don't set errno in free

Submitted by Natanael Copa on Jan. 21, 2021, 3:50 p.m.

Details

Message ID 20210121165000.61205767@ncopa-desktop.lan
State New
Series "don't set errno in free"
Headers show

Commit Message

Natanael Copa Jan. 21, 2021, 3:50 p.m.
On Thu, 21 Jan 2021 09:02:40 -0500
"Alex Xu (Hello71)" <alex_y_xu@yahoo.ca> wrote:

> busybox echo fails if free sets errno, which madvise does on old
> kernels.
> ---
>  src/malloc/mallocng/free.c | 14 ++++++++++++--
>  1 file changed, 12 insertions(+), 2 deletions(-)
> 
> diff --git a/src/malloc/mallocng/free.c b/src/malloc/mallocng/free.c
> index 40745f97..82836815 100644
> --- a/src/malloc/mallocng/free.c
> +++ b/src/malloc/mallocng/free.c
> @@ -119,7 +119,13 @@ void free(void *p)
>  	if (((uintptr_t)(start-1) ^ (uintptr_t)end) >= 2*PGSZ && g->last_idx) {
>  		unsigned char *base = start + (-(uintptr_t)start & (PGSZ-1));
>  		size_t len = (end-base) & -PGSZ;
> -		if (len) madvise(base, len, MADV_FREE);
> +		if (len) {
> +			// madvise(..., MADV_FREE) returns -EINVAL on old kernels
> +			// POSIX.1-202x requires free() to not modify errno on success
> +			int e = errno;
> +			madvise(base, len, MADV_FREE);
> +			errno = e;
> +		}
>  	}

I think we should save the errno early and make sure its restored on
exit of the function. you should also include <errno.h>. I suggest
something like:



(looks like there are used names like errno_save, and old_errno in the code as well)

>  
>  	// atomic free without locking if this is neither first or last slot
> @@ -139,5 +145,9 @@ void free(void *p)
>  	wrlock();
>  	struct mapinfo mi = nontrivial_free(g, idx);
>  	unlock();
> -	if (mi.len) munmap(mi.base, mi.len);
> +	// POSIX.1-202x requires free() to not modify errno on success
> +	// munmap should succeed but no harm checking it again
> +	if (mi.len)
> +		if (munmap(mi.base, mi.len))
> +			a_crash();
>  }

This should go into separate commit.

-nc

Patch hide | download patch | download mbox

diff --git a/src/malloc/mallocng/free.c b/src/malloc/mallocng/free.c
index 40745f97..77bed88b 100644
--- a/src/malloc/mallocng/free.c
+++ b/src/malloc/mallocng/free.c
@@ -1,6 +1,7 @@ 
 #define _BSD_SOURCE
 #include <stdlib.h>
 #include <sys/mman.h>
+#include <errno.h>
 
 #include "meta.h"
 
@@ -102,6 +103,7 @@  void free(void *p)
 {
        if (!p) return;
 
+       int orig_errno = errno;
        struct meta *g = get_meta(p);
        int idx = get_slot_index(p);
        size_t stride = get_stride(g);
@@ -133,11 +135,13 @@  void free(void *p)
                        g->freed_mask = freed+self;
                else if (a_cas(&g->freed_mask, freed, freed+self)!=freed)
                        continue;
-               return;
+               goto out;
        }
 
        wrlock();
        struct mapinfo mi = nontrivial_free(g, idx);
        unlock();
        if (mi.len) munmap(mi.base, mi.len);
+out:
+       errno = orig_errno;
 }

Comments

Rich Felker Jan. 21, 2021, 4:18 p.m.
On Thu, Jan 21, 2021 at 04:50:00PM +0100, Natanael Copa wrote:
> On Thu, 21 Jan 2021 09:02:40 -0500
> "Alex Xu (Hello71)" <alex_y_xu@yahoo.ca> wrote:
> 
> > busybox echo fails if free sets errno, which madvise does on old
> > kernels.
> > ---
> >  src/malloc/mallocng/free.c | 14 ++++++++++++--
> >  1 file changed, 12 insertions(+), 2 deletions(-)
> > 
> > diff --git a/src/malloc/mallocng/free.c b/src/malloc/mallocng/free.c
> > index 40745f97..82836815 100644
> > --- a/src/malloc/mallocng/free.c
> > +++ b/src/malloc/mallocng/free.c
> > @@ -119,7 +119,13 @@ void free(void *p)
> >  	if (((uintptr_t)(start-1) ^ (uintptr_t)end) >= 2*PGSZ && g->last_idx) {
> >  		unsigned char *base = start + (-(uintptr_t)start & (PGSZ-1));
> >  		size_t len = (end-base) & -PGSZ;
> > -		if (len) madvise(base, len, MADV_FREE);
> > +		if (len) {
> > +			// madvise(..., MADV_FREE) returns -EINVAL on old kernels
> > +			// POSIX.1-202x requires free() to not modify errno on success
> > +			int e = errno;
> > +			madvise(base, len, MADV_FREE);
> > +			errno = e;
> > +		}
> >  	}
> 
> I think we should save the errno early and make sure its restored on
> exit of the function. you should also include <errno.h>. I suggest
> something like:
> 
> diff --git a/src/malloc/mallocng/free.c b/src/malloc/mallocng/free.c
> index 40745f97..77bed88b 100644
> --- a/src/malloc/mallocng/free.c
> +++ b/src/malloc/mallocng/free.c
> @@ -1,6 +1,7 @@
>  #define _BSD_SOURCE
>  #include <stdlib.h>
>  #include <sys/mman.h>
> +#include <errno.h>
>  
>  #include "meta.h"
>  
> @@ -102,6 +103,7 @@ void free(void *p)
>  {
>         if (!p) return;
>  
> +       int orig_errno = errno;

This is much costlier. It puts the TLS access (faulting and emulating
on old MIPS) in the path that runs on every call.

Rich
Florian Weimer Jan. 21, 2021, 4:20 p.m.
* Rich Felker:

> This is much costlier. It puts the TLS access (faulting and emulating
> on old MIPS) in the path that runs on every call.

It's also a significant hit on certain modern AArch64 variants, which is
a bit sad.

Thanks,
Florian
Natanael Copa Jan. 21, 2021, 4:31 p.m.
On Thu, 21 Jan 2021 11:18:08 -0500
Rich Felker <dalias@libc.org> wrote:

> On Thu, Jan 21, 2021 at 04:50:00PM +0100, Natanael Copa wrote:
> > On Thu, 21 Jan 2021 09:02:40 -0500
> > "Alex Xu (Hello71)" <alex_y_xu@yahoo.ca> wrote:
> >   
> > > busybox echo fails if free sets errno, which madvise does on old
> > > kernels.
> > > ---
> > >  src/malloc/mallocng/free.c | 14 ++++++++++++--
> > >  1 file changed, 12 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/src/malloc/mallocng/free.c b/src/malloc/mallocng/free.c
> > > index 40745f97..82836815 100644
> > > --- a/src/malloc/mallocng/free.c
> > > +++ b/src/malloc/mallocng/free.c
> > > @@ -119,7 +119,13 @@ void free(void *p)
> > >  	if (((uintptr_t)(start-1) ^ (uintptr_t)end) >= 2*PGSZ && g->last_idx) {
> > >  		unsigned char *base = start + (-(uintptr_t)start & (PGSZ-1));
> > >  		size_t len = (end-base) & -PGSZ;
> > > -		if (len) madvise(base, len, MADV_FREE);
> > > +		if (len) {
> > > +			// madvise(..., MADV_FREE) returns -EINVAL on old kernels
> > > +			// POSIX.1-202x requires free() to not modify errno on success
> > > +			int e = errno;
> > > +			madvise(base, len, MADV_FREE);
> > > +			errno = e;
> > > +		}
> > >  	}  
> > 
> > I think we should save the errno early and make sure its restored on
> > exit of the function. you should also include <errno.h>. I suggest
> > something like:
> > 
> > diff --git a/src/malloc/mallocng/free.c b/src/malloc/mallocng/free.c
> > index 40745f97..77bed88b 100644
> > --- a/src/malloc/mallocng/free.c
> > +++ b/src/malloc/mallocng/free.c
> > @@ -1,6 +1,7 @@
> >  #define _BSD_SOURCE
> >  #include <stdlib.h>
> >  #include <sys/mman.h>
> > +#include <errno.h>
> >  
> >  #include "meta.h"
> >  
> > @@ -102,6 +103,7 @@ void free(void *p)
> >  {
> >         if (!p) return;
> >  
> > +       int orig_errno = errno;  
> 
> This is much costlier. It puts the TLS access (faulting and emulating
> on old MIPS) in the path that runs on every call.

I didn't think about that. The original suggestion is better then.

Thanks!

-nc

> 
> Rich