1 /*
2 * Copyright (C) 2009 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 // Contains a thin layer that calls whatever real native allocator
30 // has been defined. For the libc shared library, this allows the
31 // implementation of a debug malloc that can intercept all of the allocation
32 // calls and add special debugging code to attempt to catch allocation
33 // errors. All of the debugging code is implemented in a separate shared
34 // library that is only loaded when the property "libc.debug.malloc.options"
35 // is set to a non-zero value.
36
37 #include <errno.h>
38 #include <stdint.h>
39 #include <stdio.h>
40
41 #include <platform/bionic/malloc.h>
42 #include <private/ScopedPthreadMutexLocker.h>
43 #include <private/bionic_config.h>
44
45 #include "gwp_asan_wrappers.h"
46 #include "heap_tagging.h"
47 #include "heap_zero_init.h"
48 #include "malloc_common.h"
49 #include "malloc_limit.h"
50 #include "malloc_tagged_pointers.h"
51
52 // =============================================================================
53 // Global variables instantations.
54 // =============================================================================
55
56 // Malloc hooks globals.
57 void* (*volatile __malloc_hook)(size_t, const void*);
58 void* (*volatile __realloc_hook)(void*, size_t, const void*);
59 void (*volatile __free_hook)(void*, const void*);
60 void* (*volatile __memalign_hook)(size_t, size_t, const void*);
61 // =============================================================================
62
63 // =============================================================================
64 // Allocation functions
65 // =============================================================================
calloc(size_t n_elements,size_t elem_size)66 extern "C" void* calloc(size_t n_elements, size_t elem_size) {
67 auto dispatch_table = GetDispatchTable();
68 if (__predict_false(dispatch_table != nullptr)) {
69 return MaybeTagPointer(dispatch_table->calloc(n_elements, elem_size));
70 }
71 void* result = Malloc(calloc)(n_elements, elem_size);
72 if (__predict_false(result == nullptr)) {
73 warning_log("calloc(%zu, %zu) failed: returning null pointer", n_elements, elem_size);
74 }
75 return MaybeTagPointer(result);
76 }
77
free(void * mem)78 extern "C" void free(void* mem) {
79 auto dispatch_table = GetDispatchTable();
80 mem = MaybeUntagAndCheckPointer(mem);
81 if (__predict_false(dispatch_table != nullptr)) {
82 dispatch_table->free(mem);
83 } else {
84 Malloc(free)(mem);
85 }
86 }
87
mallinfo()88 extern "C" struct mallinfo mallinfo() {
89 auto dispatch_table = GetDispatchTable();
90 if (__predict_false(dispatch_table != nullptr)) {
91 return dispatch_table->mallinfo();
92 }
93 return Malloc(mallinfo)();
94 }
95
malloc_info(int options,FILE * fp)96 extern "C" int malloc_info(int options, FILE* fp) {
97 auto dispatch_table = GetDispatchTable();
98 if (__predict_false(dispatch_table != nullptr)) {
99 return dispatch_table->malloc_info(options, fp);
100 }
101 return Malloc(malloc_info)(options, fp);
102 }
103
mallopt(int param,int value)104 extern "C" int mallopt(int param, int value) {
105 // Some are handled by libc directly rather than by the allocator.
106 if (param == M_BIONIC_SET_HEAP_TAGGING_LEVEL) {
107 ScopedPthreadMutexLocker locker(&g_heap_tagging_lock);
108 return SetHeapTaggingLevel(static_cast<HeapTaggingLevel>(value));
109 }
110 if (param == M_BIONIC_ZERO_INIT) {
111 return SetHeapZeroInitialize(value);
112 }
113
114 // The rest we pass on...
115 int retval;
116 auto dispatch_table = GetDispatchTable();
117 if (__predict_false(dispatch_table != nullptr)) {
118 retval = dispatch_table->mallopt(param, value);
119 } else {
120 retval = Malloc(mallopt)(param, value);
121 }
122
123 // Track the M_DECAY_TIME mallopt calls.
124 if (param == M_DECAY_TIME && retval == 1) {
125 __libc_globals.mutate([value](libc_globals* globals) {
126 if (value <= 0) {
127 atomic_store(&globals->decay_time_enabled, false);
128 } else {
129 atomic_store(&globals->decay_time_enabled, true);
130 }
131 });
132 }
133 return retval;
134 }
135
malloc(size_t bytes)136 extern "C" void* malloc(size_t bytes) {
137 auto dispatch_table = GetDispatchTable();
138 void *result;
139 if (__predict_false(dispatch_table != nullptr)) {
140 result = dispatch_table->malloc(bytes);
141 } else {
142 result = Malloc(malloc)(bytes);
143 }
144 if (__predict_false(result == nullptr)) {
145 warning_log("malloc(%zu) failed: returning null pointer", bytes);
146 return nullptr;
147 }
148 return MaybeTagPointer(result);
149 }
150
malloc_usable_size(const void * mem)151 extern "C" size_t malloc_usable_size(const void* mem) {
152 auto dispatch_table = GetDispatchTable();
153 mem = MaybeUntagAndCheckPointer(mem);
154 if (__predict_false(dispatch_table != nullptr)) {
155 return dispatch_table->malloc_usable_size(mem);
156 }
157 return Malloc(malloc_usable_size)(mem);
158 }
159
memalign(size_t alignment,size_t bytes)160 extern "C" void* memalign(size_t alignment, size_t bytes) {
161 auto dispatch_table = GetDispatchTable();
162 if (__predict_false(dispatch_table != nullptr)) {
163 return MaybeTagPointer(dispatch_table->memalign(alignment, bytes));
164 }
165 void* result = Malloc(memalign)(alignment, bytes);
166 if (__predict_false(result == nullptr)) {
167 warning_log("memalign(%zu, %zu) failed: returning null pointer", alignment, bytes);
168 }
169 return MaybeTagPointer(result);
170 }
171
posix_memalign(void ** memptr,size_t alignment,size_t size)172 extern "C" int posix_memalign(void** memptr, size_t alignment, size_t size) {
173 auto dispatch_table = GetDispatchTable();
174 int result;
175 if (__predict_false(dispatch_table != nullptr)) {
176 result = dispatch_table->posix_memalign(memptr, alignment, size);
177 } else {
178 result = Malloc(posix_memalign)(memptr, alignment, size);
179 }
180 if (result == 0) {
181 *memptr = MaybeTagPointer(*memptr);
182 }
183 return result;
184 }
185
aligned_alloc(size_t alignment,size_t size)186 extern "C" void* aligned_alloc(size_t alignment, size_t size) {
187 auto dispatch_table = GetDispatchTable();
188 if (__predict_false(dispatch_table != nullptr)) {
189 return MaybeTagPointer(dispatch_table->aligned_alloc(alignment, size));
190 }
191 void* result = Malloc(aligned_alloc)(alignment, size);
192 if (__predict_false(result == nullptr)) {
193 warning_log("aligned_alloc(%zu, %zu) failed: returning null pointer", alignment, size);
194 }
195 return MaybeTagPointer(result);
196 }
197
realloc(void * old_mem,size_t bytes)198 extern "C" __attribute__((__noinline__)) void* realloc(void* old_mem, size_t bytes) {
199 auto dispatch_table = GetDispatchTable();
200 old_mem = MaybeUntagAndCheckPointer(old_mem);
201 if (__predict_false(dispatch_table != nullptr)) {
202 return MaybeTagPointer(dispatch_table->realloc(old_mem, bytes));
203 }
204 void* result = Malloc(realloc)(old_mem, bytes);
205 if (__predict_false(result == nullptr && bytes != 0)) {
206 warning_log("realloc(%p, %zu) failed: returning null pointer", old_mem, bytes);
207 }
208 return MaybeTagPointer(result);
209 }
210
reallocarray(void * old_mem,size_t item_count,size_t item_size)211 extern "C" void* reallocarray(void* old_mem, size_t item_count, size_t item_size) {
212 size_t new_size;
213 if (__builtin_mul_overflow(item_count, item_size, &new_size)) {
214 warning_log("reallocaray(%p, %zu, %zu) failed: returning null pointer",
215 old_mem, item_count, item_size);
216 errno = ENOMEM;
217 return nullptr;
218 }
219 return realloc(old_mem, new_size);
220 }
221
222 #if defined(HAVE_DEPRECATED_MALLOC_FUNCS)
pvalloc(size_t bytes)223 extern "C" void* pvalloc(size_t bytes) {
224 auto dispatch_table = GetDispatchTable();
225 if (__predict_false(dispatch_table != nullptr)) {
226 return MaybeTagPointer(dispatch_table->pvalloc(bytes));
227 }
228 void* result = Malloc(pvalloc)(bytes);
229 if (__predict_false(result == nullptr)) {
230 warning_log("pvalloc(%zu) failed: returning null pointer", bytes);
231 }
232 return MaybeTagPointer(result);
233 }
234
valloc(size_t bytes)235 extern "C" void* valloc(size_t bytes) {
236 auto dispatch_table = GetDispatchTable();
237 if (__predict_false(dispatch_table != nullptr)) {
238 return MaybeTagPointer(dispatch_table->valloc(bytes));
239 }
240 void* result = Malloc(valloc)(bytes);
241 if (__predict_false(result == nullptr)) {
242 warning_log("valloc(%zu) failed: returning null pointer", bytes);
243 }
244 return MaybeTagPointer(result);
245 }
246 #endif
247 // =============================================================================
248
249 struct CallbackWrapperArg {
250 void (*callback)(uintptr_t base, size_t size, void* arg);
251 void* arg;
252 };
253
CallbackWrapper(uintptr_t base,size_t size,void * arg)254 void CallbackWrapper(uintptr_t base, size_t size, void* arg) {
255 CallbackWrapperArg* wrapper_arg = reinterpret_cast<CallbackWrapperArg*>(arg);
256 wrapper_arg->callback(
257 reinterpret_cast<uintptr_t>(MaybeTagPointer(reinterpret_cast<void*>(base))),
258 size, wrapper_arg->arg);
259 }
260
261 // =============================================================================
262 // Exported for use by libmemunreachable.
263 // =============================================================================
264
265 // Calls callback for every allocation in the anonymous heap mapping
266 // [base, base+size). Must be called between malloc_disable and malloc_enable.
267 // `base` in this can take either a tagged or untagged pointer, but we always
268 // provide a tagged pointer to the `base` argument of `callback` if the kernel
269 // supports tagged pointers.
malloc_iterate(uintptr_t base,size_t size,void (* callback)(uintptr_t base,size_t size,void * arg),void * arg)270 extern "C" int malloc_iterate(uintptr_t base, size_t size,
271 void (*callback)(uintptr_t base, size_t size, void* arg), void* arg) {
272 auto dispatch_table = GetDispatchTable();
273 // Wrap the malloc_iterate callback we were provided, in order to provide
274 // pointer tagging support.
275 CallbackWrapperArg wrapper_arg;
276 wrapper_arg.callback = callback;
277 wrapper_arg.arg = arg;
278 uintptr_t untagged_base =
279 reinterpret_cast<uintptr_t>(UntagPointer(reinterpret_cast<void*>(base)));
280 if (__predict_false(dispatch_table != nullptr)) {
281 return dispatch_table->malloc_iterate(
282 untagged_base, size, CallbackWrapper, &wrapper_arg);
283 }
284 return Malloc(malloc_iterate)(
285 untagged_base, size, CallbackWrapper, &wrapper_arg);
286 }
287
288 // Disable calls to malloc so malloc_iterate gets a consistent view of
289 // allocated memory.
malloc_disable()290 extern "C" void malloc_disable() {
291 auto dispatch_table = GetDispatchTable();
292 if (__predict_false(dispatch_table != nullptr)) {
293 return dispatch_table->malloc_disable();
294 }
295 return Malloc(malloc_disable)();
296 }
297
298 // Re-enable calls to malloc after a previous call to malloc_disable.
malloc_enable()299 extern "C" void malloc_enable() {
300 auto dispatch_table = GetDispatchTable();
301 if (__predict_false(dispatch_table != nullptr)) {
302 return dispatch_table->malloc_enable();
303 }
304 return Malloc(malloc_enable)();
305 }
306
307 #if defined(LIBC_STATIC)
malloc_backtrace(void *,uintptr_t *,size_t)308 extern "C" ssize_t malloc_backtrace(void*, uintptr_t*, size_t) {
309 return 0;
310 }
311 #endif
312
313 #if __has_feature(hwaddress_sanitizer)
314 // FIXME: implement these in HWASan allocator.
__sanitizer_malloc_iterate(uintptr_t base __unused,size_t size __unused,void (* callback)(uintptr_t base,size_t size,void * arg)__unused,void * arg __unused)315 extern "C" int __sanitizer_malloc_iterate(uintptr_t base __unused, size_t size __unused,
316 void (*callback)(uintptr_t base, size_t size, void* arg)
317 __unused,
318 void* arg __unused) {
319 return 0;
320 }
321
__sanitizer_malloc_disable()322 extern "C" void __sanitizer_malloc_disable() {
323 }
324
__sanitizer_malloc_enable()325 extern "C" void __sanitizer_malloc_enable() {
326 }
327
__sanitizer_malloc_info(int,FILE *)328 extern "C" int __sanitizer_malloc_info(int, FILE*) {
329 errno = ENOTSUP;
330 return -1;
331 }
332 #endif
333 // =============================================================================
334
335 // =============================================================================
336 // Platform-internal mallopt variant.
337 // =============================================================================
338 #if defined(LIBC_STATIC)
android_mallopt(int opcode,void * arg,size_t arg_size)339 extern "C" bool android_mallopt(int opcode, void* arg, size_t arg_size) {
340 if (opcode == M_SET_ALLOCATION_LIMIT_BYTES) {
341 return LimitEnable(arg, arg_size);
342 }
343 if (opcode == M_INITIALIZE_GWP_ASAN) {
344 if (arg == nullptr || arg_size != sizeof(android_mallopt_gwp_asan_options_t)) {
345 errno = EINVAL;
346 return false;
347 }
348
349 return EnableGwpAsan(*reinterpret_cast<android_mallopt_gwp_asan_options_t*>(arg));
350 }
351 if (opcode == M_MEMTAG_STACK_IS_ON) {
352 if (arg == nullptr || arg_size != sizeof(bool)) {
353 errno = EINVAL;
354 return false;
355 }
356 *reinterpret_cast<bool*>(arg) = atomic_load(&__libc_memtag_stack);
357 return true;
358 }
359 if (opcode == M_GET_DECAY_TIME_ENABLED) {
360 if (arg == nullptr || arg_size != sizeof(bool)) {
361 errno = EINVAL;
362 return false;
363 }
364 *reinterpret_cast<bool*>(arg) = atomic_load(&__libc_globals->decay_time_enabled);
365 return true;
366 }
367 errno = ENOTSUP;
368 return false;
369 }
370 #endif
371 // =============================================================================
372
373 static constexpr MallocDispatch __libc_malloc_default_dispatch __attribute__((unused)) = {
374 Malloc(calloc),
375 Malloc(free),
376 Malloc(mallinfo),
377 Malloc(malloc),
378 Malloc(malloc_usable_size),
379 Malloc(memalign),
380 Malloc(posix_memalign),
381 #if defined(HAVE_DEPRECATED_MALLOC_FUNCS)
382 Malloc(pvalloc),
383 #endif
384 Malloc(realloc),
385 #if defined(HAVE_DEPRECATED_MALLOC_FUNCS)
386 Malloc(valloc),
387 #endif
388 Malloc(malloc_iterate),
389 Malloc(malloc_disable),
390 Malloc(malloc_enable),
391 Malloc(mallopt),
392 Malloc(aligned_alloc),
393 Malloc(malloc_info),
394 };
395
NativeAllocatorDispatch()396 const MallocDispatch* NativeAllocatorDispatch() {
397 return &__libc_malloc_default_dispatch;
398 }
399