33cb9de...
by
Szabolcs Nagy <email address hidden>
cheri: malloc: exact capability check in free/realloc
Capability narrowing uses a lookup table from an address to the
internally used wide capability. Keep the narrow capability in the
table instead of just the address and check it. This allows free
and realloc to check their input and only accept capabilities
exactly matching what was returned by malloc.
When a user adds restrictions on top of malloc returned capabilities
(e.g. narrower bounds), realloc could bypass those restrictions when
it simply looked up the internal wide capability for the address.
47e61ba...
by
Szabolcs Nagy <email address hidden>
Once the kernel starts providing a VDSO, old binaries should continue
to work (without using the new VDSO). For this we set the vdso to 0
independently of auxv, otherwise glibc attempts to load it even if the
target has no vdso symbols specified and the load can crash since the
setup code is not purecap compatible.
b63904f...
by
Szabolcs Nagy <email address hidden>
807b692...
by
Szabolcs Nagy <email address hidden>
cheri: malloc: Use memcpy for obstack internal copy
Internally obstack used a backward word at a time copy. This can be
an aliasing violation and likely slower than memcpy on most targets.
The code is a badly written memcpy with performance issues such as
the h->object_base indirection cannot be hoisted out of the loop.
On CHERI architecture this is needed for copying pointers correctly.
bbce0c7...
by
Szabolcs Nagy <email address hidden>
cheri: malloc: Fix realloc to copy all relevant bytes
New code in realloc that handles when new allocation is needed for
alignment reasons (for capability narrowing) used the wrong size in
memcpy (size was off by SIZE_SZ unless memory tagging was enabled)
and used wrongly tagged pointer for untagging the old memory.
Due to this bug realloc sometimes failed to copy tail bytes of an old
allocation to the new allocation when capability narrowing is enabled.
dc23cc8...
by
Szabolcs Nagy <email address hidden>
cheri: malloc: Set fixed mmap_threshold for capability narrowing
Capability narrowing requires extra alignment for large allocations,
this can cause significant heap fragmentation so ensure large
allocations use a single mmap and unmaped on free. The fragmentation
is bug 14581.
This patch disables dynamic mmap threshold when cap_narrowing is
enabled and uses a threshold of 256 kbytes on morello (which means
at most 64 byte alignment requirement on the heap). The dynamic
threshold could quickly grow very big and stay there making the
fragmentation issue common.
da7a5b5...
by
Szabolcs Nagy <email address hidden>
cheri: malloc: Set __always_fail_morecore
Morello linux does not support brk syscall, so fail early in the malloc
implementation instead of trying to use the syscall which always fails.
7701243...
by
Szabolcs Nagy <email address hidden>
which changed a ptrdiff_t struct member into a union of ptrdiff_t and a
pointer and thus changed the ABI on targets where ptrdiff_t and pointer
have different size or alignment. This affects CHERI targets.
Old versions of obstack are used in the wild and conflict with the one
provided by glibc so at least on CHERI targets it has to be bumped.
On other targets we don't bump the version as it changes compile time
behaviour (the ABI remains backward compatible either way).
ae90dd1...
by
Szabolcs Nagy <email address hidden>
morello: Provide documentation about the morello port.