1 //===-- primary32.h ---------------------------------------------*- C++ -*-===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 9 #ifndef SCUDO_PRIMARY32_H_ 10 #define SCUDO_PRIMARY32_H_ 11 12 #include "bytemap.h" 13 #include "common.h" 14 #include "list.h" 15 #include "local_cache.h" 16 #include "release.h" 17 #include "report.h" 18 #include "stats.h" 19 #include "string_utils.h" 20 21 namespace scudo { 22 23 // SizeClassAllocator32 is an allocator for 32 or 64-bit address space. 24 // 25 // It maps Regions of 2^RegionSizeLog bytes aligned on a 2^RegionSizeLog bytes 26 // boundary, and keeps a bytemap of the mappable address space to track the size 27 // class they are associated with. 28 // 29 // Mapped regions are split into equally sized Blocks according to the size 30 // class they belong to, and the associated pointers are shuffled to prevent any 31 // predictable address pattern (the predictability increases with the block 32 // size). 33 // 34 // Regions for size class 0 are special and used to hold TransferBatches, which 35 // allow to transfer arrays of pointers from the global size class freelist to 36 // the thread specific freelist for said class, and back. 37 // 38 // Memory used by this allocator is never unmapped but can be partially 39 // reclaimed if the platform allows for it. 40 41 template <class SizeClassMapT, uptr RegionSizeLog, 42 s32 MinReleaseToOsIntervalMs = INT32_MIN, 43 s32 MaxReleaseToOsIntervalMs = INT32_MAX> 44 class SizeClassAllocator32 { 45 public: 46 typedef SizeClassMapT SizeClassMap; 47 // The bytemap can only track UINT8_MAX - 1 classes. 48 static_assert(SizeClassMap::LargestClassId <= (UINT8_MAX - 1), ""); 49 // Regions should be large enough to hold the largest Block. 50 static_assert((1UL << RegionSizeLog) >= SizeClassMap::MaxSize, ""); 51 typedef SizeClassAllocator32<SizeClassMapT, RegionSizeLog, 52 MinReleaseToOsIntervalMs, 53 MaxReleaseToOsIntervalMs> 54 ThisT; 55 typedef SizeClassAllocatorLocalCache<ThisT> CacheT; 56 typedef typename CacheT::TransferBatch TransferBatch; 57 static const bool SupportsMemoryTagging = false; 58 getSizeByClassId(uptr ClassId)59 static uptr getSizeByClassId(uptr ClassId) { 60 return (ClassId == SizeClassMap::BatchClassId) 61 ? sizeof(TransferBatch) 62 : SizeClassMap::getSizeByClassId(ClassId); 63 } 64 canAllocate(uptr Size)65 static bool canAllocate(uptr Size) { return Size <= SizeClassMap::MaxSize; } 66 initLinkerInitialized(s32 ReleaseToOsInterval)67 void initLinkerInitialized(s32 ReleaseToOsInterval) { 68 if (SCUDO_FUCHSIA) 69 reportError("SizeClassAllocator32 is not supported on Fuchsia"); 70 71 PossibleRegions.initLinkerInitialized(); 72 MinRegionIndex = NumRegions; // MaxRegionIndex is already initialized to 0. 73 74 u32 Seed; 75 const u64 Time = getMonotonicTime(); 76 if (UNLIKELY(!getRandom(reinterpret_cast<void *>(&Seed), sizeof(Seed)))) 77 Seed = static_cast<u32>( 78 Time ^ (reinterpret_cast<uptr>(SizeClassInfoArray) >> 6)); 79 const uptr PageSize = getPageSizeCached(); 80 for (uptr I = 0; I < NumClasses; I++) { 81 SizeClassInfo *Sci = getSizeClassInfo(I); 82 Sci->RandState = getRandomU32(&Seed); 83 // See comment in the 64-bit primary about releasing smaller size classes. 84 Sci->CanRelease = (I != SizeClassMap::BatchClassId) && 85 (getSizeByClassId(I) >= (PageSize / 32)); 86 if (Sci->CanRelease) 87 Sci->ReleaseInfo.LastReleaseAtNs = Time; 88 } 89 setOption(Option::ReleaseInterval, static_cast<sptr>(ReleaseToOsInterval)); 90 } init(s32 ReleaseToOsInterval)91 void init(s32 ReleaseToOsInterval) { 92 memset(this, 0, sizeof(*this)); 93 initLinkerInitialized(ReleaseToOsInterval); 94 } 95 unmapTestOnly()96 void unmapTestOnly() { 97 while (NumberOfStashedRegions > 0) 98 unmap(reinterpret_cast<void *>(RegionsStash[--NumberOfStashedRegions]), 99 RegionSize); 100 for (uptr I = MinRegionIndex; I <= MaxRegionIndex; I++) 101 if (PossibleRegions[I]) 102 unmap(reinterpret_cast<void *>(I * RegionSize), RegionSize); 103 PossibleRegions.unmapTestOnly(); 104 } 105 popBatch(CacheT * C,uptr ClassId)106 TransferBatch *popBatch(CacheT *C, uptr ClassId) { 107 DCHECK_LT(ClassId, NumClasses); 108 SizeClassInfo *Sci = getSizeClassInfo(ClassId); 109 ScopedLock L(Sci->Mutex); 110 TransferBatch *B = Sci->FreeList.front(); 111 if (B) { 112 Sci->FreeList.pop_front(); 113 } else { 114 B = populateFreeList(C, ClassId, Sci); 115 if (UNLIKELY(!B)) 116 return nullptr; 117 } 118 DCHECK_GT(B->getCount(), 0); 119 Sci->Stats.PoppedBlocks += B->getCount(); 120 return B; 121 } 122 pushBatch(uptr ClassId,TransferBatch * B)123 void pushBatch(uptr ClassId, TransferBatch *B) { 124 DCHECK_LT(ClassId, NumClasses); 125 DCHECK_GT(B->getCount(), 0); 126 SizeClassInfo *Sci = getSizeClassInfo(ClassId); 127 ScopedLock L(Sci->Mutex); 128 Sci->FreeList.push_front(B); 129 Sci->Stats.PushedBlocks += B->getCount(); 130 if (Sci->CanRelease) 131 releaseToOSMaybe(Sci, ClassId); 132 } 133 disable()134 void disable() { 135 // The BatchClassId must be locked last since other classes can use it. 136 for (sptr I = static_cast<sptr>(NumClasses) - 1; I >= 0; I--) { 137 if (static_cast<uptr>(I) == SizeClassMap::BatchClassId) 138 continue; 139 getSizeClassInfo(static_cast<uptr>(I))->Mutex.lock(); 140 } 141 getSizeClassInfo(SizeClassMap::BatchClassId)->Mutex.lock(); 142 RegionsStashMutex.lock(); 143 PossibleRegions.disable(); 144 } 145 enable()146 void enable() { 147 PossibleRegions.enable(); 148 RegionsStashMutex.unlock(); 149 getSizeClassInfo(SizeClassMap::BatchClassId)->Mutex.unlock(); 150 for (uptr I = 0; I < NumClasses; I++) { 151 if (I == SizeClassMap::BatchClassId) 152 continue; 153 getSizeClassInfo(I)->Mutex.unlock(); 154 } 155 } 156 iterateOverBlocks(F Callback)157 template <typename F> void iterateOverBlocks(F Callback) { 158 for (uptr I = MinRegionIndex; I <= MaxRegionIndex; I++) 159 if (PossibleRegions[I] && 160 (PossibleRegions[I] - 1U) != SizeClassMap::BatchClassId) { 161 const uptr BlockSize = getSizeByClassId(PossibleRegions[I] - 1U); 162 const uptr From = I * RegionSize; 163 const uptr To = From + (RegionSize / BlockSize) * BlockSize; 164 for (uptr Block = From; Block < To; Block += BlockSize) 165 Callback(Block); 166 } 167 } 168 getStats(ScopedString * Str)169 void getStats(ScopedString *Str) { 170 // TODO(kostyak): get the RSS per region. 171 uptr TotalMapped = 0; 172 uptr PoppedBlocks = 0; 173 uptr PushedBlocks = 0; 174 for (uptr I = 0; I < NumClasses; I++) { 175 SizeClassInfo *Sci = getSizeClassInfo(I); 176 TotalMapped += Sci->AllocatedUser; 177 PoppedBlocks += Sci->Stats.PoppedBlocks; 178 PushedBlocks += Sci->Stats.PushedBlocks; 179 } 180 Str->append("Stats: SizeClassAllocator32: %zuM mapped in %zu allocations; " 181 "remains %zu\n", 182 TotalMapped >> 20, PoppedBlocks, PoppedBlocks - PushedBlocks); 183 for (uptr I = 0; I < NumClasses; I++) 184 getStats(Str, I, 0); 185 } 186 setOption(Option O,sptr Value)187 bool setOption(Option O, sptr Value) { 188 if (O == Option::ReleaseInterval) { 189 const s32 Interval = 190 Max(Min(static_cast<s32>(Value), MaxReleaseToOsIntervalMs), 191 MinReleaseToOsIntervalMs); 192 atomic_store(&ReleaseToOsIntervalMs, Interval, memory_order_relaxed); 193 return true; 194 } 195 // Not supported by the Primary, but not an error either. 196 return true; 197 } 198 releaseToOS()199 uptr releaseToOS() { 200 uptr TotalReleasedBytes = 0; 201 for (uptr I = 0; I < NumClasses; I++) { 202 SizeClassInfo *Sci = getSizeClassInfo(I); 203 ScopedLock L(Sci->Mutex); 204 TotalReleasedBytes += releaseToOSMaybe(Sci, I, /*Force=*/true); 205 } 206 return TotalReleasedBytes; 207 } 208 useMemoryTagging()209 bool useMemoryTagging() { return false; } disableMemoryTagging()210 void disableMemoryTagging() {} 211 212 private: 213 static const uptr NumClasses = SizeClassMap::NumClasses; 214 static const uptr RegionSize = 1UL << RegionSizeLog; 215 static const uptr NumRegions = SCUDO_MMAP_RANGE_SIZE >> RegionSizeLog; 216 static const u32 MaxNumBatches = SCUDO_ANDROID ? 4U : 8U; 217 typedef FlatByteMap<NumRegions> ByteMap; 218 219 struct SizeClassStats { 220 uptr PoppedBlocks; 221 uptr PushedBlocks; 222 }; 223 224 struct ReleaseToOsInfo { 225 uptr PushedBlocksAtLastRelease; 226 uptr RangesReleased; 227 uptr LastReleasedBytes; 228 u64 LastReleaseAtNs; 229 }; 230 ALIGNED(SCUDO_CACHE_LINE_SIZE)231 struct ALIGNED(SCUDO_CACHE_LINE_SIZE) SizeClassInfo { 232 HybridMutex Mutex; 233 SinglyLinkedList<TransferBatch> FreeList; 234 uptr CurrentRegion; 235 uptr CurrentRegionAllocated; 236 SizeClassStats Stats; 237 bool CanRelease; 238 u32 RandState; 239 uptr AllocatedUser; 240 ReleaseToOsInfo ReleaseInfo; 241 }; 242 static_assert(sizeof(SizeClassInfo) % SCUDO_CACHE_LINE_SIZE == 0, ""); 243 computeRegionId(uptr Mem)244 uptr computeRegionId(uptr Mem) { 245 const uptr Id = Mem >> RegionSizeLog; 246 CHECK_LT(Id, NumRegions); 247 return Id; 248 } 249 allocateRegionSlow()250 uptr allocateRegionSlow() { 251 uptr MapSize = 2 * RegionSize; 252 const uptr MapBase = reinterpret_cast<uptr>( 253 map(nullptr, MapSize, "scudo:primary", MAP_ALLOWNOMEM)); 254 if (UNLIKELY(!MapBase)) 255 return 0; 256 const uptr MapEnd = MapBase + MapSize; 257 uptr Region = MapBase; 258 if (isAligned(Region, RegionSize)) { 259 ScopedLock L(RegionsStashMutex); 260 if (NumberOfStashedRegions < MaxStashedRegions) 261 RegionsStash[NumberOfStashedRegions++] = MapBase + RegionSize; 262 else 263 MapSize = RegionSize; 264 } else { 265 Region = roundUpTo(MapBase, RegionSize); 266 unmap(reinterpret_cast<void *>(MapBase), Region - MapBase); 267 MapSize = RegionSize; 268 } 269 const uptr End = Region + MapSize; 270 if (End != MapEnd) 271 unmap(reinterpret_cast<void *>(End), MapEnd - End); 272 return Region; 273 } 274 allocateRegion(uptr ClassId)275 uptr allocateRegion(uptr ClassId) { 276 DCHECK_LT(ClassId, NumClasses); 277 uptr Region = 0; 278 { 279 ScopedLock L(RegionsStashMutex); 280 if (NumberOfStashedRegions > 0) 281 Region = RegionsStash[--NumberOfStashedRegions]; 282 } 283 if (!Region) 284 Region = allocateRegionSlow(); 285 if (LIKELY(Region)) { 286 const uptr RegionIndex = computeRegionId(Region); 287 if (RegionIndex < MinRegionIndex) 288 MinRegionIndex = RegionIndex; 289 if (RegionIndex > MaxRegionIndex) 290 MaxRegionIndex = RegionIndex; 291 PossibleRegions.set(RegionIndex, static_cast<u8>(ClassId + 1U)); 292 } 293 return Region; 294 } 295 getSizeClassInfo(uptr ClassId)296 SizeClassInfo *getSizeClassInfo(uptr ClassId) { 297 DCHECK_LT(ClassId, NumClasses); 298 return &SizeClassInfoArray[ClassId]; 299 } 300 populateBatches(CacheT * C,SizeClassInfo * Sci,uptr ClassId,TransferBatch ** CurrentBatch,u32 MaxCount,void ** PointersArray,u32 Count)301 bool populateBatches(CacheT *C, SizeClassInfo *Sci, uptr ClassId, 302 TransferBatch **CurrentBatch, u32 MaxCount, 303 void **PointersArray, u32 Count) { 304 if (ClassId != SizeClassMap::BatchClassId) 305 shuffle(PointersArray, Count, &Sci->RandState); 306 TransferBatch *B = *CurrentBatch; 307 for (uptr I = 0; I < Count; I++) { 308 if (B && B->getCount() == MaxCount) { 309 Sci->FreeList.push_back(B); 310 B = nullptr; 311 } 312 if (!B) { 313 B = C->createBatch(ClassId, PointersArray[I]); 314 if (UNLIKELY(!B)) 315 return false; 316 B->clear(); 317 } 318 B->add(PointersArray[I]); 319 } 320 *CurrentBatch = B; 321 return true; 322 } 323 populateFreeList(CacheT * C,uptr ClassId,SizeClassInfo * Sci)324 NOINLINE TransferBatch *populateFreeList(CacheT *C, uptr ClassId, 325 SizeClassInfo *Sci) { 326 uptr Region; 327 uptr Offset; 328 // If the size-class currently has a region associated to it, use it. The 329 // newly created blocks will be located after the currently allocated memory 330 // for that region (up to RegionSize). Otherwise, create a new region, where 331 // the new blocks will be carved from the beginning. 332 if (Sci->CurrentRegion) { 333 Region = Sci->CurrentRegion; 334 DCHECK_GT(Sci->CurrentRegionAllocated, 0U); 335 Offset = Sci->CurrentRegionAllocated; 336 } else { 337 DCHECK_EQ(Sci->CurrentRegionAllocated, 0U); 338 Region = allocateRegion(ClassId); 339 if (UNLIKELY(!Region)) 340 return nullptr; 341 C->getStats().add(StatMapped, RegionSize); 342 Sci->CurrentRegion = Region; 343 Offset = 0; 344 } 345 346 const uptr Size = getSizeByClassId(ClassId); 347 const u32 MaxCount = TransferBatch::getMaxCached(Size); 348 DCHECK_GT(MaxCount, 0U); 349 // The maximum number of blocks we should carve in the region is dictated 350 // by the maximum number of batches we want to fill, and the amount of 351 // memory left in the current region (we use the lowest of the two). This 352 // will not be 0 as we ensure that a region can at least hold one block (via 353 // static_assert and at the end of this function). 354 const u32 NumberOfBlocks = 355 Min(MaxNumBatches * MaxCount, 356 static_cast<u32>((RegionSize - Offset) / Size)); 357 DCHECK_GT(NumberOfBlocks, 0U); 358 359 TransferBatch *B = nullptr; 360 constexpr u32 ShuffleArraySize = 361 MaxNumBatches * TransferBatch::MaxNumCached; 362 // Fill the transfer batches and put them in the size-class freelist. We 363 // need to randomize the blocks for security purposes, so we first fill a 364 // local array that we then shuffle before populating the batches. 365 void *ShuffleArray[ShuffleArraySize]; 366 u32 Count = 0; 367 const uptr AllocatedUser = Size * NumberOfBlocks; 368 for (uptr I = Region + Offset; I < Region + Offset + AllocatedUser; 369 I += Size) { 370 ShuffleArray[Count++] = reinterpret_cast<void *>(I); 371 if (Count == ShuffleArraySize) { 372 if (UNLIKELY(!populateBatches(C, Sci, ClassId, &B, MaxCount, 373 ShuffleArray, Count))) 374 return nullptr; 375 Count = 0; 376 } 377 } 378 if (Count) { 379 if (UNLIKELY(!populateBatches(C, Sci, ClassId, &B, MaxCount, ShuffleArray, 380 Count))) 381 return nullptr; 382 } 383 DCHECK(B); 384 if (!Sci->FreeList.empty()) { 385 Sci->FreeList.push_back(B); 386 B = Sci->FreeList.front(); 387 Sci->FreeList.pop_front(); 388 } 389 DCHECK_GT(B->getCount(), 0); 390 391 C->getStats().add(StatFree, AllocatedUser); 392 DCHECK_LE(Sci->CurrentRegionAllocated + AllocatedUser, RegionSize); 393 // If there is not enough room in the region currently associated to fit 394 // more blocks, we deassociate the region by resetting CurrentRegion and 395 // CurrentRegionAllocated. Otherwise, update the allocated amount. 396 if (RegionSize - (Sci->CurrentRegionAllocated + AllocatedUser) < Size) { 397 Sci->CurrentRegion = 0; 398 Sci->CurrentRegionAllocated = 0; 399 } else { 400 Sci->CurrentRegionAllocated += AllocatedUser; 401 } 402 Sci->AllocatedUser += AllocatedUser; 403 404 return B; 405 } 406 getStats(ScopedString * Str,uptr ClassId,uptr Rss)407 void getStats(ScopedString *Str, uptr ClassId, uptr Rss) { 408 SizeClassInfo *Sci = getSizeClassInfo(ClassId); 409 if (Sci->AllocatedUser == 0) 410 return; 411 const uptr InUse = Sci->Stats.PoppedBlocks - Sci->Stats.PushedBlocks; 412 const uptr AvailableChunks = Sci->AllocatedUser / getSizeByClassId(ClassId); 413 Str->append(" %02zu (%6zu): mapped: %6zuK popped: %7zu pushed: %7zu " 414 "inuse: %6zu avail: %6zu rss: %6zuK releases: %6zu\n", 415 ClassId, getSizeByClassId(ClassId), Sci->AllocatedUser >> 10, 416 Sci->Stats.PoppedBlocks, Sci->Stats.PushedBlocks, InUse, 417 AvailableChunks, Rss >> 10, Sci->ReleaseInfo.RangesReleased); 418 } 419 420 NOINLINE uptr releaseToOSMaybe(SizeClassInfo *Sci, uptr ClassId, 421 bool Force = false) { 422 const uptr BlockSize = getSizeByClassId(ClassId); 423 const uptr PageSize = getPageSizeCached(); 424 425 CHECK_GE(Sci->Stats.PoppedBlocks, Sci->Stats.PushedBlocks); 426 const uptr BytesInFreeList = 427 Sci->AllocatedUser - 428 (Sci->Stats.PoppedBlocks - Sci->Stats.PushedBlocks) * BlockSize; 429 if (BytesInFreeList < PageSize) 430 return 0; // No chance to release anything. 431 const uptr BytesPushed = 432 (Sci->Stats.PushedBlocks - Sci->ReleaseInfo.PushedBlocksAtLastRelease) * 433 BlockSize; 434 if (BytesPushed < PageSize) 435 return 0; // Nothing new to release. 436 437 // Releasing smaller blocks is expensive, so we want to make sure that a 438 // significant amount of bytes are free, and that there has been a good 439 // amount of batches pushed to the freelist before attempting to release. 440 if (BlockSize < PageSize / 16U) { 441 if (!Force && BytesPushed < Sci->AllocatedUser / 16U) 442 return 0; 443 // We want 8x% to 9x% free bytes (the larger the bock, the lower the %). 444 if ((BytesInFreeList * 100U) / Sci->AllocatedUser < 445 (100U - 1U - BlockSize / 16U)) 446 return 0; 447 } 448 449 if (!Force) { 450 const s32 IntervalMs = 451 atomic_load(&ReleaseToOsIntervalMs, memory_order_relaxed); 452 if (IntervalMs < 0) 453 return 0; 454 if (Sci->ReleaseInfo.LastReleaseAtNs + 455 static_cast<u64>(IntervalMs) * 1000000 > 456 getMonotonicTime()) { 457 return 0; // Memory was returned recently. 458 } 459 } 460 461 DCHECK_GT(MinRegionIndex, 0U); 462 uptr First = 0; 463 for (uptr I = MinRegionIndex; I <= MaxRegionIndex; I++) { 464 if (PossibleRegions[I] - 1U == ClassId) { 465 First = I; 466 break; 467 } 468 } 469 uptr Last = 0; 470 for (uptr I = MaxRegionIndex; I >= MinRegionIndex; I--) { 471 if (PossibleRegions[I] - 1U == ClassId) { 472 Last = I; 473 break; 474 } 475 } 476 uptr TotalReleasedBytes = 0; 477 auto SkipRegion = [this, First, ClassId](uptr RegionIndex) { 478 return (PossibleRegions[First + RegionIndex] - 1U) != ClassId; 479 }; 480 if (First != 0U && Last != 0U) { 481 const uptr Base = First * RegionSize; 482 const uptr NumberOfRegions = Last - First + 1U; 483 ReleaseRecorder Recorder(Base); 484 releaseFreeMemoryToOS(Sci->FreeList, Base, RegionSize, NumberOfRegions, 485 BlockSize, &Recorder, SkipRegion); 486 if (Recorder.getReleasedRangesCount() > 0) { 487 Sci->ReleaseInfo.PushedBlocksAtLastRelease = Sci->Stats.PushedBlocks; 488 Sci->ReleaseInfo.RangesReleased += Recorder.getReleasedRangesCount(); 489 Sci->ReleaseInfo.LastReleasedBytes = Recorder.getReleasedBytes(); 490 TotalReleasedBytes += Sci->ReleaseInfo.LastReleasedBytes; 491 } 492 } 493 Sci->ReleaseInfo.LastReleaseAtNs = getMonotonicTime(); 494 return TotalReleasedBytes; 495 } 496 497 SizeClassInfo SizeClassInfoArray[NumClasses]; 498 499 // Track the regions in use, 0 is unused, otherwise store ClassId + 1. 500 ByteMap PossibleRegions; 501 // Keep track of the lowest & highest regions allocated to avoid looping 502 // through the whole NumRegions. 503 uptr MinRegionIndex; 504 uptr MaxRegionIndex; 505 atomic_s32 ReleaseToOsIntervalMs; 506 // Unless several threads request regions simultaneously from different size 507 // classes, the stash rarely contains more than 1 entry. 508 static constexpr uptr MaxStashedRegions = 4; 509 HybridMutex RegionsStashMutex; 510 uptr NumberOfStashedRegions; 511 uptr RegionsStash[MaxStashedRegions]; 512 }; 513 514 } // namespace scudo 515 516 #endif // SCUDO_PRIMARY32_H_ 517