1 //===-- scudo_allocator.cpp -------------------------------------*- C++ -*-===//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 ///
10 /// Scudo Hardened Allocator implementation.
11 /// It uses the sanitizer_common allocator as a base and aims at mitigating
12 /// heap corruption vulnerabilities. It provides a checksum-guarded chunk
13 /// header, a delayed free list, and additional sanity checks.
14 ///
15 //===----------------------------------------------------------------------===//
16
17 #include "scudo_allocator.h"
18 #include "scudo_utils.h"
19
20 #include "sanitizer_common/sanitizer_allocator_interface.h"
21 #include "sanitizer_common/sanitizer_quarantine.h"
22
23 #include <limits.h>
24 #include <pthread.h>
25 #include <smmintrin.h>
26
27 #include <atomic>
28 #include <cstring>
29
30 namespace __scudo {
31
32 const uptr AllocatorSpace = ~0ULL;
33 const uptr AllocatorSize = 0x10000000000ULL;
34 const uptr MinAlignmentLog = 4; // 16 bytes for x64
35 const uptr MaxAlignmentLog = 24;
36
37 typedef DefaultSizeClassMap SizeClassMap;
38 typedef SizeClassAllocator64<AllocatorSpace, AllocatorSize, 0, SizeClassMap>
39 PrimaryAllocator;
40 typedef SizeClassAllocatorLocalCache<PrimaryAllocator> AllocatorCache;
41 typedef LargeMmapAllocator<> SecondaryAllocator;
42 typedef CombinedAllocator<PrimaryAllocator, AllocatorCache, SecondaryAllocator>
43 ScudoAllocator;
44
45 static ScudoAllocator &getAllocator();
46
47 static thread_local Xorshift128Plus Prng;
48 // Global static cookie, initialized at start-up.
49 static u64 Cookie;
50
51 enum ChunkState : u8 {
52 ChunkAvailable = 0,
53 ChunkAllocated = 1,
54 ChunkQuarantine = 2
55 };
56
57 typedef unsigned __int128 PackedHeader;
58 typedef std::atomic<PackedHeader> AtomicPackedHeader;
59
60 // Our header requires 128-bit of storage on x64 (the only platform supported
61 // as of now), which fits nicely with the alignment requirements.
62 // Having the offset saves us from using functions such as GetBlockBegin, that
63 // is fairly costly. Our first implementation used the MetaData as well, which
64 // offers the advantage of being stored away from the chunk itself, but
65 // accessing it was costly as well.
66 // The header will be atomically loaded and stored using the 16-byte primitives
67 // offered by the platform (likely requires cmpxchg16b support).
68 struct UnpackedHeader {
69 // 1st 8 bytes
70 u16 Checksum : 16;
71 u64 RequestedSize : 40; // Needed for reallocation purposes.
72 u8 State : 2; // available, allocated, or quarantined
73 u8 AllocType : 2; // malloc, new, new[], or memalign
74 u8 Unused_0_ : 4;
75 // 2nd 8 bytes
76 u64 Offset : 20; // Offset from the beginning of the backend
77 // allocation to the beginning chunk itself, in
78 // multiples of MinAlignment. See comment about its
79 // maximum value and test in Initialize.
80 u64 Unused_1_ : 28;
81 u16 Salt : 16;
82 };
83
84 COMPILER_CHECK(sizeof(UnpackedHeader) == sizeof(PackedHeader));
85
86 const uptr ChunkHeaderSize = sizeof(PackedHeader);
87
88 struct ScudoChunk : UnpackedHeader {
89 // We can't use the offset member of the chunk itself, as we would double
90 // fetch it without any warranty that it wouldn't have been tampered. To
91 // prevent this, we work with a local copy of the header.
AllocBeg__scudo::ScudoChunk92 void *AllocBeg(UnpackedHeader *Header) {
93 return reinterpret_cast<void *>(
94 reinterpret_cast<uptr>(this) - (Header->Offset << MinAlignmentLog));
95 }
96
97 // CRC32 checksum of the Chunk pointer and its ChunkHeader.
98 // It currently uses the Intel Nehalem SSE4.2 crc32 64-bit instruction.
Checksum__scudo::ScudoChunk99 u16 Checksum(UnpackedHeader *Header) const {
100 u64 HeaderHolder[2];
101 memcpy(HeaderHolder, Header, sizeof(HeaderHolder));
102 u64 Crc = _mm_crc32_u64(Cookie, reinterpret_cast<uptr>(this));
103 // This is somewhat of a shortcut. The checksum is stored in the 16 least
104 // significant bits of the first 8 bytes of the header, hence zero-ing
105 // those bits out. It would be more valid to zero the checksum field of the
106 // UnpackedHeader, but would require holding an additional copy of it.
107 Crc = _mm_crc32_u64(Crc, HeaderHolder[0] & 0xffffffffffff0000ULL);
108 Crc = _mm_crc32_u64(Crc, HeaderHolder[1]);
109 return static_cast<u16>(Crc);
110 }
111
112 // Loads and unpacks the header, verifying the checksum in the process.
loadHeader__scudo::ScudoChunk113 void loadHeader(UnpackedHeader *NewUnpackedHeader) const {
114 const AtomicPackedHeader *AtomicHeader =
115 reinterpret_cast<const AtomicPackedHeader *>(this);
116 PackedHeader NewPackedHeader =
117 AtomicHeader->load(std::memory_order_relaxed);
118 *NewUnpackedHeader = bit_cast<UnpackedHeader>(NewPackedHeader);
119 if ((NewUnpackedHeader->Unused_0_ != 0) ||
120 (NewUnpackedHeader->Unused_1_ != 0) ||
121 (NewUnpackedHeader->Checksum != Checksum(NewUnpackedHeader))) {
122 dieWithMessage("ERROR: corrupted chunk header at address %p\n", this);
123 }
124 }
125
126 // Packs and stores the header, computing the checksum in the process.
storeHeader__scudo::ScudoChunk127 void storeHeader(UnpackedHeader *NewUnpackedHeader) {
128 NewUnpackedHeader->Checksum = Checksum(NewUnpackedHeader);
129 PackedHeader NewPackedHeader = bit_cast<PackedHeader>(*NewUnpackedHeader);
130 AtomicPackedHeader *AtomicHeader =
131 reinterpret_cast<AtomicPackedHeader *>(this);
132 AtomicHeader->store(NewPackedHeader, std::memory_order_relaxed);
133 }
134
135 // Packs and stores the header, computing the checksum in the process. We
136 // compare the current header with the expected provided one to ensure that
137 // we are not being raced by a corruption occurring in another thread.
compareExchangeHeader__scudo::ScudoChunk138 void compareExchangeHeader(UnpackedHeader *NewUnpackedHeader,
139 UnpackedHeader *OldUnpackedHeader) {
140 NewUnpackedHeader->Checksum = Checksum(NewUnpackedHeader);
141 PackedHeader NewPackedHeader = bit_cast<PackedHeader>(*NewUnpackedHeader);
142 PackedHeader OldPackedHeader = bit_cast<PackedHeader>(*OldUnpackedHeader);
143 AtomicPackedHeader *AtomicHeader =
144 reinterpret_cast<AtomicPackedHeader *>(this);
145 if (!AtomicHeader->compare_exchange_strong(OldPackedHeader,
146 NewPackedHeader,
147 std::memory_order_relaxed,
148 std::memory_order_relaxed)) {
149 dieWithMessage("ERROR: race on chunk header at address %p\n", this);
150 }
151 }
152 };
153
154 static bool ScudoInitIsRunning = false;
155
156 static pthread_once_t GlobalInited = PTHREAD_ONCE_INIT;
157 static pthread_key_t pkey;
158
159 static thread_local bool ThreadInited = false;
160 static thread_local bool ThreadTornDown = false;
161 static thread_local AllocatorCache Cache;
162
teardownThread(void * p)163 static void teardownThread(void *p) {
164 uptr v = reinterpret_cast<uptr>(p);
165 // The glibc POSIX thread-local-storage deallocation routine calls user
166 // provided destructors in a loop of PTHREAD_DESTRUCTOR_ITERATIONS.
167 // We want to be called last since other destructors might call free and the
168 // like, so we wait until PTHREAD_DESTRUCTOR_ITERATIONS before draining the
169 // quarantine and swallowing the cache.
170 if (v < PTHREAD_DESTRUCTOR_ITERATIONS) {
171 pthread_setspecific(pkey, reinterpret_cast<void *>(v + 1));
172 return;
173 }
174 drainQuarantine();
175 getAllocator().DestroyCache(&Cache);
176 ThreadTornDown = true;
177 }
178
initInternal()179 static void initInternal() {
180 SanitizerToolName = "Scudo";
181 CHECK(!ScudoInitIsRunning && "Scudo init calls itself!");
182 ScudoInitIsRunning = true;
183
184 initFlags();
185
186 AllocatorOptions Options;
187 Options.setFrom(getFlags(), common_flags());
188 initAllocator(Options);
189
190 ScudoInitIsRunning = false;
191 }
192
initGlobal()193 static void initGlobal() {
194 pthread_key_create(&pkey, teardownThread);
195 initInternal();
196 }
197
initThread()198 static void NOINLINE initThread() {
199 pthread_once(&GlobalInited, initGlobal);
200 pthread_setspecific(pkey, reinterpret_cast<void *>(1));
201 getAllocator().InitCache(&Cache);
202 ThreadInited = true;
203 }
204
205 struct QuarantineCallback {
QuarantineCallback__scudo::QuarantineCallback206 explicit QuarantineCallback(AllocatorCache *Cache)
207 : Cache_(Cache) {}
208
209 // Chunk recycling function, returns a quarantined chunk to the backend.
Recycle__scudo::QuarantineCallback210 void Recycle(ScudoChunk *Chunk) {
211 UnpackedHeader Header;
212 Chunk->loadHeader(&Header);
213 if (Header.State != ChunkQuarantine) {
214 dieWithMessage("ERROR: invalid chunk state when recycling address %p\n",
215 Chunk);
216 }
217 void *Ptr = Chunk->AllocBeg(&Header);
218 getAllocator().Deallocate(Cache_, Ptr);
219 }
220
221 /// Internal quarantine allocation and deallocation functions.
Allocate__scudo::QuarantineCallback222 void *Allocate(uptr Size) {
223 // The internal quarantine memory cannot be protected by us. But the only
224 // structures allocated are QuarantineBatch, that are 8KB for x64. So we
225 // will use mmap for those, and given that Deallocate doesn't pass a size
226 // in, we enforce the size of the allocation to be sizeof(QuarantineBatch).
227 // TODO(kostyak): switching to mmap impacts greatly performances, we have
228 // to find another solution
229 // CHECK_EQ(Size, sizeof(QuarantineBatch));
230 // return MmapOrDie(Size, "QuarantineBatch");
231 return getAllocator().Allocate(Cache_, Size, 1, false);
232 }
233
Deallocate__scudo::QuarantineCallback234 void Deallocate(void *Ptr) {
235 // UnmapOrDie(Ptr, sizeof(QuarantineBatch));
236 getAllocator().Deallocate(Cache_, Ptr);
237 }
238
239 AllocatorCache *Cache_;
240 };
241
242 typedef Quarantine<QuarantineCallback, ScudoChunk> ScudoQuarantine;
243 typedef ScudoQuarantine::Cache QuarantineCache;
244 static thread_local QuarantineCache ThreadQuarantineCache;
245
setFrom(const Flags * f,const CommonFlags * cf)246 void AllocatorOptions::setFrom(const Flags *f, const CommonFlags *cf) {
247 MayReturnNull = cf->allocator_may_return_null;
248 QuarantineSizeMb = f->QuarantineSizeMb;
249 ThreadLocalQuarantineSizeKb = f->ThreadLocalQuarantineSizeKb;
250 DeallocationTypeMismatch = f->DeallocationTypeMismatch;
251 DeleteSizeMismatch = f->DeleteSizeMismatch;
252 ZeroContents = f->ZeroContents;
253 }
254
copyTo(Flags * f,CommonFlags * cf) const255 void AllocatorOptions::copyTo(Flags *f, CommonFlags *cf) const {
256 cf->allocator_may_return_null = MayReturnNull;
257 f->QuarantineSizeMb = QuarantineSizeMb;
258 f->ThreadLocalQuarantineSizeKb = ThreadLocalQuarantineSizeKb;
259 f->DeallocationTypeMismatch = DeallocationTypeMismatch;
260 f->DeleteSizeMismatch = DeleteSizeMismatch;
261 f->ZeroContents = ZeroContents;
262 }
263
264 struct Allocator {
265 static const uptr MaxAllowedMallocSize = 1ULL << 40;
266 static const uptr MinAlignment = 1 << MinAlignmentLog;
267 static const uptr MaxAlignment = 1 << MaxAlignmentLog; // 16 MB
268
269 ScudoAllocator BackendAllocator;
270 ScudoQuarantine AllocatorQuarantine;
271
272 // The fallback caches are used when the thread local caches have been
273 // 'detroyed' on thread tear-down. They are protected by a Mutex as they can
274 // be accessed by different threads.
275 StaticSpinMutex FallbackMutex;
276 AllocatorCache FallbackAllocatorCache;
277 QuarantineCache FallbackQuarantineCache;
278
279 bool DeallocationTypeMismatch;
280 bool ZeroContents;
281 bool DeleteSizeMismatch;
282
Allocator__scudo::Allocator283 explicit Allocator(LinkerInitialized)
284 : AllocatorQuarantine(LINKER_INITIALIZED),
285 FallbackQuarantineCache(LINKER_INITIALIZED) {}
286
init__scudo::Allocator287 void init(const AllocatorOptions &Options) {
288 // Currently SSE 4.2 support is required. This might change later.
289 CHECK(testCPUFeature(SSE4_2)); // for crc32
290
291 // Verify that the header offset field can hold the maximum offset. In the
292 // worst case scenario, the backend allocation is already aligned on
293 // MaxAlignment, so in order to store the header and still be aligned, we
294 // add an extra MaxAlignment. As a result, the offset from the beginning of
295 // the backend allocation to the chunk will be MaxAlignment -
296 // ChunkHeaderSize.
297 UnpackedHeader Header = {};
298 uptr MaximumOffset = (MaxAlignment - ChunkHeaderSize) >> MinAlignmentLog;
299 Header.Offset = MaximumOffset;
300 if (Header.Offset != MaximumOffset) {
301 dieWithMessage("ERROR: the maximum possible offset doesn't fit in the "
302 "header\n");
303 }
304
305 DeallocationTypeMismatch = Options.DeallocationTypeMismatch;
306 DeleteSizeMismatch = Options.DeleteSizeMismatch;
307 ZeroContents = Options.ZeroContents;
308 BackendAllocator.Init(Options.MayReturnNull);
309 AllocatorQuarantine.Init(static_cast<uptr>(Options.QuarantineSizeMb) << 20,
310 static_cast<uptr>(
311 Options.ThreadLocalQuarantineSizeKb) << 10);
312 BackendAllocator.InitCache(&FallbackAllocatorCache);
313 Cookie = Prng.Next();
314 }
315
316 // Allocates a chunk.
allocate__scudo::Allocator317 void *allocate(uptr Size, uptr Alignment, AllocType Type) {
318 if (UNLIKELY(!ThreadInited))
319 initThread();
320 if (!IsPowerOfTwo(Alignment)) {
321 dieWithMessage("ERROR: malloc alignment is not a power of 2\n");
322 }
323 if (Alignment > MaxAlignment)
324 return BackendAllocator.ReturnNullOrDie();
325 if (Alignment < MinAlignment)
326 Alignment = MinAlignment;
327 if (Size == 0)
328 Size = 1;
329 if (Size >= MaxAllowedMallocSize)
330 return BackendAllocator.ReturnNullOrDie();
331 uptr RoundedSize = RoundUpTo(Size, MinAlignment);
332 uptr ExtraBytes = ChunkHeaderSize;
333 if (Alignment > MinAlignment)
334 ExtraBytes += Alignment;
335 uptr NeededSize = RoundedSize + ExtraBytes;
336 if (NeededSize >= MaxAllowedMallocSize)
337 return BackendAllocator.ReturnNullOrDie();
338
339 void *Ptr;
340 if (LIKELY(!ThreadTornDown)) {
341 Ptr = BackendAllocator.Allocate(&Cache, NeededSize, MinAlignment);
342 } else {
343 SpinMutexLock l(&FallbackMutex);
344 Ptr = BackendAllocator.Allocate(&FallbackAllocatorCache, NeededSize,
345 MinAlignment);
346 }
347 if (!Ptr)
348 return BackendAllocator.ReturnNullOrDie();
349
350 // If requested, we will zero out the entire contents of the returned chunk.
351 if (ZeroContents && BackendAllocator.FromPrimary(Ptr))
352 memset(Ptr, 0, BackendAllocator.GetActuallyAllocatedSize(Ptr));
353
354 uptr AllocBeg = reinterpret_cast<uptr>(Ptr);
355 uptr ChunkBeg = AllocBeg + ChunkHeaderSize;
356 if (!IsAligned(ChunkBeg, Alignment))
357 ChunkBeg = RoundUpTo(ChunkBeg, Alignment);
358 CHECK_LE(ChunkBeg + Size, AllocBeg + NeededSize);
359 ScudoChunk *Chunk =
360 reinterpret_cast<ScudoChunk *>(ChunkBeg - ChunkHeaderSize);
361 UnpackedHeader Header = {};
362 Header.State = ChunkAllocated;
363 Header.Offset = (ChunkBeg - ChunkHeaderSize - AllocBeg) >> MinAlignmentLog;
364 Header.AllocType = Type;
365 Header.RequestedSize = Size;
366 Header.Salt = static_cast<u16>(Prng.Next());
367 Chunk->storeHeader(&Header);
368 void *UserPtr = reinterpret_cast<void *>(ChunkBeg);
369 // TODO(kostyak): hooks sound like a terrible idea security wise but might
370 // be needed for things to work properly?
371 // if (&__sanitizer_malloc_hook) __sanitizer_malloc_hook(UserPtr, Size);
372 return UserPtr;
373 }
374
375 // Deallocates a Chunk, which means adding it to the delayed free list (or
376 // Quarantine).
deallocate__scudo::Allocator377 void deallocate(void *UserPtr, uptr DeleteSize, AllocType Type) {
378 if (UNLIKELY(!ThreadInited))
379 initThread();
380 // TODO(kostyak): see hook comment above
381 // if (&__sanitizer_free_hook) __sanitizer_free_hook(UserPtr);
382 if (!UserPtr)
383 return;
384 uptr ChunkBeg = reinterpret_cast<uptr>(UserPtr);
385 if (!IsAligned(ChunkBeg, MinAlignment)) {
386 dieWithMessage("ERROR: attempted to deallocate a chunk not properly "
387 "aligned at address %p\n", UserPtr);
388 }
389 ScudoChunk *Chunk =
390 reinterpret_cast<ScudoChunk *>(ChunkBeg - ChunkHeaderSize);
391 UnpackedHeader OldHeader;
392 Chunk->loadHeader(&OldHeader);
393 if (OldHeader.State != ChunkAllocated) {
394 dieWithMessage("ERROR: invalid chunk state when deallocating address "
395 "%p\n", Chunk);
396 }
397 UnpackedHeader NewHeader = OldHeader;
398 NewHeader.State = ChunkQuarantine;
399 Chunk->compareExchangeHeader(&NewHeader, &OldHeader);
400 if (DeallocationTypeMismatch) {
401 // The deallocation type has to match the allocation one.
402 if (NewHeader.AllocType != Type) {
403 // With the exception of memalign'd Chunks, that can be still be free'd.
404 if (NewHeader.AllocType != FromMemalign || Type != FromMalloc) {
405 dieWithMessage("ERROR: allocation type mismatch on address %p\n",
406 Chunk);
407 }
408 }
409 }
410 uptr Size = NewHeader.RequestedSize;
411 if (DeleteSizeMismatch) {
412 if (DeleteSize && DeleteSize != Size) {
413 dieWithMessage("ERROR: invalid sized delete on chunk at address %p\n",
414 Chunk);
415 }
416 }
417 if (LIKELY(!ThreadTornDown)) {
418 AllocatorQuarantine.Put(&ThreadQuarantineCache,
419 QuarantineCallback(&Cache), Chunk, Size);
420 } else {
421 SpinMutexLock l(&FallbackMutex);
422 AllocatorQuarantine.Put(&FallbackQuarantineCache,
423 QuarantineCallback(&FallbackAllocatorCache),
424 Chunk, Size);
425 }
426 }
427
428 // Returns the actual usable size of a chunk. Since this requires loading the
429 // header, we will return it in the second parameter, as it can be required
430 // by the caller to perform additional processing.
getUsableSize__scudo::Allocator431 uptr getUsableSize(const void *Ptr, UnpackedHeader *Header) {
432 if (UNLIKELY(!ThreadInited))
433 initThread();
434 if (!Ptr)
435 return 0;
436 uptr ChunkBeg = reinterpret_cast<uptr>(Ptr);
437 ScudoChunk *Chunk =
438 reinterpret_cast<ScudoChunk *>(ChunkBeg - ChunkHeaderSize);
439 Chunk->loadHeader(Header);
440 // Getting the usable size of a chunk only makes sense if it's allocated.
441 if (Header->State != ChunkAllocated) {
442 dieWithMessage("ERROR: attempted to size a non-allocated chunk at "
443 "address %p\n", Chunk);
444 }
445 uptr Size =
446 BackendAllocator.GetActuallyAllocatedSize(Chunk->AllocBeg(Header));
447 // UsableSize works as malloc_usable_size, which is also what (AFAIU)
448 // tcmalloc's MallocExtension::GetAllocatedSize aims at providing. This
449 // means we will return the size of the chunk from the user beginning to
450 // the end of the 'user' allocation, hence us subtracting the header size
451 // and the offset from the size.
452 if (Size == 0)
453 return Size;
454 return Size - ChunkHeaderSize - (Header->Offset << MinAlignmentLog);
455 }
456
457 // Helper function that doesn't care about the header.
getUsableSize__scudo::Allocator458 uptr getUsableSize(const void *Ptr) {
459 UnpackedHeader Header;
460 return getUsableSize(Ptr, &Header);
461 }
462
463 // Reallocates a chunk. We can save on a new allocation if the new requested
464 // size still fits in the chunk.
reallocate__scudo::Allocator465 void *reallocate(void *OldPtr, uptr NewSize) {
466 if (UNLIKELY(!ThreadInited))
467 initThread();
468 UnpackedHeader OldHeader;
469 uptr Size = getUsableSize(OldPtr, &OldHeader);
470 uptr ChunkBeg = reinterpret_cast<uptr>(OldPtr);
471 ScudoChunk *Chunk =
472 reinterpret_cast<ScudoChunk *>(ChunkBeg - ChunkHeaderSize);
473 if (OldHeader.AllocType != FromMalloc) {
474 dieWithMessage("ERROR: invalid chunk type when reallocating address %p\n",
475 Chunk);
476 }
477 UnpackedHeader NewHeader = OldHeader;
478 // The new size still fits in the current chunk.
479 if (NewSize <= Size) {
480 NewHeader.RequestedSize = NewSize;
481 Chunk->compareExchangeHeader(&NewHeader, &OldHeader);
482 return OldPtr;
483 }
484 // Otherwise, we have to allocate a new chunk and copy the contents of the
485 // old one.
486 void *NewPtr = allocate(NewSize, MinAlignment, FromMalloc);
487 if (NewPtr) {
488 uptr OldSize = OldHeader.RequestedSize;
489 memcpy(NewPtr, OldPtr, Min(NewSize, OldSize));
490 NewHeader.State = ChunkQuarantine;
491 Chunk->compareExchangeHeader(&NewHeader, &OldHeader);
492 if (LIKELY(!ThreadTornDown)) {
493 AllocatorQuarantine.Put(&ThreadQuarantineCache,
494 QuarantineCallback(&Cache), Chunk, OldSize);
495 } else {
496 SpinMutexLock l(&FallbackMutex);
497 AllocatorQuarantine.Put(&FallbackQuarantineCache,
498 QuarantineCallback(&FallbackAllocatorCache),
499 Chunk, OldSize);
500 }
501 }
502 return NewPtr;
503 }
504
calloc__scudo::Allocator505 void *calloc(uptr NMemB, uptr Size) {
506 if (UNLIKELY(!ThreadInited))
507 initThread();
508 uptr Total = NMemB * Size;
509 if (Size != 0 && Total / Size != NMemB) // Overflow check
510 return BackendAllocator.ReturnNullOrDie();
511 void *Ptr = allocate(Total, MinAlignment, FromMalloc);
512 // If ZeroContents, the content of the chunk has already been zero'd out.
513 if (!ZeroContents && Ptr && BackendAllocator.FromPrimary(Ptr))
514 memset(Ptr, 0, getUsableSize(Ptr));
515 return Ptr;
516 }
517
drainQuarantine__scudo::Allocator518 void drainQuarantine() {
519 AllocatorQuarantine.Drain(&ThreadQuarantineCache,
520 QuarantineCallback(&Cache));
521 }
522 };
523
524 static Allocator Instance(LINKER_INITIALIZED);
525
getAllocator()526 static ScudoAllocator &getAllocator() {
527 return Instance.BackendAllocator;
528 }
529
initAllocator(const AllocatorOptions & Options)530 void initAllocator(const AllocatorOptions &Options) {
531 Instance.init(Options);
532 }
533
drainQuarantine()534 void drainQuarantine() {
535 Instance.drainQuarantine();
536 }
537
scudoMalloc(uptr Size,AllocType Type)538 void *scudoMalloc(uptr Size, AllocType Type) {
539 return Instance.allocate(Size, Allocator::MinAlignment, Type);
540 }
541
scudoFree(void * Ptr,AllocType Type)542 void scudoFree(void *Ptr, AllocType Type) {
543 Instance.deallocate(Ptr, 0, Type);
544 }
545
scudoSizedFree(void * Ptr,uptr Size,AllocType Type)546 void scudoSizedFree(void *Ptr, uptr Size, AllocType Type) {
547 Instance.deallocate(Ptr, Size, Type);
548 }
549
scudoRealloc(void * Ptr,uptr Size)550 void *scudoRealloc(void *Ptr, uptr Size) {
551 if (!Ptr)
552 return Instance.allocate(Size, Allocator::MinAlignment, FromMalloc);
553 if (Size == 0) {
554 Instance.deallocate(Ptr, 0, FromMalloc);
555 return nullptr;
556 }
557 return Instance.reallocate(Ptr, Size);
558 }
559
scudoCalloc(uptr NMemB,uptr Size)560 void *scudoCalloc(uptr NMemB, uptr Size) {
561 return Instance.calloc(NMemB, Size);
562 }
563
scudoValloc(uptr Size)564 void *scudoValloc(uptr Size) {
565 return Instance.allocate(Size, GetPageSizeCached(), FromMemalign);
566 }
567
scudoMemalign(uptr Alignment,uptr Size)568 void *scudoMemalign(uptr Alignment, uptr Size) {
569 return Instance.allocate(Size, Alignment, FromMemalign);
570 }
571
scudoPvalloc(uptr Size)572 void *scudoPvalloc(uptr Size) {
573 uptr PageSize = GetPageSizeCached();
574 Size = RoundUpTo(Size, PageSize);
575 if (Size == 0) {
576 // pvalloc(0) should allocate one page.
577 Size = PageSize;
578 }
579 return Instance.allocate(Size, PageSize, FromMemalign);
580 }
581
scudoPosixMemalign(void ** MemPtr,uptr Alignment,uptr Size)582 int scudoPosixMemalign(void **MemPtr, uptr Alignment, uptr Size) {
583 *MemPtr = Instance.allocate(Size, Alignment, FromMemalign);
584 return 0;
585 }
586
scudoAlignedAlloc(uptr Alignment,uptr Size)587 void *scudoAlignedAlloc(uptr Alignment, uptr Size) {
588 // size must be a multiple of the alignment. To avoid a division, we first
589 // make sure that alignment is a power of 2.
590 CHECK(IsPowerOfTwo(Alignment));
591 CHECK_EQ((Size & (Alignment - 1)), 0);
592 return Instance.allocate(Size, Alignment, FromMalloc);
593 }
594
scudoMallocUsableSize(void * Ptr)595 uptr scudoMallocUsableSize(void *Ptr) {
596 return Instance.getUsableSize(Ptr);
597 }
598
599 } // namespace __scudo
600
601 using namespace __scudo;
602
603 // MallocExtension helper functions
604
__sanitizer_get_current_allocated_bytes()605 uptr __sanitizer_get_current_allocated_bytes() {
606 uptr stats[AllocatorStatCount];
607 getAllocator().GetStats(stats);
608 return stats[AllocatorStatAllocated];
609 }
610
__sanitizer_get_heap_size()611 uptr __sanitizer_get_heap_size() {
612 uptr stats[AllocatorStatCount];
613 getAllocator().GetStats(stats);
614 return stats[AllocatorStatMapped];
615 }
616
__sanitizer_get_free_bytes()617 uptr __sanitizer_get_free_bytes() {
618 return 1;
619 }
620
__sanitizer_get_unmapped_bytes()621 uptr __sanitizer_get_unmapped_bytes() {
622 return 1;
623 }
624
__sanitizer_get_estimated_allocated_size(uptr size)625 uptr __sanitizer_get_estimated_allocated_size(uptr size) {
626 return size;
627 }
628
__sanitizer_get_ownership(const void * p)629 int __sanitizer_get_ownership(const void *p) {
630 return Instance.getUsableSize(p) != 0;
631 }
632
__sanitizer_get_allocated_size(const void * p)633 uptr __sanitizer_get_allocated_size(const void *p) {
634 return Instance.getUsableSize(p);
635 }
636