Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 28 Nov 2017 16:34:32 +0000
From: Nicholas Wilson <nicholas.wilson@...lvnc.com>
To: "musl@...ts.openwall.com" <musl@...ts.openwall.com>
Subject: Re: [PATCH] Wasm support patch 1 (support systems without
 mmap)

Oh, I'd missed that. Let's scrap this patch then, I'll post an updated version of Patch #3 (Wasm-specific files) that implements mmap using Wasm's underlying "brk" capability.

I could use a bitmap to track free pages - but there are 32768 pages (64KiB page size, 2GiB max memory) and that would take up 4KiB just to track the free pages, plus if we're asked to mmap several pages together, we'd like to be able to search quickly for a block of free pages of the right size... What we'd need would be some kind of free-list data structure with sized bins and granular locking! Oh well...

Nick

________________________________________
From: Rich Felker <dalias@...ifal.cx> on behalf of Rich Felker <dalias@...c.org>
Sent: 28 November 2017 15:46:34
To: musl@...ts.openwall.com
Subject: Re: [musl] [PATCH] Wasm support patch 1 (support systems without mmap)

On Tue, Nov 28, 2017 at 11:50:08AM +0000, Nicholas Wilson wrote:
> I'm hoping the first patch is uncontroversial.
>
> WebAssembly has a linear/flat memory model, whereby it's simply
> impossible for the addressable memory to contain "holes". Therefore,
> mmap can't really be emulated, and all memory has to be allocated
> via brk.

This is not supported or supportable in musl's malloc. The heap that
can be serviced by brk is only usable for allocation sizes less than
~128k.

> I've done this by allowing malloc to fall back to brk (even for
> allocations above MMAP_THRESHOLD) if mmap returns ENOSYS.
>
> It's one line of code that will do harm in "normal" systems, and
> allows platforms that are emulating syscalls to choose not to
> support mmap, and still get a working malloc if brk is working.

The patch as written almost surely corrupts the heap structures or at
least produces new heap expansion (no possibility of reuse) each time
an allocation larger than ~128k is requested. This is because
bin_index[_up] is not defined for n > MMAP_THRESHOLD.

There are other places in musl that also depend on mmap working, like
the TLS init code. brk on the other hand is only used as an
optimization. I think what you should do, if it's hard to support both
brk and mmap, is omit brk instead (have it return -ENOSYS), then have
mmap always allocate lowest-available-page and keep some data
structure (even just a bit array) representing which pages are free.
This way you still keep everything in a contiguous range (possibly
with some reusable gaps due to munmap) like you want.

Rich



> diff --git a/src/malloc/malloc.c b/src/malloc/malloc.c
> index 9e05e1d6..572232e1 100644
> --- a/src/malloc/malloc.c
> +++ b/src/malloc/malloc.c
> @@ -328,13 +328,17 @@ void *malloc(size_t n)
>                 size_t len = n + OVERHEAD + PAGE_SIZE - 1 & -PAGE_SIZE;
>                 char *base = __mmap(0, len, PROT_READ|PROT_WRITE,
>                         MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
> -               if (base == (void *)-1) return 0;
> +               if (base == MAP_FAILED) {
> +                       if (errno == ENOSYS) goto nommap;
> +                       return 0;
> +               }
>                 c = (void *)(base + SIZE_ALIGN - OVERHEAD);
>                 c->csize = len - (SIZE_ALIGN - OVERHEAD);
>                 c->psize = SIZE_ALIGN - OVERHEAD;
>                 return CHUNK_TO_MEM(c);
>         }
>
> +nommap:
>         i = bin_index_up(n);
>         for (;;) {
>                 uint64_t mask = mal.binmap & -(1ULL<<i);
> @@ -405,7 +409,7 @@ void *realloc(void *p, size_t n)
>                 newlen = (newlen + PAGE_SIZE-1) & -PAGE_SIZE;
>                 if (oldlen == newlen) return p;
>                 base = __mremap(base, oldlen, newlen, MREMAP_MAYMOVE);
> -               if (base == (void *)-1)
> +               if (base == MAP_FAILED)
>                         goto copy_realloc;
>                 self = (void *)(base + extra);
>                 self->csize = newlen - extra;

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ