| blob | ba8964928ee157a53983c8701106df94819c920d |
1 /* -*- mode: C; c-basic-offset: 3; -*- */
3 /*--------------------------------------------------------------------*/
4 /*--- The address space manager: segment initialisation and ---*/
5 /*--- tracking, stack operations ---*/
6 /*--- ---*/
7 /*--- Implementation for Linux, Darwin, Solaris and FreeBSD ---*/
8 /*--------------------------------------------------------------------*/
10 /*
11 This file is part of Valgrind, a dynamic binary instrumentation
12 framework.
14 Copyright (C) 2000-2017 Julian Seward
15 jseward@acm.org
17 This program is free software; you can redistribute it and/or
18 modify it under the terms of the GNU General Public License as
19 published by the Free Software Foundation; either version 2 of the
20 License, or (at your option) any later version.
22 This program is distributed in the hope that it will be useful, but
23 WITHOUT ANY WARRANTY; without even the implied warranty of
24 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
25 General Public License for more details.
27 You should have received a copy of the GNU General Public License
28 along with this program; if not, see <http://www.gnu.org/licenses/>.
30 The GNU General Public License is contained in the file COPYING.
31 */
33 #if defined(VGO_linux) || defined(VGO_darwin) || defined(VGO_solaris) || defined(VGO_freebsd)
35 /* *************************************************************
36 DO NOT INCLUDE ANY OTHER FILES HERE.
37 ADD NEW INCLUDES ONLY TO priv_aspacemgr.h
38 AND THEN ONLY AFTER READING DIRE WARNINGS THERE TOO.
39 ************************************************************* */
45 /* Note: many of the exported functions implemented below are
46 described more fully in comments in pub_core_aspacemgr.h.
47 */
50 /*-----------------------------------------------------------------*/
51 /*--- ---*/
52 /*--- Overview. ---*/
53 /*--- ---*/
54 /*-----------------------------------------------------------------*/
56 /* Purpose
57 ~~~~~~~
58 The purpose of the address space manager (aspacem) is:
60 (1) to record the disposition of all parts of the process' address
61 space at all times.
63 (2) to the extent that it can, influence layout in ways favourable
64 to our purposes.
66 It is important to appreciate that whilst it can and does attempt
67 to influence layout, and usually succeeds, it isn't possible to
68 impose absolute control: in the end, the kernel is the final
69 arbiter, and can always bounce our requests.
71 Strategy
72 ~~~~~~~~
73 The strategy is therefore as follows:
75 * Track ownership of mappings. Each one can belong either to
76 Valgrind or to the client.
78 * Try to place the client's fixed and hinted mappings at the
79 requested addresses. Fixed mappings are allowed anywhere except
80 in areas reserved by Valgrind; the client can trash its own
81 mappings if it wants. Hinted mappings are allowed providing they
82 fall entirely in free areas; if not, they will be placed by
83 aspacem in a free area.
85 * Anonymous mappings are allocated so as to keep Valgrind and
86 client areas widely separated when possible. If address space
87 runs low, then they may become intermingled: aspacem will attempt
88 to use all possible space. But under most circumstances lack of
89 address space is not a problem and so the areas will remain far
90 apart.
92 Searches for client space start at aspacem_cStart and will wrap
93 around the end of the available space if needed. Searches for
94 Valgrind space start at aspacem_vStart and will also wrap around.
95 Because aspacem_cStart is approximately at the start of the
96 available space and aspacem_vStart is approximately in the
97 middle, for the most part the client anonymous mappings will be
98 clustered towards the start of available space, and Valgrind ones
99 in the middle.
101 On Solaris, searches for client space start at (aspacem_vStart - 1)
102 and for Valgrind space start at (aspacem_maxAddr - 1) and go backwards.
103 This simulates what kernel does - brk limit grows from bottom and mmap'ed
104 objects from top. It is in contrary with Linux where data segment
105 and mmap'ed objects grow from bottom (leading to early data segment
106 exhaustion for tools which do not use m_replacemalloc). While Linux glibc
107 can cope with this problem by employing mmap, Solaris libc treats inability
108 to grow brk limit as a hard failure.
110 The available space is delimited by aspacem_minAddr and
111 aspacem_maxAddr. aspacem is flexible and can operate with these
112 at any (sane) setting. For 32-bit Linux, aspacem_minAddr is set
113 to some low-ish value at startup (64M) and aspacem_maxAddr is
114 derived from the stack pointer at system startup. This seems a
115 reliable way to establish the initial boundaries.
116 A command line option allows to change the value of aspacem_minAddr,
117 so as to allow memory hungry applications to use the lowest
118 part of the memory.
120 64-bit Linux is similar except for the important detail that the
121 upper boundary is set to 64G. The reason is so that all
122 anonymous mappings (basically all client data areas) are kept
123 below 64G, since that is the maximum range that memcheck can
124 track shadow memory using a fast 2-level sparse array. It can go
125 beyond that but runs much more slowly. The 64G limit is
126 arbitrary and is trivially changed. So, with the current
127 settings, programs on 64-bit Linux will appear to run out of
128 address space and presumably fail at the 64G limit. Given the
129 considerable space overhead of Memcheck, that means you should be
130 able to memcheckify programs that use up to about 32G natively.
132 Note that the aspacem_minAddr/aspacem_maxAddr limits apply only to
133 anonymous mappings. The client can still do fixed and hinted maps
134 at any addresses provided they do not overlap Valgrind's segments.
135 This makes Valgrind able to load prelinked .so's at their requested
136 addresses on 64-bit platforms, even if they are very high (eg,
137 112TB).
139 At startup, aspacem establishes the usable limits, and advises
140 m_main to place the client stack at the top of the range, which on
141 a 32-bit machine will be just below the real initial stack. One
142 effect of this is that self-hosting sort-of works, because an inner
143 valgrind will then place its client's stack just below its own
144 initial stack.
146 The segment array and segment kinds
147 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
148 The central data structure is the segment array (segments[0
149 .. nsegments_used-1]). This covers the entire address space in
150 order, giving account of every byte of it. Free spaces are
151 represented explicitly as this makes many operations simpler.
152 Mergeable adjacent segments are aggressively merged so as to create
153 a "normalised" representation (preen_nsegments).
155 There are 7 (mutually-exclusive) segment kinds, the meaning of
156 which is important:
158 SkFree: a free space, which may be allocated either to Valgrind (V)
159 or the client (C).
161 SkAnonC: an anonymous mapping belonging to C. For these, aspacem
162 tracks a boolean indicating whether or not is is part of the
163 client's heap area (can't remember why).
165 SkFileC: a file mapping belonging to C.
167 SkShmC: a shared memory segment belonging to C.
169 SkAnonV: an anonymous mapping belonging to V. These cover all V's
170 dynamic memory needs, including non-client malloc/free areas,
171 shadow memory, and the translation cache.
173 SkFileV: a file mapping belonging to V. As far as I know these are
174 only created transiently for the purposes of reading debug info.
176 SkResvn: a reservation segment.
178 These are mostly straightforward. Reservation segments have some
179 subtlety, however.
181 A reservation segment is unmapped from the kernel's point of view,
182 but is an area in which aspacem will not create anonymous maps
183 (either Vs or Cs). The idea is that we will try to keep it clear
184 when the choice to do so is ours. Reservation segments are
185 'invisible' from the client's point of view: it may choose to park
186 a fixed mapping in the middle of one, and that's just tough -- we
187 can't do anything about that. From the client's perspective
188 reservations are semantically equivalent to (although
189 distinguishable from, if it makes enquiries) free areas.
191 Reservations are a primitive mechanism provided for whatever
192 purposes the rest of the system wants. Currently they are used to
193 reserve the expansion space into which a growdown stack is
194 expanded, and into which the data segment is extended. Note,
195 though, those uses are entirely external to this module, which only
196 supplies the primitives.
198 Reservations may be shrunk in order that an adjoining anonymous
199 mapping may be extended. This makes dataseg/stack expansion work.
200 A reservation may not be shrunk below one page.
202 The advise/notify concept
203 ~~~~~~~~~~~~~~~~~~~~~~~~~
204 All mmap-related calls must be routed via aspacem. Calling
205 sys_mmap directly from the rest of the system is very dangerous
206 because aspacem's data structures will become out of date.
208 The fundamental mode of operation of aspacem is to support client
209 mmaps. Here's what happens (in ML_(generic_PRE_sys_mmap)):
211 * m_syswrap intercepts the mmap call. It examines the parameters
212 and identifies the requested placement constraints. There are
213 three possibilities: no constraint (MAny), hinted (MHint, "I
214 prefer X but will accept anything"), and fixed (MFixed, "X or
215 nothing").
217 * This request is passed to VG_(am_get_advisory). This decides on
218 a placement as described in detail in Strategy above. It may
219 also indicate that the map should fail, because it would trash
220 one of Valgrind's areas, which would probably kill the system.
222 * Control returns to the wrapper. If VG_(am_get_advisory) has
223 declared that the map should fail, then it must be made to do so.
224 Usually, though, the request is considered acceptable, in which
225 case an "advised" address is supplied. The advised address
226 replaces the original address supplied by the client, and
227 MAP_FIXED is set.
229 Note at this point that although aspacem has been asked for
230 advice on where to place the mapping, no commitment has yet been
231 made by either it or the kernel.
233 * The adjusted request is handed off to the kernel.
235 * The kernel's result is examined. If the map succeeded, aspacem
236 is told of the outcome (VG_(am_notify_client_mmap)), so it can
237 update its records accordingly.
239 This then is the central advise-notify idiom for handling client
240 mmap/munmap/mprotect/shmat:
242 * ask aspacem for an advised placement (or a veto)
244 * if not vetoed, hand request to kernel, using the advised placement
246 * examine result, and if successful, notify aspacem of the result.
248 There are also many convenience functions, eg
249 VG_(am_mmap_anon_fixed_client), which do both phases entirely within
250 aspacem.
252 To debug all this, a sync-checker is provided. It reads
253 /proc/self/maps, compares what it sees with aspacem's records, and
254 complains if there is a difference. --sanity-level=3 runs it before
255 and after each syscall, which is a powerful, if slow way of finding
256 buggy syscall wrappers.
258 Loss of pointercheck
259 ~~~~~~~~~~~~~~~~~~~~
260 Up to and including Valgrind 2.4.1, x86 segmentation was used to
261 enforce separation of V and C, so that wild writes by C could not
262 trash V. This got called "pointercheck". Unfortunately, the new
263 more flexible memory layout, plus the need to be portable across
264 different architectures, means doing this in hardware is no longer
265 viable, and doing it in software is expensive. So at the moment we
266 don't do it at all.
267 */
270 /*-----------------------------------------------------------------*/
271 /*--- ---*/
272 /*--- The Address Space Manager's state. ---*/
273 /*--- ---*/
274 /*-----------------------------------------------------------------*/
276 /* ------ start of STATE for the address-space manager ------ */
278 /* Max number of segments we can track. On Android, virtual address
279 space is limited, so keep a low limit -- 5000 x sizef(NSegment) is
280 360KB. */
281 #if defined(VGPV_arm_linux_android) \
282 || defined(VGPV_x86_linux_android) \
283 || defined(VGPV_mips32_linux_android) \
284 || defined(VGPV_arm64_linux_android)
285 # define VG_N_SEGMENTS 5000
286 #else
287 # define VG_N_SEGMENTS 30000
288 #endif
290 /* Array [0 .. nsegments_used-1] of all mappings. */
291 /* Sorted by .addr field. */
292 /* I: len may not be zero. */
293 /* I: overlapping segments are not allowed. */
294 /* I: the segments cover the entire address space precisely. */
295 /* Each segment can optionally hold an index into the filename table. */
300 #define Addr_MIN ((Addr)0)
301 #define Addr_MAX ((Addr)(-1ULL))
303 /* Limits etc */
307 #if defined(VGO_linux)
309 #elif defined(VGO_darwin)
310 # if VG_WORDSIZE == 4
312 # else
314 # endif
315 #elif defined(VGO_solaris)
317 #elif defined(VGO_freebsd)
319 #else
320 #endif
323 // The smallest address that aspacem will try to allocate
326 // The largest address that aspacem will try to allocate
329 // Where aspacem will start looking for client space
332 // Where aspacem will start looking for Valgrind space
336 #define AM_SANITY_CHECK \
337 do { \
338 if (VG_(clo_sanity_level) >= 3) \
339 aspacem_assert(VG_(am_do_sync_check) \
340 (__PRETTY_FUNCTION__,__FILE__,__LINE__)); \
341 } while (0)
343 /* ------ end of STATE for the address-space manager ------ */
345 /* ------ Forwards decls ------ */
346 inline
354 );
356 /* ----- Hacks to do with the "commpage" on arm-linux ----- */
357 /* Not that I have anything against the commpage per se. It's just
358 that it's not listed in /proc/self/maps, which is a royal PITA --
359 we have to fake it up, in parse_procselfmaps.
361 But note also bug 254556 comment #2: this is now fixed in newer
362 kernels -- it is listed as a "[vectors]" entry. Presumably the
363 fake entry made here duplicates the [vectors] entry, and so, if at
364 some point in the future, we can stop supporting buggy kernels,
365 then this kludge can be removed entirely, since the procmap parser
366 below will read that entry in the normal way. */
367 #if defined(VGP_arm_linux)
368 # define ARM_LINUX_FAKE_COMMPAGE_START 0xFFFF0000
369 # define ARM_LINUX_FAKE_COMMPAGE_END1 0xFFFF1000
370 #endif
372 #if !defined(VKI_MAP_STACK)
373 /* this is only defined for FreeBSD
374 * for readability, define it to 0
375 * for other platforms */
376 #define VKI_MAP_STACK 0
377 #endif
379 /*-----------------------------------------------------------------*/
380 /*--- ---*/
381 /*--- Displaying the segment array. ---*/
382 /*--- ---*/
383 /*-----------------------------------------------------------------*/
386 {
396 }
397 }
400 {
406 }
407 }
410 {
416 }
420 }
424 }
428 }
432 }
434 }
436 /* Show full details of an NSegment */
439 {
450 "%3d: %s %010lx-%010lx %s %c%c%c%c%c %s "
460 name
461 );
462 }
465 /* Show an NSegment in a user-friendly-ish way. */
468 {
480 );
492 );
498 "%3d: %s %010lx-%010lx %s %c%c%c%c%c d=0x%03llx "
507 );
520 );
527 segNo
528 );
530 }
531 }
533 /* Print out the segment array (debugging only!). */
535 {
536 Int i;
545 }
548 /* Get the filename corresponding to this segment, if known and if it
549 has one. */
551 {
554 }
556 /* Collect up the start addresses of segments whose kind matches one of
557 the kinds specified in kind_mask.
558 The interface is a bit strange in order to avoid potential
559 segment-creation races caused by dynamic allocation of the result
560 buffer *starts.
562 The function first computes how many entries in the result
563 buffer *starts will be needed. If this number <= nStarts,
564 they are placed in starts[0..], and the number is returned.
565 If nStarts is not large enough, nothing is written to
566 starts[0..], and the negation of the size is returned.
568 Correct use of this function may mean calling it multiple times in
569 order to establish a suitably-sized buffer. */
572 {
575 /* don't pass dumbass arguments */
581 nSegs++;
582 }
585 /* The buffer isn't big enough. Tell the caller how big it needs
586 to be. */
588 }
590 /* There's enough space. So write into the result buffer. */
597 }
601 }
604 /*-----------------------------------------------------------------*/
605 /*--- ---*/
606 /*--- Sanity checking and preening of the segment array. ---*/
607 /*--- ---*/
608 /*-----------------------------------------------------------------*/
610 /* Check representational invariants for NSegments. */
613 {
616 /* No zero sized segments and no wraparounds. */
619 /* require page alignment */
626 return
633 return
639 return
645 return
652 }
653 }
656 /* Try merging s2 into s1, if possible. If successful, s1 is
657 modified, and True is returned. Otherwise s1 is unchanged and
658 False is returned. */
661 {
668 /* reject cases which would cause wraparound */
684 }
697 }
707 }
712 }
715 }
718 /* Sanity-check and canonicalise the segment array (merge mergable
719 segments). Returns True if any segments were merged. */
722 {
725 /* Pass 1: check the segment array covers the entire address space
726 exactly once, and also that each segment is sane. */
735 }
737 /* Pass 2: merge as much as possible, using
738 maybe_merge_segments. */
742 /* nothing */
744 w++;
747 }
748 }
749 w++;
754 }
757 /* Check the segment array corresponds with the kernel's view of
758 memory layout. sync_check_ok returns True if no anomalies were
759 found, else False. In the latter case the mismatching segments are
760 displayed.
762 The general idea is: we get the kernel to show us all its segments
763 and also the gaps in between. For each such interval, try and find
764 a sequence of appropriate intervals in our segment array which
765 cover or more than cover the kernel's interval, and which all have
766 suitable kinds/permissions etc.
768 Although any specific kernel interval is not matched exactly to a
769 valgrind interval or sequence thereof, eventually any disagreement
770 on mapping boundaries will be detected. This is because, if for
771 example valgrind's intervals cover a greater range than the current
772 kernel interval, it must be the case that a neighbouring free-space
773 interval belonging to valgrind cannot cover the neighbouring
774 free-space interval belonging to the kernel. So the disagreement
775 is detected.
777 In other words, we examine each kernel interval in turn, and check
778 we do not disagree over the range of that interval. Because all of
779 the address space is examined, any disagreements must eventually be
780 detected.
781 */
788 {
792 /* If a problem has already been detected, don't continue comparing
793 segments, so as to avoid flooding the output with error
794 messages. */
795 #if !defined(VGO_darwin)
796 /* GrP fixme not */
799 #endif
803 /* The kernel should not give us wraparounds. */
809 /* These 5 should be guaranteed by find_nsegment_idx. */
816 /* x86 doesn't differentiate 'x' and 'r' (at least, all except the
817 most recent NX-bit enabled CPUs) and so recent kernels attempt
818 to provide execute protection by placing all executable mappings
819 low down in the address space and then reducing the size of the
820 code segment to prevent code at higher addresses being executed.
822 These kernels report which mappings are really executable in
823 the /proc/self/maps output rather than mirroring what was asked
824 for when each mapping was created. In order to cope with this we
825 have a sloppyXcheck mode which we enable on x86 and s390 - in this
826 mode we allow the kernel to report execute permission when we weren't
827 expecting it but not vice versa. */
828 # if defined(VGA_x86) || defined (VGA_s390x) || \
829 defined(VGA_mips32) || defined(VGA_mips64)
831 # else
833 # endif
835 /* Some kernels on s390 provide 'r' permission even when it was not
836 explicitly requested. It seems that 'x' permission implies 'r'.
837 This behaviour also occurs on OS X. */
838 # if defined(VGA_s390x) || defined(VGO_darwin)
840 # else
842 # endif
844 /* NSegments iLo .. iHi inclusive should agree with the presented
845 data. */
849 UInt seg_prot;
851 /* compare the kernel's offering against ours. */
863 cmp_offsets
866 cmp_devino
869 /* Consider other reasons to not compare dev/inode */
870 #if defined(VGO_linux)
871 /* bproc does some godawful hack on /dev/zero at process
872 migration, which changes the name of it, and its dev & ino */
876 /* hack apparently needed on MontaVista Linux */
879 #endif
881 #if defined(VGO_darwin) || defined(VGO_freebsd)
882 // GrP fixme kernel info doesn't have dev/inode
885 // GrP fixme V and kernel don't agree on offsets
887 #endif
889 /* If we are doing sloppy execute permission checks then we
890 allow segment to have X permission when we weren't expecting
891 it (but not vice versa) so if the kernel reported execute
892 permission then pretend that this segment has it regardless
893 of what we were expecting. */
896 }
901 }
903 same = same
905 && (cmp_devino
908 && (cmp_offsets
924 "...: .... %010lx-%010lx %s %c%c%c.. ....... "
933 }
934 }
936 /* Looks harmless. Keep going. */
938 }
941 {
944 /* If a problem has already been detected, don't continue comparing
945 segments, so as to avoid flooding the output with error
946 messages. */
947 #if !defined(VGO_darwin)
948 /* GrP fixme not */
951 #endif
955 /* The kernel should not give us wraparounds. */
961 /* These 5 should be guaranteed by find_nsegment_idx. */
968 /* NSegments iLo .. iHi inclusive should agree with the presented
969 data. */
972 Bool same;
974 /* compare the kernel's offering against ours. */
994 }
995 }
997 /* Looks harmless. Keep going. */
999 }
1002 /* Sanity check: check that Valgrind and the kernel agree on the
1003 address space layout. Prints offending segments and call point if
1004 a discrepancy is detected, but does not abort the system. Returned
1005 Bool is False if a discrepancy was found. */
1009 {
1014 sync_check_gap_callback );
1021 # if 0
1022 {
1027 }
1028 # endif
1030 }
1032 }
1034 /* Hook to allow sanity checks to be done from aspacemgr-common.c. */
1036 {
1037 AM_SANITY_CHECK;
1038 }
1041 /*-----------------------------------------------------------------*/
1042 /*--- ---*/
1043 /*--- Low level access / modification of the segment array. ---*/
1044 /*--- ---*/
1045 /*-----------------------------------------------------------------*/
1047 /* Binary search the interval array for a given address. Since the
1048 array covers the entire address space the search cannot fail. The
1049 _WRK function does the real work. Its caller (just below) caches
1050 the results thereof, to save time. With N_CACHE of 63 we get a hit
1051 rate exceeding 90% when running OpenOffice.
1053 Re ">> 12", it doesn't matter that the page size of some targets
1054 might be different from 12. Really "(a >> 12) % N_CACHE" is merely
1055 a hash function, and the actual cache entry is always validated
1056 correctly against the selected cache entry before use.
1057 */
1058 /* Don't call find_nsegment_idx_WRK; use find_nsegment_idx instead. */
1061 {
1063 Int mid,
1067 /* current unsearched space is from lo to hi, inclusive. */
1069 /* Not found. This can't happen. */
1071 }
1081 }
1082 }
1085 {
1091 # ifdef N_Q_M_STATS
1094 n_q++;
1097 # endif
1099 UWord ix;
1102 /* do nothing */
1107 }
1109 }
1118 /* hit */
1119 /* aspacem_assert( cache_segidx[ix] == find_nsegment_idx_WRK(a) ); */
1121 }
1122 /* miss */
1123 # ifdef N_Q_M_STATS
1124 n_m++;
1125 # endif
1129 # undef N_CACHE
1130 }
1133 /* Finds the segment containing 'a'. Only returns non-SkFree segments. */
1135 {
1142 else
1144 }
1146 /* Finds an anonymous segment containing 'a'. Returned pointer is read only. */
1148 {
1155 else
1157 }
1159 /* Map segment pointer to segment index. */
1161 {
1165 }
1168 /* Find the next segment along from 'here', if it is a non-SkFree segment. */
1170 {
1174 i++;
1178 i--;
1181 }
1184 else
1186 }
1189 /* Trivial fn: return the total amount of space in anonymous mappings,
1190 both for V and the client. Is used for printing stats in
1191 out-of-memory messages. */
1193 {
1194 Int i;
1200 }
1201 }
1203 }
1206 /* Test if a piece of memory is addressable by client or by valgrind with at
1207 least the "prot" protection permissions by examining the underlying
1208 segments. The KINDS argument specifies the allowed segments ADDR may
1209 belong to in order to be considered "valid".
1210 */
1211 static
1213 {
1230 /* This is a speedup hack which avoids calling find_nsegment_idx
1231 a second time when possible. It is always correct to just
1232 use the "else" clause below, but is_valid_for_client is
1233 called a lot by the leak checker, so avoiding pointless calls
1234 to find_nsegment_idx, which can be expensive, is helpful. */
1238 }
1245 /* ok */
1248 }
1249 }
1252 }
1254 /* Test if a piece of memory is addressable by the client with at
1255 least the "prot" protection permissions by examining the underlying
1256 segments. */
1258 UInt prot )
1259 {
1263 }
1265 /* Variant of VG_(am_is_valid_for_client) which allows free areas to
1266 be consider part of the client's addressable space. It also
1267 considers reservations to be allowable, since from the client's
1268 point of view they don't exist. */
1271 {
1275 }
1277 /* Checks if a piece of memory consists of either free or reservation
1278 segments. */
1280 {
1284 }
1288 {
1292 }
1295 /* Returns True if any part of the address range is marked as having
1296 translations made from it. This is used to determine when to
1297 discard code, so if in doubt return True. */
1300 {
1309 }
1311 }
1314 /* Check whether ADDR looks like an address or address-to-be located in an
1315 extensible client stack segment. Return true if
1316 (1) ADDR is located in an already mapped stack segment, OR
1317 (2) ADDR is located in a reservation segment into which an abutting SkAnonC
1318 segment can be extended. */
1320 {
1333 /* If the abutting segment towards higher addresses is an SkAnonC
1334 segment, then ADDR is a future stack pointer. */
1338 /* OK; looks like a stack segment */
1340 }
1343 /* If the abutting segment towards lower addresses is an SkResvn
1344 segment, then ADDR is a stack pointer into mapped memory. */
1349 /* OK; looks like a stack segment */
1351 }
1355 }
1356 }
1358 /*-----------------------------------------------------------------*/
1359 /*--- ---*/
1360 /*--- Modifying the segment array, and constructing segments. ---*/
1361 /*--- ---*/
1362 /*-----------------------------------------------------------------*/
1364 /* Split the segment containing 'a' into two, so that 'a' is
1365 guaranteed to be the start of a new segment. If 'a' is already the
1366 start of a segment, do nothing. */
1369 {
1379 /* 'a' is already the start point of a segment, so nothing to be
1380 done. */
1383 /* else we have to slide the segments upwards to make a hole */
1388 nsegments_used++;
1402 }
1405 /* Do the minimum amount of segment splitting necessary to ensure that
1406 sLo is the first address denoted by some segment and sHi is the
1407 highest address denoted by some other segment. Returns the indices
1408 of the lowest and highest segments in the range. */
1410 static
1414 {
1431 /* Not that I'm overly paranoid or anything, definitely not :-) */
1432 }
1435 /* Add SEG to the collection, deleting/truncating any it overlaps.
1436 This deals with all the tricky cases of splitting up segments as
1437 needed. */
1440 {
1442 Bool segment_is_sane;
1457 /* Increase the reference count of SEG's name. We need to do this
1458 *before* decreasing the reference count of the names of the replaced
1459 segments. Consider the case where the segment name of SEG and one of
1460 the replaced segments are the same. If the refcount of that name is 1,
1461 then decrementing first would put the slot for that name on the free
1462 list. Attempting to increment the refcount later would then fail
1463 because the slot is no longer allocated. */
1466 /* Now iLo .. iHi inclusive is the range of segment indices which
1467 seg will replace. If we're replacing more than one segment,
1468 slide those above the range down to fill the hole. Before doing
1469 that decrement the reference counters for the segments names of
1470 the replaced segments. */
1479 }
1485 }
1488 /* Clear out an NSegment record. */
1491 {
1504 #if defined(VGO_freebsd)
1506 #endif
1508 }
1510 /* Make an NSegment which holds a reservation. */
1513 {
1521 }
1524 /*-----------------------------------------------------------------*/
1525 /*--- ---*/
1526 /*--- Startup, including reading /proc/self/maps. ---*/
1527 /*--- ---*/
1528 /*-----------------------------------------------------------------*/
1533 {
1534 NSegment seg;
1546 /* A segment in the initial /proc/self/maps is considered a FileV
1547 segment if either it has a file name associated with it or both its
1548 device and inode numbers are != 0. See bug #124528. */
1553 # if defined(VGO_darwin)
1554 // GrP fixme no dev/ino on darwin
1559 # if defined(VGP_arm_linux)
1560 /* The standard handling of entries read from /proc/self/maps will
1561 cause the faked up commpage segment to have type SkAnonV, which
1562 is a problem because it contains code we want the client to
1563 execute, and so later m_translate will segfault the client when
1564 it tries to go in there. Hence change the ownership of it here
1565 to the client (SkAnonC). The least-worst kludge I could think
1566 of. */
1578 }
1580 Bool
1582 {
1584 #if VG_WORDSIZE == 4
1586 #else
1588 #endif
1599 }
1600 }
1602 }
1604 /* See description in pub_core_aspacemgr.h */
1606 {
1607 NSegment seg;
1608 Addr suggested_clstack_end;
1615 /* Initialise the string table for segment names. */
1618 /* Check that we can store the largest imaginable dev, ino and
1619 offset numbers in an NSegment. */
1625 /* Add a single interval covering the entire address space. */
1635 // --- Darwin -------------------------------------------
1636 #if defined(VGO_darwin)
1638 # if VG_WORDSIZE == 4
1643 # else
1648 // 0x7fff:5c000000..0x7fff:ffe00000? is stack, dyld, shared cache
1649 # endif
1653 // --- Freebsd ------------------------------------------
1654 #elif defined(VGO_freebsd)
1659 sp_at_startup );
1661 # if VG_WORDSIZE == 4
1664 # else
1666 # ifdef ENABLE_INNER
1670 }
1672 # endif
1677 # ifdef ENABLE_INNER
1681 // starting with FreeBSD 10.4, the stack is created with a zone
1682 // that is marked MAP_GUARD. This zone is reserved but unmapped,
1683 // and fills the space up to the end of the segment
1684 // see man mmap
1686 // Version number from
1687 // https://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/versions-10.html
1689 // On x86 this is 0x3FE0000
1690 // And on amd64 it is 0x1FFE0000 (536739840)
1691 // There is less of an issue on amd64 as we just choose some arbitrary address rather then trying
1692 // to squeeze in just below the host stack
1694 // Some of this is in sys/vm/vm_map.c, for instance vm_map_stack and vm_map_stack_locked
1695 // These refer to the kernel global sgrowsiz, which seems to be the initial size
1696 // of the user stack, 128k on my system
1697 //
1698 // This seems to be in the sysctl kern.sgrowsiz
1699 // Then there is kern.maxssiz which is the total stack size (grow size + guard area)
1700 // In other words guard area = maxssiz - sgrowsiz
1702 #if (__FreeBSD_version >= 1003516)
1704 #if 0
1705 // this block implements what is described above
1706 // this makes no changes to the regression tests
1707 // I'm keeping it for a rainy day.
1708 // note this needs
1709 // #include "pub_core_libcproc.h"
1710 SizeT kern_maxssiz;
1711 SizeT kern_sgrowsiz;
1717 #endif
1722 #else
1726 #endif
1728 // --- Solaris ------------------------------------------
1729 #elif defined(VGO_solaris)
1730 # if VG_WORDSIZE == 4
1731 /*
1732 Intended address space partitioning:
1734 ,--------------------------------, 0x00000000
1735 | |
1736 |--------------------------------|
1737 | initial stack given to V by OS |
1738 |--------------------------------| 0x08000000
1739 | client text |
1740 |--------------------------------|
1741 | |
1742 | |
1743 |--------------------------------|
1744 | client stack |
1745 |--------------------------------| 0x58000000
1746 | V's text |
1747 |--------------------------------|
1748 | |
1749 | |
1750 |--------------------------------|
1751 | dynamic shared objects |
1752 '--------------------------------' 0xffffffff
1754 */
1756 /* Anonymous pages need to fit under user limit (USERLIMIT32)
1757 which is 4KB + 16MB below the top of the 32-bit range. */
1758 # ifdef ENABLE_INNER
1761 # else
1764 # endif
1765 # elif VG_WORDSIZE == 8
1766 /*
1767 Intended address space partitioning:
1769 ,--------------------------------, 0x00000000_00000000
1770 | |
1771 |--------------------------------| 0x00000000_00400000
1772 | client text |
1773 |--------------------------------|
1774 | |
1775 | |
1776 |--------------------------------|
1777 | client stack |
1778 |--------------------------------| 0x00000000_58000000
1779 | V's text |
1780 |--------------------------------|
1781 | |
1782 |--------------------------------|
1783 | dynamic shared objects |
1784 |--------------------------------| 0x0000001f_ffffffff
1785 | |
1786 | |
1787 |--------------------------------|
1788 | initial stack given to V by OS |
1789 '--------------------------------' 0xffffffff_ffffffff
1791 */
1793 /* Kernel likes to place objects at the end of the address space.
1794 However accessing memory beyond 128GB makes memcheck slow
1795 (see memcheck/mc_main.c, internal representation). Therefore:
1796 - mmapobj() syscall is emulated so that libraries are subject to
1797 Valgrind's aspacemgr control
1798 - Kernel shared pages (such as schedctl and hrt) are left as they are
1799 because kernel cannot be told where they should be put */
1800 # ifdef ENABLE_INNER
1803 # else
1806 # endif
1807 # else
1809 # endif
1812 # ifdef ENABLE_INNER
1814 # else
1816 # endif
1818 // --- Linux --------------------------------------------
1819 #else
1821 /* Establish address limits and block out unusable parts
1822 accordingly. */
1826 sp_at_startup );
1828 # if VG_WORDSIZE == 8
1830 # ifdef ENABLE_INNER
1834 }
1835 # endif
1836 # else
1838 # endif
1843 # ifdef ENABLE_INNER
1845 # endif
1851 // --- (end) --------------------------------------------
1861 aspacem_minAddr);
1864 aspacem_maxAddr);
1867 aspacem_cStart);
1870 aspacem_vStart);
1873 suggested_clstack_end);
1878 }
1882 }
1884 /* Create a 1-page reservation at the notional initial
1885 client/valgrind boundary. This isn't strictly necessary, but
1886 because the advisor does first-fit and starts searches for
1887 valgrind allocations at the boundary, this is kind of necessary
1888 in order to get it to start allocating in the right place. */
1896 /* NB: on arm-linux, parse_procselfmaps automagically kludges up
1897 (iow, hands to its callbacks) a description of the ARM Commpage,
1898 since that's not listed in /proc/self/maps (kernel bug IMO). We
1899 have to fake up its existence in parse_procselfmaps and not
1900 merely add it here as an extra segment, because doing the latter
1901 causes sync checking to fail: we see we have an extra segment in
1902 the segments array, which isn't listed in /proc/self/maps.
1903 Hence we must make it appear that /proc/self/maps contained this
1904 segment all along. Sigh. */
1908 AM_SANITY_CHECK;
1910 }
1913 /*-----------------------------------------------------------------*/
1914 /*--- ---*/
1915 /*--- The core query-notify mechanism. ---*/
1916 /*--- ---*/
1917 /*-----------------------------------------------------------------*/
1919 /* Query aspacem to ask where a mapping should go. */
1922 Bool forClient,
1924 {
1925 /* This function implements allocation policy.
1927 The nature of the allocation request is determined by req, which
1928 specifies the start and length of the request and indicates
1929 whether the start address is mandatory, a hint, or irrelevant,
1930 and by forClient, which says whether this is for the client or
1931 for V.
1933 Return values: the request can be vetoed (*ok is set to False),
1934 in which case the caller should not attempt to proceed with
1935 making the mapping. Otherwise, *ok is set to True, the caller
1936 may proceed, and the preferred address at which the mapping
1937 should happen is returned.
1939 Note that this is an advisory system only: the kernel can in
1940 fact do whatever it likes as far as placement goes, and we have
1941 no absolute control over it.
1943 Allocations will never be granted in a reserved area.
1945 The Default Policy is:
1947 Search the address space for two free intervals: one of them
1948 big enough to contain the request without regard to the
1949 specified address (viz, as if it was a floating request) and
1950 the other being able to contain the request at the specified
1951 address (viz, as if were a fixed request). Then, depending on
1952 the outcome of the search and the kind of request made, decide
1953 whether the request is allowable and what address to advise.
1955 The Default Policy is overridden by Policy Exception #1:
1957 If the request is for a fixed client map, we are prepared to
1958 grant it providing all areas inside the request are either
1959 free, reservations, or mappings belonging to the client. In
1960 other words we are prepared to let the client trash its own
1961 mappings if it wants to.
1963 The Default Policy is overridden by Policy Exception #2:
1965 If the request is for a hinted client map, we are prepared to
1966 grant it providing all areas inside the request are either
1967 free or reservations. In other words we are prepared to let
1968 the client have a hinted mapping anywhere it likes provided
1969 it does not trash either any of its own mappings or any of
1970 valgrind's mappings.
1971 */
1974 Bool fixed_not_required;
1976 #if defined(VGO_solaris)
1978 #else
1986 /* These hold indices for segments found during search, or -1 if not
1987 found. */
1997 }
1999 /* Reject zero-length requests */
2003 }
2005 /* Reject wraparounds */
2009 }
2011 /* ------ Implement Policy Exception #1 ------ */
2023 /* ok */
2027 }
2028 }
2030 /* Acceptable. Granted. */
2033 }
2034 /* Not acceptable. Fail. */
2037 }
2039 /* ------ Implement Policy Exception #2 ------ */
2048 /* ok */
2052 }
2053 }
2055 /* Acceptable. Granted. */
2058 }
2059 /* Not acceptable. Fall through to the default policy. */
2060 }
2062 /* ------ Implement the Default Policy ------ */
2064 /* Don't waste time looking for a fixed match if not requested to. */
2069 #if defined(VGO_solaris)
2070 # define UPDATE_INDEX(index) \
2071 (index)--; \
2072 if ((index) <= 0) \
2073 (index) = nsegments_used - 1;
2074 # define ADVISE_ADDRESS(segment) \
2075 VG_PGROUNDDN((segment)->end + 1 - reqLen)
2076 # define ADVISE_ADDRESS_ALIGNED(segment) \
2077 VG_ROUNDDN((segment)->end + 1 - reqLen, req->start)
2079 #else
2081 # define UPDATE_INDEX(index) \
2082 (index)++; \
2083 if ((index) >= nsegments_used) \
2084 (index) = 0;
2085 # define ADVISE_ADDRESS(segment) \
2086 (segment)->start
2087 # define ADVISE_ADDRESS_ALIGNED(segment) \
2088 VG_ROUNDUP((segment)->start, req->start)
2091 /* Examine holes from index i back round to i-1. Record the
2092 index first fixed hole and the first floating hole which would
2093 satisfy the request. */
2099 }
2104 /* Stay sane .. */
2112 /* This hole can't be used. */
2115 }
2116 }
2118 /* See if it's any use to us. */
2127 /* Don't waste time searching once we've found what we wanted. */
2132 }
2142 AM_SANITY_CHECK;
2144 /* Now see if we found anything which can satisfy the request. */
2153 }
2159 }
2163 }
2170 }
2177 }
2182 }
2184 /*NOTREACHED*/
2189 #undef UPDATE_INDEX
2190 #undef ADVISE_ADDRESS
2191 #undef ADVISE_ADDRESS_ALIGNED
2192 }
2194 /* Convenience wrapper for VG_(am_get_advisory) for client floating or
2195 fixed requests. If start is zero, a floating request is issued; if
2196 nonzero, a fixed request at that address is issued. Same comments
2197 about return values apply. */
2201 {
2202 MapRequest mreq;
2207 }
2209 /* Similar to VG_(am_find_nsegment) but only returns free segments. */
2211 {
2218 else
2220 }
2224 {
2229 }
2232 /* Notifies aspacem that the client completed an mmap successfully.
2233 The segment array is updated accordingly. If the returned Bool is
2234 True, the caller should immediately discard translations from the
2235 specified address range. */
2237 Bool
2240 {
2243 UInt mode;
2244 NSegment seg;
2245 Bool needDiscard;
2252 /* Discard is needed if any of the just-trashed range had T. */
2263 // Nb: We ignore offset requests in anonymous mmaps (see bug #126722)
2269 }
2272 }
2273 #if defined(VGO_freebsd)
2275 #endif
2276 }
2278 AM_SANITY_CHECK;
2280 }
2282 /* Notifies aspacem that the client completed a shmat successfully.
2283 The segment array is updated accordingly. If the returned Bool is
2284 True, the caller should immediately discard translations from the
2285 specified address range. */
2287 Bool
2289 {
2290 NSegment seg;
2291 Bool needDiscard;
2297 /* Discard is needed if any of the just-trashed range had T. */
2309 AM_SANITY_CHECK;
2311 }
2313 /* Notifies aspacem that an mprotect was completed successfully. The
2314 segment array is updated accordingly. Note, as with
2315 VG_(am_notify_munmap), it is not the job of this function to reject
2316 stupid mprotects, for example the client doing mprotect of
2317 non-client areas. Such requests should be intercepted earlier, by
2318 the syscall wrapper for mprotect. This function merely records
2319 whatever it is told. If the returned Bool is True, the caller
2320 should immediately discard translations from the specified address
2321 range. */
2324 {
2338 /* Discard is needed if we're dumping X permission */
2347 /* Apply the permissions to all relevant segments. */
2357 }
2358 }
2360 /* Changing permissions could have made previously un-mergable
2361 segments mergeable. Therefore have to re-preen them. */
2363 AM_SANITY_CHECK;
2365 }
2368 /* Notifies aspacem that an munmap completed successfully. The
2369 segment array is updated accordingly. As with
2370 VG_(am_notify_mprotect), we merely record the given info, and don't
2371 check it for sensibleness. If the returned Bool is True, the
2372 caller should immediately discard translations from the specified
2373 address range. */
2376 {
2377 NSegment seg;
2378 Bool needDiscard;
2391 /* The segment becomes unused (free). Segments from above
2392 aspacem_maxAddr were originally SkResvn and so we make them so
2393 again. Note, this isn't really right when the segment straddles
2394 the aspacem_maxAddr boundary - then really it should be split in
2395 two, the lower part marked as SkFree and the upper part as
2396 SkResvn. Ah well. */
2401 else
2402 /* Ditto for segments from below aspacem_minAddr. */
2405 else
2410 /* Unmapping could create two adjacent free segments, so a preen is
2411 needed. add_segment() will do that, so no need to here. */
2412 AM_SANITY_CHECK;
2414 }
2417 /*-----------------------------------------------------------------*/
2418 /*--- ---*/
2419 /*--- Handling mappings which do not arise directly from the ---*/
2420 /*--- simulation of the client. ---*/
2421 /*--- ---*/
2422 /*-----------------------------------------------------------------*/
2424 /* --- --- --- map, unmap, protect --- --- --- */
2426 /* Map a file at a fixed address for the client, and update the
2427 segment array accordingly. */
2431 {
2435 }
2439 {
2442 }
2446 {
2450 }
2455 {
2456 SysRes sres;
2457 NSegment seg;
2458 Addr advised;
2459 Bool ok;
2460 MapRequest req;
2462 UInt mode;
2465 /* Not allowable. */
2471 /* Ask for an advisory. If it's negative, fail immediately. */
2479 /* We have been advised that the mapping is allowable at the
2480 specified address. So hand it off to the kernel, and propagate
2481 any resulting failure immediately. */
2482 // DDD: #warning GrP fixme MAP_FIXED can clobber memory!
2485 fd, offset
2486 );
2491 /* I don't think this can happen. It means the kernel made a
2492 fixed map succeed but not at the requested location. Try to
2493 repair the damage, then return saying the mapping failed. */
2496 }
2498 /* Ok, the mapping succeeded. Now notify the interval map. */
2511 }
2516 }
2517 #if defined(VGO_freebsd)
2519 #endif
2522 AM_SANITY_CHECK;
2524 }
2527 /* Map anonymously at a fixed address for the client, and update
2528 the segment array accordingly. */
2531 {
2532 SysRes sres;
2533 NSegment seg;
2534 Addr advised;
2535 Bool ok;
2536 MapRequest req;
2538 /* Not allowable. */
2542 /* Ask for an advisory. If it's negative, fail immediately. */
2550 /* We have been advised that the mapping is allowable at the
2551 specified address. So hand it off to the kernel, and propagate
2552 any resulting failure immediately. */
2553 // DDD: #warning GrP fixme MAP_FIXED can clobber memory!
2558 );
2563 /* I don't think this can happen. It means the kernel made a
2564 fixed map succeed but not at the requested location. Try to
2565 repair the damage, then return saying the mapping failed. */
2568 }
2570 /* Ok, the mapping succeeded. Now notify the interval map. */
2580 AM_SANITY_CHECK;
2582 }
2585 /* Map anonymously at an unconstrained address for the client, and
2586 update the segment array accordingly. */
2589 {
2590 SysRes sres;
2591 NSegment seg;
2592 Addr advised;
2593 Bool ok;
2594 MapRequest req;
2596 /* Not allowable. */
2600 /* Ask for an advisory. If it's negative, fail immediately. */
2608 /* We have been advised that the mapping is allowable at the
2609 advised address. So hand it off to the kernel, and propagate
2610 any resulting failure immediately. */
2611 // DDD: #warning GrP fixme MAP_FIXED can clobber memory!
2616 );
2621 /* I don't think this can happen. It means the kernel made a
2622 fixed map succeed but not at the requested location. Try to
2623 repair the damage, then return saying the mapping failed. */
2626 }
2628 /* Ok, the mapping succeeded. Now notify the interval map. */
2639 AM_SANITY_CHECK;
2641 }
2644 {
2646 }
2648 /* Map anonymously at an unconstrained address for V, and update the
2649 segment array accordingly. This is fundamentally how V allocates
2650 itself more address space when needed. */
2653 {
2654 SysRes sres;
2655 NSegment seg;
2656 Addr advised;
2657 Bool ok;
2658 MapRequest req;
2660 /* Not allowable. */
2664 /* Ask for an advisory. If it's negative, fail immediately. */
2672 // On Darwin, for anonymous maps you can pass in a tag which is used by
2673 // programs like vmmap for statistical purposes.
2674 #ifndef VM_TAG_VALGRIND
2675 # define VM_TAG_VALGRIND 0
2676 #endif
2678 /* We have been advised that the mapping is allowable at the
2679 specified address. So hand it off to the kernel, and propagate
2680 any resulting failure immediately. */
2681 /* GrP fixme darwin: use advisory as a hint only, otherwise syscall in
2682 another thread can pre-empt our spot. [At one point on the DARWIN
2683 branch the VKI_MAP_FIXED was commented out; unclear if this is
2684 necessary or not given the second Darwin-only call that immediately
2685 follows if this one fails. --njn]
2686 Also, an inner valgrind cannot observe the mmap syscalls done by
2687 the outer valgrind. The outer Valgrind might make the mmap
2688 fail here, as the inner valgrind believes that a segment is free,
2689 while it is in fact used by the outer valgrind.
2690 So, for an inner valgrind, similarly to DARWIN, if the fixed mmap
2691 fails, retry the mmap without map fixed.
2692 This is a kludge which on linux is only activated for the inner.
2693 The state of the inner aspacemgr is not made correct by this kludge
2694 and so a.o. VG_(am_do_sync_check) could fail.
2695 A proper solution implies a better collaboration between the
2696 inner and the outer (e.g. inner VG_(am_get_advisory) should do
2697 a client request to call the outer VG_(am_get_advisory). */
2703 );
2704 #if defined(VGO_darwin) || defined(ENABLE_INNER)
2705 /* Kludge on Darwin and inner linux if the fixed mmap failed. */
2707 /* try again, ignoring the advisory */
2713 );
2714 }
2715 #endif
2719 #if defined(VGO_linux) && !defined(ENABLE_INNER)
2720 /* Doing the check only in linux not inner, as the below
2721 check can fail when the kludge above has been used. */
2723 /* I don't think this can happen. It means the kernel made a
2724 fixed map succeed but not at the requested location. Try to
2725 repair the damage, then return saying the mapping failed. */
2728 }
2729 #endif
2731 /* Ok, the mapping succeeded. Now notify the interval map. */
2741 AM_SANITY_CHECK;
2743 }
2745 /* Really just a wrapper around VG_(am_mmap_anon_float_valgrind). */
2748 {
2750 }
2752 /* Map a file at an unconstrained address for V, and update the
2753 segment array accordingly. Use the provided flags */
2756 UInt flags,
2758 {
2759 SysRes sres;
2760 NSegment seg;
2761 Addr advised;
2762 Bool ok;
2763 MapRequest req;
2765 UInt mode;
2768 /* Not allowable. */
2772 /* Ask for an advisory. If it's negative, fail immediately. */
2775 #if defined(VGA_arm) || defined(VGA_arm64) \
2776 || defined(VGA_mips32) || defined(VGA_mips64) || defined(VGA_nanomips)
2778 #else
2780 #endif
2782 /* arm-linux only. See ML_(generic_PRE_sys_shmat) and bug 290974 */
2786 }
2793 /* We have been advised that the mapping is allowable at the
2794 specified address. So hand it off to the kernel, and propagate
2795 any resulting failure immediately. */
2798 flags,
2799 fd, offset
2800 );
2805 /* I don't think this can happen. It means the kernel made a
2806 fixed map succeed but not at the requested location. Try to
2807 repair the damage, then return saying the mapping failed. */
2810 }
2812 /* Ok, the mapping succeeded. Now notify the interval map. */
2825 }
2828 }
2829 #if defined(VGO_freebsd)
2831 #endif
2834 AM_SANITY_CHECK;
2836 }
2837 /* Map privately a file at an unconstrained address for V, and update the
2838 segment array accordingly. This is used by V for transiently
2839 mapping in object files to read their debug info. */
2843 {
2847 }
2851 {
2855 }
2857 /* Similar to VG_(am_mmap_anon_float_client) but also
2858 marks the segment as containing the client heap. This is for the benefit
2859 of the leak checker which needs to be able to identify such segments
2860 so as not to use them as sources of roots during leak checks. */
2862 {
2864 }
2866 /* --- --- munmap helper --- --- */
2868 static
2871 {
2872 Bool d;
2873 SysRes sres;
2875 /* Be safe with this regardless of return path. */
2884 }
2901 }
2910 AM_SANITY_CHECK;
2914 eINVAL:
2916 }
2918 /* Unmap the given address range and update the segment array
2919 accordingly. This fails if the range isn't valid for the client.
2920 If *need_discard is True after a successful return, the caller
2921 should immediately discard translations from the specified address
2922 range. */
2926 {
2928 }
2930 /* Unmap the given address range and update the segment array
2931 accordingly. This fails if the range isn't valid for valgrind. */
2934 {
2935 Bool need_discard;
2938 /* If this assertion fails, it means we allowed translations to be
2939 made from a V-owned section. Which shouldn't happen. */
2943 }
2945 /* Let (start,len) denote an area within a single Valgrind-owned
2946 segment (anon or file). Change the ownership of [start, start+len)
2947 to the client instead. Fails if (start,len) does not denote a
2948 suitable segment. */
2951 {
2970 /* This scheme is like how mprotect works: split the to-be-changed
2971 range into its own segment(s), then mess with them (it). There
2972 should be only one. */
2979 }
2983 }
2985 /* Set the 'hasT' bit on the segment containing ADDR indicating that
2986 translations have or may have been taken from this segment. ADDR is
2987 expected to belong to a client segment. */
2989 {
2994 }
2997 /* --- --- --- reservations --- --- --- */
2999 /* Create a reservation from START .. START+LENGTH-1, with the given
3000 ShrinkMode. When checking whether the reservation can be created,
3001 also ensure that at least abs(EXTRA) extra free bytes will remain
3002 above (> 0) or below (< 0) the reservation.
3004 The reservation will only be created if it, plus the extra-zone,
3005 falls entirely within a single free segment. The returned Bool
3006 indicates whether the creation succeeded. */
3010 {
3012 NSegment seg;
3014 /* start and end, not taking into account the extra space. */
3018 /* start and end, taking into account the extra space. */
3033 /* If the start and end points don't fall within the same (free)
3034 segment, we're hosed. This does rely on the assumption that all
3035 mergeable adjacent segments can be merged, but add_segment()
3036 should ensure that. */
3043 /* Looks good - make the reservation. */
3050 reservation. */
3055 AM_SANITY_CHECK;
3057 }
3060 /* ADDR is the start address of an anonymous client mapping. This fn extends
3061 the mapping by DELTA bytes, taking the space from a reservation section
3062 which must be adjacent. If DELTA is positive, the segment is
3063 extended forwards in the address space, and the reservation must be
3064 the next one along. If DELTA is negative, the segment is extended
3065 backwards in the address space and the reservation must be the
3066 previous one. DELTA must be page aligned. abs(DELTA) must not
3067 exceed the size of the reservation segment minus one page, that is,
3068 the reservation segment after the operation must be at least one
3069 page long. The function returns a pointer to the resized segment. */
3072 SSizeT delta,
3074 {
3076 UInt prot;
3077 SysRes sres;
3095 /* Extending the segment forwards. */
3106 }
3108 /* Extend the kernel's mapping. */
3109 // DDD: #warning GrP fixme MAP_FIXED can clobber memory!
3112 prot,
3115 );
3119 /* kernel bug if this happens? */
3122 }
3124 /* Ok, success with the kernel. Update our structures. */
3131 /* Extending the segment backwards. */
3145 }
3147 /* Extend the kernel's mapping. */
3148 // DDD: #warning GrP fixme MAP_FIXED can clobber memory!
3151 prot,
3154 );
3158 /* kernel bug if this happens? */
3161 }
3163 /* Ok, success with the kernel. Update our structures. */
3167 }
3169 AM_SANITY_CHECK;
3171 }
3174 /* --- --- --- resizing/move a mapping --- --- --- */
3176 #if HAVE_MREMAP
3178 /* This function grows a client mapping in place into an adjacent free segment.
3179 ADDR is the client mapping's start address and DELTA, which must be page
3180 aligned, is the growth amount. The function returns a pointer to the
3181 resized segment. The function is used in support of mremap. */
3183 {
3184 Addr xStart;
3185 SysRes sres;
3190 /* Get the client segment */
3203 /* The segment following the client segment must be a free segment and
3204 it must be large enough to cover the additional memory. */
3212 AM_SANITY_CHECK;
3214 seg_old_len,
3217 AM_SANITY_CHECK;
3220 /* the area must not have moved */
3222 }
3231 AM_SANITY_CHECK;
3233 }
3236 /* Remap the old address range to the new address range. Fails if any
3237 parameter is not page aligned, if the either size is zero, if any
3238 wraparound is implied, if the old address range does not fall
3239 entirely within a single segment, if the new address range overlaps
3240 with the old one, or if the old address range is not a valid client
3241 mapping. If *need_discard is True after a successful return, the
3242 caller should immediately discard translations from both specified
3243 address ranges. */
3248 {
3250 SysRes sres;
3251 NSegment seg;
3266 /* no overlap */
3282 AM_SANITY_CHECK;
3286 }
3293 /* Mark the new area based on the old seg. */
3296 }
3301 /* Create a free hole in the old location. */
3305 /* See comments in VG_(am_notify_munmap) about this SkResvn vs
3306 SkFree thing. */
3311 else
3316 AM_SANITY_CHECK;
3318 }
3323 #if defined(VGO_linux)
3325 /*-----------------------------------------------------------------*/
3326 /*--- ---*/
3327 /*--- A simple parser for /proc/self/maps on Linux 2.4.X/2.6.X. ---*/
3328 /*--- Almost completely independent of the stuff above. The ---*/
3329 /*--- only function it 'exports' to the code above this comment ---*/
3330 /*--- is parse_procselfmaps. ---*/
3331 /*--- ---*/
3332 /*-----------------------------------------------------------------*/
3334 /*------BEGIN-procmaps-parser-for-Linux--------------------------*/
3336 /* Size of a smallish table used to read /proc/self/map entries. */
3337 #define M_PROCMAP_BUF 100000
3339 /* static ... to keep it out of the stack frame. */
3342 /* Records length of /proc/self/maps read into procmap_buf. */
3345 /* Helper fns. */
3348 {
3353 }
3356 {
3359 }
3362 {
3366 }
3369 {
3370 /* Read a word-sized hex number. */
3376 }
3378 }
3381 {
3382 /* Read a potentially 64-bit hex number. */
3388 }
3390 }
3393 {
3399 }
3401 }
3404 /* Get the contents of /proc/self/maps into a static buffer. If
3405 there's a syntax error, it won't fit, or other failure, just
3406 abort. */
3409 {
3410 Int n_chunk;
3411 SysRes fd;
3413 /* Read the initial memory mapping from the /proc filesystem. */
3434 }
3436 /* Parse /proc/self/maps. For each map entry, call
3437 record_mapping, passing it, in this order:
3439 start address in memory
3440 length
3441 page protections (using the VKI_PROT_* flags)
3442 mapped file device and inode
3443 offset in file, or zero if no file
3444 filename, zero terminated, or NULL if no file
3446 So the sig of the called fn might be
3448 void (*record_mapping)( Addr start, SizeT size, UInt prot,
3449 UInt dev, UInt info,
3450 ULong foffset, UChar* filename )
3452 Note that the supplied filename is transiently stored; record_mapping
3453 should make a copy if it wants to keep it.
3455 Nb: it is important that this function does not alter the contents of
3456 procmap_buf!
3457 */
3463 )
3464 {
3469 UInt prot;
3482 /* Ok, it's safely aboard. Parse the entries. */
3488 /* Read (without fscanf :) the pattern %16x-%16x %c%c%c%c %16x %2x:%2x %d */
3505 /* This field is the shared/private flag */
3534 syntaxerror:
3547 }
3549 }
3552 read_line_ok:
3556 /* Try and find the name of the file mapped to this segment, if
3557 it exists. Note that file names can contain spaces. */
3559 // Move i to the next non-space char, which should be either a '/',
3560 // a '[', or a newline.
3563 // Move i_eol to the end of the line.
3567 // If there's a filename...
3569 /* Minor hack: put a '\0' at the filename end for the call to
3570 'record_mapping', then restore the old char with 'tmp'. */
3578 }
3585 /* Linux has two ways to encode a device number when it
3586 is exposed to user space (via fstat etc). The old way
3587 is the traditional unix scheme that produces a 16 bit
3588 device number with the top 8 being the major number and
3589 the bottom 8 the minor number.
3591 The new scheme allows for a 12 bit major number and
3592 a 20 bit minor number by using a 32 bit device number
3593 and putting the top 12 bits of the minor number into
3594 the top 12 bits of the device number thus leaving an
3595 extra 4 bits for the major number.
3597 If the minor and major number are both single byte
3598 values then both schemes give the same result so we
3599 use the new scheme here in case either number is
3600 outside the 0-255 range and then use fstat64 when
3601 available (or fstat on 64 bit systems) so that we
3602 should always have a new style device number and
3603 everything should match. */
3616 }
3620 }
3622 # if defined(VGP_arm_linux)
3623 /* ARM puts code at the end of memory that contains processor
3624 specific stuff (cmpxchg, getting the thread local storage, etc.)
3625 This isn't specified in /proc/self/maps, so do it here. This
3626 kludgery causes the view of memory, as presented to
3627 record_gap/record_mapping, to actually reflect reality. IMO
3628 (JRS, 2010-Jan-03) the fact that /proc/.../maps does not list
3629 the commpage should be regarded as a bug in the kernel. */
3639 NULL);
3641 }
3642 }
3643 # endif
3647 }
3649 /*------END-procmaps-parser-for-Linux----------------------------*/
3651 /*------BEGIN-procmaps-parser-for-Darwin-------------------------*/
3653 #elif defined(VGO_darwin)
3654 #include <mach/mach.h>
3655 #include <mach/mach_vm.h>
3658 {
3659 return
3663 }
3672 )
3673 {
3674 vm_address_t iter;
3676 vm_address_t last;
3683 mach_vm_size_t size;
3684 vm_region_submap_short_info_data_64_t info;
3685 kern_return_t kr;
3688 mach_msg_type_number_t info_count
3690 stats_machcalls++;
3696 depth++;
3698 }
3700 }
3705 }
3709 }
3711 }
3715 }
3717 // Urr. So much for thread safety.
3729 {
3730 // derived from sync_check_mapping_callback()
3732 /* JRS 2012-Mar-07: this all seems very dubious to me. It would be
3733 safer to see if we can find, in V's segment collection, one
3734 single segment that completely covers the range [addr, +len)
3735 (and possibly more), and that has the exact same other
3736 properties (prot, dev, ino, offset, etc) as the data presented
3737 here. If found, we just skip. Otherwise add the data presented
3738 here into css_local[]. */
3744 /* The kernel should not give us wraparounds. */
3750 /* NSegments iLo .. iHi inclusive should agree with the presented
3751 data. */
3754 UInt seg_prot;
3757 /* Ignore V regions */
3759 }
3761 /* Add mapping for SkResvn regions */
3769 css_used_local++;
3772 }
3775 }
3779 {
3780 /* Check permissions on client regions */
3781 // GrP fixme
3785 # if defined(VGA_x86)
3786 // GrP fixme sloppyXcheck
3787 // darwin: kernel X ignored and spuriously changes? (vm_copy)
3789 # else
3791 # endif
3798 /* Add mapping for regions with protection changes */
3806 css_used_local++;
3809 }
3812 }
3816 }
3817 }
3818 }
3821 {
3822 // derived from sync_check_gap_callback()
3829 /* The kernel should not give us wraparounds. */
3835 /* NSegments iLo .. iHi inclusive should agree with the presented data. */
3838 /* V has a mapping, kernel doesn't. Add to css_local[],
3839 directives to chop off the part of the V mapping that
3840 falls within the gap that the kernel tells us is
3841 present. */
3849 /* I don't think the following should fail. But if it
3850 does, just omit the css_used_local++ in the cases where
3851 it doesn't hold. */
3855 css_used_local++;
3858 }
3859 }
3860 }
3861 }
3864 // Returns False if 'css' wasn't big enough.
3868 {
3876 );
3883 // Get the list of segs that need to be added/removed.
3890 }
3893 }
3896 /*------END-procmaps-parser-for-Darwin---------------------------*/
3898 /*------BEGIN-procmaps-parser-for-Freebsd------------------------*/
3899 #elif defined(VGO_freebsd)
3901 /* Size of a smallish table used to read /proc/self/map entries. */
3904 /* static ... to keep it out of the stack frame. */
3912 )
3913 {
3917 UInt prot;
3920 vki_size_t len;
3922 SysRes sres;
3937 }
3951 }
3967 }
3971 }
3973 /*------END-procmaps-parser-for-Freebsd--------------------------*/
3975 /*------BEGIN-procmaps-parser-for-Solaris------------------------*/
3977 #elif defined(VGO_solaris)
3979 /* Note: /proc/self/xmap contains extended information about already
3980 materialized mappings whereas /proc/self/rmap contains information about
3981 all mappings including reserved but yet-to-materialize mappings (mmap'ed
3982 with MAP_NORESERVE flag, such as thread stacks). But /proc/self/rmap does
3983 not contain extended information found in /proc/self/xmap. Therefore
3984 information from both sources need to be combined.
3985 */
3988 {
3989 Addr addr;
3990 SizeT size;
3991 UInt prot;
3992 ULong dev;
3993 ULong ino;
3994 Off64T foffset;
4000 SizeT entry_size)
4001 {
4007 }
4016 }
4025 }
4028 }
4032 {
4056 }
4061 }
4063 /* Try to get the filename. */
4071 /* If Valgrind is executed in a non-global zone and the link in
4072 /proc/self/path/ represents a file that is available through lofs
4073 from a global zone then the kernel may not be able to resolve the
4074 link.
4076 In such a case, return a corresponding /proc/self/object/ file to
4077 allow Valgrind to read the file if it is necessary.
4079 This can create some discrepancy for the sanity check. For
4080 instance, if a client program mmaps some file then the address
4081 space manager will have a correct zone-local name of that file,
4082 but the sanity check will receive a different file name from this
4083 code. This currently does not represent a problem because the
4084 sanity check ignores the file names (it uses device and inode
4085 numbers for the comparison).
4086 */
4089 }
4093 }
4094 }
4098 }
4102 {
4129 }
4131 /* Used for two purposes:
4132 1. Establish initial mappings upon the process startup
4133 2. Check mappings during aspacemgr sanity check
4134 */
4140 )
4141 {
4145 #define M_XMAP_BUF (VG_N_SEGMENTS * sizeof(vki_prxmap_t))
4146 /* Static to keep it out of stack frame... */
4150 SizeT xmap_entries;
4151 Mapping xmap_mapping;
4152 Bool advance_xmap;
4154 #define M_RMAP_BUF (VG_N_SEGMENTS * sizeof(vki_prmap_t))
4158 SizeT rmap_entries;
4159 Mapping rmap_mapping;
4160 Bool advance_rmap;
4162 /* Read fully /proc/self/xmap and /proc/self/rmap. */
4169 /* Get the first xmap and rmap. */
4174 /* Get next xmap or rmap if necessary. */
4178 }
4182 }
4184 /* Check if the end has been reached. */
4188 /* Invariants */
4192 }
4195 /* xmap mapping reached. */
4208 }
4210 /* Reserved-only part. */
4211 /* First calculate size until the end of this reserved mapping... */
4213 /* ... but shrink it if some xmap is in a way. */
4220 }
4222 /* Gap. */
4226 }
4232 }
4236 }
4238 /* parse_procselfmaps() callbacks do not allow for easy thread safety. */
4243 /* Reports a new mapping into variables above. */
4246 {
4255 /* Do not perform any sanity checks. That is done in other places.
4256 Just find if a reported mapping is found in aspacemgr's book keeping. */
4263 }
4264 }
4265 }
4267 /* Returns True if a new segment was found. */
4269 {
4280 }
4281 }
4285 /*------END-procmaps-parser-for-Solaris--------------------------*/
4287 #endif // defined(VGO_linux) || defined(VGO_darwin) || defined(VGO_solaris) || defined(VGO_freebsd)
4289 /*--------------------------------------------------------------------*/
4290 /*--- end ---*/
4291 /*--------------------------------------------------------------------*/