc_enable, and malloc_disable to be used by libmemunreachable. Change-Id: I08a50349af82a95d096b6b4cbac37ababe4b9b06
2016-01-29 21:48:18 +01:00
extern "C" int malloc_iterate(uintptr_t base, size_t size,
void (*callback)(uintptr_t base, size_t size, void* arg), void* arg) {
Modify malloc common function pointers. Instead of every function being its own atomic, have a single pointer that can be used to flip all pointers at once. This avoid cases where the set of pointers can be in an partial switched state. Also fix a few inconsistent naming of functions in the file. Test: Ran unit tests (malloc debug, malloc hooks, perfetto). Change-Id: I3f66da395414586a3fa87874d80dcdf5f702ed39 Merged-In: I3f66da395414586a3fa87874d80dcdf5f702ed39 (cherry picked from commit 77184aedaf973c6e81accfc737f4fc362dad31ac)
2019-02-04 21:26:02 +01:00
auto dispatch_table = GetDispatchTable();
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
// Wrap the malloc_iterate callback we were provided, in order to provide
// pointer tagging support.
CallbackWrapperArg wrapper_arg;
wrapper_arg.callback = callback;
wrapper_arg.arg = arg;
uintptr_t untagged_base =
reinterpret_cast<uintptr_t>(UntagPointer(reinterpret_cast<void*>(base)));
Modify malloc common function pointers. Instead of every function being its own atomic, have a single pointer that can be used to flip all pointers at once. This avoid cases where the set of pointers can be in an partial switched state. Also fix a few inconsistent naming of functions in the file. Test: Ran unit tests (malloc debug, malloc hooks, perfetto). Change-Id: I3f66da395414586a3fa87874d80dcdf5f702ed39 Merged-In: I3f66da395414586a3fa87874d80dcdf5f702ed39 (cherry picked from commit 77184aedaf973c6e81accfc737f4fc362dad31ac)
2019-02-04 21:26:02 +01:00
if (__predict_false(dispatch_table != nullptr)) {
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
return dispatch_table->malloc_iterate(
untagged_base, size, CallbackWrapper, &wrapper_arg);
Export malloc_iterate and friends Export malloc_iterate, malloc_enable, and malloc_disable to be used by libmemunreachable. Change-Id: I08a50349af82a95d096b6b4cbac37ababe4b9b06
2016-01-29 21:48:18 +01:00
}
Add tagged pointers to bionic. This patch introduces tagged pointers to bionic. We add a static tag to all pointers on arm64 compatible platforms (needs requisite top-byte-ignore hardware feature and relevant kernel patches). We dynamically detect TBI-compatible devices (a device with the TBI feature and kernel support) at process start time, and insert an implementation-dependent tag into the top byte of the pointer for all heap allocations. We then check that the tag has not been truncated when deallocating the memory. If an application incorrectly writes to the top byte of the pointer, we terminate the process at time of detection. This will allow MTE-incompatible applications to be caught early. Bug: 135754954 Bug: 147147490 Test: cd bionic && atest . Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-08 00:47:47 +01:00
return Malloc(malloc_iterate)(
untagged_base, size, CallbackWrapper, &wrapper_arg);
Export malloc_iterate and friends Export malloc_iterate, malloc_enable, and malloc_disable to be used by libmemunreachable. Change-Id: I08a50349af82a95d096b6b4cbac37ababe4b9b06
2016-01-29 21:48:18 +01:00
}
// Disable calls to malloc so malloc_iterate gets a consistent view of
// allocated memory.
extern "C" void malloc_disable() {
Modify malloc common function pointers. Instead of every function being its own atomic, have a single pointer that can be used to flip all pointers at once. This avoid cases where the set of pointers can be in an partial switched state. Also fix a few inconsistent naming of functions in the file. Test: Ran unit tests (malloc debug, malloc hooks, perfetto). Change-Id: I3f66da395414586a3fa87874d80dcdf5f702ed39 Merged-In: I3f66da395414586a3fa87874d80dcdf5f702ed39 (cherry picked from commit 77184aedaf973c6e81accfc737f4fc362dad31ac)
2019-02-04 21:26:02 +01:00
auto dispatch_table = GetDispatchTable();
if (__predict_false(dispatch_table != nullptr)) {
return dispatch_table->malloc_disable();
Export malloc_iterate and friends Export malloc_iterate, malloc_enable, and malloc_disable to be used by libmemunreachable. Change-Id: I08a50349af82a95d096b6b4cbac37ababe4b9b06
2016-01-29 21:48:18 +01:00
}
return Malloc(malloc_disable)();
}
// Re-enable calls to malloc after a previous call to malloc_disable.
extern "C" void malloc_enable() {
Modify malloc common function pointers. Instead of every function being its own atomic, have a single pointer that can be used to flip all pointers at once. This avoid cases where the set of pointers can be in an partial switched state. Also fix a few inconsistent naming of functions in the file. Test: Ran unit tests (malloc debug, malloc hooks, perfetto). Change-Id: I3f66da395414586a3fa87874d80dcdf5f702ed39 Merged-In: I3f66da395414586a3fa87874d80dcdf5f702ed39 (cherry picked from commit 77184aedaf973c6e81accfc737f4fc362dad31ac)
2019-02-04 21:26:02 +01:00
auto dispatch_table = GetDispatchTable();
if (__predict_false(dispatch_table != nullptr)) {
return dispatch_table->malloc_enable();
Export malloc_iterate and friends Export malloc_iterate, malloc_enable, and malloc_disable to be used by libmemunreachable. Change-Id: I08a50349af82a95d096b6b4cbac37ababe4b9b06
2016-01-29 21:48:18 +01:00
}
return Malloc(malloc_enable)();
}
Export malloc_backtrace Change-Id: Ic1adb4dfd86b9ca698443a36263a3df2c91edda3
2016-02-02 20:57:54 +01:00
Refactor malloc common into distinct pieces. The pieces: - The malloc common shared by static and dynamic code (malloc_common.cpp). - The code for shared libraries that includes any dlopen'ing (malloc_common_dynamic.cpp). - The implementation of perfetto's heapprofd (malloc_heapprofd.cpp). This makes it easier to see what's going on in the many different areas. It should also make it easier to add the allocation capping option. Other related changes: - Update the unit tests for android_mallopt. All of the current options don't work on static binaries, so make sure that is reflected in the test. - A few names changes to make sure that all code is consistent. Test: Ran tests (malloc hooks/malloc debug/perfetto/bionic unit tests). Change-Id: I0893bfbc0f83d82506fac5d1f37cf92fbdef6f59
2019-02-09 02:30:58 +01:00
#if defined(LIBC_STATIC)
Export malloc_backtrace Change-Id: Ic1adb4dfd86b9ca698443a36263a3df2c91edda3
2016-02-02 20:57:54 +01:00
extern "C" ssize_t malloc_backtrace(void*, uintptr_t*, size_t) {
return 0;
}
#endif
Refactor malloc common into distinct pieces. The pieces: - The malloc common shared by static and dynamic code (malloc_common.cpp). - The code for shared libraries that includes any dlopen'ing (malloc_common_dynamic.cpp). - The implementation of perfetto's heapprofd (malloc_heapprofd.cpp). This makes it easier to see what's going on in the many different areas. It should also make it easier to add the allocation capping option. Other related changes: - Update the unit tests for android_mallopt. All of the current options don't work on static binaries, so make sure that is reflected in the test. - A few names changes to make sure that all code is consistent. Test: Ran tests (malloc hooks/malloc debug/perfetto/bionic unit tests). Change-Id: I0893bfbc0f83d82506fac5d1f37cf92fbdef6f59
2019-02-09 02:30:58 +01:00
#if __has_feature(hwaddress_sanitizer)
// FIXME: implement these in HWASan allocator.
Rename iterate to malloc_iterate internally. I have no idea why I used the iterate name internally which is completely unlike every other function name. Change this to match everyone else so that it's now malloc_iterate everywhere. This is probably the last chance to change this before mainline modules begin, so make everything consistent. Test: Compiles, unit tests passes. Change-Id: I56d293377fa0fe1a3dc3dd85d6432f877cc2003c
2019-11-08 20:28:38 +01:00
extern "C" int __sanitizer_malloc_iterate(uintptr_t base __unused, size_t size __unused,
void (*callback)(uintptr_t base, size_t size, void* arg)
__unused,
void* arg __unused) {
Refactor malloc common into distinct pieces. The pieces: - The malloc common shared by static and dynamic code (malloc_common.cpp). - The code for shared libraries that includes any dlopen'ing (malloc_common_dynamic.cpp). - The implementation of perfetto's heapprofd (malloc_heapprofd.cpp). This makes it easier to see what's going on in the many different areas. It should also make it easier to add the allocation capping option. Other related changes: - Update the unit tests for android_mallopt. All of the current options don't work on static binaries, so make sure that is reflected in the test. - A few names changes to make sure that all code is consistent. Test: Ran tests (malloc hooks/malloc debug/perfetto/bionic unit tests). Change-Id: I0893bfbc0f83d82506fac5d1f37cf92fbdef6f59
2019-02-09 02:30:58 +01:00
return 0;
}
extern "C" void __sanitizer_malloc_disable() {
}
extern "C" void __sanitizer_malloc_enable() {
}
Add malloc_info for sanitizer. Test: hwasan builds. Change-Id: I39267c642af75b1ebb99633f25959638cc39628c
2019-03-08 19:56:17 +01:00
extern "C" int __sanitizer_malloc_info(int, FILE*) {
errno = ENOTSUP;
return -1;
}
Refactor malloc common into distinct pieces. The pieces: - The malloc common shared by static and dynamic code (malloc_common.cpp). - The code for shared libraries that includes any dlopen'ing (malloc_common_dynamic.cpp). - The implementation of perfetto's heapprofd (malloc_heapprofd.cpp). This makes it easier to see what's going on in the many different areas. It should also make it easier to add the allocation capping option. Other related changes: - Update the unit tests for android_mallopt. All of the current options don't work on static binaries, so make sure that is reflected in the test. - A few names changes to make sure that all code is consistent. Test: Ran tests (malloc hooks/malloc debug/perfetto/bionic unit tests). Change-Id: I0893bfbc0f83d82506fac5d1f37cf92fbdef6f59
2019-02-09 02:30:58 +01:00
#endif
// =============================================================================
// =============================================================================
// Platform-internal mallopt variant.
// =============================================================================
#if defined(LIBC_STATIC)
Add a platform API for setting an allocation limit. Introduce an M_SET_ALLOCATION_LIMIT enumerator for android_mallopt(), which can be used to set an upper bound on the total size of all allocations made using the memory allocation APIs. This is useful for programs such as audioextractor and mediaserver which need to set such a limit as a security mitigation. Currently these programs are using setrlimit(RLIMIT_AS) which isn't exactly what these programs want to control. RLIMIT_AS is also problematic under sanitizers which allocate large amounts of address space as shadow memory, and is especially problematic under shadow call stack, which requires 16MB of address space per thread. Add new unit tests for bionic. Add new unit tests for malloc debug that verify that when the limit is enabled, malloc debug still functions for nearly every allocation function. Bug: 118642754 Test: Ran bionic-unit-tests/bionic-unit-tests-static. Test: Ran malloc debug tests and perfetto integration tests. Change-Id: I735403c4d2c87f00fb2cdef81d00af0af446b2bb
2019-02-16 03:06:15 +01:00
extern "C" bool android_mallopt(int opcode, void* arg, size_t arg_size) {
if (opcode == M_SET_ALLOCATION_LIMIT_BYTES) {
return LimitEnable(arg, arg_size);
}
[GWP-ASan] Integrate GWP-ASan into bionc's malloc() (using hooks). This patch introduces GWP-ASan - a sampled allocator framework that finds use-after-free and heap-buffer-overflow bugs in production environments. GWP-ASan is being introduced in an always-disabled mode. This means that GWP-ASan will be permanently disabled until a further patch turns on support. As such, there should be no visible functional change for the time being. GWP-ASan requires -fno-emulated-tls wherever it's linked from. We intentionally link GWP-ASan into libc so that it's part of the initial set of libraries, and thus has static TLS storage (so we can use Initial-Exec TLS instead of Global-Dynamic). As a benefit, this reduces overhead for a sampled process. GWP-ASan is always initialised via. a call to mallopt(M_INITIALIZE_GWP_ASAN, which must be done before a process is multithreaded). More information about GWP-ASan can be found in the upstream documentation: http://llvm.org/docs/GwpAsan.html Bug: 135634846 Test: atest bionic Change-Id: Ib9bd33337d17dab39ac32f4536bff71bd23498b0
2020-02-01 04:57:04 +01:00
if (opcode == M_INITIALIZE_GWP_ASAN) {
[GWP-ASan] Provide runtime configuration through an env var + sysprop. This patch introduces GWP-ASan system properties and environment variables to control the internal sampling rates of GWP-ASan. This can be used for: 1. "Torture testing" the system, i.e. running it under an extremely high sampling rate under GWP-ASan. 2. Increasing sampling remotely to allow further crash report collection of rare issues. There are three sets of system properites: 1. libc.debug.gwp_asan.*.system_default: Default values for native executables and system apps. 2. libc.debug.gwp_asan.*.app_default: Default values for non-system apps, and 3. libc.debug.gwp_asan.*.<basename/app_name>: Default values for an individual app or native process. There are three variables that can be changed: 1. The allocation sampling rate (default: 2500) - using the environment variable GWP_ASAN_SAMPLE_RATE or the libc.debug.gwp_asan.sample_rate.* system property. 2. The process sampling rate (default: 128 for system apps/processes, 1 for opted-in apps) - using the environment variable GWP_ASAN_PROCESS_SAMPLING or the libc.debug.gwp_asan.process_sampling.* system property, 3. The number of slots available (default: 32) - using the environment variable GWP_ASAN_MAX_ALLOCS or the libc.debug.gwp_asan.max_allocs.* system property. If not specified, #3 will be calculated as a ratio of the default |2500 SampleRate : 32 slots|. So, a sample rate of "1250" (i.e. twice as frequent sampling) will result in a doubling of the max_allocs to "64". Bug: 219651032 Test: atest bionic-unit-tests Change-Id: Idb40a2a4d074e01ce3c4e635ad639a91a32d570f
2020-12-01 00:04:14 +01:00
if (arg == nullptr || arg_size != sizeof(android_mallopt_gwp_asan_options_t)) {
[GWP-ASan] Integrate GWP-ASan into bionc's malloc() (using hooks). This patch introduces GWP-ASan - a sampled allocator framework that finds use-after-free and heap-buffer-overflow bugs in production environments. GWP-ASan is being introduced in an always-disabled mode. This means that GWP-ASan will be permanently disabled until a further patch turns on support. As such, there should be no visible functional change for the time being. GWP-ASan requires -fno-emulated-tls wherever it's linked from. We intentionally link GWP-ASan into libc so that it's part of the initial set of libraries, and thus has static TLS storage (so we can use Initial-Exec TLS instead of Global-Dynamic). As a benefit, this reduces overhead for a sampled process. GWP-ASan is always initialised via. a call to mallopt(M_INITIALIZE_GWP_ASAN, which must be done before a process is multithreaded). More information about GWP-ASan can be found in the upstream documentation: http://llvm.org/docs/GwpAsan.html Bug: 135634846 Test: atest bionic Change-Id: Ib9bd33337d17dab39ac32f4536bff71bd23498b0
2020-02-01 04:57:04 +01:00
errno = EINVAL;
return false;
}
Fix broken return code of M_INITIALIZE_GWP_ASAN. When calling android_mallopt using M_INITIALIZE_GWP_ASAN, nothing was being returned. Fix this, add a test, and also refactor the code a bit so dynamic and static share the same code. Test: Unit tests pass in dynamic and static versions. Test: Passed using both jemalloc and scudo. Change-Id: Ibe54b6ccabdbd44d2378892e793df393978bc02b
2021-09-21 02:25:46 +02:00
[GWP-ASan] Provide runtime configuration through an env var + sysprop. This patch introduces GWP-ASan system properties and environment variables to control the internal sampling rates of GWP-ASan. This can be used for: 1. "Torture testing" the system, i.e. running it under an extremely high sampling rate under GWP-ASan. 2. Increasing sampling remotely to allow further crash report collection of rare issues. There are three sets of system properites: 1. libc.debug.gwp_asan.*.system_default: Default values for native executables and system apps. 2. libc.debug.gwp_asan.*.app_default: Default values for non-system apps, and 3. libc.debug.gwp_asan.*.<basename/app_name>: Default values for an individual app or native process. There are three variables that can be changed: 1. The allocation sampling rate (default: 2500) - using the environment variable GWP_ASAN_SAMPLE_RATE or the libc.debug.gwp_asan.sample_rate.* system property. 2. The process sampling rate (default: 128 for system apps/processes, 1 for opted-in apps) - using the environment variable GWP_ASAN_PROCESS_SAMPLING or the libc.debug.gwp_asan.process_sampling.* system property, 3. The number of slots available (default: 32) - using the environment variable GWP_ASAN_MAX_ALLOCS or the libc.debug.gwp_asan.max_allocs.* system property. If not specified, #3 will be calculated as a ratio of the default |2500 SampleRate : 32 slots|. So, a sample rate of "1250" (i.e. twice as frequent sampling) will result in a doubling of the max_allocs to "64". Bug: 219651032 Test: atest bionic-unit-tests Change-Id: Idb40a2a4d074e01ce3c4e635ad639a91a32d570f
2020-12-01 00:04:14 +01:00
return EnableGwpAsan(*reinterpret_cast<android_mallopt_gwp_asan_options_t*>(arg));
[GWP-ASan] Integrate GWP-ASan into bionc's malloc() (using hooks). This patch introduces GWP-ASan - a sampled allocator framework that finds use-after-free and heap-buffer-overflow bugs in production environments. GWP-ASan is being introduced in an always-disabled mode. This means that GWP-ASan will be permanently disabled until a further patch turns on support. As such, there should be no visible functional change for the time being. GWP-ASan requires -fno-emulated-tls wherever it's linked from. We intentionally link GWP-ASan into libc so that it's part of the initial set of libraries, and thus has static TLS storage (so we can use Initial-Exec TLS instead of Global-Dynamic). As a benefit, this reduces overhead for a sampled process. GWP-ASan is always initialised via. a call to mallopt(M_INITIALIZE_GWP_ASAN, which must be done before a process is multithreaded). More information about GWP-ASan can be found in the upstream documentation: http://llvm.org/docs/GwpAsan.html Bug: 135634846 Test: atest bionic Change-Id: Ib9bd33337d17dab39ac32f4536bff71bd23498b0
2020-02-01 04:57:04 +01:00
}
Add android_mallopt to query MTE stack state Bug: 244364391 Change-Id: Ie6267201f0c2e293b27c71cd160a2311c9de8091
2022-08-31 20:43:30 +02:00
if (opcode == M_MEMTAG_STACK_IS_ON) {
if (arg == nullptr || arg_size != sizeof(bool)) {
errno = EINVAL;
return false;
}
*reinterpret_cast<bool*>(arg) = atomic_load(&__libc_globals->memtag_stack);
return true;
}
Add android_mallopt M_GET_DECAY_TIME_ENABLED. The bionic benchmarks set the decay time in various ways, but don't necessarily restore it properly. Add a new method for getting the current decay time and then a way to restore it. Right now the assumption is that the decay time defaults to zero, but in the near future that assumption might be incorrect. Therefore using this method will future proof the code. Bug: 302212507 Test: Unit tests pass for both static and dynamic executables. Test: Ran bionic benchmarks that were modified. Change-Id: Ia77ff9ffee3081c5c1c02cb4309880f33b284e82
2023-10-27 02:00:00 +02:00
if (opcode == M_GET_DECAY_TIME_ENABLED) {
if (arg == nullptr || arg_size != sizeof(bool)) {
errno = EINVAL;
return false;
}
*reinterpret_cast<bool*>(arg) = atomic_load(&__libc_globals->decay_time_enabled);
return true;
}
Refactor malloc common into distinct pieces. The pieces: - The malloc common shared by static and dynamic code (malloc_common.cpp). - The code for shared libraries that includes any dlopen'ing (malloc_common_dynamic.cpp). - The implementation of perfetto's heapprofd (malloc_heapprofd.cpp). This makes it easier to see what's going on in the many different areas. It should also make it easier to add the allocation capping option. Other related changes: - Update the unit tests for android_mallopt. All of the current options don't work on static binaries, so make sure that is reflected in the test. - A few names changes to make sure that all code is consistent. Test: Ran tests (malloc hooks/malloc debug/perfetto/bionic unit tests). Change-Id: I0893bfbc0f83d82506fac5d1f37cf92fbdef6f59
2019-02-09 02:30:58 +01:00
errno = ENOTSUP;
return false;
}
#endif
// =============================================================================
[GWP-ASan] Integrate GWP-ASan into bionc's malloc() (using hooks). This patch introduces GWP-ASan - a sampled allocator framework that finds use-after-free and heap-buffer-overflow bugs in production environments. GWP-ASan is being introduced in an always-disabled mode. This means that GWP-ASan will be permanently disabled until a further patch turns on support. As such, there should be no visible functional change for the time being. GWP-ASan requires -fno-emulated-tls wherever it's linked from. We intentionally link GWP-ASan into libc so that it's part of the initial set of libraries, and thus has static TLS storage (so we can use Initial-Exec TLS instead of Global-Dynamic). As a benefit, this reduces overhead for a sampled process. GWP-ASan is always initialised via. a call to mallopt(M_INITIALIZE_GWP_ASAN, which must be done before a process is multithreaded). More information about GWP-ASan can be found in the upstream documentation: http://llvm.org/docs/GwpAsan.html Bug: 135634846 Test: atest bionic Change-Id: Ib9bd33337d17dab39ac32f4536bff71bd23498b0
2020-02-01 04:57:04 +01:00
static constexpr MallocDispatch __libc_malloc_default_dispatch __attribute__((unused)) = {
Malloc(calloc),
Malloc(free),
Malloc(mallinfo),
Malloc(malloc),
Malloc(malloc_usable_size),
Malloc(memalign),
Malloc(posix_memalign),
#if defined(HAVE_DEPRECATED_MALLOC_FUNCS)
Malloc(pvalloc),
#endif
Malloc(realloc),
#if defined(HAVE_DEPRECATED_MALLOC_FUNCS)
Malloc(valloc),
#endif
Malloc(malloc_iterate),
Malloc(malloc_disable),
Malloc(malloc_enable),
Malloc(mallopt),
Malloc(aligned_alloc),
Malloc(malloc_info),
};
const MallocDispatch* NativeAllocatorDispatch() {
return &__libc_malloc_default_dispatch;
}
Reference in a new issue Copy permalink