Commit | Line | Data |
---|---|---|
059ec3d9 PH |
1 | /************************************************* |
2 | * Exim - an Internet mail transport agent * | |
3 | *************************************************/ | |
4 | ||
80fea873 | 5 | /* Copyright (c) University of Cambridge 1995 - 2016 */ |
059ec3d9 PH |
6 | /* See the file NOTICE for conditions of use and distribution. */ |
7 | ||
8 | /* Exim gets and frees all its store through these functions. In the original | |
9 | implementation there was a lot of mallocing and freeing of small bits of store. | |
10 | The philosophy has now changed to a scheme which includes the concept of | |
11 | "stacking pools" of store. For the short-lived processes, there isn't any real | |
12 | need to do any garbage collection, but the stack concept allows quick resetting | |
13 | in places where this seems sensible. | |
14 | ||
15 | Obviously the long-running processes (the daemon, the queue runner, and eximon) | |
16 | must take care not to eat store. | |
17 | ||
18 | The following different types of store are recognized: | |
19 | ||
20 | . Long-lived, large blocks: This is implemented by retaining the original | |
21 | malloc/free functions, and it used for permanent working buffers and for | |
22 | getting blocks to cut up for the other types. | |
23 | ||
24 | . Long-lived, small blocks: This is used for blocks that have to survive until | |
25 | the process exits. It is implemented as a stacking pool (POOL_PERM). This is | |
26 | functionally the same as store_malloc(), except that the store can't be | |
27 | freed, but I expect it to be more efficient for handling small blocks. | |
28 | ||
29 | . Short-lived, short blocks: Most of the dynamic store falls into this | |
30 | category. It is implemented as a stacking pool (POOL_MAIN) which is reset | |
31 | after accepting a message when multiple messages are received by a single | |
32 | process. Resetting happens at some other times as well, usually fairly | |
33 | locally after some specific processing that needs working store. | |
34 | ||
35 | . There is a separate pool (POOL_SEARCH) that is used only for lookup storage. | |
36 | This means it can be freed when search_tidyup() is called to close down all | |
37 | the lookup caching. | |
38 | */ | |
39 | ||
40 | ||
41 | #include "exim.h" | |
438257ba PP |
42 | /* keep config.h before memcheck.h, for NVALGRIND */ |
43 | #include "config.h" | |
44 | ||
7f36d675 | 45 | #include "memcheck.h" |
059ec3d9 PH |
46 | |
47 | ||
48 | /* We need to know how to align blocks of data for general use. I'm not sure | |
49 | how to get an alignment factor in general. In the current world, a value of 8 | |
50 | is probably right, and this is sizeof(double) on some systems and sizeof(void | |
51 | *) on others, so take the larger of those. Since everything in this expression | |
52 | is a constant, the compiler should optimize it to a simple constant wherever it | |
53 | appears (I checked that gcc does do this). */ | |
54 | ||
55 | #define alignment \ | |
56 | ((sizeof(void *) > sizeof(double))? sizeof(void *) : sizeof(double)) | |
57 | ||
58 | /* Size of block to get from malloc to carve up into smaller ones. This | |
59 | must be a multiple of the alignment. We assume that 8192 is going to be | |
60 | suitably aligned. */ | |
61 | ||
62 | #define STORE_BLOCK_SIZE 8192 | |
63 | ||
64 | /* store_reset() will not free the following block if the last used block has | |
65 | less than this much left in it. */ | |
66 | ||
67 | #define STOREPOOL_MIN_SIZE 256 | |
68 | ||
69 | /* Structure describing the beginning of each big block. */ | |
70 | ||
71 | typedef struct storeblock { | |
72 | struct storeblock *next; | |
73 | size_t length; | |
74 | } storeblock; | |
75 | ||
76 | /* Just in case we find ourselves on a system where the structure above has a | |
77 | length that is not a multiple of the alignment, set up a macro for the padded | |
78 | length. */ | |
79 | ||
80 | #define ALIGNED_SIZEOF_STOREBLOCK \ | |
81 | (((sizeof(storeblock) + alignment - 1) / alignment) * alignment) | |
82 | ||
83 | /* Variables holding data for the local pools of store. The current pool number | |
84 | is held in store_pool, which is global so that it can be changed from outside. | |
85 | Setting the initial length values to -1 forces a malloc for the first call, | |
86 | even if the length is zero (which is used for getting a point to reset to). */ | |
87 | ||
88 | int store_pool = POOL_PERM; | |
89 | ||
90 | static storeblock *chainbase[3] = { NULL, NULL, NULL }; | |
91 | static storeblock *current_block[3] = { NULL, NULL, NULL }; | |
92 | static void *next_yield[3] = { NULL, NULL, NULL }; | |
93 | static int yield_length[3] = { -1, -1, -1 }; | |
94 | ||
95 | /* pool_malloc holds the amount of memory used by the store pools; this goes up | |
96 | and down as store is reset or released. nonpool_malloc is the total got by | |
97 | malloc from other calls; this doesn't go down because it is just freed by | |
98 | pointer. */ | |
99 | ||
100 | static int pool_malloc = 0; | |
101 | static int nonpool_malloc = 0; | |
102 | ||
103 | /* This variable is set by store_get() to its yield, and by store_reset() to | |
104 | NULL. This enables string_cat() to optimize its store handling for very long | |
105 | strings. That's why the variable is global. */ | |
106 | ||
107 | void *store_last_get[3] = { NULL, NULL, NULL }; | |
108 | ||
109 | ||
110 | ||
111 | /************************************************* | |
112 | * Get a block from the current pool * | |
113 | *************************************************/ | |
114 | ||
115 | /* Running out of store is a total disaster. This function is called via the | |
116 | macro store_get(). It passes back a block of store within the current big | |
117 | block, getting a new one if necessary. The address is saved in | |
118 | store_last_was_get. | |
119 | ||
120 | Arguments: | |
121 | size amount wanted | |
122 | filename source file from which called | |
123 | linenumber line number in source file. | |
124 | ||
125 | Returns: pointer to store (panic on malloc failure) | |
126 | */ | |
127 | ||
128 | void * | |
129 | store_get_3(int size, const char *filename, int linenumber) | |
130 | { | |
131 | /* Round up the size to a multiple of the alignment. Although this looks a | |
132 | messy statement, because "alignment" is a constant expression, the compiler can | |
133 | do a reasonable job of optimizing, especially if the value of "alignment" is a | |
134 | power of two. I checked this with -O2, and gcc did very well, compiling it to 4 | |
135 | instructions on a Sparc (alignment = 8). */ | |
136 | ||
137 | if (size % alignment != 0) size += alignment - (size % alignment); | |
138 | ||
139 | /* If there isn't room in the current block, get a new one. The minimum | |
140 | size is STORE_BLOCK_SIZE, and we would expect this to be the norm, since | |
141 | these functions are mostly called for small amounts of store. */ | |
142 | ||
143 | if (size > yield_length[store_pool]) | |
144 | { | |
145 | int length = (size <= STORE_BLOCK_SIZE)? STORE_BLOCK_SIZE : size; | |
146 | int mlength = length + ALIGNED_SIZEOF_STOREBLOCK; | |
147 | storeblock *newblock = NULL; | |
148 | ||
149 | /* Sometimes store_reset() may leave a block for us; check if we can use it */ | |
150 | ||
151 | if (current_block[store_pool] != NULL && | |
152 | current_block[store_pool]->next != NULL) | |
153 | { | |
154 | newblock = current_block[store_pool]->next; | |
155 | if (newblock->length < length) | |
156 | { | |
157 | /* Give up on this block, because it's too small */ | |
158 | store_free(newblock); | |
159 | newblock = NULL; | |
160 | } | |
161 | } | |
162 | ||
163 | /* If there was no free block, get a new one */ | |
164 | ||
165 | if (newblock == NULL) | |
166 | { | |
167 | pool_malloc += mlength; /* Used in pools */ | |
168 | nonpool_malloc -= mlength; /* Exclude from overall total */ | |
169 | newblock = store_malloc(mlength); | |
170 | newblock->next = NULL; | |
171 | newblock->length = length; | |
172 | if (chainbase[store_pool] == NULL) chainbase[store_pool] = newblock; | |
173 | else current_block[store_pool]->next = newblock; | |
174 | } | |
175 | ||
176 | current_block[store_pool] = newblock; | |
177 | yield_length[store_pool] = newblock->length; | |
178 | next_yield[store_pool] = | |
179 | (void *)((char *)current_block[store_pool] + ALIGNED_SIZEOF_STOREBLOCK); | |
4d8bb202 | 180 | (void) VALGRIND_MAKE_MEM_NOACCESS(next_yield[store_pool], yield_length[store_pool]); |
059ec3d9 PH |
181 | } |
182 | ||
183 | /* There's (now) enough room in the current block; the yield is the next | |
184 | pointer. */ | |
185 | ||
186 | store_last_get[store_pool] = next_yield[store_pool]; | |
187 | ||
188 | /* Cut out the debugging stuff for utilities, but stop picky compilers from | |
189 | giving warnings. */ | |
190 | ||
191 | #ifdef COMPILE_UTILITY | |
192 | filename = filename; | |
193 | linenumber = linenumber; | |
194 | #else | |
195 | DEBUG(D_memory) | |
196 | { | |
197 | if (running_in_test_harness) | |
198 | debug_printf("---%d Get %5d\n", store_pool, size); | |
199 | else | |
200 | debug_printf("---%d Get %6p %5d %-14s %4d\n", store_pool, | |
201 | store_last_get[store_pool], size, filename, linenumber); | |
202 | } | |
203 | #endif /* COMPILE_UTILITY */ | |
204 | ||
4d8bb202 | 205 | (void) VALGRIND_MAKE_MEM_UNDEFINED(store_last_get[store_pool], size); |
059ec3d9 PH |
206 | /* Update next pointer and number of bytes left in the current block. */ |
207 | ||
208 | next_yield[store_pool] = (void *)((char *)next_yield[store_pool] + size); | |
209 | yield_length[store_pool] -= size; | |
210 | ||
211 | return store_last_get[store_pool]; | |
212 | } | |
213 | ||
214 | ||
215 | ||
216 | /************************************************* | |
217 | * Get a block from the PERM pool * | |
218 | *************************************************/ | |
219 | ||
220 | /* This is just a convenience function, useful when just a single block is to | |
221 | be obtained. | |
222 | ||
223 | Arguments: | |
224 | size amount wanted | |
225 | filename source file from which called | |
226 | linenumber line number in source file. | |
227 | ||
228 | Returns: pointer to store (panic on malloc failure) | |
229 | */ | |
230 | ||
231 | void * | |
232 | store_get_perm_3(int size, const char *filename, int linenumber) | |
233 | { | |
234 | void *yield; | |
235 | int old_pool = store_pool; | |
236 | store_pool = POOL_PERM; | |
237 | yield = store_get_3(size, filename, linenumber); | |
238 | store_pool = old_pool; | |
239 | return yield; | |
240 | } | |
241 | ||
242 | ||
243 | ||
244 | /************************************************* | |
245 | * Extend a block if it is at the top * | |
246 | *************************************************/ | |
247 | ||
248 | /* While reading strings of unknown length, it is often the case that the | |
249 | string is being read into the block at the top of the stack. If it needs to be | |
250 | extended, it is more efficient just to extend the top block rather than | |
251 | allocate a new block and then have to copy the data. This function is provided | |
252 | for the use of string_cat(), but of course can be used elsewhere too. | |
253 | ||
254 | Arguments: | |
255 | ptr pointer to store block | |
256 | oldsize current size of the block, as requested by user | |
257 | newsize new size required | |
258 | filename source file from which called | |
259 | linenumber line number in source file | |
260 | ||
261 | Returns: TRUE if the block is at the top of the stack and has been | |
262 | extended; FALSE if it isn't at the top of the stack, or cannot | |
263 | be extended | |
264 | */ | |
265 | ||
266 | BOOL | |
267 | store_extend_3(void *ptr, int oldsize, int newsize, const char *filename, | |
268 | int linenumber) | |
269 | { | |
270 | int inc = newsize - oldsize; | |
271 | int rounded_oldsize = oldsize; | |
272 | ||
273 | if (rounded_oldsize % alignment != 0) | |
274 | rounded_oldsize += alignment - (rounded_oldsize % alignment); | |
275 | ||
276 | if ((char *)ptr + rounded_oldsize != (char *)(next_yield[store_pool]) || | |
277 | inc > yield_length[store_pool] + rounded_oldsize - oldsize) | |
278 | return FALSE; | |
279 | ||
280 | /* Cut out the debugging stuff for utilities, but stop picky compilers from | |
281 | giving warnings. */ | |
282 | ||
283 | #ifdef COMPILE_UTILITY | |
284 | filename = filename; | |
285 | linenumber = linenumber; | |
286 | #else | |
287 | DEBUG(D_memory) | |
288 | { | |
289 | if (running_in_test_harness) | |
290 | debug_printf("---%d Ext %5d\n", store_pool, newsize); | |
291 | else | |
292 | debug_printf("---%d Ext %6p %5d %-14s %4d\n", store_pool, ptr, newsize, | |
293 | filename, linenumber); | |
294 | } | |
295 | #endif /* COMPILE_UTILITY */ | |
296 | ||
297 | if (newsize % alignment != 0) newsize += alignment - (newsize % alignment); | |
298 | next_yield[store_pool] = (char *)ptr + newsize; | |
299 | yield_length[store_pool] -= newsize - rounded_oldsize; | |
4d8bb202 | 300 | (void) VALGRIND_MAKE_MEM_UNDEFINED(ptr + oldsize, inc); |
059ec3d9 PH |
301 | return TRUE; |
302 | } | |
303 | ||
304 | ||
305 | ||
306 | ||
307 | /************************************************* | |
308 | * Back up to a previous point on the stack * | |
309 | *************************************************/ | |
310 | ||
311 | /* This function resets the next pointer, freeing any subsequent whole blocks | |
312 | that are now unused. Normally it is given a pointer that was the yield of a | |
313 | call to store_get, and is therefore aligned, but it may be given an offset | |
314 | after such a pointer in order to release the end of a block and anything that | |
315 | follows. | |
316 | ||
317 | Arguments: | |
318 | ptr place to back up to | |
319 | filename source file from which called | |
320 | linenumber line number in source file | |
321 | ||
322 | Returns: nothing | |
323 | */ | |
324 | ||
325 | void | |
326 | store_reset_3(void *ptr, const char *filename, int linenumber) | |
327 | { | |
328 | storeblock *bb; | |
329 | storeblock *b = current_block[store_pool]; | |
330 | char *bc = (char *)b + ALIGNED_SIZEOF_STOREBLOCK; | |
331 | int newlength; | |
332 | ||
333 | /* Last store operation was not a get */ | |
334 | ||
335 | store_last_get[store_pool] = NULL; | |
336 | ||
337 | /* See if the place is in the current block - as it often will be. Otherwise, | |
338 | search for the block in which it lies. */ | |
339 | ||
340 | if ((char *)ptr < bc || (char *)ptr > bc + b->length) | |
341 | { | |
342 | for (b = chainbase[store_pool]; b != NULL; b = b->next) | |
343 | { | |
344 | bc = (char *)b + ALIGNED_SIZEOF_STOREBLOCK; | |
345 | if ((char *)ptr >= bc && (char *)ptr <= bc + b->length) break; | |
346 | } | |
347 | if (b == NULL) | |
438257ba | 348 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "internal error: store_reset(%p) " |
059ec3d9 PH |
349 | "failed: pool=%d %-14s %4d", ptr, store_pool, filename, linenumber); |
350 | } | |
351 | ||
352 | /* Back up, rounding to the alignment if necessary. When testing, flatten | |
353 | the released memory. */ | |
354 | ||
355 | newlength = bc + b->length - (char *)ptr; | |
356 | #ifndef COMPILE_UTILITY | |
2c9f7ff8 JH |
357 | if (running_in_test_harness) |
358 | { | |
359 | (void) VALGRIND_MAKE_MEM_DEFINED(ptr, newlength); | |
360 | memset(ptr, 0xF0, newlength); | |
361 | } | |
059ec3d9 | 362 | #endif |
4d8bb202 | 363 | (void) VALGRIND_MAKE_MEM_NOACCESS(ptr, newlength); |
059ec3d9 PH |
364 | yield_length[store_pool] = newlength - (newlength % alignment); |
365 | next_yield[store_pool] = (char *)ptr + (newlength % alignment); | |
366 | current_block[store_pool] = b; | |
367 | ||
368 | /* Free any subsequent block. Do NOT free the first successor, if our | |
369 | current block has less than 256 bytes left. This should prevent us from | |
370 | flapping memory. However, keep this block only when it has the default size. */ | |
371 | ||
372 | if (yield_length[store_pool] < STOREPOOL_MIN_SIZE && | |
373 | b->next != NULL && | |
374 | b->next->length == STORE_BLOCK_SIZE) | |
7f36d675 | 375 | { |
059ec3d9 | 376 | b = b->next; |
4d8bb202 RC |
377 | (void) VALGRIND_MAKE_MEM_NOACCESS((char *)b + ALIGNED_SIZEOF_STOREBLOCK, |
378 | b->length - ALIGNED_SIZEOF_STOREBLOCK); | |
7f36d675 | 379 | } |
059ec3d9 PH |
380 | |
381 | bb = b->next; | |
382 | b->next = NULL; | |
383 | ||
384 | while (bb != NULL) | |
385 | { | |
386 | b = bb; | |
387 | bb = bb->next; | |
388 | pool_malloc -= b->length + ALIGNED_SIZEOF_STOREBLOCK; | |
389 | store_free_3(b, filename, linenumber); | |
390 | } | |
391 | ||
392 | /* Cut out the debugging stuff for utilities, but stop picky compilers from | |
393 | giving warnings. */ | |
394 | ||
395 | #ifdef COMPILE_UTILITY | |
396 | filename = filename; | |
397 | linenumber = linenumber; | |
398 | #else | |
399 | DEBUG(D_memory) | |
400 | { | |
401 | if (running_in_test_harness) | |
402 | debug_printf("---%d Rst ** %d\n", store_pool, pool_malloc); | |
403 | else | |
404 | debug_printf("---%d Rst %6p ** %-14s %4d %d\n", store_pool, ptr, | |
405 | filename, linenumber, pool_malloc); | |
406 | } | |
407 | #endif /* COMPILE_UTILITY */ | |
408 | } | |
409 | ||
410 | ||
411 | ||
412 | ||
413 | ||
414 | /************************************************ | |
415 | * Release store * | |
416 | ************************************************/ | |
417 | ||
418 | /* This function is specifically provided for use when reading very | |
419 | long strings, e.g. header lines. When the string gets longer than a | |
420 | complete block, it gets copied to a new block. It is helpful to free | |
421 | the old block iff the previous copy of the string is at its start, | |
422 | and therefore the only thing in it. Otherwise, for very long strings, | |
423 | dead store can pile up somewhat disastrously. This function checks that | |
424 | the pointer it is given is the first thing in a block, and if so, | |
425 | releases that block. | |
426 | ||
427 | Arguments: | |
428 | block block of store to consider | |
429 | filename source file from which called | |
430 | linenumber line number in source file | |
431 | ||
432 | Returns: nothing | |
433 | */ | |
434 | ||
435 | void | |
436 | store_release_3(void *block, const char *filename, int linenumber) | |
437 | { | |
438 | storeblock *b; | |
439 | ||
440 | /* It will never be the first block, so no need to check that. */ | |
441 | ||
442 | for (b = chainbase[store_pool]; b != NULL; b = b->next) | |
443 | { | |
444 | storeblock *bb = b->next; | |
445 | if (bb != NULL && (char *)block == (char *)bb + ALIGNED_SIZEOF_STOREBLOCK) | |
446 | { | |
447 | b->next = bb->next; | |
448 | pool_malloc -= bb->length + ALIGNED_SIZEOF_STOREBLOCK; | |
449 | ||
450 | /* Cut out the debugging stuff for utilities, but stop picky compilers | |
451 | from giving warnings. */ | |
452 | ||
453 | #ifdef COMPILE_UTILITY | |
454 | filename = filename; | |
455 | linenumber = linenumber; | |
456 | #else | |
457 | DEBUG(D_memory) | |
458 | { | |
459 | if (running_in_test_harness) | |
460 | debug_printf("-Release %d\n", pool_malloc); | |
461 | else | |
462 | debug_printf("-Release %6p %-20s %4d %d\n", (void *)bb, filename, | |
463 | linenumber, pool_malloc); | |
464 | } | |
465 | if (running_in_test_harness) | |
466 | memset(bb, 0xF0, bb->length+ALIGNED_SIZEOF_STOREBLOCK); | |
467 | #endif /* COMPILE_UTILITY */ | |
468 | ||
469 | free(bb); | |
470 | return; | |
471 | } | |
472 | } | |
473 | } | |
474 | ||
475 | ||
476 | ||
477 | ||
478 | /************************************************* | |
479 | * Malloc store * | |
480 | *************************************************/ | |
481 | ||
482 | /* Running out of store is a total disaster for exim. Some malloc functions | |
483 | do not run happily on very small sizes, nor do they document this fact. This | |
484 | function is called via the macro store_malloc(). | |
485 | ||
486 | Arguments: | |
487 | size amount of store wanted | |
488 | filename source file from which called | |
489 | linenumber line number in source file | |
490 | ||
491 | Returns: pointer to gotten store (panic on failure) | |
492 | */ | |
493 | ||
494 | void * | |
495 | store_malloc_3(int size, const char *filename, int linenumber) | |
496 | { | |
497 | void *yield; | |
498 | ||
499 | if (size < 16) size = 16; | |
500 | yield = malloc((size_t)size); | |
501 | ||
502 | if (yield == NULL) | |
503 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to malloc %d bytes of memory: " | |
504 | "called from line %d of %s", size, linenumber, filename); | |
505 | ||
506 | nonpool_malloc += size; | |
507 | ||
508 | /* Cut out the debugging stuff for utilities, but stop picky compilers from | |
509 | giving warnings. */ | |
510 | ||
511 | #ifdef COMPILE_UTILITY | |
512 | filename = filename; | |
513 | linenumber = linenumber; | |
514 | #else | |
515 | ||
516 | /* If running in test harness, spend time making sure all the new store | |
517 | is not filled with zeros so as to catch problems. */ | |
518 | ||
519 | if (running_in_test_harness) | |
520 | { | |
521 | memset(yield, 0xF0, (size_t)size); | |
522 | DEBUG(D_memory) debug_printf("--Malloc %5d %d %d\n", size, pool_malloc, | |
523 | nonpool_malloc); | |
524 | } | |
525 | else | |
526 | { | |
527 | DEBUG(D_memory) debug_printf("--Malloc %6p %5d %-14s %4d %d %d\n", yield, | |
528 | size, filename, linenumber, pool_malloc, nonpool_malloc); | |
529 | } | |
530 | #endif /* COMPILE_UTILITY */ | |
531 | ||
532 | return yield; | |
533 | } | |
534 | ||
535 | ||
536 | /************************************************ | |
537 | * Free store * | |
538 | ************************************************/ | |
539 | ||
540 | /* This function is called by the macro store_free(). | |
541 | ||
542 | Arguments: | |
543 | block block of store to free | |
544 | filename source file from which called | |
545 | linenumber line number in source file | |
546 | ||
547 | Returns: nothing | |
548 | */ | |
549 | ||
550 | void | |
551 | store_free_3(void *block, const char *filename, int linenumber) | |
552 | { | |
553 | #ifdef COMPILE_UTILITY | |
554 | filename = filename; | |
555 | linenumber = linenumber; | |
556 | #else | |
557 | DEBUG(D_memory) | |
558 | { | |
559 | if (running_in_test_harness) | |
560 | debug_printf("----Free\n"); | |
561 | else | |
562 | debug_printf("----Free %6p %-20s %4d\n", block, filename, linenumber); | |
563 | } | |
564 | #endif /* COMPILE_UTILITY */ | |
565 | free(block); | |
566 | } | |
567 | ||
568 | /* End of store.c */ |