mailing list of musl libc
 help / color / mirror / Atom feed
* [musl] [PATCH] don't set errno in free
       [not found] <20210121140240.83405-1-alex_y_xu.ref@yahoo.ca>
@ 2021-01-21 14:02 ` Alex Xu (Hello71)
  2021-01-21 15:50   ` Natanael Copa
  2021-01-21 16:27   ` Rich Felker
  0 siblings, 2 replies; 6+ messages in thread
From: Alex Xu (Hello71) @ 2021-01-21 14:02 UTC (permalink / raw)
  To: musl; +Cc: Alex Xu (Hello71)

busybox echo fails if free sets errno, which madvise does on old
kernels.
---
 src/malloc/mallocng/free.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/malloc/mallocng/free.c b/src/malloc/mallocng/free.c
index 40745f97..82836815 100644
--- a/src/malloc/mallocng/free.c
+++ b/src/malloc/mallocng/free.c
@@ -119,7 +119,13 @@ void free(void *p)
 	if (((uintptr_t)(start-1) ^ (uintptr_t)end) >= 2*PGSZ && g->last_idx) {
 		unsigned char *base = start + (-(uintptr_t)start & (PGSZ-1));
 		size_t len = (end-base) & -PGSZ;
-		if (len) madvise(base, len, MADV_FREE);
+		if (len) {
+			// madvise(..., MADV_FREE) returns -EINVAL on old kernels
+			// POSIX.1-202x requires free() to not modify errno on success
+			int e = errno;
+			madvise(base, len, MADV_FREE);
+			errno = e;
+		}
 	}
 
 	// atomic free without locking if this is neither first or last slot
@@ -139,5 +145,9 @@ void free(void *p)
 	wrlock();
 	struct mapinfo mi = nontrivial_free(g, idx);
 	unlock();
-	if (mi.len) munmap(mi.base, mi.len);
+	// POSIX.1-202x requires free() to not modify errno on success
+	// munmap should succeed but no harm checking it again
+	if (mi.len)
+		if (munmap(mi.base, mi.len))
+			a_crash();
 }
-- 
2.30.0


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [musl] [PATCH] don't set errno in free
  2021-01-21 14:02 ` [musl] [PATCH] don't set errno in free Alex Xu (Hello71)
@ 2021-01-21 15:50   ` Natanael Copa
  2021-01-21 16:18     ` Rich Felker
  2021-01-21 16:27   ` Rich Felker
  1 sibling, 1 reply; 6+ messages in thread
From: Natanael Copa @ 2021-01-21 15:50 UTC (permalink / raw)
  To: Alex Xu (Hello71); +Cc: musl

On Thu, 21 Jan 2021 09:02:40 -0500
"Alex Xu (Hello71)" <alex_y_xu@yahoo.ca> wrote:

> busybox echo fails if free sets errno, which madvise does on old
> kernels.
> ---
>  src/malloc/mallocng/free.c | 14 ++++++++++++--
>  1 file changed, 12 insertions(+), 2 deletions(-)
> 
> diff --git a/src/malloc/mallocng/free.c b/src/malloc/mallocng/free.c
> index 40745f97..82836815 100644
> --- a/src/malloc/mallocng/free.c
> +++ b/src/malloc/mallocng/free.c
> @@ -119,7 +119,13 @@ void free(void *p)
>  	if (((uintptr_t)(start-1) ^ (uintptr_t)end) >= 2*PGSZ && g->last_idx) {
>  		unsigned char *base = start + (-(uintptr_t)start & (PGSZ-1));
>  		size_t len = (end-base) & -PGSZ;
> -		if (len) madvise(base, len, MADV_FREE);
> +		if (len) {
> +			// madvise(..., MADV_FREE) returns -EINVAL on old kernels
> +			// POSIX.1-202x requires free() to not modify errno on success
> +			int e = errno;
> +			madvise(base, len, MADV_FREE);
> +			errno = e;
> +		}
>  	}

I think we should save the errno early and make sure its restored on
exit of the function. you should also include <errno.h>. I suggest
something like:

diff --git a/src/malloc/mallocng/free.c b/src/malloc/mallocng/free.c
index 40745f97..77bed88b 100644
--- a/src/malloc/mallocng/free.c
+++ b/src/malloc/mallocng/free.c
@@ -1,6 +1,7 @@
 #define _BSD_SOURCE
 #include <stdlib.h>
 #include <sys/mman.h>
+#include <errno.h>
 
 #include "meta.h"
 
@@ -102,6 +103,7 @@ void free(void *p)
 {
        if (!p) return;
 
+       int orig_errno = errno;
        struct meta *g = get_meta(p);
        int idx = get_slot_index(p);
        size_t stride = get_stride(g);
@@ -133,11 +135,13 @@ void free(void *p)
                        g->freed_mask = freed+self;
                else if (a_cas(&g->freed_mask, freed, freed+self)!=freed)
                        continue;
-               return;
+               goto out;
        }
 
        wrlock();
        struct mapinfo mi = nontrivial_free(g, idx);
        unlock();
        if (mi.len) munmap(mi.base, mi.len);
+out:
+       errno = orig_errno;
 }


(looks like there are used names like errno_save, and old_errno in the code as well)

>  
>  	// atomic free without locking if this is neither first or last slot
> @@ -139,5 +145,9 @@ void free(void *p)
>  	wrlock();
>  	struct mapinfo mi = nontrivial_free(g, idx);
>  	unlock();
> -	if (mi.len) munmap(mi.base, mi.len);
> +	// POSIX.1-202x requires free() to not modify errno on success
> +	// munmap should succeed but no harm checking it again
> +	if (mi.len)
> +		if (munmap(mi.base, mi.len))
> +			a_crash();
>  }

This should go into separate commit.

-nc

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [musl] [PATCH] don't set errno in free
  2021-01-21 15:50   ` Natanael Copa
@ 2021-01-21 16:18     ` Rich Felker
  2021-01-21 16:20       ` Florian Weimer
  2021-01-21 16:31       ` Natanael Copa
  0 siblings, 2 replies; 6+ messages in thread
From: Rich Felker @ 2021-01-21 16:18 UTC (permalink / raw)
  To: Natanael Copa; +Cc: Alex Xu (Hello71), musl

On Thu, Jan 21, 2021 at 04:50:00PM +0100, Natanael Copa wrote:
> On Thu, 21 Jan 2021 09:02:40 -0500
> "Alex Xu (Hello71)" <alex_y_xu@yahoo.ca> wrote:
> 
> > busybox echo fails if free sets errno, which madvise does on old
> > kernels.
> > ---
> >  src/malloc/mallocng/free.c | 14 ++++++++++++--
> >  1 file changed, 12 insertions(+), 2 deletions(-)
> > 
> > diff --git a/src/malloc/mallocng/free.c b/src/malloc/mallocng/free.c
> > index 40745f97..82836815 100644
> > --- a/src/malloc/mallocng/free.c
> > +++ b/src/malloc/mallocng/free.c
> > @@ -119,7 +119,13 @@ void free(void *p)
> >  	if (((uintptr_t)(start-1) ^ (uintptr_t)end) >= 2*PGSZ && g->last_idx) {
> >  		unsigned char *base = start + (-(uintptr_t)start & (PGSZ-1));
> >  		size_t len = (end-base) & -PGSZ;
> > -		if (len) madvise(base, len, MADV_FREE);
> > +		if (len) {
> > +			// madvise(..., MADV_FREE) returns -EINVAL on old kernels
> > +			// POSIX.1-202x requires free() to not modify errno on success
> > +			int e = errno;
> > +			madvise(base, len, MADV_FREE);
> > +			errno = e;
> > +		}
> >  	}
> 
> I think we should save the errno early and make sure its restored on
> exit of the function. you should also include <errno.h>. I suggest
> something like:
> 
> diff --git a/src/malloc/mallocng/free.c b/src/malloc/mallocng/free.c
> index 40745f97..77bed88b 100644
> --- a/src/malloc/mallocng/free.c
> +++ b/src/malloc/mallocng/free.c
> @@ -1,6 +1,7 @@
>  #define _BSD_SOURCE
>  #include <stdlib.h>
>  #include <sys/mman.h>
> +#include <errno.h>
>  
>  #include "meta.h"
>  
> @@ -102,6 +103,7 @@ void free(void *p)
>  {
>         if (!p) return;
>  
> +       int orig_errno = errno;

This is much costlier. It puts the TLS access (faulting and emulating
on old MIPS) in the path that runs on every call.

Rich

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [musl] [PATCH] don't set errno in free
  2021-01-21 16:18     ` Rich Felker
@ 2021-01-21 16:20       ` Florian Weimer
  2021-01-21 16:31       ` Natanael Copa
  1 sibling, 0 replies; 6+ messages in thread
From: Florian Weimer @ 2021-01-21 16:20 UTC (permalink / raw)
  To: Rich Felker; +Cc: Natanael Copa, musl, Alex Xu (Hello71)

* Rich Felker:

> This is much costlier. It puts the TLS access (faulting and emulating
> on old MIPS) in the path that runs on every call.

It's also a significant hit on certain modern AArch64 variants, which is
a bit sad.

Thanks,
Florian
-- 
Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [musl] [PATCH] don't set errno in free
  2021-01-21 14:02 ` [musl] [PATCH] don't set errno in free Alex Xu (Hello71)
  2021-01-21 15:50   ` Natanael Copa
@ 2021-01-21 16:27   ` Rich Felker
  1 sibling, 0 replies; 6+ messages in thread
From: Rich Felker @ 2021-01-21 16:27 UTC (permalink / raw)
  To: Alex Xu (Hello71); +Cc: musl

On Thu, Jan 21, 2021 at 09:02:40AM -0500, Alex Xu (Hello71) wrote:
> busybox echo fails if free sets errno, which madvise does on old
> kernels.
> ---
>  src/malloc/mallocng/free.c | 14 ++++++++++++--
>  1 file changed, 12 insertions(+), 2 deletions(-)
> 
> diff --git a/src/malloc/mallocng/free.c b/src/malloc/mallocng/free.c
> index 40745f97..82836815 100644
> --- a/src/malloc/mallocng/free.c
> +++ b/src/malloc/mallocng/free.c
> @@ -119,7 +119,13 @@ void free(void *p)
>  	if (((uintptr_t)(start-1) ^ (uintptr_t)end) >= 2*PGSZ && g->last_idx) {
>  		unsigned char *base = start + (-(uintptr_t)start & (PGSZ-1));
>  		size_t len = (end-base) & -PGSZ;
> -		if (len) madvise(base, len, MADV_FREE);
> +		if (len) {
> +			// madvise(..., MADV_FREE) returns -EINVAL on old kernels
> +			// POSIX.1-202x requires free() to not modify errno on success
> +			int e = errno;
> +			madvise(base, len, MADV_FREE);
> +			errno = e;
> +		}
>  	}

glue.h is already responsible for wiring up madvise appropriately
(namespace-safe), so we could just change it to make a raw syscall
instead of the function call to __madvise. This would be slightly less
costly at runtime, but is kinda non-obvious to the reader (especially
if the name is retained) and not as friendly to using mallocng
standalone outside musl.

>  	// atomic free without locking if this is neither first or last slot
> @@ -139,5 +145,9 @@ void free(void *p)
>  	wrlock();
>  	struct mapinfo mi = nontrivial_free(g, idx);
>  	unlock();
> -	if (mi.len) munmap(mi.base, mi.len);
> +	// POSIX.1-202x requires free() to not modify errno on success
> +	// munmap should succeed but no harm checking it again
> +	if (mi.len)
> +		if (munmap(mi.base, mi.len))
> +			a_crash();
>  }
> -- 
> 2.30.0

This is utterly wrong and will crash correct programs. Unmapping
memory can create 2 (temporarily 3) VMAs from one, thereby exceeding
the VMA limit and failing. In this case you have to just accept the
memory leak; you can't kill the valid program because the kernel is
incapable of handling its request in a way that doesn't waste memory.

You also can't do a raw syscall here, because munmap must wait for the
vmlock. So some additional work to save/restore errno is needed, or
else we need to expose a non-errno-using version of __munmap and use
it.

Rich

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [musl] [PATCH] don't set errno in free
  2021-01-21 16:18     ` Rich Felker
  2021-01-21 16:20       ` Florian Weimer
@ 2021-01-21 16:31       ` Natanael Copa
  1 sibling, 0 replies; 6+ messages in thread
From: Natanael Copa @ 2021-01-21 16:31 UTC (permalink / raw)
  To: Rich Felker; +Cc: musl, Alex Xu (Hello71)

On Thu, 21 Jan 2021 11:18:08 -0500
Rich Felker <dalias@libc.org> wrote:

> On Thu, Jan 21, 2021 at 04:50:00PM +0100, Natanael Copa wrote:
> > On Thu, 21 Jan 2021 09:02:40 -0500
> > "Alex Xu (Hello71)" <alex_y_xu@yahoo.ca> wrote:
> >   
> > > busybox echo fails if free sets errno, which madvise does on old
> > > kernels.
> > > ---
> > >  src/malloc/mallocng/free.c | 14 ++++++++++++--
> > >  1 file changed, 12 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/src/malloc/mallocng/free.c b/src/malloc/mallocng/free.c
> > > index 40745f97..82836815 100644
> > > --- a/src/malloc/mallocng/free.c
> > > +++ b/src/malloc/mallocng/free.c
> > > @@ -119,7 +119,13 @@ void free(void *p)
> > >  	if (((uintptr_t)(start-1) ^ (uintptr_t)end) >= 2*PGSZ && g->last_idx) {
> > >  		unsigned char *base = start + (-(uintptr_t)start & (PGSZ-1));
> > >  		size_t len = (end-base) & -PGSZ;
> > > -		if (len) madvise(base, len, MADV_FREE);
> > > +		if (len) {
> > > +			// madvise(..., MADV_FREE) returns -EINVAL on old kernels
> > > +			// POSIX.1-202x requires free() to not modify errno on success
> > > +			int e = errno;
> > > +			madvise(base, len, MADV_FREE);
> > > +			errno = e;
> > > +		}
> > >  	}  
> > 
> > I think we should save the errno early and make sure its restored on
> > exit of the function. you should also include <errno.h>. I suggest
> > something like:
> > 
> > diff --git a/src/malloc/mallocng/free.c b/src/malloc/mallocng/free.c
> > index 40745f97..77bed88b 100644
> > --- a/src/malloc/mallocng/free.c
> > +++ b/src/malloc/mallocng/free.c
> > @@ -1,6 +1,7 @@
> >  #define _BSD_SOURCE
> >  #include <stdlib.h>
> >  #include <sys/mman.h>
> > +#include <errno.h>
> >  
> >  #include "meta.h"
> >  
> > @@ -102,6 +103,7 @@ void free(void *p)
> >  {
> >         if (!p) return;
> >  
> > +       int orig_errno = errno;  
> 
> This is much costlier. It puts the TLS access (faulting and emulating
> on old MIPS) in the path that runs on every call.

I didn't think about that. The original suggestion is better then.

Thanks!

-nc

> 
> Rich


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2021-01-21 16:32 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <20210121140240.83405-1-alex_y_xu.ref@yahoo.ca>
2021-01-21 14:02 ` [musl] [PATCH] don't set errno in free Alex Xu (Hello71)
2021-01-21 15:50   ` Natanael Copa
2021-01-21 16:18     ` Rich Felker
2021-01-21 16:20       ` Florian Weimer
2021-01-21 16:31       ` Natanael Copa
2021-01-21 16:27   ` Rich Felker

mailing list of musl libc

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.vuxu.org/musl

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 musl musl/ http://inbox.vuxu.org/musl \
		musl@inbox.vuxu.org
	public-inbox-index musl

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.musl


code repositories for the project(s) associated with this inbox:

	https://git.vuxu.org/mirror/musl/

AGPL code for this site: git clone https://public-inbox.org/public-inbox.git