Loading...
--- libmalloc/libmalloc-646.40.3/src/early_malloc.c
+++ libmalloc/libmalloc-521.100.59/src/early_malloc.c
@@ -69,7 +69,7 @@
static_assert(CHAR_BIT == 8, "CHAR_BIT is 8");
static_assert(powerof2(MFM_ALLOC_SIZE_MAX), "MFM_ALLOC_SIZE_MAX is a power of 2");
-static_assert(powerof2(MFM_BLOCK_SIZE_MAX), "MFM_BLOCK_SIZE_MAX is a power of 2");
+static_assert(powerof2(MFM_BLOCK_SIZE_MAX), "MFM_ALLOC_SIZE_MAX is a power of 2");
#if !MALLOC_TARGET_EXCLAVES
#define MFM_INTERNAL_CRASH(code, msg) ({ \
@@ -109,9 +109,9 @@
size_t mfm_bump_hwm;
size_t mfm_alloc_count;
struct mfm_block mfm_freelist[MFM_SIZE_CLASSES];
-#if MALLOC_TARGET_EXCLAVES || MALLOC_TARGET_EXCLAVES_INTROSPECTOR
+#if MALLOC_TARGET_EXCLAVES
plat_map_t mfm_map;
-#endif // MALLOC_TARGET_EXCLAVES || MALLOC_TARGET_EXCLAVES_INTROSPECTOR
+#endif // MALLOC_TARGET_EXCLAVES
};
struct mfm_arena {
@@ -158,6 +158,7 @@
static struct mfm_arena *mfm_arena;
+
#pragma mark validation and helper functions
/*!
@@ -530,7 +531,6 @@
#endif
}
-
/*!
* @function __mfm_block_insert_head()
*
@@ -544,18 +544,15 @@
struct mfm_block *blk)
{
uint64_t head, offs, next;
- struct mfm_block *next_blk;
head = __mfm_block_offset(arena, hblk);
next = __mfm_block_next(hblk);
offs = __mfm_block_offset(arena, blk);
- next_blk = &arena->mfm_base[next];
-
blk->mfmb_prev = head;
__mfm_block_set_next(blk, next);
__mfm_block_set_next(hblk, offs);
- next_blk->mfmb_prev = offs;
+ arena->mfm_base[next].mfmb_prev = offs;
}
/*!
@@ -568,15 +565,11 @@
__mfm_block_remove(struct mfm_arena *arena, struct mfm_block *blk)
{
uint64_t next, prev;
- struct mfm_block *next_blk, *prev_blk;
-
next = __mfm_block_next(blk);
prev = blk->mfmb_prev;
- next_blk = &arena->mfm_base[next];
- prev_blk = &arena->mfm_base[prev];
- next_blk->mfmb_prev = prev;
- __mfm_block_set_next(prev_blk, next);
+ arena->mfm_base[next].mfmb_prev = prev;
+ __mfm_block_set_next(&arena->mfm_base[prev], next);
__builtin_bzero(blk, sizeof(struct mfm_block));
}
@@ -646,10 +639,26 @@
plat_map_t map = {0};
#endif // MALLOC_TARGET_EXCLAVES
-
+ // FIXME: rdar://115739995
+ // On exclaves, we initialize the early allocator first, so probe addresses
+ // above the reserved 4GB region to map it. This will block the subsequent
+ // xzone data/pointer regions from landing in the reserved region as well.
+ // Note that we cannot exhaustively map the reserved region because the
+ // PMM may run out of untyped memory, and on ASAN, the shadow already
+ // occupies the reserved region
#if MALLOC_TARGET_EXCLAVES
- arena = mvm_allocate_pages_plat(MFM_ARENA_SIZE, 0, MALLOC_NO_POPULATE,
- VM_MEMORY_MALLOC, mvm_plat_map(map));
+#if !__LIBLIBC_F_ASAN_INSTRUMENTATION
+ arena = NULL;
+ for (uintptr_t probe_addr = GiB(4); !arena; probe_addr += MFM_ARENA_SIZE) {
+ arena = mvm_allocate_plat(probe_addr, MFM_ARENA_SIZE, 0,
+ VM_FLAGS_FIXED, DISABLE_ASLR | MALLOC_NO_POPULATE,
+ VM_MEMORY_MALLOC, mvm_plat_map(map));
+ }
+#else
+ arena = mvm_allocate_pages_plat(MFM_ARENA_SIZE, 0,
+ DISABLE_ASLR | MALLOC_NO_POPULATE, VM_MEMORY_MALLOC,
+ mvm_plat_map(map));
+#endif // !__LIBLIBC_F_ASAN_INSTRUMENTATION
#else
/* this is called early, which means the address space _does_ have 8M */
arena = mvm_allocate_pages_plat(MFM_ARENA_SIZE, 0,
@@ -679,8 +688,6 @@
mach_vm_address_t vm_addr = (mach_vm_address_t)arena;
mach_vm_size_t vm_size = (mach_vm_size_t)MFM_ARENA_SIZE;
int alloc_flags = VM_FLAGS_OVERWRITE | VM_MAKE_TAG(VM_MEMORY_MALLOC_TINY);
-
-
kern_return_t kr = mach_vm_map(mach_task_self(), &vm_addr, vm_size,
/* mask */ 0, alloc_flags, MEMORY_OBJECT_NULL, /* offset */ 0,
/* copy */ false, VM_PROT_DEFAULT, VM_PROT_ALL, VM_INHERIT_DEFAULT);
@@ -718,7 +725,6 @@
{
struct mfm_arena *arena = os_atomic_load(&mfm_arena, dependency);
size_t index;
-
if (!__mfm_address_owned(arena, ptr)) {
return 0ul;
@@ -820,7 +826,6 @@
#endif
__mfm_unlock(arena);
-
return ptr;
}
@@ -829,23 +834,20 @@
{
struct mfm_arena *arena = os_atomic_load(&mfm_arena, dependency);
size_t index, size;
- void *addr = ptr;
#if MFM_TRACE
dprintf(STDERR_FILENO, "{ -1, %p },\n", ptr);
#endif
-
- if (!__mfm_address_owned(arena, addr)) {
+ if (!__mfm_address_owned(arena, ptr)) {
MFM_INTERNAL_CRASH(ptr, "not MFM owned");
}
- index = __mfm_block_index(arena, addr);
+ index = __mfm_block_index(arena, ptr);
if (!__mfm_block_is_allocated(arena, index)) {
MFM_CLIENT_CRASH(ptr, "not an allocated block");
}
size = __mfm_block_size(arena, index);
-
bzero(ptr, MFM_QUANTUM * size);
@@ -896,7 +898,6 @@
mfm_claimed_address(void *ptr)
{
struct mfm_arena *arena = os_atomic_load(&mfm_arena, dependency);
-
return __mfm_address_owned(arena, ptr);
}