netwerk/sctp/src/user_malloc.h@97036ab72558 (annotated)
netwerk/sctp/src/user_malloc.h
Tue, 06 Jan 2015 21:39:09 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Tue, 06 Jan 2015 21:39:09 +0100
- branch
- TOR_BUG_9701
- changeset 8
- 97036ab72558
- permissions
- -rwxr-xr-x
Conditionally force memory storage according to privacy.thirdparty.isolate;
This solves Tor bug #9701, complying with disk avoidance documented in
https://www.torproject.org/projects/torbrowser/design/#disk-avoidance.
| michael@0 | 1 | /*- |
| michael@0 | 2 | * Copyright (c) 1987, 1993 |
| michael@0 | 3 | * The Regents of the University of California. |
| michael@0 | 4 | * Copyright (c) 2005 Robert N. M. Watson |
| michael@0 | 5 | * All rights reserved. |
| michael@0 | 6 | * |
| michael@0 | 7 | * Redistribution and use in source and binary forms, with or without |
| michael@0 | 8 | * modification, are permitted provided that the following conditions |
| michael@0 | 9 | * are met: |
| michael@0 | 10 | * 1. Redistributions of source code must retain the above copyright |
| michael@0 | 11 | * notice, this list of conditions and the following disclaimer. |
| michael@0 | 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| michael@0 | 13 | * notice, this list of conditions and the following disclaimer in the |
| michael@0 | 14 | * documentation and/or other materials provided with the distribution. |
| michael@0 | 15 | * 4. Neither the name of the University nor the names of its contributors |
| michael@0 | 16 | * may be used to endorse or promote products derived from this software |
| michael@0 | 17 | * without specific prior written permission. |
| michael@0 | 18 | * |
| michael@0 | 19 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
| michael@0 | 20 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| michael@0 | 21 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| michael@0 | 22 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
| michael@0 | 23 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| michael@0 | 24 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| michael@0 | 25 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| michael@0 | 26 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| michael@0 | 27 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| michael@0 | 28 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| michael@0 | 29 | * SUCH DAMAGE. |
| michael@0 | 30 | * |
| michael@0 | 31 | */ |
| michael@0 | 32 | |
| michael@0 | 33 | /* This file has been renamed user_malloc.h for Userspace */ |
| michael@0 | 34 | #ifndef _USER_MALLOC_H_ |
| michael@0 | 35 | #define _USER_MALLOC_H_ |
| michael@0 | 36 | |
| michael@0 | 37 | /*__Userspace__*/ |
| michael@0 | 38 | #include <stdlib.h> |
| michael@0 | 39 | #include <sys/types.h> |
| michael@0 | 40 | #if !defined (__Userspace_os_Windows) |
| michael@0 | 41 | #include <strings.h> |
| michael@0 | 42 | #include <stdint.h> |
| michael@0 | 43 | #else |
| michael@0 | 44 | #include "netinet/sctp_os_userspace.h" |
| michael@0 | 45 | #endif |
| michael@0 | 46 | |
| michael@0 | 47 | #define MINALLOCSIZE UMA_SMALLEST_UNIT |
| michael@0 | 48 | |
| michael@0 | 49 | /* |
| michael@0 | 50 | * flags to malloc. |
| michael@0 | 51 | */ |
| michael@0 | 52 | #define M_NOWAIT 0x0001 /* do not block */ |
| michael@0 | 53 | #define M_WAITOK 0x0002 /* ok to block */ |
| michael@0 | 54 | #define M_ZERO 0x0100 /* bzero the allocation */ |
| michael@0 | 55 | #define M_NOVM 0x0200 /* don't ask VM for pages */ |
| michael@0 | 56 | #define M_USE_RESERVE 0x0400 /* can alloc out of reserve memory */ |
| michael@0 | 57 | |
| michael@0 | 58 | #define M_MAGIC 877983977 /* time when first defined :-) */ |
| michael@0 | 59 | |
| michael@0 | 60 | /* |
| michael@0 | 61 | * Two malloc type structures are present: malloc_type, which is used by a |
| michael@0 | 62 | * type owner to declare the type, and malloc_type_internal, which holds |
| michael@0 | 63 | * malloc-owned statistics and other ABI-sensitive fields, such as the set of |
| michael@0 | 64 | * malloc statistics indexed by the compile-time MAXCPU constant. |
| michael@0 | 65 | * Applications should avoid introducing dependence on the allocator private |
| michael@0 | 66 | * data layout and size. |
| michael@0 | 67 | * |
| michael@0 | 68 | * The malloc_type ks_next field is protected by malloc_mtx. Other fields in |
| michael@0 | 69 | * malloc_type are static after initialization so unsynchronized. |
| michael@0 | 70 | * |
| michael@0 | 71 | * Statistics in malloc_type_stats are written only when holding a critical |
| michael@0 | 72 | * section and running on the CPU associated with the index into the stat |
| michael@0 | 73 | * array, but read lock-free resulting in possible (minor) races, which the |
| michael@0 | 74 | * monitoring app should take into account. |
| michael@0 | 75 | */ |
| michael@0 | 76 | struct malloc_type_stats { |
| michael@0 | 77 | uint64_t mts_memalloced; /* Bytes allocated on CPU. */ |
| michael@0 | 78 | uint64_t mts_memfreed; /* Bytes freed on CPU. */ |
| michael@0 | 79 | uint64_t mts_numallocs; /* Number of allocates on CPU. */ |
| michael@0 | 80 | uint64_t mts_numfrees; /* number of frees on CPU. */ |
| michael@0 | 81 | uint64_t mts_size; /* Bitmask of sizes allocated on CPU. */ |
| michael@0 | 82 | uint64_t _mts_reserved1; /* Reserved field. */ |
| michael@0 | 83 | uint64_t _mts_reserved2; /* Reserved field. */ |
| michael@0 | 84 | uint64_t _mts_reserved3; /* Reserved field. */ |
| michael@0 | 85 | }; |
| michael@0 | 86 | |
| michael@0 | 87 | #ifndef MAXCPU /* necessary on Linux */ |
| michael@0 | 88 | #define MAXCPU 4 /* arbitrary? */ |
| michael@0 | 89 | #endif |
| michael@0 | 90 | |
| michael@0 | 91 | struct malloc_type_internal { |
| michael@0 | 92 | struct malloc_type_stats mti_stats[MAXCPU]; |
| michael@0 | 93 | }; |
| michael@0 | 94 | |
| michael@0 | 95 | /* |
| michael@0 | 96 | * ABI-compatible version of the old 'struct malloc_type', only all stats are |
| michael@0 | 97 | * now malloc-managed in malloc-owned memory rather than in caller memory, so |
| michael@0 | 98 | * as to avoid ABI issues. The ks_next pointer is reused as a pointer to the |
| michael@0 | 99 | * internal data handle. |
| michael@0 | 100 | */ |
| michael@0 | 101 | struct malloc_type { |
| michael@0 | 102 | struct malloc_type *ks_next; /* Next in global chain. */ |
| michael@0 | 103 | u_long _ks_memuse; /* No longer used. */ |
| michael@0 | 104 | u_long _ks_size; /* No longer used. */ |
| michael@0 | 105 | u_long _ks_inuse; /* No longer used. */ |
| michael@0 | 106 | uint64_t _ks_calls; /* No longer used. */ |
| michael@0 | 107 | u_long _ks_maxused; /* No longer used. */ |
| michael@0 | 108 | u_long ks_magic; /* Detect programmer error. */ |
| michael@0 | 109 | const char *ks_shortdesc; /* Printable type name. */ |
| michael@0 | 110 | |
| michael@0 | 111 | /* |
| michael@0 | 112 | * struct malloc_type was terminated with a struct mtx, which is no |
| michael@0 | 113 | * longer required. For ABI reasons, continue to flesh out the full |
| michael@0 | 114 | * size of the old structure, but reuse the _lo_class field for our |
| michael@0 | 115 | * internal data handle. |
| michael@0 | 116 | */ |
| michael@0 | 117 | void *ks_handle; /* Priv. data, was lo_class. */ |
| michael@0 | 118 | const char *_lo_name; |
| michael@0 | 119 | const char *_lo_type; |
| michael@0 | 120 | u_int _lo_flags; |
| michael@0 | 121 | void *_lo_list_next; |
| michael@0 | 122 | struct witness *_lo_witness; |
| michael@0 | 123 | uintptr_t _mtx_lock; |
| michael@0 | 124 | u_int _mtx_recurse; |
| michael@0 | 125 | }; |
| michael@0 | 126 | |
| michael@0 | 127 | /* |
| michael@0 | 128 | * Statistics structure headers for user space. The kern.malloc sysctl |
| michael@0 | 129 | * exposes a structure stream consisting of a stream header, then a series of |
| michael@0 | 130 | * malloc type headers and statistics structures (quantity maxcpus). For |
| michael@0 | 131 | * convenience, the kernel will provide the current value of maxcpus at the |
| michael@0 | 132 | * head of the stream. |
| michael@0 | 133 | */ |
| michael@0 | 134 | #define MALLOC_TYPE_STREAM_VERSION 0x00000001 |
| michael@0 | 135 | struct malloc_type_stream_header { |
| michael@0 | 136 | uint32_t mtsh_version; /* Stream format version. */ |
| michael@0 | 137 | uint32_t mtsh_maxcpus; /* Value of MAXCPU for stream. */ |
| michael@0 | 138 | uint32_t mtsh_count; /* Number of records. */ |
| michael@0 | 139 | uint32_t _mtsh_pad; /* Pad/reserved field. */ |
| michael@0 | 140 | }; |
| michael@0 | 141 | |
| michael@0 | 142 | #define MALLOC_MAX_NAME 32 |
| michael@0 | 143 | struct malloc_type_header { |
| michael@0 | 144 | char mth_name[MALLOC_MAX_NAME]; |
| michael@0 | 145 | }; |
| michael@0 | 146 | |
| michael@0 | 147 | /* __Userspace__ |
| michael@0 | 148 | Notice that at places it uses ifdef _KERNEL. That line cannot be |
| michael@0 | 149 | removed because it causes conflicts with malloc definition in |
| michael@0 | 150 | /usr/include/malloc.h, which essentially says that malloc.h has |
| michael@0 | 151 | been overridden by stdlib.h. We will need to use names like |
| michael@0 | 152 | user_malloc.h for isolating kernel interface headers. using |
| michael@0 | 153 | original names like malloc.h in a user_include header can be |
| michael@0 | 154 | confusing, All userspace header files are being placed in ./user_include |
| michael@0 | 155 | Better still to remove from user_include.h all irrelevant code such |
| michael@0 | 156 | as that in the block starting with #ifdef _KERNEL. I am only leaving |
| michael@0 | 157 | it in for the time being to see what functionality is in this file |
| michael@0 | 158 | that kernel uses. |
| michael@0 | 159 | |
| michael@0 | 160 | Start copy: Copied code for __Userspace__ */ |
| michael@0 | 161 | #define MALLOC_DEFINE(type, shortdesc, longdesc) \ |
| michael@0 | 162 | struct malloc_type type[1] = { \ |
| michael@0 | 163 | { NULL, 0, 0, 0, 0, 0, M_MAGIC, shortdesc, NULL, NULL, \ |
| michael@0 | 164 | NULL, 0, NULL, NULL, 0, 0 } \ |
| michael@0 | 165 | } |
| michael@0 | 166 | |
| michael@0 | 167 | /* Removed "extern" in __Userspace__ code */ |
| michael@0 | 168 | /* If we need to use MALLOC_DECLARE before using MALLOC then |
| michael@0 | 169 | we have to remove extern. |
| michael@0 | 170 | In /usr/include/sys/malloc.h there is this definition: |
| michael@0 | 171 | #define MALLOC_DECLARE(type) \ |
| michael@0 | 172 | extern struct malloc_type type[1] |
| michael@0 | 173 | and loader is unable to find the extern malloc_type because |
| michael@0 | 174 | it may be defined in one of kernel object files. |
| michael@0 | 175 | It seems that MALLOC_DECLARE and MALLOC_DEFINE cannot be used at |
| michael@0 | 176 | the same time for same "type" variable. Also, in Randall's architecture |
| michael@0 | 177 | document, where it specifies O/S specific macros and functions, it says |
| michael@0 | 178 | that the name in SCTP_MALLOC does not have to be used. |
| michael@0 | 179 | */ |
| michael@0 | 180 | #define MALLOC_DECLARE(type) \ |
| michael@0 | 181 | extern struct malloc_type type[1] |
| michael@0 | 182 | |
| michael@0 | 183 | #define FREE(addr, type) free((addr)) |
| michael@0 | 184 | |
| michael@0 | 185 | /* changed definitions of MALLOC and FREE */ |
| michael@0 | 186 | /* Using memset if flag M_ZERO is specified. Todo: M_WAITOK and M_NOWAIT */ |
| michael@0 | 187 | #define MALLOC(space, cast, size, type, flags) \ |
| michael@0 | 188 | ((space) = (cast)malloc((u_long)(size))); \ |
| michael@0 | 189 | do { \ |
| michael@0 | 190 | if(flags & M_ZERO) { \ |
| michael@0 | 191 | memset(space,0,size); \ |
| michael@0 | 192 | } \ |
| michael@0 | 193 | } while (0); |
| michael@0 | 194 | |
| michael@0 | 195 | |
| michael@0 | 196 | /* End copy: Copied code for __Userspace__ */ |
| michael@0 | 197 | |
| michael@0 | 198 | #if 0 |
| michael@0 | 199 | #ifdef _KERNEL |
| michael@0 | 200 | #define MALLOC_DEFINE(type, shortdesc, longdesc) \ |
| michael@0 | 201 | struct malloc_type type[1] = { \ |
| michael@0 | 202 | { NULL, 0, 0, 0, 0, 0, M_MAGIC, shortdesc, NULL, NULL, \ |
| michael@0 | 203 | NULL, 0, NULL, NULL, 0, 0 } \ |
| michael@0 | 204 | }; \ |
| michael@0 | 205 | SYSINIT(type##_init, SI_SUB_KMEM, SI_ORDER_SECOND, malloc_init, \ |
| michael@0 | 206 | type); \ |
| michael@0 | 207 | SYSUNINIT(type##_uninit, SI_SUB_KMEM, SI_ORDER_ANY, \ |
| michael@0 | 208 | malloc_uninit, type) |
| michael@0 | 209 | |
| michael@0 | 210 | |
| michael@0 | 211 | #define MALLOC_DECLARE(type) \ |
| michael@0 | 212 | extern struct malloc_type type[1] |
| michael@0 | 213 | |
| michael@0 | 214 | MALLOC_DECLARE(M_CACHE); |
| michael@0 | 215 | MALLOC_DECLARE(M_DEVBUF); |
| michael@0 | 216 | MALLOC_DECLARE(M_TEMP); |
| michael@0 | 217 | |
| michael@0 | 218 | MALLOC_DECLARE(M_IP6OPT); /* for INET6 */ |
| michael@0 | 219 | MALLOC_DECLARE(M_IP6NDP); /* for INET6 */ |
| michael@0 | 220 | |
| michael@0 | 221 | /* |
| michael@0 | 222 | * Deprecated macro versions of not-quite-malloc() and free(). |
| michael@0 | 223 | */ |
| michael@0 | 224 | #define MALLOC(space, cast, size, type, flags) \ |
| michael@0 | 225 | ((space) = (cast)malloc((u_long)(size), (type), (flags))) |
| michael@0 | 226 | #define FREE(addr, type) free((addr), (type)) |
| michael@0 | 227 | |
| michael@0 | 228 | /* |
| michael@0 | 229 | * XXX this should be declared in <sys/uio.h>, but that tends to fail |
| michael@0 | 230 | * because <sys/uio.h> is included in a header before the source file |
| michael@0 | 231 | * has a chance to include <sys/malloc.h> to get MALLOC_DECLARE() defined. |
| michael@0 | 232 | */ |
| michael@0 | 233 | MALLOC_DECLARE(M_IOV); |
| michael@0 | 234 | |
| michael@0 | 235 | extern struct mtx malloc_mtx; |
| michael@0 | 236 | |
| michael@0 | 237 | /* XXX struct malloc_type is unused for contig*(). */ |
| michael@0 | 238 | void contigfree(void *addr, unsigned long size, struct malloc_type *type); |
| michael@0 | 239 | void *contigmalloc(unsigned long size, struct malloc_type *type, int flags, |
| michael@0 | 240 | vm_paddr_t low, vm_paddr_t high, unsigned long alignment, |
| michael@0 | 241 | unsigned long boundary); |
| michael@0 | 242 | void free(void *addr, struct malloc_type *type); |
| michael@0 | 243 | void *malloc(unsigned long size, struct malloc_type *type, int flags); |
| michael@0 | 244 | void malloc_init(void *); |
| michael@0 | 245 | int malloc_last_fail(void); |
| michael@0 | 246 | void malloc_type_allocated(struct malloc_type *type, unsigned long size); |
| michael@0 | 247 | void malloc_type_freed(struct malloc_type *type, unsigned long size); |
| michael@0 | 248 | void malloc_uninit(void *); |
| michael@0 | 249 | void *realloc(void *addr, unsigned long size, struct malloc_type *type, |
| michael@0 | 250 | int flags); |
| michael@0 | 251 | void *reallocf(void *addr, unsigned long size, struct malloc_type *type, |
| michael@0 | 252 | int flags); |
| michael@0 | 253 | |
| michael@0 | 254 | |
| michael@0 | 255 | #endif /* _KERNEL */ |
| michael@0 | 256 | #endif |
| michael@0 | 257 | |
| michael@0 | 258 | #endif /* !_SYS_MALLOC_H_ */ |
