1 /*
2 * Copyright (C) 2009 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 // Contains a thin layer that calls whatever real native allocator
30 // has been defined. For the libc shared library, this allows the
31 // implementation of a debug malloc that can intercept all of the allocation
32 // calls and add special debugging code to attempt to catch allocation
33 // errors. All of the debugging code is implemented in a separate shared
34 // library that is only loaded when the property "libc.debug.malloc.options"
35 // is set to a non-zero value.
36
37 #include <errno.h>
38 #include <stdint.h>
39 #include <stdio.h>
40
41 #include <private/bionic_config.h>
42 #include <platform/bionic/malloc.h>
43
44 #include "gwp_asan_wrappers.h"
45 #include "heap_tagging.h"
46 #include "malloc_common.h"
47 #include "malloc_limit.h"
48 #include "malloc_tagged_pointers.h"
49
50 // =============================================================================
51 // Global variables instantations.
52 // =============================================================================
53
54 // Malloc hooks globals.
55 void* (*volatile __malloc_hook)(size_t, const void*);
56 void* (*volatile __realloc_hook)(void*, size_t, const void*);
57 void (*volatile __free_hook)(void*, const void*);
58 void* (*volatile __memalign_hook)(size_t, size_t, const void*);
59 // =============================================================================
60
61 // =============================================================================
62 // Allocation functions
63 // =============================================================================
calloc(size_t n_elements,size_t elem_size)64 extern "C" void* calloc(size_t n_elements, size_t elem_size) {
65 auto dispatch_table = GetDispatchTable();
66 if (__predict_false(dispatch_table != nullptr)) {
67 return MaybeTagPointer(dispatch_table->calloc(n_elements, elem_size));
68 }
69 void* result = Malloc(calloc)(n_elements, elem_size);
70 if (__predict_false(result == nullptr)) {
71 warning_log("calloc(%zu, %zu) failed: returning null pointer", n_elements, elem_size);
72 }
73 return MaybeTagPointer(result);
74 }
75
free(void * mem)76 extern "C" void free(void* mem) {
77 auto dispatch_table = GetDispatchTable();
78 mem = MaybeUntagAndCheckPointer(mem);
79 if (__predict_false(dispatch_table != nullptr)) {
80 dispatch_table->free(mem);
81 } else {
82 Malloc(free)(mem);
83 }
84 }
85
mallinfo()86 extern "C" struct mallinfo mallinfo() {
87 auto dispatch_table = GetDispatchTable();
88 if (__predict_false(dispatch_table != nullptr)) {
89 return dispatch_table->mallinfo();
90 }
91 return Malloc(mallinfo)();
92 }
93
malloc_info(int options,FILE * fp)94 extern "C" int malloc_info(int options, FILE* fp) {
95 auto dispatch_table = GetDispatchTable();
96 if (__predict_false(dispatch_table != nullptr)) {
97 return dispatch_table->malloc_info(options, fp);
98 }
99 return Malloc(malloc_info)(options, fp);
100 }
101
mallopt(int param,int value)102 extern "C" int mallopt(int param, int value) {
103 auto dispatch_table = GetDispatchTable();
104 if (__predict_false(dispatch_table != nullptr)) {
105 return dispatch_table->mallopt(param, value);
106 }
107 return Malloc(mallopt)(param, value);
108 }
109
malloc(size_t bytes)110 extern "C" void* malloc(size_t bytes) {
111 auto dispatch_table = GetDispatchTable();
112 void *result;
113 if (__predict_false(dispatch_table != nullptr)) {
114 result = dispatch_table->malloc(bytes);
115 } else {
116 result = Malloc(malloc)(bytes);
117 }
118 if (__predict_false(result == nullptr)) {
119 warning_log("malloc(%zu) failed: returning null pointer", bytes);
120 return nullptr;
121 }
122 return MaybeTagPointer(result);
123 }
124
malloc_usable_size(const void * mem)125 extern "C" size_t malloc_usable_size(const void* mem) {
126 auto dispatch_table = GetDispatchTable();
127 mem = MaybeUntagAndCheckPointer(mem);
128 if (__predict_false(dispatch_table != nullptr)) {
129 return dispatch_table->malloc_usable_size(mem);
130 }
131 return Malloc(malloc_usable_size)(mem);
132 }
133
memalign(size_t alignment,size_t bytes)134 extern "C" void* memalign(size_t alignment, size_t bytes) {
135 auto dispatch_table = GetDispatchTable();
136 if (__predict_false(dispatch_table != nullptr)) {
137 return MaybeTagPointer(dispatch_table->memalign(alignment, bytes));
138 }
139 void* result = Malloc(memalign)(alignment, bytes);
140 if (__predict_false(result == nullptr)) {
141 warning_log("memalign(%zu, %zu) failed: returning null pointer", alignment, bytes);
142 }
143 return MaybeTagPointer(result);
144 }
145
posix_memalign(void ** memptr,size_t alignment,size_t size)146 extern "C" int posix_memalign(void** memptr, size_t alignment, size_t size) {
147 auto dispatch_table = GetDispatchTable();
148 int result;
149 if (__predict_false(dispatch_table != nullptr)) {
150 result = dispatch_table->posix_memalign(memptr, alignment, size);
151 } else {
152 result = Malloc(posix_memalign)(memptr, alignment, size);
153 }
154 if (result == 0) {
155 *memptr = MaybeTagPointer(*memptr);
156 }
157 return result;
158 }
159
aligned_alloc(size_t alignment,size_t size)160 extern "C" void* aligned_alloc(size_t alignment, size_t size) {
161 auto dispatch_table = GetDispatchTable();
162 if (__predict_false(dispatch_table != nullptr)) {
163 return MaybeTagPointer(dispatch_table->aligned_alloc(alignment, size));
164 }
165 void* result = Malloc(aligned_alloc)(alignment, size);
166 if (__predict_false(result == nullptr)) {
167 warning_log("aligned_alloc(%zu, %zu) failed: returning null pointer", alignment, size);
168 }
169 return MaybeTagPointer(result);
170 }
171
realloc(void * old_mem,size_t bytes)172 extern "C" __attribute__((__noinline__)) void* realloc(void* old_mem, size_t bytes) {
173 auto dispatch_table = GetDispatchTable();
174 old_mem = MaybeUntagAndCheckPointer(old_mem);
175 if (__predict_false(dispatch_table != nullptr)) {
176 return MaybeTagPointer(dispatch_table->realloc(old_mem, bytes));
177 }
178 void* result = Malloc(realloc)(old_mem, bytes);
179 if (__predict_false(result == nullptr && bytes != 0)) {
180 warning_log("realloc(%p, %zu) failed: returning null pointer", old_mem, bytes);
181 }
182 return MaybeTagPointer(result);
183 }
184
reallocarray(void * old_mem,size_t item_count,size_t item_size)185 extern "C" void* reallocarray(void* old_mem, size_t item_count, size_t item_size) {
186 size_t new_size;
187 if (__builtin_mul_overflow(item_count, item_size, &new_size)) {
188 warning_log("reallocaray(%p, %zu, %zu) failed: returning null pointer",
189 old_mem, item_count, item_size);
190 errno = ENOMEM;
191 return nullptr;
192 }
193 return realloc(old_mem, new_size);
194 }
195
196 #if defined(HAVE_DEPRECATED_MALLOC_FUNCS)
pvalloc(size_t bytes)197 extern "C" void* pvalloc(size_t bytes) {
198 auto dispatch_table = GetDispatchTable();
199 if (__predict_false(dispatch_table != nullptr)) {
200 return MaybeTagPointer(dispatch_table->pvalloc(bytes));
201 }
202 void* result = Malloc(pvalloc)(bytes);
203 if (__predict_false(result == nullptr)) {
204 warning_log("pvalloc(%zu) failed: returning null pointer", bytes);
205 }
206 return MaybeTagPointer(result);
207 }
208
valloc(size_t bytes)209 extern "C" void* valloc(size_t bytes) {
210 auto dispatch_table = GetDispatchTable();
211 if (__predict_false(dispatch_table != nullptr)) {
212 return MaybeTagPointer(dispatch_table->valloc(bytes));
213 }
214 void* result = Malloc(valloc)(bytes);
215 if (__predict_false(result == nullptr)) {
216 warning_log("valloc(%zu) failed: returning null pointer", bytes);
217 }
218 return MaybeTagPointer(result);
219 }
220 #endif
221 // =============================================================================
222
223 struct CallbackWrapperArg {
224 void (*callback)(uintptr_t base, size_t size, void* arg);
225 void* arg;
226 };
227
CallbackWrapper(uintptr_t base,size_t size,void * arg)228 void CallbackWrapper(uintptr_t base, size_t size, void* arg) {
229 CallbackWrapperArg* wrapper_arg = reinterpret_cast<CallbackWrapperArg*>(arg);
230 wrapper_arg->callback(
231 reinterpret_cast<uintptr_t>(MaybeTagPointer(reinterpret_cast<void*>(base))),
232 size, wrapper_arg->arg);
233 }
234
235 // =============================================================================
236 // Exported for use by libmemunreachable.
237 // =============================================================================
238
239 // Calls callback for every allocation in the anonymous heap mapping
240 // [base, base+size). Must be called between malloc_disable and malloc_enable.
241 // `base` in this can take either a tagged or untagged pointer, but we always
242 // provide a tagged pointer to the `base` argument of `callback` if the kernel
243 // supports tagged pointers.
malloc_iterate(uintptr_t base,size_t size,void (* callback)(uintptr_t base,size_t size,void * arg),void * arg)244 extern "C" int malloc_iterate(uintptr_t base, size_t size,
245 void (*callback)(uintptr_t base, size_t size, void* arg), void* arg) {
246 auto dispatch_table = GetDispatchTable();
247 // Wrap the malloc_iterate callback we were provided, in order to provide
248 // pointer tagging support.
249 CallbackWrapperArg wrapper_arg;
250 wrapper_arg.callback = callback;
251 wrapper_arg.arg = arg;
252 uintptr_t untagged_base =
253 reinterpret_cast<uintptr_t>(UntagPointer(reinterpret_cast<void*>(base)));
254 if (__predict_false(dispatch_table != nullptr)) {
255 return dispatch_table->malloc_iterate(
256 untagged_base, size, CallbackWrapper, &wrapper_arg);
257 }
258 return Malloc(malloc_iterate)(
259 untagged_base, size, CallbackWrapper, &wrapper_arg);
260 }
261
262 // Disable calls to malloc so malloc_iterate gets a consistent view of
263 // allocated memory.
malloc_disable()264 extern "C" void malloc_disable() {
265 auto dispatch_table = GetDispatchTable();
266 if (__predict_false(dispatch_table != nullptr)) {
267 return dispatch_table->malloc_disable();
268 }
269 return Malloc(malloc_disable)();
270 }
271
272 // Re-enable calls to malloc after a previous call to malloc_disable.
malloc_enable()273 extern "C" void malloc_enable() {
274 auto dispatch_table = GetDispatchTable();
275 if (__predict_false(dispatch_table != nullptr)) {
276 return dispatch_table->malloc_enable();
277 }
278 return Malloc(malloc_enable)();
279 }
280
281 #if defined(LIBC_STATIC)
malloc_backtrace(void *,uintptr_t *,size_t)282 extern "C" ssize_t malloc_backtrace(void*, uintptr_t*, size_t) {
283 return 0;
284 }
285 #endif
286
287 #if __has_feature(hwaddress_sanitizer)
288 // FIXME: implement these in HWASan allocator.
__sanitizer_malloc_iterate(uintptr_t base __unused,size_t size __unused,void (* callback)(uintptr_t base,size_t size,void * arg)__unused,void * arg __unused)289 extern "C" int __sanitizer_malloc_iterate(uintptr_t base __unused, size_t size __unused,
290 void (*callback)(uintptr_t base, size_t size, void* arg)
291 __unused,
292 void* arg __unused) {
293 return 0;
294 }
295
__sanitizer_malloc_disable()296 extern "C" void __sanitizer_malloc_disable() {
297 }
298
__sanitizer_malloc_enable()299 extern "C" void __sanitizer_malloc_enable() {
300 }
301
__sanitizer_malloc_info(int,FILE *)302 extern "C" int __sanitizer_malloc_info(int, FILE*) {
303 errno = ENOTSUP;
304 return -1;
305 }
306 #endif
307 // =============================================================================
308
309 // =============================================================================
310 // Platform-internal mallopt variant.
311 // =============================================================================
312 #if defined(LIBC_STATIC)
android_mallopt(int opcode,void * arg,size_t arg_size)313 extern "C" bool android_mallopt(int opcode, void* arg, size_t arg_size) {
314 if (opcode == M_SET_ALLOCATION_LIMIT_BYTES) {
315 return LimitEnable(arg, arg_size);
316 }
317 if (opcode == M_SET_HEAP_TAGGING_LEVEL) {
318 return SetHeapTaggingLevel(arg, arg_size);
319 }
320 if (opcode == M_INITIALIZE_GWP_ASAN) {
321 if (arg == nullptr || arg_size != sizeof(bool)) {
322 errno = EINVAL;
323 return false;
324 }
325 __libc_globals.mutate([&](libc_globals* globals) {
326 return MaybeInitGwpAsan(globals, *reinterpret_cast<bool*>(arg));
327 });
328 }
329 errno = ENOTSUP;
330 return false;
331 }
332 #endif
333 // =============================================================================
334
335 static constexpr MallocDispatch __libc_malloc_default_dispatch __attribute__((unused)) = {
336 Malloc(calloc),
337 Malloc(free),
338 Malloc(mallinfo),
339 Malloc(malloc),
340 Malloc(malloc_usable_size),
341 Malloc(memalign),
342 Malloc(posix_memalign),
343 #if defined(HAVE_DEPRECATED_MALLOC_FUNCS)
344 Malloc(pvalloc),
345 #endif
346 Malloc(realloc),
347 #if defined(HAVE_DEPRECATED_MALLOC_FUNCS)
348 Malloc(valloc),
349 #endif
350 Malloc(malloc_iterate),
351 Malloc(malloc_disable),
352 Malloc(malloc_enable),
353 Malloc(mallopt),
354 Malloc(aligned_alloc),
355 Malloc(malloc_info),
356 };
357
NativeAllocatorDispatch()358 const MallocDispatch* NativeAllocatorDispatch() {
359 return &__libc_malloc_default_dispatch;
360 }
361