From 0ad006ecd56f1beb68fe20405c68748c50e2259b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 30 Dec 2008 07:44:52 +0000 Subject: Remove mprotecting of struct dir_info introduced in previous commit (MALLOC_OPTIONS=L). It was too slow to turn on by default, and we don't do optional security. requested by deraadt@ grumbling ok otto@ --- lib/libc/stdlib/malloc.c | 39 ++------------------------------------- 1 file changed, 2 insertions(+), 37 deletions(-) (limited to 'lib/libc/stdlib/malloc.c') diff --git a/lib/libc/stdlib/malloc.c b/lib/libc/stdlib/malloc.c index e15a64ac723..3d2e3dd29af 100644 --- a/lib/libc/stdlib/malloc.c +++ b/lib/libc/stdlib/malloc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: malloc.c,v 1.112 2008/12/29 22:25:50 djm Exp $ */ +/* $OpenBSD: malloc.c,v 1.113 2008/12/30 07:44:51 djm Exp $ */ /* * Copyright (c) 2008 Otto Moerbeek * @@ -88,23 +88,6 @@ #define MMAPA(a,sz) mmap((a), (size_t)(sz), PROT_READ | PROT_WRITE, \ MAP_ANON | MAP_PRIVATE, -1, (off_t) 0) -/* Protect and unprotect g_pool structure as we enter/exit the allocator */ -#define DIR_INFO_RSZ ((sizeof(struct dir_info) + PAGE_MASK) & ~PAGE_MASK) -#define PROTECT_G_POOL() \ - do { \ - if (g_pool != NULL && mopts.malloc_poolprot) { \ - mprotect((void *)((uintptr_t)g_pool & ~PAGE_MASK), \ - DIR_INFO_RSZ, PROT_NONE); \ - } \ - } while (0) -#define UNPROTECT_G_POOL() \ - do { \ - if (g_pool != NULL && mopts.malloc_poolprot) { \ - mprotect((void *)((uintptr_t)g_pool & ~PAGE_MASK), \ - DIR_INFO_RSZ, PROT_READ | PROT_WRITE); \ - } \ - } while (0) - struct region_info { void *p; /* page; low bits used to mark chunks */ uintptr_t size; /* size for pages, or chunk_info pointer */ @@ -142,7 +125,7 @@ struct dir_info { #endif /* MALLOC_STATS */ u_int32_t canary2; }; - +#define DIR_INFO_RSZ ((sizeof(struct dir_info) + PAGE_MASK) & ~PAGE_MASK) /* * This structure describes a page worth of chunks. @@ -165,7 +148,6 @@ struct chunk_info { struct malloc_readonly { struct dir_info *g_pool; /* Main bookkeeping information */ int malloc_abort; /* abort() on error */ - int malloc_poolprot; /* mprotect heap PROT_NONE? */ int malloc_freeprot; /* mprotect free pages PROT_NONE? */ int malloc_hint; /* call madvice on free pages? */ int malloc_junk; /* junk fill? */ @@ -653,12 +635,6 @@ omalloc_init(struct dir_info **dp) case 'J': mopts.malloc_junk = 1; break; - case 'l': - mopts.malloc_poolprot = 0; - break; - case 'L': - mopts.malloc_poolprot = 1; - break; case 'n': case 'N': break; @@ -1214,7 +1190,6 @@ malloc_recurse(void) wrterror("recursive call"); } malloc_active--; - PROTECT_G_POOL(); _MALLOC_UNLOCK(); errno = EDEADLK; } @@ -1223,7 +1198,6 @@ static void malloc_global_corrupt(void) { wrterror("global malloc data corrupt"); - PROTECT_G_POOL(); _MALLOC_UNLOCK(); errno = EINVAL; } @@ -1248,7 +1222,6 @@ malloc(size_t size) int saved_errno = errno; _MALLOC_LOCK(); - UNPROTECT_G_POOL(); malloc_func = " in malloc():"; if (g_pool == NULL) { if (malloc_init() != 0) @@ -1260,7 +1233,6 @@ malloc(size_t size) } r = omalloc(size, mopts.malloc_zero); malloc_active--; - PROTECT_G_POOL(); _MALLOC_UNLOCK(); if (r == NULL && mopts.malloc_xmalloc) { wrterror("out of memory"); @@ -1349,7 +1321,6 @@ free(void *ptr) return; _MALLOC_LOCK(); - UNPROTECT_G_POOL(); malloc_func = " in free():"; if (g_pool == NULL) { _MALLOC_UNLOCK(); @@ -1362,7 +1333,6 @@ free(void *ptr) } ofree(ptr); malloc_active--; - PROTECT_G_POOL(); _MALLOC_UNLOCK(); errno = saved_errno; } @@ -1466,7 +1436,6 @@ realloc(void *ptr, size_t size) int saved_errno = errno; _MALLOC_LOCK(); - UNPROTECT_G_POOL(); malloc_func = " in realloc():"; if (g_pool == NULL) { if (malloc_init() != 0) @@ -1479,7 +1448,6 @@ realloc(void *ptr, size_t size) r = orealloc(ptr, size); malloc_active--; - PROTECT_G_POOL(); _MALLOC_UNLOCK(); if (r == NULL && mopts.malloc_xmalloc) { wrterror("out of memory"); @@ -1500,7 +1468,6 @@ calloc(size_t nmemb, size_t size) int saved_errno = errno; _MALLOC_LOCK(); - UNPROTECT_G_POOL(); malloc_func = " in calloc():"; if (g_pool == NULL) { if (malloc_init() != 0) @@ -1508,7 +1475,6 @@ calloc(size_t nmemb, size_t size) } if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && nmemb > 0 && SIZE_MAX / nmemb < size) { - PROTECT_G_POOL(); _MALLOC_UNLOCK(); if (mopts.malloc_xmalloc) wrterror("out of memory"); @@ -1525,7 +1491,6 @@ calloc(size_t nmemb, size_t size) r = omalloc(size, 1); malloc_active--; - PROTECT_G_POOL(); _MALLOC_UNLOCK(); if (r == NULL && mopts.malloc_xmalloc) { wrterror("out of memory"); -- cgit v1.2.3