search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix permissions handling (CVE-2010-0825).
[emacs.git] / src / vm-limit.c
bloba5b07eb50da0229253b266d913f5364bbf17d9cf
1 /* Functions for memory limit warnings.
2 Copyright (C) 1990, 1992, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
3 2008, 2009, 2010 Free Software Foundation, Inc.
4
5 This file is part of GNU Emacs.
6
7 GNU Emacs is free software: you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation, either version 3 of the License, or
10 (at your option) any later version.
11
12 GNU Emacs is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>. */
19
20 #ifdef emacs
21 #include <config.h>
22 #include <setjmp.h>
23 #include "lisp.h"
24 #endif
25
26 #ifndef emacs
27 #include <stddef.h>
28 typedef size_t SIZE;
29 typedef void *POINTER;
30 #define EXCEEDS_LISP_PTR(x) 0
31 #endif
32
33 #include "mem-limits.h"
34
35 #ifdef HAVE_GETRLIMIT
36 #include <sys/resource.h>
37 #endif
38
39 /*
40 Level number of warnings already issued.
41 0 -- no warnings issued.
42 1 -- 75% warning already issued.
43 2 -- 85% warning already issued.
44 3 -- 95% warning issued; keep warning frequently.
45 */
46 enum warnlevel { not_warned, warned_75, warned_85, warned_95 };
47
48 static enum warnlevel warnlevel;
49
50 /* Function to call to issue a warning;
51 0 means don't issue them. */
52 static void (*warn_function) ();
53
54 /* Start of data space; can be changed by calling malloc_init. */
55 static POINTER data_space_start;
56
57 /* Number of bytes of writable memory we can expect to be able to get. */
58 static unsigned long lim_data;
59 \f
60
61 #ifdef NO_LIM_DATA
62 static void
63 get_lim_data ()
64 {
65 lim_data = -1;
66 }
67 #else /* not NO_LIM_DATA */
68
69 #if defined (HAVE_GETRLIMIT) && defined (RLIMIT_AS)
70 static void
71 get_lim_data ()
72 {
73 struct rlimit rlimit;
74
75 getrlimit (RLIMIT_AS, &rlimit);
76 if (rlimit.rlim_cur == RLIM_INFINITY)
77 lim_data = -1;
78 else
79 lim_data = rlimit.rlim_cur;
80 }
81
82 #else /* not HAVE_GETRLIMIT */
83
84 #ifdef USG
85
86 static void
87 get_lim_data ()
88 {
89 extern long ulimit ();
90
91 lim_data = -1;
92
93 /* Use the ulimit call, if we seem to have it. */
94 #if !defined (ULIMIT_BREAK_VALUE) || defined (GNU_LINUX)
95 lim_data = ulimit (3, 0);
96 #endif
97
98 /* If that didn't work, just use the macro's value. */
99 #ifdef ULIMIT_BREAK_VALUE
100 if (lim_data == -1)
101 lim_data = ULIMIT_BREAK_VALUE;
102 #endif
103
104 lim_data -= (long) data_space_start;
105 }
106
107 #else /* not USG */
108 #ifdef WINDOWSNT
109
110 static void
111 get_lim_data ()
112 {
113 extern unsigned long reserved_heap_size;
114 lim_data = reserved_heap_size;
115 }
116
117 #else
118 #if !defined (BSD4_2) && !defined (__osf__)
119
120 #ifdef MSDOS
121 void
122 get_lim_data ()
123 {
124 _go32_dpmi_meminfo info;
125 unsigned long lim1, lim2;
126
127 _go32_dpmi_get_free_memory_information (&info);
128 /* DPMI server of Windows NT and its descendants reports in
129 info.available_memory a much lower amount that is really
130 available, which causes bogus "past 95% of memory limit"
131 warnings. Try to overcome that via circumstantial evidence. */
132 lim1 = info.available_memory;
133 lim2 = info.available_physical_pages;
134 /* DPMI Spec: "Fields that are unavailable will hold -1." */
135 if ((long)lim1 == -1L)
136 lim1 = 0;
137 if ((long)lim2 == -1L)
138 lim2 = 0;
139 else
140 lim2 *= 4096;
141 /* Surely, the available memory is at least what we have physically
142 available, right? */
143 if (lim1 >= lim2)
144 lim_data = lim1;
145 else
146 lim_data = lim2;
147 /* Don't believe they will give us more that 0.5 GB. */
148 if (lim_data > 512U * 1024U * 1024U)
149 lim_data = 512U * 1024U * 1024U;
150 }
151
152 unsigned long
153 ret_lim_data ()
154 {
155 get_lim_data ();
156 return lim_data;
157 }
158 #else /* not MSDOS */
159 static void
160 get_lim_data ()
161 {
162 lim_data = vlimit (LIM_DATA, -1);
163 }
164 #endif /* not MSDOS */
165
166 #else /* BSD4_2 */
167
168 static void
169 get_lim_data ()
170 {
171 struct rlimit XXrlimit;
172
173 getrlimit (RLIMIT_DATA, &XXrlimit);
174 #ifdef RLIM_INFINITY
175 lim_data = XXrlimit.rlim_cur & RLIM_INFINITY; /* soft limit */
176 #else
177 lim_data = XXrlimit.rlim_cur; /* soft limit */
178 #endif
179 }
180 #endif /* BSD4_2 */
181 #endif /* not WINDOWSNT */
182 #endif /* not USG */
183 #endif /* not HAVE_GETRLIMIT */
184 #endif /* not NO_LIM_DATA */
185 \f
186 /* Verify amount of memory available, complaining if we're near the end. */
187
188 static void
189 check_memory_limits ()
190 {
191 #ifdef REL_ALLOC
192 extern POINTER (*real_morecore) ();
193 #endif
194 extern POINTER (*__morecore) ();
195
196 register POINTER cp;
197 unsigned long five_percent;
198 unsigned long data_size;
199 enum warnlevel new_warnlevel;
200
201 if (lim_data == 0)
202 get_lim_data ();
203 five_percent = lim_data / 20;
204
205 /* Find current end of memory and issue warning if getting near max */
206 #ifdef REL_ALLOC
207 if (real_morecore)
208 cp = (char *) (*real_morecore) (0);
209 else
210 #endif
211 cp = (char *) (*__morecore) (0);
212 data_size = (char *) cp - (char *) data_space_start;
213
214 if (!warn_function)
215 return;
216
217 /* What level of warning does current memory usage demand? */
218 new_warnlevel
219 = (data_size > five_percent * 19) ? warned_95
220 : (data_size > five_percent * 17) ? warned_85
221 : (data_size > five_percent * 15) ? warned_75
222 : not_warned;
223
224 /* If we have gone up a level, give the appropriate warning. */
225 if (new_warnlevel > warnlevel || new_warnlevel == warned_95)
226 {
227 warnlevel = new_warnlevel;
228 switch (warnlevel)
229 {
230 case warned_75:
231 (*warn_function) ("Warning: past 75% of memory limit");
232 break;
233
234 case warned_85:
235 (*warn_function) ("Warning: past 85% of memory limit");
236 break;
237
238 case warned_95:
239 (*warn_function) ("Warning: past 95% of memory limit");
240 }
241 }
242 /* Handle going down in usage levels, with some hysteresis. */
243 else
244 {
245 /* If we go down below 70% full, issue another 75% warning
246 when we go up again. */
247 if (data_size < five_percent * 14)
248 warnlevel = not_warned;
249 /* If we go down below 80% full, issue another 85% warning
250 when we go up again. */
251 else if (warnlevel > warned_75 && data_size < five_percent * 16)
252 warnlevel = warned_75;
253 /* If we go down below 90% full, issue another 95% warning
254 when we go up again. */
255 else if (warnlevel > warned_85 && data_size < five_percent * 18)
256 warnlevel = warned_85;
257 }
258
259 if (EXCEEDS_LISP_PTR (cp))
260 (*warn_function) ("Warning: memory in use exceeds lisp pointer size");
261 }
262 \f
263 /* Enable memory usage warnings.
264 START says where the end of pure storage is.
265 WARNFUN specifies the function to call to issue a warning. */
266
267 void
268 memory_warnings (start, warnfun)
269 POINTER start;
270 void (*warnfun) ();
271 {
272 extern void (* __after_morecore_hook) (); /* From gmalloc.c */
273
274 if (start)
275 data_space_start = start;
276 else
277 data_space_start = start_of_data ();
278
279 warn_function = warnfun;
280 __after_morecore_hook = check_memory_limits;
281
282 /* Force data limit to be recalculated on each run. */
283 lim_data = 0;
284 }
285
286 /* arch-tag: eab04eda-1f69-447a-8d9f-95f0a3983ca5
287 (do not change this comment) */
Emacs repository mirror