Make userland malloc use __LDPGSZ granularity on mips, regardless of the
actual kernel page size.

Switch the chunk_info lists to doubly-linked lists and use the queue
macros for them. Avoids walking the lists and greatly enhances speed
of freeing chunks in reverse or random order at the cost of a

Switch the chunk_info lists to doubly-linked lists and use the queue
macros for them. Avoids walking the lists and greatly enhances speed
of freeing chunks in reverse or random order at the cost of a little
space. Suggested by Fabien Romano and Jonathan Armani; ok djm@

show more ...

Don't forget to fill region from the cache with junk if needed in one case;
from Fabien Romano and Jonathan Armani

No need to clear a mmapped region; from Fabien Romano and Jonathan
Armani

permit -DMALLOC_STATS to compile again
noticed by Jonathan Armani & Fabien Romano
ugh+ok otto@

Check mmap return value against MAP_FAILED not NULL.

Okay deraadt@, otto@.

quieten compiler by converting pointers to uintptr_t before truncating them
to u_int32_t to do integer math with (in a situation where that is legit)
ok otto millert

reintroduce extra malloc protections, but avoiding the use of
PAGE_(SIZE|SHIFT|MASK) defines that evaluate to variables on the
sparc architecture;
ok otto@ tested on my reanimated ss20

PAGE_SIZE is not a valid symbol to use in that way. In particular,
on sparc, it expands to something that just plain does not work,
because the page size can be variable. Sorry we didn't spot this

PAGE_SIZE is not a valid symbol to use in that way. In particular,
on sparc, it expands to something that just plain does not work,
because the page size can be variable. Sorry we didn't spot this
before. Backing it all out to allow sparc to build; please find a
different way to fix it.

show more ...

Remove mprotecting of struct dir_info introduced in previous commit
(MALLOC_OPTIONS=L). It was too slow to turn on by default, and we
don't do optional security.

requested by deraadt@ grumbling ok o

Remove mprotecting of struct dir_info introduced in previous commit
(MALLOC_OPTIONS=L). It was too slow to turn on by default, and we
don't do optional security.

requested by deraadt@ grumbling ok otto@

show more ...

extra paranoia for malloc(3):

Move all runtime options into a structure that is made read-only
(via mprotect) after initialisation to protect against attacks that
overwrite options to turn off mallo

extra paranoia for malloc(3):

Move all runtime options into a structure that is made read-only
(via mprotect) after initialisation to protect against attacks that
overwrite options to turn off malloc protections (e.g. use-after-free)

Allocate the main bookkeeping data (struct dir_info) using mmap(),
thereby giving it an unpredictable address. Place a PROT_NONE guard
page on either side to further frustrate attacks on it.

Add a new 'L' option that maps struct dir_info PROT_NONE except when
in the allocator code itself. Makes attacks on it basically impossible.

feedback tedu deraadt otto canacar
ok otto

show more ...

shave off more bytes than you expect by declaring a few const local arrays
as static const

move allocations between half a page and a page as close to the end of
the page as possible (i.e. make malloc option P a default).
ok art@ millert@ krw@

Reduce the leeway malloc allows when moving allocations to the end of
a page to 0. P default will be changed in a separate commit.
ok millert@ art@ krw@

To allow for easier playing with more strict settings introduce
a separate symbolic constant for the leeway we allow when moving
allocations towards the end of a page. No functional change.

avoid a few strlen calls for constant strings; prompted by tg; ok djm@

if the freeprot flag (F) is set, do not do delayed frees for chunks
(might catch errors closer to the trouble spot) and junk fill pages just
before reuse instead of immediate (we can't access the pag

if the freeprot flag (F) is set, do not do delayed frees for chunks
(might catch errors closer to the trouble spot) and junk fill pages just
before reuse instead of immediate (we can't access the page anyway)
since we set PROT_NONE in the F case. ok djm@

show more ...

remove distinction between warnings and errors, ok deraadt@ djm@

if MALLOC_STATS is defined, record how many "cheap reallocs" were
tried and how many actually succeeded.

oops, assign errno the right way. caught by david running regress tests

reduce rbyte cache to 512 bytes, no measurable slowdown (even in the
threaded case) but much smaller working set; prompted by and ok deraadt@

save and restore errno on success. while it is not stricly needed for
non-syscalls, there's just too much code not doing the right thing on
error paths; prompted by and ok deraadt@

when increasing the size of a larger than a page allocation try
mapping the region next to the existing one first; there's a pretty
high chance there's a hole there we can use; ok deraadt@ tedu@

avoid spitting up regions when purging stuff from the cache, it puts
too much pressure on the amaps. ok tedu@ deraadt@

Make all combinations of G, P, J and zero-fill work with as little
effort as possible in most cases; ok djm@