From patchwork Sat Nov 28 11:59:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Topi Miettinen X-Patchwork-Id: 41227 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id C701F3850432; Sat, 28 Nov 2020 12:00:02 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C701F3850432 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1606564802; bh=11lnWQMB8urgcL5NAVobok0xcQ6jzNTGJmjXahKP66A=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=vFNqPKTy0iGHbFWztqMq/ZIyypePJ2CkSJVx4Pyu6jqStyBVoODimML5DsoqVW6tR YhGSKyc6AIZp3LdCOI8KTuJvO2Oih5kVmNOjBRRw3ghmYitM7Ve5MzqHPBUJcgSEkA ot9xWSp9DYG69bgKv5/pyhtIz+hL8IQVqns93KZ8= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-lf1-x144.google.com (mail-lf1-x144.google.com [IPv6:2a00:1450:4864:20::144]) by sourceware.org (Postfix) with ESMTPS id CFD713850432 for ; Sat, 28 Nov 2020 11:59:59 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org CFD713850432 Received: by mail-lf1-x144.google.com with SMTP id v14so10884258lfo.3 for ; Sat, 28 Nov 2020 03:59:59 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=11lnWQMB8urgcL5NAVobok0xcQ6jzNTGJmjXahKP66A=; b=UjHdXLuaGV3TtIdxmmuhWcsg1JZB8jMD/pNSi04+EOjr7fLPysp9RRs1c7wDvwVi2J 5DJiA6Y3kJMES1EdYlhSvoREos7sZaKeWFwtzqOhcoZvIdirIOncGfltUpTryogWXLGZ EGCc5698JxtQWlyrpLD3f0qBmsXK6ZJT5vSnmb8Ai7HqQA3WyR2cJtY9YmIRA/g5juS3 hY9CI0OJ2jg0/+MMijnfBubR+QFhs7Q+nN/b88x4eYk+48PLG0mftPJM+7IYB4fh+s5M 4aYGkXQv9CVXGH6nFqNDrt4DTVfsEBoi9ayaYu5YkoflC2J5hDOTWEu7pkwFzZXC72YY w7ig== X-Gm-Message-State: AOAM533DMIu2pCjKoFK97TzAXTVPR7feU6QqYDpkKETPFPUo5buBFl8v CMgF07L2mfmMmyr5U6lFLcI4LqYuCfO4RQ== X-Google-Smtp-Source: ABdhPJwoVuP+8RuJyEkB5LLR3YT54M5wxUYoPzue+1cLamrPz3A+/BAH1RdL9M3mUywqoRkluVMfxw== X-Received: by 2002:a05:6512:3218:: with SMTP id d24mr4942224lfe.358.1606564798116; Sat, 28 Nov 2020 03:59:58 -0800 (PST) Received: from localhost.localdomain (88-114-211-119.elisa-laajakaista.fi. [88.114.211.119]) by smtp.gmail.com with ESMTPSA id w28sm1055145lfk.8.2020.11.28.03.59.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 28 Nov 2020 03:59:57 -0800 (PST) To: libc-alpha@sourceware.org Subject: [PATCH 1/4] csu: randomize location of TCB Date: Sat, 28 Nov 2020 13:59:42 +0200 Message-Id: <20201128115945.42732-2-toiwoton@gmail.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201128115945.42732-1-toiwoton@gmail.com> References: <20201128115945.42732-1-toiwoton@gmail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-9.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Topi Miettinen via Libc-alpha From: Topi Miettinen Reply-To: Topi Miettinen Cc: Topi Miettinen Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" Use mmap() for allocating TCB except if instructed by tunable glibc.malloc.use_sbrk. This makes the location of TCB random instead of always staying predictably next to data segment. When using mmap(), improve the logic so that allocation of TCB can be assumed to fail insted of segfaulting. --- v2: introduce a tunable to use sbrk() v3: - refactor mmap() (Adhemerval Zanella) - rename mmap_internal to mmap_noerrno --- csu/libc-tls.c | 40 ++++++++++++++++---- elf/dl-tunables.list | 7 ++++ include/sys/mman.h | 5 +++ manual/tunables.texi | 5 +++ sysdeps/mach/hurd/dl-sysdep.c | 18 +++++++-- sysdeps/unix/sysv/linux/mmap.c | 30 ++++++++++++--- sysdeps/unix/sysv/linux/mmap64.c | 23 ++++++++--- sysdeps/unix/sysv/linux/mmap_internal.h | 2 +- sysdeps/unix/sysv/linux/s390/mmap_internal.h | 2 +- 9 files changed, 109 insertions(+), 23 deletions(-) diff --git a/csu/libc-tls.c b/csu/libc-tls.c index c3589f0a7d..0cb6cb2e42 100644 --- a/csu/libc-tls.c +++ b/csu/libc-tls.c @@ -25,11 +25,18 @@ #include #include #include +#include +#include #ifdef SHARED #error makefile bug, this file is for static only #endif +#if HAVE_TUNABLES +# define TUNABLE_NAMESPACE malloc +#endif +#include + dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS]; @@ -135,26 +142,45 @@ __libc_setup_tls (void) /* We have to set up the TCB block which also (possibly) contains 'errno'. Therefore we avoid 'malloc' which might touch 'errno'. - Instead we use 'sbrk' which would only uses 'errno' if it fails. - In this case we are right away out of memory and the user gets - what she/he deserves. */ + Instead we use '__mmap_noerrno' (when available) which does not + use 'errno', except if instructed by tunable + glibc.malloc.use_sbrk to use 'sbrk()' instead. If 'sbrk()' fails, + it will access 'errno' with catastrophic results. */ + + size_t tlsblock_size; #if TLS_TCB_AT_TP /* Align the TCB offset to the maximum alignment, as _dl_allocate_tls_storage (in elf/dl-tls.c) does using __libc_memalign and dl_tls_static_align. */ tcb_offset = roundup (memsz + GLRO(dl_tls_static_surplus), max_align); - tlsblock = __sbrk (tcb_offset + TLS_INIT_TCB_SIZE + max_align); + tlsblock_size = tcb_offset + TLS_INIT_TCB_SIZE + max_align; #elif TLS_DTV_AT_TP tcb_offset = roundup (TLS_INIT_TCB_SIZE, align ?: 1); - tlsblock = __sbrk (tcb_offset + memsz + max_align - + TLS_PRE_TCB_SIZE + GLRO(dl_tls_static_surplus)); - tlsblock += TLS_PRE_TCB_SIZE; + tlsblock_size = tcb_offset + memsz + max_align + + TLS_PRE_TCB_SIZE + GLRO(dl_tls_static_surplus); #else /* In case a model with a different layout for the TCB and DTV is defined add another #elif here and in the following #ifs. */ # error "Either TLS_TCB_AT_TP or TLS_DTV_AT_TP must be defined" #endif +#if HAVE_TUNABLES + if (!TUNABLE_GET (use_sbrk, int32_t, NULL)) + { + int error = 0; + tlsblock = __mmap_noerrno (NULL, tlsblock_size, PROT_READ | PROT_WRITE, + MAP_ANONYMOUS | MAP_PRIVATE, -1, 0, &error); + if (error || tlsblock == MAP_FAILED) + _startup_fatal ("Cannot allocate TCB"); + } + else +#endif + tlsblock = __sbrk (tlsblock_size); + +#if TLS_DTV_AT_TP + tlsblock += TLS_PRE_TCB_SIZE; +#endif + /* Align the TLS block. */ tlsblock = (void *) (((uintptr_t) tlsblock + max_align - 1) & ~(max_align - 1)); diff --git a/elf/dl-tunables.list b/elf/dl-tunables.list index e1d8225128..777ebee788 100644 --- a/elf/dl-tunables.list +++ b/elf/dl-tunables.list @@ -91,6 +91,13 @@ glibc { minval: 0 security_level: SXID_IGNORE } + use_sbrk { + type: INT_32 + minval: 0 + maxval: 1 + default: 0 + security_level: SXID_IGNORE + } } cpu { hwcap_mask { diff --git a/include/sys/mman.h b/include/sys/mman.h index 503edaae88..d2fc5608c3 100644 --- a/include/sys/mman.h +++ b/include/sys/mman.h @@ -22,6 +22,11 @@ extern void *__mremap (void *__addr, size_t __old_len, size_t __new_len, int __flags, ...); libc_hidden_proto (__mremap) +/* Internal version of mmap() which doesn't attempt to access errno */ +extern void *__mmap_noerrno (void *addr, size_t len, int prot, int flags, + int fd, off_t offset, int *err); +libc_hidden_proto (__mmap_noerrno) + # if IS_IN (rtld) # include # endif diff --git a/manual/tunables.texi b/manual/tunables.texi index d72d7a5ec0..46132900e3 100644 --- a/manual/tunables.texi +++ b/manual/tunables.texi @@ -227,6 +227,11 @@ pointer, so add 4 on 32-bit systems or 8 on 64-bit systems to the size passed to @code{malloc} for the largest bin size to enable. @end deftp +@deftp Tunable glibc.malloc.use_sbrk +A value of 1 instructs @theglibc{} to use @code{sbrk()} for memory +allocation instead of @code{mmap()}. +@end deftp + @node Dynamic Linking Tunables @section Dynamic Linking Tunables @cindex dynamic linking tunables diff --git a/sysdeps/mach/hurd/dl-sysdep.c b/sysdeps/mach/hurd/dl-sysdep.c index 370495710e..40e2919b9d 100644 --- a/sysdeps/mach/hurd/dl-sysdep.c +++ b/sysdeps/mach/hurd/dl-sysdep.c @@ -482,9 +482,9 @@ __libc_lseek64 (int fd, off64_t offset, int whence) return offset; } -check_no_hidden(__mmap); +check_no_hidden(__mmap_noerrno); void *weak_function -__mmap (void *addr, size_t len, int prot, int flags, int fd, off_t offset) +__mmap_noerrno (void *addr, size_t len, int prot, int flags, int fd, off_t offset, int *error) { error_t err; vm_prot_t vmprot; @@ -541,10 +541,22 @@ __mmap (void *addr, size_t len, int prot, int flags, int fd, off_t offset) __mach_port_deallocate (__mach_task_self (), memobj_rd); if (err) - return __hurd_fail (err), MAP_FAILED; + *error = err; return (void *) mapaddr; } +check_no_hidden(__mmap); +void *weak_function +__mmap (void *addr, size_t len, int prot, int flags, int fd, off_t offset) +{ + int err = 0; + + void *r = __mmap_noerrno (addr, len, prot, flags, fd, offset, &err); + if (err) + return __hurd_fail (err), MAP_FAILED; + return r; +} + check_no_hidden(__fstat64); int weak_function __fstat64 (int fd, struct stat64 *buf) diff --git a/sysdeps/unix/sysv/linux/mmap.c b/sysdeps/unix/sysv/linux/mmap.c index 22f276bb14..19eca3fe18 100644 --- a/sysdeps/unix/sysv/linux/mmap.c +++ b/sysdeps/unix/sysv/linux/mmap.c @@ -31,20 +31,38 @@ # endif void * -__mmap (void *addr, size_t len, int prot, int flags, int fd, off_t offset) +__mmap_noerrno (void *addr, size_t len, int prot, int flags, int fd, off_t offset, int *err) { MMAP_CHECK_PAGE_UNIT (); if (offset & MMAP_OFF_LOW_MASK) - return (void *) INLINE_SYSCALL_ERROR_RETURN_VALUE (EINVAL); + return (void *) -EINVAL; #ifdef __NR_mmap2 - return (void *) MMAP_CALL (mmap2, addr, len, prot, flags, fd, - offset / (uint32_t) MMAP2_PAGE_UNIT); + long int r = MMAP_CALL (mmap2, addr, len, prot, flags, fd, + offset / (uint32_t) MMAP2_PAGE_UNIT); #else - return (void *) MMAP_CALL (mmap, addr, len, prot, flags, fd, - MMAP_ADJUST_OFFSET (offset)); + long int r = MMAP_CALL (mmap, addr, len, prot, flags, fd, + MMAP_ADJUST_OFFSET (offset)); #endif + if (INTERNAL_SYSCALL_ERROR_P (r)) + { + *err = (INTERNAL_SYSCALL_ERRNO (r)); + return MAP_FAILED; + } + return (void*) r; +} +libc_hidden_def (__mmap_noerrno) + +void * +__mmap (void *addr, size_t len, int prot, int flags, int fd, off_t offset) +{ + int error = 0; + + void *r = __mmap_noerrno (addr, len, prot, flags, fd, offset, &error); + if (error) + __set_errno(error); + return r; } weak_alias (__mmap, mmap) libc_hidden_def (__mmap) diff --git a/sysdeps/unix/sysv/linux/mmap64.c b/sysdeps/unix/sysv/linux/mmap64.c index 8074deb466..3d6557734b 100644 --- a/sysdeps/unix/sysv/linux/mmap64.c +++ b/sysdeps/unix/sysv/linux/mmap64.c @@ -44,25 +44,38 @@ #endif void * -__mmap64 (void *addr, size_t len, int prot, int flags, int fd, off64_t offset) +__mmap64_noerrno (void *addr, size_t len, int prot, int flags, int fd, off64_t offset, int *err) { MMAP_CHECK_PAGE_UNIT (); if (offset & MMAP_OFF_MASK) - return (void *) INLINE_SYSCALL_ERROR_RETURN_VALUE (EINVAL); + return (void *) -EINVAL; MMAP_PREPARE (addr, len, prot, flags, fd, offset); #ifdef __NR_mmap2 - return (void *) MMAP_CALL (mmap2, addr, len, prot, flags, fd, - (off_t) (offset / MMAP2_PAGE_UNIT)); + long int r = MMAP_CALL (mmap2, addr, len, prot, flags, fd, + (off_t) (offset / MMAP2_PAGE_UNIT)); #else - return (void *) MMAP_CALL (mmap, addr, len, prot, flags, fd, offset); + long int r = MMAP_CALL (mmap, addr, len, prot, flags, fd, offset); #endif + if (INTERNAL_SYSCALL_ERROR_P (r)) + { + *err = INTERNAL_SYSCALL_ERRNO (r); + return MAP_FAILED; + } + return (void *) r; +} + +void * +__mmap64 (void *addr, size_t len, int prot, int flags, int fd, off64_t offset) +{ + return __mmap64_noerrno (addr, len, prot, flags, fd, offset, &errno); } weak_alias (__mmap64, mmap64) libc_hidden_def (__mmap64) #ifdef __OFF_T_MATCHES_OFF64_T +weak_alias (__mmap64_noerrno, __mmap_noerrno) weak_alias (__mmap64, mmap) weak_alias (__mmap64, __mmap) libc_hidden_def (__mmap) diff --git a/sysdeps/unix/sysv/linux/mmap_internal.h b/sysdeps/unix/sysv/linux/mmap_internal.h index d53f0c642a..5386b5eb63 100644 --- a/sysdeps/unix/sysv/linux/mmap_internal.h +++ b/sysdeps/unix/sysv/linux/mmap_internal.h @@ -43,7 +43,7 @@ static uint64_t page_unit; /* An architecture may override this. */ #ifndef MMAP_CALL # define MMAP_CALL(__nr, __addr, __len, __prot, __flags, __fd, __offset) \ - INLINE_SYSCALL_CALL (__nr, __addr, __len, __prot, __flags, __fd, __offset) + INTERNAL_SYSCALL_CALL (__nr, __addr, __len, __prot, __flags, __fd, __offset) #endif #endif /* MMAP_INTERNAL_LINUX_H */ diff --git a/sysdeps/unix/sysv/linux/s390/mmap_internal.h b/sysdeps/unix/sysv/linux/s390/mmap_internal.h index 2884f2844b..d2289f311c 100644 --- a/sysdeps/unix/sysv/linux/s390/mmap_internal.h +++ b/sysdeps/unix/sysv/linux/s390/mmap_internal.h @@ -24,7 +24,7 @@ long int __args[6] = { (long int) (__addr), (long int) (__len), \ (long int) (__prot), (long int) (__flags), \ (long int) (__fd), (long int) (__offset) }; \ - INLINE_SYSCALL_CALL (__nr, __args); \ + INTERNAL_SYSCALL_CALL (__nr, __args); \ }) #include_next From patchwork Sat Nov 28 11:59:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Topi Miettinen X-Patchwork-Id: 41228 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 85C3B3972C09; Sat, 28 Nov 2020 12:00:13 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 85C3B3972C09 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1606564813; bh=i6XQJDiuskXY1xhIdFJS1T6ocflZGtATZr+DMrsAReA=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=Mz1ahYz5KYIMzdhg+JAj17i7nIrsja2lDuXVZ/oOUrYGZ5Wx2bOsDiFeBuk1YSXve FQKc81TTCzHvyopVLBMw/K3KgvzRL8R7ac9zjSWDGs7vWKY7XoztedMAO8D8Dxq5vi 1arddrJnXFWWZwyuZIu40HfIT8n8UyL5sb17R1i8= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-lj1-x241.google.com (mail-lj1-x241.google.com [IPv6:2a00:1450:4864:20::241]) by sourceware.org (Postfix) with ESMTPS id A536A386181A for ; Sat, 28 Nov 2020 12:00:03 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org A536A386181A Received: by mail-lj1-x241.google.com with SMTP id b17so8970697ljf.12 for ; Sat, 28 Nov 2020 04:00:03 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=i6XQJDiuskXY1xhIdFJS1T6ocflZGtATZr+DMrsAReA=; b=nzhdKpCQiKdskBs5+r7uVQI6UrzoEe5qz9A1Oe5gvepsDxrjkzaDSoiW6aSjzfofRf Ay8P87YzpHCZOQtA/o8evD/RSMjvN/Z8dDIRmv1iY3qpIUMFreWRDrEa5UnZXrB4IKeR LhlnT0QTtQ5aVc6GMo4Lgj7UBVlH9RG2EzxzdmEq+FgcRBGRGCcLt59s1kRmAEcXMQfA JLTYr76OFbHEPDes+5qpm/adaQJNQEzypAPOoELYikVVZxjJE62ie5+0dQl6HDsXQQsX 2WJHdJgW6DZq6O5vpAXlMbWp4m9Fp2eXZjeMQDpt+Gca0Tkfn2EpAJbm9nZIekUzSQQE fPJA== X-Gm-Message-State: AOAM533mWI0sXxBRarvtTxXIkBbzRRXGdcWp+HI3xRXq/qYbnESOcENl G6A2zvUK80DxqheG4eYJGuAs6ARxfP2ljg== X-Google-Smtp-Source: ABdhPJxh4qgB17UAfMJx4bSLHmXvjUL/z8A4Qo541OS4r51NZsOzw5nRyrMIiVkSbd1xYTqCLVh7Zg== X-Received: by 2002:a2e:8346:: with SMTP id l6mr5387398ljh.132.1606564802282; Sat, 28 Nov 2020 04:00:02 -0800 (PST) Received: from localhost.localdomain (88-114-211-119.elisa-laajakaista.fi. [88.114.211.119]) by smtp.gmail.com with ESMTPSA id w28sm1055145lfk.8.2020.11.28.04.00.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 28 Nov 2020 04:00:01 -0800 (PST) To: libc-alpha@sourceware.org Subject: [PATCH 2/4] malloc: use mmap() to improve ASLR Date: Sat, 28 Nov 2020 13:59:43 +0200 Message-Id: <20201128115945.42732-3-toiwoton@gmail.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201128115945.42732-1-toiwoton@gmail.com> References: <20201128115945.42732-1-toiwoton@gmail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-9.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Topi Miettinen via Libc-alpha From: Topi Miettinen Reply-To: Topi Miettinen Cc: Topi Miettinen Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" sbrk() returns rather predictable allocations because they are located close to the data segment. Let's use mmap() instead, except if instructed by a tunable. --- v2: use tunable --- malloc/arena.c | 11 +++++++++-- malloc/morecore.c | 10 ++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/malloc/arena.c b/malloc/arena.c index 202daf15b0..129e231bae 100644 --- a/malloc/arena.c +++ b/malloc/arena.c @@ -295,14 +295,21 @@ ptmalloc_init (void) #ifdef SHARED /* In case this libc copy is in a non-default namespace, never use brk. - Likewise if dlopened from statically linked program. */ + Likewise if dlopened from statically linked program. + Otherwise the use of brk is controlled by a tunable + glibc.malloc.use_sbrk. */ Dl_info di; struct link_map *l; if (_dl_open_hook != NULL || (_dl_addr (ptmalloc_init, &di, &l, NULL) != 0 - && l->l_ns != LM_ID_BASE)) + && l->l_ns != LM_ID_BASE) +#if HAVE_TUNABLES + || !TUNABLE_GET (use_sbrk, int32_t, NULL) +#endif + ) __morecore = __failing_morecore; + #endif thread_arena = &main_arena; diff --git a/malloc/morecore.c b/malloc/morecore.c index 72e655f84f..d5da5ffc45 100644 --- a/malloc/morecore.c +++ b/malloc/morecore.c @@ -38,12 +38,22 @@ libc_hidden_proto (__sbrk) # define NULL 0 #endif +#if HAVE_TUNABLES +# define TUNABLE_NAMESPACE malloc +#endif +#include + /* Allocate INCREMENT more bytes of data space, and return the start of data space, or NULL on errors. If INCREMENT is negative, shrink data space. */ void * __default_morecore (ptrdiff_t increment) { + /* Tunable glibc.malloc.use_sbrk controls use of 'sbrk()'. */ +#if HAVE_TUNABLES + if (!TUNABLE_GET (use_sbrk, int32_t, NULL)) + return NULL; +#endif void *result = (void *) __sbrk (increment); if (result == (void *) -1) return NULL; From patchwork Sat Nov 28 11:59:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Topi Miettinen X-Patchwork-Id: 41229 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 162113972C18; Sat, 28 Nov 2020 12:00:14 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 162113972C18 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1606564814; bh=SSya5PGeWVt50JFRDhgpeeeh20Y1V4bMXnu6DcMG/to=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=eXhydxsClKIT8jR2mfOF67B74FGYtgJlTPcO5g8AFi1w1cWfQl9fFYQf7ubkE31mm riT3j93QrNqxcOgU1jKpaDhKjrvNPNosW/MtaQyamb2Cuc+KsA/qXQCQx1FRt9gyEg Oew1cOju62SyokCCBAnAOLLy4XLmjsm38W+cdstA= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-lf1-x142.google.com (mail-lf1-x142.google.com [IPv6:2a00:1450:4864:20::142]) by sourceware.org (Postfix) with ESMTPS id 2F410386184A for ; Sat, 28 Nov 2020 12:00:05 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 2F410386184A Received: by mail-lf1-x142.google.com with SMTP id s27so10859350lfp.5 for ; Sat, 28 Nov 2020 04:00:05 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=SSya5PGeWVt50JFRDhgpeeeh20Y1V4bMXnu6DcMG/to=; b=ChpfadFhc+JV8S/M0k+NusogCRQhubSRS834MMWbXIeDpe/TaiWuQbKG9jj8mmm/mA BXip0r/cbkxMidbSCa9d73up0Z12i70CsHxB26Ubk2mSqv4+KqZ3DabuvJa8JaKD2uq4 ZBhMX2lUwZu2frpebKsZw3GCMlw5M0wavw5DzxoXQenYXih8w/yxmYfgJ2ZOUg4trE0J ZxGVzr73LBe/wcYaqyttaFmLfOdYpFvsOckvl7ww6FzQf55ggXiemo2Shb1Mc2XL2X8h fGehEUjg0+nknxvdtwhq/l2yGrRyvKWsPGAQKe6sWccUAdm1Gwi9Rf9tsUSgWuCJ+hIp xYfw== X-Gm-Message-State: AOAM532qTPYaoAfaAHYmRrLJYn0nHDzFcEX3Ue+/uDLHT6kp0ul6epLO tPdb+TMC+02mob1yycyeO9P/C/h8CdMl0A== X-Google-Smtp-Source: ABdhPJwMItBwQ17tPDYvXGFSFJ08i/nt0Li0/rgsCQkdvt+AcLK+106Lo3AQhDfCd1YPCnXUkyZE5g== X-Received: by 2002:a05:6512:1095:: with SMTP id j21mr5206727lfg.309.1606564803783; Sat, 28 Nov 2020 04:00:03 -0800 (PST) Received: from localhost.localdomain (88-114-211-119.elisa-laajakaista.fi. [88.114.211.119]) by smtp.gmail.com with ESMTPSA id w28sm1055145lfk.8.2020.11.28.04.00.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 28 Nov 2020 04:00:03 -0800 (PST) To: libc-alpha@sourceware.org Subject: [PATCH 3/4] dl-sysdep: disable remaining calls to sbrk() Date: Sat, 28 Nov 2020 13:59:44 +0200 Message-Id: <20201128115945.42732-4-toiwoton@gmail.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201128115945.42732-1-toiwoton@gmail.com> References: <20201128115945.42732-1-toiwoton@gmail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-9.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Topi Miettinen via Libc-alpha From: Topi Miettinen Reply-To: Topi Miettinen Cc: Topi Miettinen Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" When sbrk() is not used for memory allocations, there's no need to initialize the break anymore. --- v2: use tunable --- elf/dl-sysdep.c | 11 ++++++++++- sysdeps/unix/sysv/linux/dl-sysdep.c | 10 ++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/elf/dl-sysdep.c b/elf/dl-sysdep.c index 854570821c..406b3a3809 100644 --- a/elf/dl-sysdep.c +++ b/elf/dl-sysdep.c @@ -44,6 +44,10 @@ #include #include +#if HAVE_TUNABLES +# undef TUNABLE_NAMESPACE +# define TUNABLE_NAMESPACE malloc +#endif #include #include @@ -234,7 +238,12 @@ _dl_sysdep_start (void **start_argptr, if (GLRO(dl_platform) != NULL) GLRO(dl_platformlen) = strlen (GLRO(dl_platform)); - if (__sbrk (0) == _end) + /* Tunable glibc.malloc.use_sbrk controls use of 'sbrk()'. */ + if ( +#if HAVE_TUNABLES + TUNABLE_GET (use_sbrk, int32_t, NULL) && +#endif + __sbrk (0) == _end) /* The dynamic linker was run as a program, and so the initial break starts just after our bss, at &_end. The malloc in dl-minimal.c will consume the rest of this page, so tell the kernel to move the diff --git a/sysdeps/unix/sysv/linux/dl-sysdep.c b/sysdeps/unix/sysv/linux/dl-sysdep.c index 90c9b1db2d..625e6cb759 100644 --- a/sysdeps/unix/sysv/linux/dl-sysdep.c +++ b/sysdeps/unix/sysv/linux/dl-sysdep.c @@ -27,14 +27,24 @@ #include #include +#if HAVE_TUNABLES +# undef TUNABLE_NAMESPACE +# define TUNABLE_NAMESPACE malloc +#endif + #ifdef SHARED # define DL_SYSDEP_INIT frob_brk () static inline void frob_brk (void) { + /* Tunable glibc.malloc.use_sbrk controls use of 'sbrk()'. */ +#if HAVE_TUNABLES + if (TUNABLE_GET (use_sbrk, int32_t, NULL)) +#endif __brk (0); /* Initialize the break. */ } +# undef TUNABLE_NAMESPACE # include #endif From patchwork Sat Nov 28 11:59:45 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Topi Miettinen X-Patchwork-Id: 41230 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 9B0883972C29; Sat, 28 Nov 2020 12:00:14 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9B0883972C29 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1606564814; bh=bjVJiQs0V9IHsXT3wCLjR0xcQXBuaf6pRb5Q/9maPeg=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=oDMB/MvpS+WdWPhsBWTCZb3gAaZ2rY3KplCcinkUw9lMqE+vLuRGb39H4USSqiNaP aHrupW7YkncbWXnSpXx8/ljErXBablKUjpuO2sb+ruZ2b+AUa+UZJ56ePl51T8mZo5 6CfAcfWZQfrv2y6Qa/Kx+k2UqAH101zlMfFsaIJE= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-lj1-x241.google.com (mail-lj1-x241.google.com [IPv6:2a00:1450:4864:20::241]) by sourceware.org (Postfix) with ESMTPS id 6F5DF38618D4 for ; Sat, 28 Nov 2020 12:00:06 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 6F5DF38618D4 Received: by mail-lj1-x241.google.com with SMTP id f18so8985602ljg.9 for ; Sat, 28 Nov 2020 04:00:06 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=bjVJiQs0V9IHsXT3wCLjR0xcQXBuaf6pRb5Q/9maPeg=; b=OaTYwf6qtVeYeQJyJALimeAf1yLhECknYAFUn29E05urHp5udzDJxZ3mjUBXBUWT6q S/znpbiS5f7THBR5dDJBOXEdIDV+/1dev022SNakRgFIe9cNC5fpxQDJn7uWL3B+5yax 6PwCLfDqmy32NDdymc4QhCyujkzdfTAQRGkETXGb8UZ74jo/W1A1fuOB4Kthi2KAB33X tLzWiFW3Q5srV0/ePl5sI5E6w33rnsFfNES/17s+Zq7mJ75Jq+0CZ8hqyttdPFk+FuDV 5nhBB1VjWj9O9e1w0aYPP6h+xI3t3hKn+dU46DHwKW2FHMXesufULQlEuSDdsS/a7xlb iZSQ== X-Gm-Message-State: AOAM531PhsRicZ4N1nPPRzJ6FXCKukW7vrbv51YHLVx3wSoyIbPN5pbb aJP8TaN6OcSFqRlzYHigkSbXyezwv004kQ== X-Google-Smtp-Source: ABdhPJxYQGC/QMQ+tNZ750+ux7TwLNNeEml09lUWM8UFoJsJa1XLMbs71YHS5TRlKmukhEcZ5IlyfA== X-Received: by 2002:a2e:86d2:: with SMTP id n18mr52810ljj.26.1606564805067; Sat, 28 Nov 2020 04:00:05 -0800 (PST) Received: from localhost.localdomain (88-114-211-119.elisa-laajakaista.fi. [88.114.211.119]) by smtp.gmail.com with ESMTPSA id w28sm1055145lfk.8.2020.11.28.04.00.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 28 Nov 2020 04:00:04 -0800 (PST) To: libc-alpha@sourceware.org Subject: [PATCH 4/4] tunables: use mmap() instead of sbrk() Date: Sat, 28 Nov 2020 13:59:45 +0200 Message-Id: <20201128115945.42732-5-toiwoton@gmail.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201128115945.42732-1-toiwoton@gmail.com> References: <20201128115945.42732-1-toiwoton@gmail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-9.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Topi Miettinen via Libc-alpha From: Topi Miettinen Reply-To: Topi Miettinen Cc: Topi Miettinen Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" Randomize the location of copy of tunable environment variable, at the cost of losing up to 4095 bytes. --- elf/dl-tunables.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c index 2ba2844075..4ca15eb30f 100644 --- a/elf/dl-tunables.c +++ b/elf/dl-tunables.c @@ -43,13 +43,16 @@ tunables_strdup (const char *in) size_t i = 0; while (in[i++] != '\0'); - char *out = __sbrk (i); + + int error = 0; + char *out = __mmap_noerrno (NULL, ALIGN_UP (i, GLRO(dl_pagesize)), PROT_READ | PROT_WRITE, + MAP_ANONYMOUS | MAP_PRIVATE, -1, 0, &error); /* For most of the tunables code, we ignore user errors. However, this is a system error - and running out of memory at program startup should be reported, so we do. */ - if (out == (void *)-1) - _dl_fatal_printf ("sbrk() failure while processing tunables\n"); + if (error || out == MAP_FAILED) + _dl_fatal_printf ("mmap() failure while processing tunables\n"); i--;