From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qk1-x736.google.com (mail-qk1-x736.google.com [IPv6:2607:f8b0:4864:20::736]) by sourceware.org (Postfix) with ESMTPS id E2E2C3858010 for ; Mon, 28 Dec 2020 19:24:33 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org E2E2C3858010 Received: by mail-qk1-x736.google.com with SMTP id v126so9630288qkd.11 for ; Mon, 28 Dec 2020 11:24:33 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:cc:references:from:autocrypt:subject :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=iQvVCQdzjs8EpZzg3biT5rxXgjWH2EPxRsbte1IKr9c=; b=lnbtZBzEGLIPlIZFshIvYkYu6+6VXIz4RFIjsjL952+1SvzjimvUniFs9LMwfl+dTl fg8/+jHcu/ge7LwtFy2z2E4QHARKLulF6FiiW5Gge5lU7wIjGCIJ8MrbOuJeoJXsnUJb /cDpoHHsBmgKKqYpubZkDlS6Gu7AlLccDIaCM2hvXYhiBOZTJXyjIRsGzsY0F+8FRuof earKZVlrrLIsxKrpfIhVmGO8cI2eEXZ+KbicKc/OVIWtkW9V32culd6jr6rEBQi+YZ1O b4PchNvj6cw30buNmgNIBxaZnFuqNSufdQ+MCPCjKW+m+2OsEDM4uyQBhWaXKXzq3SC9 TGxQ== X-Gm-Message-State: AOAM533B/rykKIilXpCJ8L7Gfi1P+iyVjGpPLSn3rFJVemhEBqKc2y87 /3SgNq4Rali/hDVBM5qYDour+w== X-Google-Smtp-Source: ABdhPJzefNP/nR23pbCEMANWnol70Xzba1Rh6BsIgKwg8lDH1Juem6fHGKyAd2juaDf+NJ4Hir/ZMA== X-Received: by 2002:a37:a297:: with SMTP id l145mr44916957qke.344.1609183473490; Mon, 28 Dec 2020 11:24:33 -0800 (PST) Received: from [192.168.1.4] ([177.194.48.209]) by smtp.googlemail.com with ESMTPSA id c20sm23973607qtj.29.2020.12.28.11.24.31 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 28 Dec 2020 11:24:32 -0800 (PST) To: Paul Eggert Cc: libc-alpha@sourceware.org, Florian Weimer , Siddhesh Poyarekar References: <20201220202556.3714-1-eggert@cs.ucla.edu> <871rfjzep6.fsf@oldenburg2.str.redhat.com> <11ae3757-fe3b-4bd8-92d2-a8d0a1af9ad4@linaro.org> <3d69d844-afce-c4b7-3ea6-bb9c4f034b29@cs.ucla.edu> From: Adhemerval Zanella Autocrypt: addr=adhemerval.zanella@linaro.org; prefer-encrypt=mutual; keydata= mQINBFcVGkoBEADiQU2x/cBBmAVf5C2d1xgz6zCnlCefbqaflUBw4hB/bEME40QsrVzWZ5Nq 8kxkEczZzAOKkkvv4pRVLlLn/zDtFXhlcvQRJ3yFMGqzBjofucOrmdYkOGo0uCaoJKPT186L NWp53SACXguFJpnw4ODI64ziInzXQs/rUJqrFoVIlrPDmNv/LUv1OVPKz20ETjgfpg8MNwG6 iMizMefCl+RbtXbIEZ3TE/IaDT/jcOirjv96lBKrc/pAL0h/O71Kwbbp43fimW80GhjiaN2y WGByepnkAVP7FyNarhdDpJhoDmUk9yfwNuIuESaCQtfd3vgKKuo6grcKZ8bHy7IXX1XJj2X/ BgRVhVgMHAnDPFIkXtP+SiarkUaLjGzCz7XkUn4XAGDskBNfbizFqYUQCaL2FdbW3DeZqNIa nSzKAZK7Dm9+0VVSRZXP89w71Y7JUV56xL/PlOE+YKKFdEw+gQjQi0e+DZILAtFjJLoCrkEX w4LluMhYX/X8XP6/C3xW0yOZhvHYyn72sV4yJ1uyc/qz3OY32CRy+bwPzAMAkhdwcORA3JPb kPTlimhQqVgvca8m+MQ/JFZ6D+K7QPyvEv7bQ7M+IzFmTkOCwCJ3xqOD6GjX3aphk8Sr0dq3 4Awlf5xFDAG8dn8Uuutb7naGBd/fEv6t8dfkNyzj6yvc4jpVxwARAQABtElBZGhlbWVydmFs IFphbmVsbGEgTmV0dG8gKExpbmFybyBWUE4gS2V5KSA8YWRoZW1lcnZhbC56YW5lbGxhQGxp bmFyby5vcmc+iQI3BBMBCAAhBQJXFRpKAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJ EKqx7BSnlIjv0e8P/1YOYoNkvJ+AJcNUaM5a2SA9oAKjSJ/M/EN4Id5Ow41ZJS4lUA0apSXW NjQg3VeVc2RiHab2LIB4MxdJhaWTuzfLkYnBeoy4u6njYcaoSwf3g9dSsvsl3mhtuzm6aXFH /Qsauav77enJh99tI4T+58rp0EuLhDsQbnBic/ukYNv7sQV8dy9KxA54yLnYUFqH6pfH8Lly sTVAMyi5Fg5O5/hVV+Z0Kpr+ZocC1YFJkTsNLAW5EIYSP9ftniqaVsim7MNmodv/zqK0IyDB GLLH1kjhvb5+6ySGlWbMTomt/or/uvMgulz0bRS+LUyOmlfXDdT+t38VPKBBVwFMarNuREU2 69M3a3jdTfScboDd2ck1u7l+QbaGoHZQ8ZNUrzgObltjohiIsazqkgYDQzXIMrD9H19E+8fw kCNUlXxjEgH/Kg8DlpoYJXSJCX0fjMWfXywL6ZXc2xyG/hbl5hvsLNmqDpLpc1CfKcA0BkK+ k8R57fr91mTCppSwwKJYO9T+8J+o4ho/CJnK/jBy1pWKMYJPvvrpdBCWq3MfzVpXYdahRKHI ypk8m4QlRlbOXWJ3TDd/SKNfSSrWgwRSg7XCjSlR7PNzNFXTULLB34sZhjrN6Q8NQZsZnMNs TX8nlGOVrKolnQPjKCLwCyu8PhllU8OwbSMKskcD1PSkG6h3r0AquQINBFcVGkoBEACgAdbR Ck+fsfOVwT8zowMiL3l9a2DP3Eeak23ifdZG+8Avb/SImpv0UMSbRfnw/N81IWwlbjkjbGTu oT37iZHLRwYUFmA8fZX0wNDNKQUUTjN6XalJmvhdz9l71H3WnE0wneEM5ahu5V1L1utUWTyh VUwzX1lwJeV3vyrNgI1kYOaeuNVvq7npNR6t6XxEpqPsNc6O77I12XELic2+36YibyqlTJIQ V1SZEbIy26AbC2zH9WqaKyGyQnr/IPbTJ2Lv0dM3RaXoVf+CeK7gB2B+w1hZummD21c1Laua +VIMPCUQ+EM8W9EtX+0iJXxI+wsztLT6vltQcm+5Q7tY+HFUucizJkAOAz98YFucwKefbkTp eKvCfCwiM1bGatZEFFKIlvJ2QNMQNiUrqJBlW9nZp/k7pbG3oStOjvawD9ZbP9e0fnlWJIsj 6c7pX354Yi7kxIk/6gREidHLLqEb/otuwt1aoMPg97iUgDV5mlNef77lWE8vxmlY0FBWIXuZ yv0XYxf1WF6dRizwFFbxvUZzIJp3spAao7jLsQj1DbD2s5+S1BW09A0mI/1DjB6EhNN+4bDB SJCOv/ReK3tFJXuj/HbyDrOdoMt8aIFbe7YFLEExHpSk+HgN05Lg5TyTro8oW7TSMTk+8a5M kzaH4UGXTTBDP/g5cfL3RFPl79ubXwARAQABiQIfBBgBCAAJBQJXFRpKAhsMAAoJEKqx7BSn lIjvI/8P/jg0jl4Tbvg3B5kT6PxJOXHYu9OoyaHLcay6Cd+ZrOd1VQQCbOcgLFbf4Yr+rE9l mYsY67AUgq2QKmVVbn9pjvGsEaz8UmfDnz5epUhDxC6yRRvY4hreMXZhPZ1pbMa6A0a/WOSt AgFj5V6Z4dXGTM/lNManr0HjXxbUYv2WfbNt3/07Db9T+GZkpUotC6iknsTA4rJi6u2ls0W9 1UIvW4o01vb4nZRCj4rni0g6eWoQCGoVDk/xFfy7ZliR5B+3Z3EWRJcQskip/QAHjbLa3pml xAZ484fVxgeESOoaeC9TiBIp0NfH8akWOI0HpBCiBD5xaCTvR7ujUWMvhsX2n881r/hNlR9g fcE6q00qHSPAEgGr1bnFv74/1vbKtjeXLCcRKk3Ulw0bY1OoDxWQr86T2fZGJ/HIZuVVBf3+ gaYJF92GXFynHnea14nFFuFgOni0Mi1zDxYH/8yGGBXvo14KWd8JOW0NJPaCDFJkdS5hu0VY 7vJwKcyHJGxsCLU+Et0mryX8qZwqibJIzu7kUJQdQDljbRPDFd/xmGUFCQiQAncSilYOcxNU EMVCXPAQTteqkvA+gNqSaK1NM9tY0eQ4iJpo+aoX8HAcn4sZzt2pfUB9vQMTBJ2d4+m/qO6+ cFTAceXmIoFsN8+gFN3i8Is3u12u8xGudcBPvpoy4OoG Subject: Re: [PATCH] free: preserve errno [BZ#17924] Message-ID: Date: Mon, 28 Dec 2020 16:24:29 -0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <3d69d844-afce-c4b7-3ea6-bb9c4f034b29@cs.ucla.edu> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-14.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, NICE_REPLY_A, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, URIBL_BLACK autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Dec 2020 19:24:36 -0000 On 23/12/2020 22:03, Paul Eggert wrote: > Thanks for the comments about the patch's test case. I modified the test case to reflect nearly all the comments, resulting in the attached revised patch. I'm replying below only to the comments that didn't result in a change to the patch. > > On 12/23/20 11:19 AM, Adhemerval Zanella wrote: > >> Fixing in a more fine grained would require a lot of more work to check if >> the shared routines that calls mmap, madvise or brk won't interfere with other >> symbols; so maybe it should be ok to use this large hammer for now. > > Yes, that was my thought as well. I will try to revise this for 2.33. > >>> +The @code{free} function preserves the value of @code{errno}, so that >>> +cleanup code need not worry about saving and restoring @code{errno} >>> +around a call to @code{free}.  Although neither @w{ISO C} nor >>> +POSIX.1-2017 requires @code{free} to preserve @code{errno}, a future >>> +version of POSIX is planned to require it. > ... >> Not sure if this is worth to add, since we will need to update the manual >> once the POSIX does require it. > > I'll volunteer to update the manual. :-) > > It's worth mentioning that preserving errno is not something that portable C or POSIX code should assume for 'free'. If there's a better way for the manual to warn its readers about this, that'd be fine of course. > > I did consider changing "Although neither @w{ISO C} nor POSIX.1-2017 requires @code{free} to preserve @code{errno}, a future version of POSIX is planned to require it" to "Neither @w{ISO C} nor POSIX requires @code{free} to preserve @code{errno}", but that wording would be less informative and would still need updating once POSIX does require 'free' to preserve errno. Thanks. > From afbf4ff042cf3a5c8f983d5aa3bd0de3fb696dd3 Mon Sep 17 00:00:00 2001 > From: Paul Eggert > Date: Wed, 23 Dec 2020 11:27:25 -0800 > Subject: [PATCH] free: preserve errno [BZ#17924] > > In the next release of POSIX, free must preserve errno > . > Modify __libc_free to save and restore errno, so that > any internal munmap etc. syscalls do not disturb the caller's errno. > Add a test malloc/tst-free-errno.c (almost all by Bruno Haible), > and document that free preserves errno. LGTM with the small test change below. Reviewed-by: Adhemerval Zanella > --- > malloc/Makefile | 1 + > malloc/malloc.c | 13 ++-- > malloc/tst-free-errno.c | 131 ++++++++++++++++++++++++++++++++++++++++ > manual/memory.texi | 9 +++ > 4 files changed, 150 insertions(+), 4 deletions(-) > create mode 100644 malloc/tst-free-errno.c > > diff --git a/malloc/Makefile b/malloc/Makefile > index ab64dcfd73..4b3975f90d 100644 > --- a/malloc/Makefile > +++ b/malloc/Makefile > @@ -34,6 +34,7 @@ tests := mallocbug tst-malloc tst-valloc tst-calloc tst-obstack \ > tst-interpose-nothread \ > tst-interpose-thread \ > tst-alloc_buffer \ > + tst-free-errno \ > tst-malloc-tcache-leak \ > tst-malloc_info tst-mallinfo2 \ > tst-malloc-too-large \ > diff --git a/malloc/malloc.c b/malloc/malloc.c > index a3e914fa8a..3b151f44f7 100644 > --- a/malloc/malloc.c > +++ b/malloc/malloc.c > @@ -3278,6 +3278,8 @@ __libc_free (void *mem) > *(volatile char *)mem; > #endif > > + int err = errno; > + > p = mem2chunk (mem); > > /* Mark the chunk as belonging to the library again. */ > @@ -3298,13 +3300,16 @@ __libc_free (void *mem) > mp_.mmap_threshold, mp_.trim_threshold); > } > munmap_chunk (p); > - return; > } > + else > + { > + MAYBE_INIT_TCACHE (); > > - MAYBE_INIT_TCACHE (); > + ar_ptr = arena_for_chunk (p); > + _int_free (ar_ptr, p, 0); > + } > > - ar_ptr = arena_for_chunk (p); > - _int_free (ar_ptr, p, 0); > + __set_errno (err); > } > libc_hidden_def (__libc_free) > > diff --git a/malloc/tst-free-errno.c b/malloc/tst-free-errno.c > new file mode 100644 > index 0000000000..89629751e8 > --- /dev/null > +++ b/malloc/tst-free-errno.c > @@ -0,0 +1,131 @@ > +/* Test that free preserves errno. > + Copyright (C) 2020 Free Software Foundation, Inc. > + This file is part of the GNU C Library. > + > + The GNU C Library is free software; you can redistribute it and/or > + modify it under the terms of the GNU Lesser General Public > + License as published by the Free Software Foundation; either > + version 2.1 of the License, or (at your option) any later version. > + > + The GNU C Library is distributed in the hope that it will be useful, > + but WITHOUT ANY WARRANTY; without even the implied warranty of > + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + Lesser General Public License for more details. > + > + You should have received a copy of the GNU Lesser General Public > + License along with the GNU C Library; if not, see > + . */ > + > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > + > +/* The __attribute__ ((weak)) prevents a GCC optimization. Without > + it, GCC would "know" that errno is unchanged by calling free (ptr), > + when ptr was the result of a malloc call in the same function. */ > +int __attribute__ ((weak)) > +get_errno (void) > +{ > + return errno; > +} > + > +static int > +do_test (void) > +{ > + /* Check that free() preserves errno. */ > + { > + errno = 1789; /* Liberté, égalité, fraternité. */ > + free (NULL); > + TEST_VERIFY (get_errno () == 1789); > + } > + { /* Large memory allocations, to force mmap. */ > + enum { N = 2 }; > + void * volatile ptrs[N]; > + size_t i; > + for (i = 0; i < N; i++) > + ptrs[i] = malloc (5318153); Use xmalloc here. > + for (i = 0; i < N; i++) > + { > + errno = 1789; > + free (ptrs[i]); > + TEST_VERIFY (get_errno () == 1789); > + } > + } > + > + /* Test a less common code path. > + When malloc() is based on mmap(), free() can sometimes call munmap(). > + munmap() usually succeeds, but fails in a particular situation: when > + - it has to unmap the middle part of a VMA, and > + - the number of VMAs of a process is limited and the limit is > + already reached. > + The latter condition is fulfilled on Linux, when the file > + /proc/sys/vm/max_map_count exists. For all known Linux versions > + the default limit is at most 65536. > + */ > + #if defined __linux__ > + if (open ("/proc/sys/vm/max_map_count", O_RDONLY) >= 0) I think we can assume for tests /proc should be mounted, otherwise this only partially test this interface. So I think we can use xopen here. > + { > + /* Preparations. */ > + size_t pagesize = getpagesize (); > + void *firstpage_backup = xmalloc (pagesize); > + void *lastpage_backup = xmalloc (pagesize); > + /* Allocate a large memory area, as a bumper, so that the MAP_FIXED > + allocation later will not overwrite parts of the memory areas > + allocated to ld.so or libc.so. */ > + xmmap (NULL, 0x1000000, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, -1); > + /* A file descriptor pointing to a regular file. */ > + int fd = create_temp_file ("tst-free-errno", NULL); > + if (fd < 0) > + FAIL_EXIT1 ("cannot create temporary file"); > + > + /* Do a large memory allocation. */ > + size_t big_size = 0x1000000; > + void * volatile ptr = xmalloc (big_size - 0x100); > + char *ptr_aligned = (char *) ((uintptr_t) ptr & ~(pagesize - 1)); > + /* This large memory allocation allocated a memory area > + from ptr_aligned to ptr_aligned + big_size. > + Enlarge this memory area by adding a page before and a page > + after it. */ > + memcpy (firstpage_backup, ptr_aligned, pagesize); > + memcpy (lastpage_backup, ptr_aligned + big_size - pagesize, > + pagesize); > + xmmap (ptr_aligned - pagesize, pagesize + big_size + pagesize, > + PROT_READ | PROT_WRITE, > + MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1); > + memcpy (ptr_aligned, firstpage_backup, pagesize); > + memcpy (ptr_aligned + big_size - pagesize, lastpage_backup, > + pagesize); > + > + /* Now add as many mappings as we can. > + Stop at 65536, in order not to crash the machine (in case the > + limit has been increased by the system administrator). */ > + for (int i = 0; i < 65536; i++) > + if (mmap (NULL, pagesize, PROT_READ, MAP_FILE | MAP_PRIVATE, fd, 0) > + == MAP_FAILED) > + break; > + /* Now the number of VMAs of this process has hopefully attained > + its limit. */ > + > + errno = 1789; > + /* This call to free() is supposed to call > + munmap (ptr_aligned, big_size); > + which increases the number of VMAs by 1, which is supposed > + to fail. */ > + free (ptr); > + TEST_VERIFY (get_errno () == 1789); > + } > + #endif > + > + return 0; > +} > + > +#include Ok. > diff --git a/manual/memory.texi b/manual/memory.texi > index c132261084..b2cc65228a 100644 > --- a/manual/memory.texi > +++ b/manual/memory.texi > @@ -738,6 +738,12 @@ later call to @code{malloc} to reuse the space. In the meantime, the > space remains in your program as part of a free-list used internally by > @code{malloc}. > > +The @code{free} function preserves the value of @code{errno}, so that > +cleanup code need not worry about saving and restoring @code{errno} > +around a call to @code{free}. Although neither @w{ISO C} nor > +POSIX.1-2017 requires @code{free} to preserve @code{errno}, a future > +version of POSIX is planned to require it. > + > There is no point in freeing blocks at the end of a program, because all > of the program's space is given back to the system when the process > terminates. Ok. > @@ -1935,6 +1941,9 @@ linking against @code{libc.a} (explicitly or implicitly). > functions (that is, all the functions used by the application, > @theglibc{}, and other linked-in libraries) can lead to static linking > failures, and, at run time, to heap corruption and application crashes. > +Replacement functions should implement the behavior documented for > +their counterparts in @theglibc{}; for example, the replacement > +@code{free} should also preserve @code{errno}. > > The minimum set of functions which has to be provided by a custom > @code{malloc} is given in the table below. > -- > 2.29.2 Ok.