1 // SPDX-License-Identifier: MIT
2 // SPDX-FileCopyrightText: 2024 Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
4 #include <rseq/mempool.h>
11 #include <rseq/compiler.h>
23 #include "rseq-utils.h"
24 #include <rseq/rseq.h>
27 * rseq-mempool.c: rseq CPU-Local Storage (CLS) memory allocator.
29 * The rseq per-CPU memory allocator allows the application the request
30 * memory pools of CPU-Local memory each of containing objects of a
31 * given size (rounded to next power of 2), reserving a given virtual
32 * address size per CPU, for a given maximum number of CPUs.
34 * The per-CPU memory allocator is analogous to TLS (Thread-Local
35 * Storage) memory: TLS is Thread-Local Storage, whereas the per-CPU
36 * memory allocator provides CPU-Local Storage.
39 #define POOL_SET_NR_ENTRIES RSEQ_BITS_PER_LONG
42 * Smallest allocation should hold enough space for a free list pointer.
44 #if RSEQ_BITS_PER_LONG == 64
45 # define POOL_SET_MIN_ENTRY 3 /* Smallest item_len=8 */
47 # define POOL_SET_MIN_ENTRY 2 /* Smallest item_len=4 */
50 #define BIT_PER_ULONG (8 * sizeof(unsigned long))
52 #define MOVE_PAGES_BATCH_SIZE 4096
54 #define RANGE_HEADER_OFFSET sizeof(struct rseq_mempool_range)
56 #if RSEQ_BITS_PER_LONG == 64
57 # define DEFAULT_POISON_VALUE 0x5555555555555555ULL
59 # define DEFAULT_POISON_VALUE 0x55555555UL
62 struct free_list_node
;
64 struct free_list_node
{
65 struct free_list_node
*next
;
69 MEMPOOL_TYPE_GLOBAL
= 0, /* Default */
70 MEMPOOL_TYPE_PERCPU
= 1,
73 struct rseq_mempool_attr
{
75 void *(*mmap_func
)(void *priv
, size_t len
);
76 int (*munmap_func
)(void *priv
, void *ptr
, size_t len
);
80 int (*init_func
)(void *priv
, void *addr
, size_t len
, int cpu
);
85 enum mempool_type type
;
89 unsigned long max_nr_ranges
;
94 enum rseq_mempool_populate_policy populate_policy
;
97 struct rseq_mempool_range
;
99 struct rseq_mempool_range
{
100 struct rseq_mempool_range
*next
; /* Linked list of ranges. */
101 struct rseq_mempool
*pool
; /* Backward reference to container pool. */
104 * Memory layout of a mempool range:
105 * - Header page (contains struct rseq_mempool_range at the very end),
106 * - Base of the per-cpu data, starting with CPU 0,
109 * - CPU max_nr_cpus - 1
110 * - init values (unpopulated for RSEQ_MEMPOOL_POPULATE_ALL).
115 * The init values contains malloc_init/zmalloc values.
116 * Pointer is NULL for RSEQ_MEMPOOL_POPULATE_ALL.
121 /* Pool range mmap/munmap */
125 /* Track alloc/free. */
126 unsigned long *alloc_bitmap
;
129 struct rseq_mempool
{
130 /* Head of ranges linked-list. */
131 struct rseq_mempool_range
*range_list
;
132 unsigned long nr_ranges
;
138 * The free list chains freed items on the CPU 0 address range.
139 * We should rethink this decision if false sharing between
140 * malloc/free from other CPUs and data accesses from CPU 0
141 * becomes an issue. This is a NULL-terminated singly-linked
144 struct free_list_node
*free_list_head
;
146 /* This lock protects allocation/free within the pool. */
147 pthread_mutex_t lock
;
149 struct rseq_mempool_attr attr
;
154 * Pool set entries are indexed by item_len rounded to the next power of
155 * 2. A pool set can contain NULL pool entries, in which case the next
156 * large enough entry will be used for allocation.
158 struct rseq_mempool_set
{
159 /* This lock protects add vs malloc/zmalloc within the pool set. */
160 pthread_mutex_t lock
;
161 struct rseq_mempool
*entries
[POOL_SET_NR_ENTRIES
];
165 * This memfd is used to implement the user COW behavior for the page
166 * protection scheme. memfd is a sparse virtual file. Its layout (in
167 * offset from beginning of file) matches the process address space
168 * (pointers directly converted to file offsets).
171 pthread_mutex_t lock
;
172 size_t reserved_size
;
173 unsigned int refcount
;
177 static struct rseq_memfd memfd
= {
178 .lock
= PTHREAD_MUTEX_INITIALIZER
,
185 const char *get_pool_name(const struct rseq_mempool
*pool
)
187 return pool
->name
? : "<anonymous>";
191 void *__rseq_pool_range_percpu_ptr(const struct rseq_mempool_range
*range
, int cpu
,
192 uintptr_t item_offset
, size_t stride
)
194 return range
->base
+ (stride
* cpu
) + item_offset
;
198 void *__rseq_pool_range_init_ptr(const struct rseq_mempool_range
*range
,
199 uintptr_t item_offset
)
203 return range
->init
+ item_offset
;
207 void __rseq_percpu
*__rseq_free_list_to_percpu_ptr(const struct rseq_mempool
*pool
,
208 struct free_list_node
*node
)
210 void __rseq_percpu
*p
= (void __rseq_percpu
*) node
;
212 if (pool
->attr
.populate_policy
!= RSEQ_MEMPOOL_POPULATE_ALL
)
213 p
-= pool
->attr
.max_nr_cpus
* pool
->attr
.stride
;
218 struct free_list_node
*__rseq_percpu_to_free_list_ptr(const struct rseq_mempool
*pool
,
219 void __rseq_percpu
*p
)
221 if (pool
->attr
.populate_policy
!= RSEQ_MEMPOOL_POPULATE_ALL
)
222 p
+= pool
->attr
.max_nr_cpus
* pool
->attr
.stride
;
223 return (struct free_list_node
*) p
;
227 int memcmpbyte(const char *s
, int c
, size_t n
)
232 if ((res
= *(s
++) - c
) != 0)
238 void rseq_percpu_zero_item(struct rseq_mempool
*pool
,
239 struct rseq_mempool_range
*range
, uintptr_t item_offset
)
244 init_p
= __rseq_pool_range_init_ptr(range
, item_offset
);
246 memset(init_p
, 0, pool
->item_len
);
247 for (i
= 0; i
< pool
->attr
.max_nr_cpus
; i
++) {
248 char *p
= __rseq_pool_range_percpu_ptr(range
, i
,
249 item_offset
, pool
->attr
.stride
);
251 /* Update propagated */
252 if (init_p
&& !memcmpbyte(p
, 0, pool
->item_len
))
254 memset(p
, 0, pool
->item_len
);
259 void rseq_percpu_init_item(struct rseq_mempool
*pool
,
260 struct rseq_mempool_range
*range
, uintptr_t item_offset
,
261 void *init_ptr
, size_t init_len
)
266 init_p
= __rseq_pool_range_init_ptr(range
, item_offset
);
268 memcpy(init_p
, init_ptr
, init_len
);
269 for (i
= 0; i
< pool
->attr
.max_nr_cpus
; i
++) {
270 char *p
= __rseq_pool_range_percpu_ptr(range
, i
,
271 item_offset
, pool
->attr
.stride
);
273 /* Update propagated */
274 if (init_p
&& !memcmp(init_p
, p
, init_len
))
276 memcpy(p
, init_ptr
, init_len
);
281 void rseq_poison_item(void *p
, size_t item_len
, uintptr_t poison
)
285 for (offset
= 0; offset
< item_len
; offset
+= sizeof(uintptr_t))
286 *((uintptr_t *) (p
+ offset
)) = poison
;
290 void rseq_percpu_poison_item(struct rseq_mempool
*pool
,
291 struct rseq_mempool_range
*range
, uintptr_t item_offset
)
293 uintptr_t poison
= pool
->attr
.poison
;
297 init_p
= __rseq_pool_range_init_ptr(range
, item_offset
);
299 rseq_poison_item(init_p
, pool
->item_len
, poison
);
300 for (i
= 0; i
< pool
->attr
.max_nr_cpus
; i
++) {
301 char *p
= __rseq_pool_range_percpu_ptr(range
, i
,
302 item_offset
, pool
->attr
.stride
);
304 /* Update propagated */
305 if (init_p
&& !memcmp(init_p
, p
, pool
->item_len
))
307 rseq_poison_item(p
, pool
->item_len
, poison
);
311 /* Always inline for __builtin_return_address(0). */
312 static inline __attribute__((always_inline
))
313 void rseq_check_poison_item(const struct rseq_mempool
*pool
, uintptr_t item_offset
,
314 void *p
, size_t item_len
, uintptr_t poison
, bool skip_freelist_ptr
)
318 for (offset
= 0; offset
< item_len
; offset
+= sizeof(uintptr_t)) {
321 /* Skip poison check for free-list pointer. */
322 if (skip_freelist_ptr
&& offset
== 0)
324 v
= *((uintptr_t *) (p
+ offset
));
326 fprintf(stderr
, "%s: Poison corruption detected (0x%lx) for pool: \"%s\" (%p), item offset: %zu, caller: %p.\n",
327 __func__
, (unsigned long) v
, get_pool_name(pool
), pool
, item_offset
, (void *) __builtin_return_address(0));
333 /* Always inline for __builtin_return_address(0). */
334 static inline __attribute__((always_inline
))
335 void rseq_percpu_check_poison_item(const struct rseq_mempool
*pool
,
336 const struct rseq_mempool_range
*range
, uintptr_t item_offset
)
338 uintptr_t poison
= pool
->attr
.poison
;
342 if (!pool
->attr
.robust_set
)
344 init_p
= __rseq_pool_range_init_ptr(range
, item_offset
);
346 rseq_check_poison_item(pool
, item_offset
, init_p
, pool
->item_len
, poison
, true);
347 for (i
= 0; i
< pool
->attr
.max_nr_cpus
; i
++) {
348 char *p
= __rseq_pool_range_percpu_ptr(range
, i
,
349 item_offset
, pool
->attr
.stride
);
351 * When the free list is embedded in the init values
352 * memory (populate none), it is visible from the init
353 * values memory mapping as well as per-cpu private
354 * mappings before they COW.
356 * When the free list is embedded in CPU 0 mapping
357 * (populate all), only this CPU must skip the free list
358 * nodes when checking poison.
360 rseq_check_poison_item(pool
, item_offset
, p
, pool
->item_len
, poison
,
361 init_p
== NULL
? (i
== 0) : true);
366 int rseq_mempool_range_init_numa(void *addr
, size_t len
, int cpu
, int numa_flags
)
368 unsigned long nr_pages
, page_len
;
369 int status
[MOVE_PAGES_BATCH_SIZE
];
370 int nodes
[MOVE_PAGES_BATCH_SIZE
];
371 void *pages
[MOVE_PAGES_BATCH_SIZE
];
378 page_len
= rseq_get_page_len();
379 nr_pages
= len
>> rseq_get_count_order_ulong(page_len
);
381 nodes
[0] = numa_node_of_cpu(cpu
);
385 for (size_t k
= 1; k
< RSEQ_ARRAY_SIZE(nodes
); ++k
) {
389 for (unsigned long page
= 0; page
< nr_pages
;) {
391 size_t max_k
= RSEQ_ARRAY_SIZE(pages
);
392 size_t left
= nr_pages
- page
;
398 for (size_t k
= 0; k
< max_k
; ++k
, ++page
) {
399 pages
[k
] = addr
+ (page
* page_len
);
403 ret
= move_pages(0, max_k
, pages
, nodes
, status
, numa_flags
);
409 fprintf(stderr
, "%lu pages were not migrated\n", ret
);
410 for (size_t k
= 0; k
< max_k
; ++k
) {
413 "Error while moving page %p to numa node %d: %u\n",
414 pages
[k
], nodes
[k
], -status
[k
]);
421 int rseq_mempool_range_init_numa(void *addr
__attribute__((unused
)),
422 size_t len
__attribute__((unused
)),
423 int cpu
__attribute__((unused
)),
424 int numa_flags
__attribute__((unused
)))
432 void *default_mmap_func(void *priv
__attribute__((unused
)), size_t len
)
436 base
= mmap(NULL
, len
, PROT_READ
| PROT_WRITE
,
437 MAP_ANONYMOUS
| MAP_PRIVATE
, -1, 0);
438 if (base
== MAP_FAILED
)
444 int default_munmap_func(void *priv
__attribute__((unused
)), void *ptr
, size_t len
)
446 return munmap(ptr
, len
);
450 int create_alloc_bitmap(struct rseq_mempool
*pool
, struct rseq_mempool_range
*range
)
454 count
= ((pool
->attr
.stride
>> pool
->item_order
) + BIT_PER_ULONG
- 1) / BIT_PER_ULONG
;
457 * Not being able to create the validation bitmap is an error
458 * that needs to be reported.
460 range
->alloc_bitmap
= calloc(count
, sizeof(unsigned long));
461 if (!range
->alloc_bitmap
)
467 bool percpu_addr_in_pool(const struct rseq_mempool
*pool
, void __rseq_percpu
*_addr
)
469 struct rseq_mempool_range
*range
;
470 void *addr
= (void *) _addr
;
472 for (range
= pool
->range_list
; range
; range
= range
->next
) {
473 if (addr
>= range
->base
&& addr
< range
->base
+ range
->next_unused
)
479 /* Always inline for __builtin_return_address(0). */
480 static inline __attribute__((always_inline
))
481 void check_free_list(const struct rseq_mempool
*pool
)
483 size_t total_item
= 0, total_never_allocated
= 0, total_freed
= 0,
484 max_list_traversal
= 0, traversal_iteration
= 0;
485 struct rseq_mempool_range
*range
;
487 if (!pool
->attr
.robust_set
)
490 for (range
= pool
->range_list
; range
; range
= range
->next
) {
491 total_item
+= pool
->attr
.stride
>> pool
->item_order
;
492 total_never_allocated
+= (pool
->attr
.stride
- range
->next_unused
) >> pool
->item_order
;
494 max_list_traversal
= total_item
- total_never_allocated
;
496 for (struct free_list_node
*node
= pool
->free_list_head
, *prev
= NULL
;
501 if (traversal_iteration
>= max_list_traversal
) {
502 fprintf(stderr
, "%s: Corrupted free-list; Possibly infinite loop in pool \"%s\" (%p), caller %p.\n",
503 __func__
, get_pool_name(pool
), pool
, __builtin_return_address(0));
507 /* Node is out of range. */
508 if (!percpu_addr_in_pool(pool
, __rseq_free_list_to_percpu_ptr(pool
, node
))) {
510 fprintf(stderr
, "%s: Corrupted free-list node %p -> [out-of-range %p] in pool \"%s\" (%p), caller %p.\n",
511 __func__
, prev
, node
, get_pool_name(pool
), pool
, __builtin_return_address(0));
513 fprintf(stderr
, "%s: Corrupted free-list node [out-of-range %p] in pool \"%s\" (%p), caller %p.\n",
514 __func__
, node
, get_pool_name(pool
), pool
, __builtin_return_address(0));
518 traversal_iteration
++;
522 if (total_never_allocated
+ total_freed
!= total_item
) {
523 fprintf(stderr
, "%s: Corrupted free-list in pool \"%s\" (%p); total-item: %zu total-never-used: %zu total-freed: %zu, caller %p.\n",
524 __func__
, get_pool_name(pool
), pool
, total_item
, total_never_allocated
, total_freed
, __builtin_return_address(0));
529 /* Always inline for __builtin_return_address(0). */
530 static inline __attribute__((always_inline
))
531 void check_range_poison(const struct rseq_mempool
*pool
,
532 const struct rseq_mempool_range
*range
)
536 for (item_offset
= 0; item_offset
< range
->next_unused
;
537 item_offset
+= pool
->item_len
)
538 rseq_percpu_check_poison_item(pool
, range
, item_offset
);
541 /* Always inline for __builtin_return_address(0). */
542 static inline __attribute__((always_inline
))
543 void check_pool_poison(const struct rseq_mempool
*pool
)
545 struct rseq_mempool_range
*range
;
547 if (!pool
->attr
.robust_set
)
549 for (range
= pool
->range_list
; range
; range
= range
->next
)
550 check_range_poison(pool
, range
);
553 /* Always inline for __builtin_return_address(0). */
554 static inline __attribute__((always_inline
))
555 void destroy_alloc_bitmap(struct rseq_mempool
*pool
, struct rseq_mempool_range
*range
)
557 unsigned long *bitmap
= range
->alloc_bitmap
;
558 size_t count
, total_leaks
= 0;
563 count
= ((pool
->attr
.stride
>> pool
->item_order
) + BIT_PER_ULONG
- 1) / BIT_PER_ULONG
;
565 /* Assert that all items in the pool were freed. */
566 for (size_t k
= 0; k
< count
; ++k
)
567 total_leaks
+= rseq_hweight_ulong(bitmap
[k
]);
569 fprintf(stderr
, "%s: Pool \"%s\" (%p) has %zu leaked items on destroy, caller: %p.\n",
570 __func__
, get_pool_name(pool
), pool
, total_leaks
, (void *) __builtin_return_address(0));
575 range
->alloc_bitmap
= NULL
;
578 /* Always inline for __builtin_return_address(0). */
579 static inline __attribute__((always_inline
))
580 int rseq_mempool_range_destroy(struct rseq_mempool
*pool
,
581 struct rseq_mempool_range
*range
)
585 destroy_alloc_bitmap(pool
, range
);
588 * Punch a hole into memfd where the init values used to be.
591 ret
= fallocate(memfd
.fd
, FALLOC_FL_PUNCH_HOLE
| FALLOC_FL_KEEP_SIZE
,
592 (off_t
) range
->init
, pool
->attr
.stride
);
598 /* range is a header located one page before the aligned mapping. */
599 return pool
->attr
.munmap_func(pool
->attr
.mmap_priv
, range
->mmap_addr
, range
->mmap_len
);
603 * Allocate a memory mapping aligned on @alignment, with an optional
604 * @pre_header before the mapping.
607 void *aligned_mmap_anonymous(struct rseq_mempool
*pool
,
608 size_t page_size
, size_t len
, size_t alignment
,
609 void **pre_header
, size_t pre_header_len
)
611 size_t minimum_page_count
, page_count
, extra
, total_allocate
= 0;
615 if (len
< page_size
|| alignment
< page_size
||
616 !is_pow2(alignment
) || (len
& (alignment
- 1))) {
620 page_order
= rseq_get_count_order_ulong(page_size
);
621 if (page_order
< 0) {
625 if (pre_header_len
&& (pre_header_len
& (page_size
- 1))) {
630 minimum_page_count
= (pre_header_len
+ len
) >> page_order
;
631 page_count
= (pre_header_len
+ len
+ alignment
- page_size
) >> page_order
;
633 assert(page_count
>= minimum_page_count
);
635 ptr
= pool
->attr
.mmap_func(pool
->attr
.mmap_priv
, page_count
<< page_order
);
639 total_allocate
= page_count
<< page_order
;
641 if (!(((uintptr_t) ptr
+ pre_header_len
) & (alignment
- 1))) {
642 /* Pointer is already aligned. ptr points to pre_header. */
646 /* Unmap extra before. */
647 extra
= offset_align((uintptr_t) ptr
+ pre_header_len
, alignment
);
648 assert(!(extra
& (page_size
- 1)));
649 if (pool
->attr
.munmap_func(pool
->attr
.mmap_priv
, ptr
, extra
)) {
653 total_allocate
-= extra
;
654 ptr
+= extra
; /* ptr points to pre_header */
655 page_count
-= extra
>> page_order
;
657 assert(page_count
>= minimum_page_count
);
659 if (page_count
> minimum_page_count
) {
662 /* Unmap extra after. */
663 extra_ptr
= ptr
+ (minimum_page_count
<< page_order
);
664 extra
= (page_count
- minimum_page_count
) << page_order
;
665 if (pool
->attr
.munmap_func(pool
->attr
.mmap_priv
, extra_ptr
, extra
)) {
669 total_allocate
-= extra
;
672 assert(!(((uintptr_t)ptr
+ pre_header_len
) & (alignment
- 1)));
673 assert(total_allocate
== len
+ pre_header_len
);
679 ptr
+= pre_header_len
;
685 int rseq_memfd_reserve_init(void *init
, size_t init_len
)
690 pthread_mutex_lock(&memfd
.lock
);
691 reserve_len
= (size_t) init
+ init_len
;
692 if (reserve_len
> memfd
.reserved_size
) {
693 if (ftruncate(memfd
.fd
, (off_t
) reserve_len
)) {
697 memfd
.reserved_size
= reserve_len
;
700 pthread_mutex_unlock(&memfd
.lock
);
705 struct rseq_mempool_range
*rseq_mempool_range_create(struct rseq_mempool
*pool
)
707 struct rseq_mempool_range
*range
;
708 unsigned long page_size
;
711 size_t range_len
; /* Range len excludes header. */
713 if (pool
->attr
.max_nr_ranges
&&
714 pool
->nr_ranges
>= pool
->attr
.max_nr_ranges
) {
718 page_size
= rseq_get_page_len();
720 range_len
= pool
->attr
.stride
* pool
->attr
.max_nr_cpus
;
721 if (pool
->attr
.populate_policy
!= RSEQ_MEMPOOL_POPULATE_ALL
)
722 range_len
+= pool
->attr
.stride
; /* init values */
723 base
= aligned_mmap_anonymous(pool
, page_size
,
729 range
= (struct rseq_mempool_range
*) (base
- RANGE_HEADER_OFFSET
);
731 range
->header
= header
;
733 range
->mmap_addr
= header
;
734 range
->mmap_len
= page_size
+ range_len
;
736 if (pool
->attr
.populate_policy
!= RSEQ_MEMPOOL_POPULATE_ALL
) {
737 range
->init
= base
+ (pool
->attr
.stride
* pool
->attr
.max_nr_cpus
);
738 /* Populate init values pages from memfd */
739 if (rseq_memfd_reserve_init(range
->init
, pool
->attr
.stride
))
741 if (mmap(range
->init
, pool
->attr
.stride
, PROT_READ
| PROT_WRITE
,
742 MAP_SHARED
| MAP_FIXED
, memfd
.fd
,
743 (off_t
) range
->init
) != (void *) range
->init
) {
746 assert(pool
->attr
.type
== MEMPOOL_TYPE_PERCPU
);
748 * Map per-cpu memory as private COW mappings of init values.
753 for (cpu
= 0; cpu
< pool
->attr
.max_nr_cpus
; cpu
++) {
754 void *p
= base
+ (pool
->attr
.stride
* cpu
);
755 size_t len
= pool
->attr
.stride
;
757 if (mmap(p
, len
, PROT_READ
| PROT_WRITE
, MAP_PRIVATE
| MAP_FIXED
,
758 memfd
.fd
, (off_t
) range
->init
) != (void *) p
) {
765 if (pool
->attr
.robust_set
) {
766 if (create_alloc_bitmap(pool
, range
))
769 if (pool
->attr
.init_set
) {
770 switch (pool
->attr
.type
) {
771 case MEMPOOL_TYPE_GLOBAL
:
772 if (pool
->attr
.init_func(pool
->attr
.init_priv
,
773 base
, pool
->attr
.stride
, -1)) {
777 case MEMPOOL_TYPE_PERCPU
:
780 for (cpu
= 0; cpu
< pool
->attr
.max_nr_cpus
; cpu
++) {
781 if (pool
->attr
.init_func(pool
->attr
.init_priv
,
782 base
+ (pool
->attr
.stride
* cpu
),
783 pool
->attr
.stride
, cpu
)) {
797 (void) rseq_mempool_range_destroy(pool
, range
);
802 int rseq_mempool_memfd_ref(struct rseq_mempool
*pool
)
806 if (pool
->attr
.populate_policy
== RSEQ_MEMPOOL_POPULATE_ALL
)
809 pthread_mutex_lock(&memfd
.lock
);
810 if (memfd
.refcount
== 0) {
811 memfd
.fd
= memfd_create("mempool", MFD_CLOEXEC
);
813 perror("memfd_create");
820 pthread_mutex_unlock(&memfd
.lock
);
825 void rseq_mempool_memfd_unref(struct rseq_mempool
*pool
)
827 if (pool
->attr
.populate_policy
== RSEQ_MEMPOOL_POPULATE_ALL
)
830 pthread_mutex_lock(&memfd
.lock
);
831 if (memfd
.refcount
== 1) {
832 if (close(memfd
.fd
)) {
837 memfd
.reserved_size
= 0;
840 pthread_mutex_unlock(&memfd
.lock
);
843 int rseq_mempool_destroy(struct rseq_mempool
*pool
)
845 struct rseq_mempool_range
*range
, *next_range
;
850 check_free_list(pool
);
851 check_pool_poison(pool
);
852 /* Iteration safe against removal. */
853 for (range
= pool
->range_list
; range
&& (next_range
= range
->next
, 1); range
= next_range
) {
854 if (rseq_mempool_range_destroy(pool
, range
))
856 /* Update list head to keep list coherent in case of partial failure. */
857 pool
->range_list
= next_range
;
859 rseq_mempool_memfd_unref(pool
);
860 pthread_mutex_destroy(&pool
->lock
);
867 struct rseq_mempool
*rseq_mempool_create(const char *pool_name
,
868 size_t item_len
, const struct rseq_mempool_attr
*_attr
)
870 struct rseq_mempool
*pool
;
871 struct rseq_mempool_attr attr
= {};
874 /* Make sure each item is large enough to contain free list pointers. */
875 if (item_len
< sizeof(void *))
876 item_len
= sizeof(void *);
878 /* Align item_len on next power of two. */
879 order
= rseq_get_count_order_ulong(item_len
);
884 item_len
= 1UL << order
;
887 memcpy(&attr
, _attr
, sizeof(attr
));
888 if (!attr
.mmap_set
) {
889 attr
.mmap_func
= default_mmap_func
;
890 attr
.munmap_func
= default_munmap_func
;
891 attr
.mmap_priv
= NULL
;
895 case MEMPOOL_TYPE_PERCPU
:
896 if (attr
.max_nr_cpus
< 0) {
900 if (attr
.max_nr_cpus
== 0) {
902 attr
.max_nr_cpus
= rseq_get_max_nr_cpus();
903 if (attr
.max_nr_cpus
== 0) {
909 case MEMPOOL_TYPE_GLOBAL
:
910 /* Override populate policy for global type. */
911 attr
.populate_policy
= RSEQ_MEMPOOL_POPULATE_ALL
;
912 /* Use a 1-cpu pool for global mempool type. */
913 attr
.max_nr_cpus
= 1;
917 attr
.stride
= RSEQ_MEMPOOL_STRIDE
; /* Use default */
918 if (attr
.robust_set
&& !attr
.poison_set
) {
919 attr
.poison_set
= true;
920 attr
.poison
= DEFAULT_POISON_VALUE
;
922 if (item_len
> attr
.stride
|| attr
.stride
< (size_t) rseq_get_page_len() ||
923 !is_pow2(attr
.stride
)) {
928 pool
= calloc(1, sizeof(struct rseq_mempool
));
932 memcpy(&pool
->attr
, &attr
, sizeof(attr
));
933 pthread_mutex_init(&pool
->lock
, NULL
);
934 pool
->item_len
= item_len
;
935 pool
->item_order
= order
;
937 if (rseq_mempool_memfd_ref(pool
))
940 pool
->range_list
= rseq_mempool_range_create(pool
);
941 if (!pool
->range_list
)
945 pool
->name
= strdup(pool_name
);
952 rseq_mempool_destroy(pool
);
957 /* Always inline for __builtin_return_address(0). */
958 static inline __attribute__((always_inline
))
959 void set_alloc_slot(struct rseq_mempool
*pool
, struct rseq_mempool_range
*range
, size_t item_offset
)
961 unsigned long *bitmap
= range
->alloc_bitmap
;
962 size_t item_index
= item_offset
>> pool
->item_order
;
969 k
= item_index
/ BIT_PER_ULONG
;
970 mask
= 1ULL << (item_index
% BIT_PER_ULONG
);
972 /* Print error if bit is already set. */
973 if (bitmap
[k
] & mask
) {
974 fprintf(stderr
, "%s: Allocator corruption detected for pool: \"%s\" (%p), item offset: %zu, caller: %p.\n",
975 __func__
, get_pool_name(pool
), pool
, item_offset
, (void *) __builtin_return_address(0));
982 void __rseq_percpu
*__rseq_percpu_malloc(struct rseq_mempool
*pool
,
983 bool zeroed
, void *init_ptr
, size_t init_len
)
985 struct rseq_mempool_range
*range
;
986 struct free_list_node
*node
;
987 uintptr_t item_offset
;
988 void __rseq_percpu
*addr
;
990 if (init_len
> pool
->item_len
) {
994 pthread_mutex_lock(&pool
->lock
);
995 /* Get first entry from free list. */
996 node
= pool
->free_list_head
;
998 void *range_base
, *ptr
;
1000 ptr
= __rseq_free_list_to_percpu_ptr(pool
, node
);
1001 range_base
= (void *) ((uintptr_t) ptr
& (~(pool
->attr
.stride
- 1)));
1002 range
= (struct rseq_mempool_range
*) (range_base
- RANGE_HEADER_OFFSET
);
1003 /* Remove node from free list (update head). */
1004 pool
->free_list_head
= node
->next
;
1005 item_offset
= (uintptr_t) (ptr
- range_base
);
1006 rseq_percpu_check_poison_item(pool
, range
, item_offset
);
1007 addr
= __rseq_free_list_to_percpu_ptr(pool
, node
);
1011 * If the most recent range (first in list) does not have any
1012 * room left, create a new range and prepend it to the list
1015 range
= pool
->range_list
;
1016 if (range
->next_unused
+ pool
->item_len
> pool
->attr
.stride
) {
1017 range
= rseq_mempool_range_create(pool
);
1023 /* Add range to head of list. */
1024 range
->next
= pool
->range_list
;
1025 pool
->range_list
= range
;
1027 /* First range in list has room left. */
1028 item_offset
= range
->next_unused
;
1029 addr
= (void __rseq_percpu
*) (range
->base
+ item_offset
);
1030 range
->next_unused
+= pool
->item_len
;
1033 set_alloc_slot(pool
, range
, item_offset
);
1034 pthread_mutex_unlock(&pool
->lock
);
1037 rseq_percpu_zero_item(pool
, range
, item_offset
);
1038 else if (init_ptr
) {
1039 rseq_percpu_init_item(pool
, range
, item_offset
,
1040 init_ptr
, init_len
);
1046 void __rseq_percpu
*rseq_mempool_percpu_malloc(struct rseq_mempool
*pool
)
1048 return __rseq_percpu_malloc(pool
, false, NULL
, 0);
1051 void __rseq_percpu
*rseq_mempool_percpu_zmalloc(struct rseq_mempool
*pool
)
1053 return __rseq_percpu_malloc(pool
, true, NULL
, 0);
1056 void __rseq_percpu
*rseq_mempool_percpu_malloc_init(struct rseq_mempool
*pool
,
1057 void *init_ptr
, size_t len
)
1059 return __rseq_percpu_malloc(pool
, false, init_ptr
, len
);
1062 /* Always inline for __builtin_return_address(0). */
1063 static inline __attribute__((always_inline
))
1064 void clear_alloc_slot(struct rseq_mempool
*pool
, struct rseq_mempool_range
*range
, size_t item_offset
)
1066 unsigned long *bitmap
= range
->alloc_bitmap
;
1067 size_t item_index
= item_offset
>> pool
->item_order
;
1074 k
= item_index
/ BIT_PER_ULONG
;
1075 mask
= 1ULL << (item_index
% BIT_PER_ULONG
);
1077 /* Print error if bit is not set. */
1078 if (!(bitmap
[k
] & mask
)) {
1079 fprintf(stderr
, "%s: Double-free detected for pool: \"%s\" (%p), item offset: %zu, caller: %p.\n",
1080 __func__
, get_pool_name(pool
), pool
, item_offset
,
1081 (void *) __builtin_return_address(0));
1087 void librseq_mempool_percpu_free(void __rseq_percpu
*_ptr
, size_t stride
)
1089 uintptr_t ptr
= (uintptr_t) _ptr
;
1090 void *range_base
= (void *) (ptr
& (~(stride
- 1)));
1091 struct rseq_mempool_range
*range
= (struct rseq_mempool_range
*) (range_base
- RANGE_HEADER_OFFSET
);
1092 struct rseq_mempool
*pool
= range
->pool
;
1093 uintptr_t item_offset
= ptr
& (stride
- 1);
1094 struct free_list_node
*head
, *item
;
1096 pthread_mutex_lock(&pool
->lock
);
1097 clear_alloc_slot(pool
, range
, item_offset
);
1098 /* Add ptr to head of free list */
1099 head
= pool
->free_list_head
;
1100 if (pool
->attr
.poison_set
)
1101 rseq_percpu_poison_item(pool
, range
, item_offset
);
1102 item
= __rseq_percpu_to_free_list_ptr(pool
, _ptr
);
1104 * Setting the next pointer will overwrite the first uintptr_t
1105 * poison for either CPU 0 (populate all) or init data (populate
1109 pool
->free_list_head
= item
;
1110 pthread_mutex_unlock(&pool
->lock
);
1113 struct rseq_mempool_set
*rseq_mempool_set_create(void)
1115 struct rseq_mempool_set
*pool_set
;
1117 pool_set
= calloc(1, sizeof(struct rseq_mempool_set
));
1120 pthread_mutex_init(&pool_set
->lock
, NULL
);
1124 int rseq_mempool_set_destroy(struct rseq_mempool_set
*pool_set
)
1128 for (order
= POOL_SET_MIN_ENTRY
; order
< POOL_SET_NR_ENTRIES
; order
++) {
1129 struct rseq_mempool
*pool
= pool_set
->entries
[order
];
1133 ret
= rseq_mempool_destroy(pool
);
1136 pool_set
->entries
[order
] = NULL
;
1138 pthread_mutex_destroy(&pool_set
->lock
);
1143 /* Ownership of pool is handed over to pool set on success. */
1144 int rseq_mempool_set_add_pool(struct rseq_mempool_set
*pool_set
, struct rseq_mempool
*pool
)
1146 size_t item_order
= pool
->item_order
;
1149 pthread_mutex_lock(&pool_set
->lock
);
1150 if (pool_set
->entries
[item_order
]) {
1155 pool_set
->entries
[pool
->item_order
] = pool
;
1157 pthread_mutex_unlock(&pool_set
->lock
);
1162 void __rseq_percpu
*__rseq_mempool_set_malloc(struct rseq_mempool_set
*pool_set
,
1163 void *init_ptr
, size_t len
, bool zeroed
)
1165 int order
, min_order
= POOL_SET_MIN_ENTRY
;
1166 struct rseq_mempool
*pool
;
1167 void __rseq_percpu
*addr
;
1169 order
= rseq_get_count_order_ulong(len
);
1170 if (order
> POOL_SET_MIN_ENTRY
)
1173 pthread_mutex_lock(&pool_set
->lock
);
1174 /* First smallest present pool where @len fits. */
1175 for (order
= min_order
; order
< POOL_SET_NR_ENTRIES
; order
++) {
1176 pool
= pool_set
->entries
[order
];
1180 if (pool
->item_len
>= len
)
1185 pthread_mutex_unlock(&pool_set
->lock
);
1187 addr
= __rseq_percpu_malloc(pool
, zeroed
, init_ptr
, len
);
1188 if (addr
== NULL
&& errno
== ENOMEM
) {
1190 * If the allocation failed, try again with a
1193 min_order
= order
+ 1;
1204 void __rseq_percpu
*rseq_mempool_set_percpu_malloc(struct rseq_mempool_set
*pool_set
, size_t len
)
1206 return __rseq_mempool_set_malloc(pool_set
, NULL
, len
, false);
1209 void __rseq_percpu
*rseq_mempool_set_percpu_zmalloc(struct rseq_mempool_set
*pool_set
, size_t len
)
1211 return __rseq_mempool_set_malloc(pool_set
, NULL
, len
, true);
1214 void __rseq_percpu
*rseq_mempool_set_percpu_malloc_init(struct rseq_mempool_set
*pool_set
,
1215 void *init_ptr
, size_t len
)
1217 return __rseq_mempool_set_malloc(pool_set
, init_ptr
, len
, true);
1220 struct rseq_mempool_attr
*rseq_mempool_attr_create(void)
1222 return calloc(1, sizeof(struct rseq_mempool_attr
));
1225 void rseq_mempool_attr_destroy(struct rseq_mempool_attr
*attr
)
1230 int rseq_mempool_attr_set_mmap(struct rseq_mempool_attr
*attr
,
1231 void *(*mmap_func
)(void *priv
, size_t len
),
1232 int (*munmap_func
)(void *priv
, void *ptr
, size_t len
),
1239 attr
->mmap_set
= true;
1240 attr
->mmap_func
= mmap_func
;
1241 attr
->munmap_func
= munmap_func
;
1242 attr
->mmap_priv
= mmap_priv
;
1246 int rseq_mempool_attr_set_init(struct rseq_mempool_attr
*attr
,
1247 int (*init_func
)(void *priv
, void *addr
, size_t len
, int cpu
),
1254 attr
->init_set
= true;
1255 attr
->init_func
= init_func
;
1256 attr
->init_priv
= init_priv
;
1260 int rseq_mempool_attr_set_robust(struct rseq_mempool_attr
*attr
)
1266 attr
->robust_set
= true;
1270 int rseq_mempool_attr_set_percpu(struct rseq_mempool_attr
*attr
,
1271 size_t stride
, int max_nr_cpus
)
1277 attr
->type
= MEMPOOL_TYPE_PERCPU
;
1278 attr
->stride
= stride
;
1279 attr
->max_nr_cpus
= max_nr_cpus
;
1283 int rseq_mempool_attr_set_global(struct rseq_mempool_attr
*attr
,
1290 attr
->type
= MEMPOOL_TYPE_GLOBAL
;
1291 attr
->stride
= stride
;
1292 attr
->max_nr_cpus
= 0;
1296 int rseq_mempool_attr_set_max_nr_ranges(struct rseq_mempool_attr
*attr
,
1297 unsigned long max_nr_ranges
)
1303 attr
->max_nr_ranges
= max_nr_ranges
;
1307 int rseq_mempool_attr_set_poison(struct rseq_mempool_attr
*attr
,
1314 attr
->poison_set
= true;
1315 attr
->poison
= poison
;
1319 int rseq_mempool_attr_set_populate_policy(struct rseq_mempool_attr
*attr
,
1320 enum rseq_mempool_populate_policy policy
)
1326 attr
->populate_policy
= policy
;
1330 int rseq_mempool_get_max_nr_cpus(struct rseq_mempool
*mempool
)
1332 if (!mempool
|| mempool
->attr
.type
!= MEMPOOL_TYPE_PERCPU
) {
1336 return mempool
->attr
.max_nr_cpus
;
projects / librseq.git / blob