1 | /* |
2 | * Copyright (C) 2010 Apple Inc. All rights reserved. |
3 | * |
4 | * Redistribution and use in source and binary forms, with or without |
5 | * modification, are permitted provided that the following conditions |
6 | * are met: |
7 | * 1. Redistributions of source code must retain the above copyright |
8 | * notice, this list of conditions and the following disclaimer. |
9 | * 2. Redistributions in binary form must reproduce the above copyright |
10 | * notice, this list of conditions and the following disclaimer in the |
11 | * documentation and/or other materials provided with the distribution. |
12 | * |
13 | * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' |
14 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, |
15 | * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
16 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS |
17 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
18 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
19 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
20 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
21 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
22 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF |
23 | * THE POSSIBILITY OF SUCH DAMAGE. |
24 | */ |
25 | |
26 | #include "config.h" |
27 | #include "OSAllocator.h" |
28 | |
29 | #if OS(UNIX) |
30 | |
31 | #include <cstdlib> |
32 | |
33 | #include "PageAllocation.h" |
34 | #include <dlfcn.h> |
35 | #include <errno.h> |
36 | #include <sys/mman.h> |
37 | #include <wtf/Assertions.h> |
38 | #include <wtf/UnusedParam.h> |
39 | |
40 | #if OS(LINUX) |
41 | #include <sys/syscall.h> |
42 | #ifndef MFD_CLOEXEC |
43 | #define MFD_CLOEXEC 0x0001U |
44 | #endif |
45 | #endif |
46 | |
47 | #if defined(__ANDROID__) && defined(SYS_memfd_create) |
48 | // On Android it's been observed that permissions of memory mappings |
49 | // backed by a memfd could not be changed via mprotect for no obvious |
50 | // reason. |
51 | # undef SYS_memfd_create |
52 | #endif |
53 | |
54 | namespace WTF { |
55 | |
56 | #ifdef SYS_memfd_create |
57 | static int memfdForUsage(size_t bytes, OSAllocator::Usage usage) |
58 | { |
59 | const char *type = "unknown-usage:" ; |
60 | switch (usage) { |
61 | case OSAllocator::UnknownUsage: |
62 | break; |
63 | case OSAllocator::FastMallocPages: |
64 | type = "fastmalloc:" ; |
65 | break; |
66 | case OSAllocator::JSGCHeapPages: |
67 | type = "JSGCHeap:" ; |
68 | break; |
69 | case OSAllocator::JSVMStackPages: |
70 | type = "JSVMStack:" ; |
71 | break; |
72 | case OSAllocator::JSJITCodePages: |
73 | type = "JITCode:" ; |
74 | break; |
75 | } |
76 | |
77 | char buf[PATH_MAX]; |
78 | strcpy(dest: buf, src: type); |
79 | strcat(dest: buf, src: "QtQml" ); |
80 | |
81 | int fd = syscall(SYS_memfd_create, buf, MFD_CLOEXEC); |
82 | if (fd != -1) { |
83 | if (ftruncate(fd: fd, length: bytes) == 0) |
84 | return fd; |
85 | } |
86 | close(fd: fd); |
87 | return -1; |
88 | } |
89 | #elif OS(LINUX) |
90 | static int memfdForUsage(size_t bytes, OSAllocator::Usage usage) |
91 | { |
92 | UNUSED_PARAM(bytes); |
93 | UNUSED_PARAM(usage); |
94 | return -1; |
95 | } |
96 | #endif |
97 | |
98 | void* OSAllocator::reserveUncommitted(size_t bytes, Usage usage, bool writable, bool executable) |
99 | { |
100 | #if OS(QNX) |
101 | // Reserve memory with PROT_NONE and MAP_LAZY so it isn't committed now. |
102 | void* result = mmap(0, bytes, PROT_NONE, MAP_LAZY | MAP_PRIVATE | MAP_ANON, -1, 0); |
103 | if (result == MAP_FAILED) |
104 | CRASH(); |
105 | #elif OS(LINUX) |
106 | UNUSED_PARAM(writable); |
107 | UNUSED_PARAM(executable); |
108 | int fd = memfdForUsage(bytes, usage); |
109 | |
110 | void* result = mmap(addr: 0, len: bytes, PROT_NONE, MAP_NORESERVE | MAP_PRIVATE | |
111 | (fd == -1 ? MAP_ANON : 0), fd: fd, offset: 0); |
112 | if (result == MAP_FAILED) |
113 | CRASH(); |
114 | madvise(addr: result, len: bytes, MADV_DONTNEED); |
115 | |
116 | if (fd != -1) |
117 | close(fd: fd); |
118 | #else |
119 | void* result = reserveAndCommit(bytes, usage, writable, executable); |
120 | #if HAVE(MADV_FREE_REUSE) |
121 | // To support the "reserve then commit" model, we have to initially decommit. |
122 | while (madvise(result, bytes, MADV_FREE_REUSABLE) == -1 && errno == EAGAIN) { } |
123 | #endif |
124 | |
125 | #endif // OS(QNX) |
126 | |
127 | return result; |
128 | } |
129 | |
130 | void* OSAllocator::reserveAndCommit(size_t bytes, Usage usage, bool writable, bool executable, bool includesGuardPages) |
131 | { |
132 | // All POSIX reservations start out logically committed. |
133 | int protection = PROT_READ; |
134 | if (writable) |
135 | protection |= PROT_WRITE; |
136 | if (executable) |
137 | protection |= PROT_EXEC; |
138 | |
139 | int flags = MAP_PRIVATE | MAP_ANON; |
140 | #if PLATFORM(IOS) |
141 | if (executable) |
142 | flags |= MAP_JIT; |
143 | #endif |
144 | |
145 | #if OS(DARWIN) |
146 | int fd = usage; |
147 | #elif OS(LINUX) |
148 | int fd = memfdForUsage(bytes, usage); |
149 | if (fd != -1) |
150 | flags &= ~MAP_ANON; |
151 | #else |
152 | UNUSED_PARAM(usage); |
153 | int fd = -1; |
154 | #endif |
155 | |
156 | void* result = 0; |
157 | #if (OS(DARWIN) && CPU(X86_64)) |
158 | if (executable) { |
159 | ASSERT(includesGuardPages); |
160 | // Cook up an address to allocate at, using the following recipe: |
161 | // 17 bits of zero, stay in userspace kids. |
162 | // 26 bits of randomness for ASLR. |
163 | // 21 bits of zero, at least stay aligned within one level of the pagetables. |
164 | // |
165 | // But! - as a temporary workaround for some plugin problems (rdar://problem/6812854), |
166 | // for now instead of 2^26 bits of ASLR lets stick with 25 bits of randomization plus |
167 | // 2^24, which should put up somewhere in the middle of userspace (in the address range |
168 | // 0x200000000000 .. 0x5fffffffffff). |
169 | intptr_t randomLocation = 0; |
170 | randomLocation = arc4random() & ((1 << 25) - 1); |
171 | randomLocation += (1 << 24); |
172 | randomLocation <<= 21; |
173 | result = reinterpret_cast<void*>(randomLocation); |
174 | } |
175 | #endif |
176 | |
177 | result = mmap(addr: result, len: bytes, prot: protection, flags: flags, fd: fd, offset: 0); |
178 | if (result == MAP_FAILED) { |
179 | #if ENABLE(LLINT) |
180 | if (executable) |
181 | result = 0; |
182 | else |
183 | #endif |
184 | CRASH(); |
185 | } |
186 | if (result && includesGuardPages) { |
187 | // We use mmap to remap the guardpages rather than using mprotect as |
188 | // mprotect results in multiple references to the code region. This |
189 | // breaks the madvise based mechanism we use to return physical memory |
190 | // to the OS. |
191 | mmap(addr: result, len: pageSize(), PROT_NONE, MAP_FIXED | MAP_PRIVATE | MAP_ANON, fd: fd, offset: 0); |
192 | mmap(addr: static_cast<char*>(result) + bytes - pageSize(), len: pageSize(), PROT_NONE, MAP_FIXED | MAP_PRIVATE | MAP_ANON, fd: fd, offset: 0); |
193 | } |
194 | |
195 | #if OS(LINUX) |
196 | if (fd != -1) |
197 | close(fd: fd); |
198 | #endif |
199 | |
200 | return result; |
201 | } |
202 | |
203 | void OSAllocator::commit(void* address, size_t bytes, bool writable, bool executable) |
204 | { |
205 | #if OS(QNX) |
206 | int protection = PROT_READ; |
207 | if (writable) |
208 | protection |= PROT_WRITE; |
209 | if (executable) |
210 | protection |= PROT_EXEC; |
211 | if (MAP_FAILED == mmap(address, bytes, protection, MAP_FIXED | MAP_PRIVATE | MAP_ANON, -1, 0)) |
212 | CRASH(); |
213 | #elif OS(LINUX) |
214 | int protection = PROT_READ; |
215 | if (writable) |
216 | protection |= PROT_WRITE; |
217 | if (executable) |
218 | protection |= PROT_EXEC; |
219 | if (mprotect(addr: address, len: bytes, prot: protection)) |
220 | CRASH(); |
221 | madvise(addr: address, len: bytes, MADV_WILLNEED); |
222 | #elif HAVE(MADV_FREE_REUSE) |
223 | UNUSED_PARAM(writable); |
224 | UNUSED_PARAM(executable); |
225 | while (madvise(address, bytes, MADV_FREE_REUSE) == -1 && errno == EAGAIN) { } |
226 | #else |
227 | // Non-MADV_FREE_REUSE reservations automatically commit on demand. |
228 | UNUSED_PARAM(address); |
229 | UNUSED_PARAM(bytes); |
230 | UNUSED_PARAM(writable); |
231 | UNUSED_PARAM(executable); |
232 | #endif |
233 | } |
234 | |
235 | void OSAllocator::decommit(void* address, size_t bytes) |
236 | { |
237 | #if OS(QNX) |
238 | // Use PROT_NONE and MAP_LAZY to decommit the pages. |
239 | mmap(address, bytes, PROT_NONE, MAP_FIXED | MAP_LAZY | MAP_PRIVATE | MAP_ANON, -1, 0); |
240 | #elif OS(LINUX) |
241 | madvise(addr: address, len: bytes, MADV_DONTNEED); |
242 | if (mprotect(addr: address, len: bytes, PROT_NONE)) |
243 | CRASH(); |
244 | #elif HAVE(MADV_FREE_REUSE) |
245 | while (madvise(address, bytes, MADV_FREE_REUSABLE) == -1 && errno == EAGAIN) { } |
246 | #elif HAVE(MADV_FREE) |
247 | while (madvise(address, bytes, MADV_FREE) == -1 && errno == EAGAIN) { } |
248 | #elif HAVE(MADV_DONTNEED) |
249 | while (madvise(address, bytes, MADV_DONTNEED) == -1 && errno == EAGAIN) { } |
250 | #else |
251 | UNUSED_PARAM(address); |
252 | UNUSED_PARAM(bytes); |
253 | #endif |
254 | } |
255 | |
256 | void OSAllocator::releaseDecommitted(void* address, size_t bytes) |
257 | { |
258 | int result = munmap(addr: address, len: bytes); |
259 | if (result == -1) |
260 | CRASH(); |
261 | } |
262 | |
263 | bool OSAllocator::canAllocateExecutableMemory() |
264 | { |
265 | int flags = MAP_PRIVATE | MAP_ANON; |
266 | #if PLATFORM(IOS) |
267 | if (executable) |
268 | flags |= MAP_JIT; |
269 | #endif |
270 | const auto size = pageSize(); |
271 | void *testPage = mmap(addr: nullptr, len: size, PROT_READ | PROT_WRITE | PROT_EXEC, flags: flags, /*fd*/-1, /*offset*/0); |
272 | if (testPage == MAP_FAILED) |
273 | return false; |
274 | munmap(addr: testPage, len: size); |
275 | return true; |
276 | } |
277 | |
278 | } // namespace WTF |
279 | |
280 | #endif // OS(UNIX) |
281 | |