From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <corinna@sourceware.org>
Received: by sourceware.org (Postfix, from userid 2155)
	id A82A8385114F; Fri, 28 Oct 2022 14:27:26 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org A82A8385114F
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1666967246;
	bh=1BkKkYbZ9iQxtlof4SDOfw9JRiz6sRvrv8FXfpSVA04=;
	h=From:To:Subject:Date:From;
	b=A1PP1W0WOaceTIpuJok5BCoQvlJm7c7DO8SH39joL98lvuJioHwuXPVWlQhxnXFpS
	 6MYhZh/+G/5Xo8gsLda2KI6Hr7cJQpqhedt5qrq2QLUlinS9hJbue0n//0MSq5gt+3
	 GKQdE3ySM89xkSuB4/KCXwMMGHmwMXVBmvyWUi5U=
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
From: Corinna Vinschen <corinna@sourceware.org>
To: cygwin-cvs@sourceware.org
Subject: [newlib-cygwin] Cygwin: decouple cygheap from Cygwin DLL
X-Act-Checkin: newlib-cygwin
X-Git-Author: Corinna Vinschen <corinna@vinschen.de>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: c0776fa7bade123d5b33e44a9282f12dc3d2e10e
X-Git-Newrev: 2f9b8ff00cce0d0ceeb1091b6b9aecae914ddb89
Message-Id: <20221028142726.A82A8385114F@sourceware.org>
Date: Fri, 28 Oct 2022 14:27:26 +0000 (GMT)
List-Id: <cygwin-cvs.sourceware.org>

https://sourceware.org/git/gitweb.cgi?p=3Dnewlib-cygwin.git;h=3D2f9b8ff00cc=
e0d0ceeb1091b6b9aecae914ddb89

commit 2f9b8ff00cce0d0ceeb1091b6b9aecae914ddb89
Author: Corinna Vinschen <corinna@vinschen.de>
Date:   Wed Oct 26 21:16:35 2022 +0200

    Cygwin: decouple cygheap from Cygwin DLL
   =20
    One reason that ASLR is tricky is the fact that the cygheap
    is placed at the end of the DLL and especially that it's expected
    to be growable.  To support ASLR, this construct must go.
   =20
    Define dedicated cygheap memory region and reserve entire region.
    Commit 3 Megs, as was the default size of the cygheap before.
   =20
    Fix linker script accordingly, drop a now useless version check
    in get_cygwin_startup_info().

Diff:
---
 winsup/cygwin/cygwin.sc.in                   | 21 +++-------
 winsup/cygwin/dcrt0.cc                       |  3 --
 winsup/cygwin/local_includes/cygheap.h       |  1 -
 winsup/cygwin/local_includes/memory_layout.h |  8 +++-
 winsup/cygwin/mm/cygheap.cc                  | 62 +++++++++++++++++-------=
----
 5 files changed, 50 insertions(+), 45 deletions(-)

diff --git a/winsup/cygwin/cygwin.sc.in b/winsup/cygwin/cygwin.sc.in
index 742f599e0..d984c51c9 100644
--- a/winsup/cygwin/cygwin.sc.in
+++ b/winsup/cygwin/cygwin.sc.in
@@ -111,6 +111,11 @@ SECTIONS
     SORT(*)(.idata$7)
     . =3D ALIGN(16);
   }
+  .rsrc BLOCK(__section_alignment__) :
+  {
+    *(.rsrc)
+    *(SORT(.rsrc$*))
+  }
   .gnu_debuglink_overlay ALIGN(__section_alignment__) (NOLOAD):
   {
     BYTE(0)	/* c */
@@ -127,22 +132,6 @@ SECTIONS
     BYTE(0)	/* \0 */
     LONG(0)	/* checksum */
   }
-  .rsrc BLOCK(__section_alignment__) :
-  {
-    *(.rsrc)
-    *(SORT(.rsrc$*))
-    _SYM (_cygheap_start) =3D .;
-  }
-  .cygheap ALIGN(__section_alignment__) :
-  {
-#ifdef __x86_64__
-    . =3D . + (3072 * 1024);
-#else
-    . =3D . + (2048 * 1024);
-#endif
-    . =3D ALIGN(0x10000);
-    _SYM (_cygheap_end) =3D .;
-  }
   /DISCARD/ :
   {
     *(.debug$S)
diff --git a/winsup/cygwin/dcrt0.cc b/winsup/cygwin/dcrt0.cc
index e1197092e..84db38cfe 100644
--- a/winsup/cygwin/dcrt0.cc
+++ b/winsup/cygwin/dcrt0.cc
@@ -527,9 +527,6 @@ get_cygwin_startup_info ()
     {
       if ((res->intro & OPROC_MAGIC_MASK) =3D=3D OPROC_MAGIC_GENERIC)
 	multiple_cygwin_problem ("proc intro", res->intro, 0);
-      else if (res->cygheap !=3D (void *) &_cygheap_start)
-	multiple_cygwin_problem ("cygheap base", (uintptr_t) res->cygheap,
-				 (uintptr_t) &_cygheap_start);
=20
       unsigned should_be_cb =3D 0;
       switch (res->type)
diff --git a/winsup/cygwin/local_includes/cygheap.h b/winsup/cygwin/local_i=
ncludes/cygheap.h
index 6a844babd..4448983ab 100644
--- a/winsup/cygwin/local_includes/cygheap.h
+++ b/winsup/cygwin/local_includes/cygheap.h
@@ -727,4 +727,3 @@ class cygheap_fdenum : public cygheap_fdmanip
 void cygheap_fixup_in_child (bool);
 void cygheap_init ();
 void setup_cygheap ();
-extern char _cygheap_start[] __attribute__((section(".idata")));
diff --git a/winsup/cygwin/local_includes/memory_layout.h b/winsup/cygwin/l=
ocal_includes/memory_layout.h
index 77ab61984..639ff2546 100644
--- a/winsup/cygwin/local_includes/memory_layout.h
+++ b/winsup/cygwin/local_includes/memory_layout.h
@@ -46,11 +46,17 @@ details. */
 #define THREAD_STORAGE_LOW		0x600000000UL
 #define THREAD_STORAGE_HIGH		0x800000000UL
=20
+/* That's where the cygheap is located. CYGHEAP_STORAGE_INITIAL defines the
+   end of the initially committed heap area. */
+#define CYGHEAP_STORAGE_LOW		0x800000000UL
+#define CYGHEAP_STORAGE_INITIAL		0x800300000UL
+#define CYGHEAP_STORAGE_HIGH		0xa00000000UL
+
 /* This is where the user heap starts.  There's no defined end address.
    The user heap pontentially grows into the mmap arena.  However,
    the user heap grows upwar4ds and the mmap arena grows downwards,
    so there's not much chance to meet unluckily. */
-#define USERHEAP_START			0x800000000UL
+#define USERHEAP_START			0xa00000000UL
=20
 /* The memory region used for memory maps.
    Up to Win 8 only 44 bit address space, 48 bit starting witrh 8.1, so
diff --git a/winsup/cygwin/mm/cygheap.cc b/winsup/cygwin/mm/cygheap.cc
index 65f95c924..ac8df6a82 100644
--- a/winsup/cygwin/mm/cygheap.cc
+++ b/winsup/cygwin/mm/cygheap.cc
@@ -22,6 +22,7 @@
 #include "pinfo.h"
 #include "registry.h"
 #include "ntdll.h"
+#include "memory_layout.h"
 #include <unistd.h>
 #include <wchar.h>
 #include <sys/param.h>
@@ -34,8 +35,6 @@ static mini_cygheap NO_COPY cygheap_dummy =3D
 init_cygheap NO_COPY *cygheap =3D (init_cygheap *) &cygheap_dummy;
 void NO_COPY *cygheap_max;
=20
-extern "C" char  _cygheap_end[];
-
 static NO_COPY muto cygheap_protect;
=20
 struct cygheap_entry
@@ -72,12 +71,31 @@ static void _cfree (void *);
 static void *_csbrk (int);
 }
=20
+#define nextpage(x) ((char *) roundup2 ((uintptr_t) (x), \
+					wincap.allocation_granularity ()))
+#define allocsize(x) ((SIZE_T) nextpage (x))
+#ifdef DEBUGGING
+#define somekinda_printf debug_printf
+#else
+#define somekinda_printf malloc_printf
+#endif
+
 /* Called by fork or spawn to reallocate cygwin heap */
 void
 cygheap_fixup_in_child (bool execed)
 {
-  cygheap_max =3D cygheap =3D (init_cygheap *) _cygheap_start;
-  _csbrk ((char *) child_proc_info->cygheap_max - (char *) cygheap);
+  SIZE_T commit_size =3D CYGHEAP_STORAGE_INITIAL - CYGHEAP_STORAGE_LOW;
+
+  if (child_proc_info->cygheap_max > (void *) CYGHEAP_STORAGE_INITIAL)
+    commit_size =3D allocsize (child_proc_info->cygheap_max);
+  cygheap =3D (init_cygheap *) VirtualAlloc ((LPVOID) CYGHEAP_STORAGE_LOW,
+					   CYGHEAP_STORAGE_HIGH
+					   - CYGHEAP_STORAGE_LOW,
+					   MEM_RESERVE, PAGE_NOACCESS);
+  cygheap =3D (init_cygheap *) VirtualAlloc ((LPVOID) CYGHEAP_STORAGE_LOW,
+					   commit_size, MEM_COMMIT,
+					   PAGE_READWRITE);
+  cygheap_max =3D child_proc_info->cygheap_max;
   child_copy (child_proc_info->parent, false, child_proc_info->silentfail =
(),
 	      "cygheap", cygheap, cygheap_max, NULL);
   cygheap_init ();
@@ -245,15 +263,19 @@ cygheap_init ()
   cygheap_protect.init ("cygheap_protect");
   if (cygheap =3D=3D &cygheap_dummy)
     {
-      cygheap =3D (init_cygheap *) memset (_cygheap_start, 0,
-					 sizeof (*cygheap));
-      cygheap_max =3D cygheap;
-      _csbrk (sizeof (*cygheap));
+      cygheap =3D (init_cygheap *) VirtualAlloc ((LPVOID) CYGHEAP_STORAGE_=
LOW,
+					       CYGHEAP_STORAGE_HIGH
+					       - CYGHEAP_STORAGE_LOW,
+					       MEM_RESERVE, PAGE_NOACCESS);
+      cygheap =3D (init_cygheap *) VirtualAlloc ((LPVOID) CYGHEAP_STORAGE_=
LOW,
+					       CYGHEAP_STORAGE_INITIAL
+					       - CYGHEAP_STORAGE_LOW,
+					       MEM_COMMIT, PAGE_READWRITE);
+      cygheap_max =3D (char *) cygheap + sizeof (*cygheap);
       /* Initialize bucket_val.  The value is the max size of a block
          fitting into the bucket.  The values are powers of two and their
-	 medians: 12, 16, 24, 32, 48, 64, ...  On 64 bit, start with 24 to
-	 accommodate bigger size of struct cygheap_entry.
-	 With NBUCKETS =3D=3D 40, the maximum block size is 6291456/12582912.
+	 medians: 24, 32, 48, 64, ...  With NBUCKETS =3D=3D 40, the maximum
+	 block size is 12582912.
 	 The idea is to have better matching bucket sizes (not wasting
 	 space) without trading in performance compared to the old powers
 	 of 2 method. */
@@ -284,30 +306,22 @@ setup_cygheap ()
   cygheap->pg.init ();
 }
=20
-#define nextpage(x) ((char *) roundup2 ((uintptr_t) (x), \
-					wincap.allocation_granularity ()))
-#define allocsize(x) ((SIZE_T) nextpage (x))
-#ifdef DEBUGGING
-#define somekinda_printf debug_printf
-#else
-#define somekinda_printf malloc_printf
-#endif
-
 static void *
 _csbrk (int sbs)
 {
   void *prebrk =3D cygheap_max;
   char *newbase =3D nextpage (prebrk);
   cygheap_max =3D (char *) cygheap_max + sbs;
-  if (!sbs || (newbase >=3D cygheap_max) || (cygheap_max <=3D _cygheap_end=
))
+  if (!sbs || newbase >=3D cygheap_max
+      || cygheap_max <=3D (void *) CYGHEAP_STORAGE_INITIAL)
     /* nothing to do */;
   else
     {
-      if (prebrk <=3D _cygheap_end)
-	newbase =3D _cygheap_end;
+      if (prebrk <=3D (void *) CYGHEAP_STORAGE_INITIAL)
+	newbase =3D (char *) CYGHEAP_STORAGE_INITIAL;
=20
       SIZE_T adjsbs =3D allocsize ((char *) cygheap_max - newbase);
-      if (adjsbs && !VirtualAlloc (newbase, adjsbs, MEM_COMMIT | MEM_RESER=
VE, PAGE_READWRITE))
+      if (adjsbs && !VirtualAlloc (newbase, adjsbs, MEM_COMMIT, PAGE_READW=
RITE))
 	{
 	  MEMORY_BASIC_INFORMATION m;
 	  if (!VirtualQuery (newbase, &m, sizeof m))