mirrors/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2024-11-23 17:53:37 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

free: preserve errno [BZ#17924]

Browse Source 
In the next release of POSIX, free must preserve errno
<https://www.austingroupbugs.net/view.php?id=385>.
Modify __libc_free to save and restore errno, so that
any internal munmap etc. syscalls do not disturb the caller's errno.
Add a test malloc/tst-free-errno.c (almost all by Bruno Haible),
and document that free preserves errno.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
This commit is contained in:
Paul Eggert 2020-12-29 00:45:49 -08:00
parent 016c64236d
commit 69fda43b8d
4 changed files with 151 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
malloc/Makefile
View File

@ -34,6 +34,7 @@ tests := mallocbug tst-malloc tst-valloc tst-calloc tst-obstack \
tst-interpose-nothread \ tst-interpose-nothread \
tst-interpose-thread \ tst-interpose-thread \
tst-alloc_buffer \ tst-alloc_buffer \
tst-free-errno \
tst-malloc-tcache-leak \ tst-malloc-tcache-leak \
tst-malloc_info tst-mallinfo2 \ tst-malloc_info tst-mallinfo2 \
tst-malloc-too-large \ tst-malloc-too-large \

15
malloc/malloc.c
View File

@ -3278,6 +3278,8 @@ __libc_free (void *mem)
*(volatile char *)mem; *(volatile char *)mem;
#endif #endif
int err = errno;
p = mem2chunk (mem); p = mem2chunk (mem);
/* Mark the chunk as belonging to the library again. */ /* Mark the chunk as belonging to the library again. */
@ -3298,13 +3300,16 @@ __libc_free (void *mem)
mp_.mmap_threshold, mp_.trim_threshold); mp_.mmap_threshold, mp_.trim_threshold);
} }
munmap_chunk (p); munmap_chunk (p);
return; }
else
{
MAYBE_INIT_TCACHE ();
ar_ptr = arena_for_chunk (p);
_int_free (ar_ptr, p, 0);
} }
MAYBE_INIT_TCACHE (); __set_errno (err);
ar_ptr = arena_for_chunk (p);
_int_free (ar_ptr, p, 0);
} }
libc_hidden_def (__libc_free) libc_hidden_def (__libc_free)

131
malloc/tst-free-errno.c Normal file
View File

@ -0,0 +1,131 @@
/* Test that free preserves errno.
Copyright (C) 2020 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<https://www.gnu.org/licenses/>. */
#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
#include <stdint.h>
#include <string.h>
#include <sys/mman.h>
#include <support/check.h>
#include <support/support.h>
#include <support/temp_file.h>
#include <support/xunistd.h>
/* The __attribute__ ((weak)) prevents a GCC optimization. Without
it, GCC would "know" that errno is unchanged by calling free (ptr),
when ptr was the result of a malloc call in the same function. */
int __attribute__ ((weak))
get_errno (void)
{
return errno;
}
static int
do_test (void)
{
/* Check that free() preserves errno. */
{
errno = 1789; /* Liberté, égalité, fraternité. */
free (NULL);
TEST_VERIFY (get_errno () == 1789);
}
{ /* Large memory allocations, to force mmap. */
enum { N = 2 };
void * volatile ptrs[N];
size_t i;
for (i = 0; i < N; i++)
ptrs[i] = xmalloc (5318153);
for (i = 0; i < N; i++)
{
errno = 1789;
free (ptrs[i]);
TEST_VERIFY (get_errno () == 1789);
}
}
/* Test a less common code path.
When malloc() is based on mmap(), free() can sometimes call munmap().
munmap() usually succeeds, but fails in a particular situation: when
- it has to unmap the middle part of a VMA, and
- the number of VMAs of a process is limited and the limit is
already reached.
The latter condition is fulfilled on Linux, when the file
/proc/sys/vm/max_map_count exists. For all known Linux versions
the default limit is at most 65536.
*/
#if defined __linux__
if (xopen ("/proc/sys/vm/max_map_count", O_RDONLY, 0) >= 0)
{
/* Preparations. */
size_t pagesize = getpagesize ();
void *firstpage_backup = xmalloc (pagesize);
void *lastpage_backup = xmalloc (pagesize);
/* Allocate a large memory area, as a bumper, so that the MAP_FIXED
allocation later will not overwrite parts of the memory areas
allocated to ld.so or libc.so. */
xmmap (NULL, 0x1000000, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, -1);
/* A file descriptor pointing to a regular file. */
int fd = create_temp_file ("tst-free-errno", NULL);
if (fd < 0)
FAIL_EXIT1 ("cannot create temporary file");
/* Do a large memory allocation. */
size_t big_size = 0x1000000;
void * volatile ptr = xmalloc (big_size - 0x100);
char *ptr_aligned = (char *) ((uintptr_t) ptr & ~(pagesize - 1));
/* This large memory allocation allocated a memory area
from ptr_aligned to ptr_aligned + big_size.
Enlarge this memory area by adding a page before and a page
after it. */
memcpy (firstpage_backup, ptr_aligned, pagesize);
memcpy (lastpage_backup, ptr_aligned + big_size - pagesize,
pagesize);
xmmap (ptr_aligned - pagesize, pagesize + big_size + pagesize,
PROT_READ | PROT_WRITE,
MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1);
memcpy (ptr_aligned, firstpage_backup, pagesize);
memcpy (ptr_aligned + big_size - pagesize, lastpage_backup,
pagesize);
/* Now add as many mappings as we can.
Stop at 65536, in order not to crash the machine (in case the
limit has been increased by the system administrator). */
for (int i = 0; i < 65536; i++)
if (mmap (NULL, pagesize, PROT_READ, MAP_FILE | MAP_PRIVATE, fd, 0)
== MAP_FAILED)
break;
/* Now the number of VMAs of this process has hopefully attained
its limit. */
errno = 1789;
/* This call to free() is supposed to call
munmap (ptr_aligned, big_size);
which increases the number of VMAs by 1, which is supposed
to fail. */
free (ptr);
TEST_VERIFY (get_errno () == 1789);
}
#endif
return 0;
}
#include <support/test-driver.c>

9
manual/memory.texi
View File

@ -738,6 +738,12 @@ later call to @code{malloc} to reuse the space. In the meantime, the
space remains in your program as part of a free-list used internally by space remains in your program as part of a free-list used internally by
@code{malloc}. @code{malloc}.
The @code{free} function preserves the value of @code{errno}, so that
cleanup code need not worry about saving and restoring @code{errno}
around a call to @code{free}. Although neither @w{ISO C} nor
POSIX.1-2017 requires @code{free} to preserve @code{errno}, a future
version of POSIX is planned to require it.
There is no point in freeing blocks at the end of a program, because all There is no point in freeing blocks at the end of a program, because all
of the program's space is given back to the system when the process of the program's space is given back to the system when the process
terminates. terminates.
@ -1935,6 +1941,9 @@ linking against @code{libc.a} (explicitly or implicitly).
functions (that is, all the functions used by the application, functions (that is, all the functions used by the application,
@theglibc{}, and other linked-in libraries) can lead to static linking @theglibc{}, and other linked-in libraries) can lead to static linking
failures, and, at run time, to heap corruption and application crashes. failures, and, at run time, to heap corruption and application crashes.
Replacement functions should implement the behavior documented for
their counterparts in @theglibc{}; for example, the replacement
@code{free} should also preserve @code{errno}.
The minimum set of functions which has to be provided by a custom The minimum set of functions which has to be provided by a custom
@code{malloc} is given in the table below. @code{malloc} is given in the table below.