projects / exim.git / blob
? search:


fbfd20d1de64d34fb276e183aad8483b91cc872b
[exim.git] / src / src / store.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* Copyright (c) The Exim maintainers 2019 */
7 /* See the file NOTICE for conditions of use and distribution. */
8
9 /* Exim gets and frees all its store through these functions. In the original
10 implementation there was a lot of mallocing and freeing of small bits of store.
11 The philosophy has now changed to a scheme which includes the concept of
12 "stacking pools" of store. For the short-lived processes, there isn't any real
13 need to do any garbage collection, but the stack concept allows quick resetting
14 in places where this seems sensible.
15
16 Obviously the long-running processes (the daemon, the queue runner, and eximon)
17 must take care not to eat store.
18
19 The following different types of store are recognized:
20
21 . Long-lived, large blocks: This is implemented by retaining the original
22 malloc/free functions, and it used for permanent working buffers and for
23 getting blocks to cut up for the other types.
24
25 . Long-lived, small blocks: This is used for blocks that have to survive until
26 the process exits. It is implemented as a stacking pool (POOL_PERM). This is
27 functionally the same as store_malloc(), except that the store can't be
28 freed, but I expect it to be more efficient for handling small blocks.
29
30 . Short-lived, short blocks: Most of the dynamic store falls into this
31 category. It is implemented as a stacking pool (POOL_MAIN) which is reset
32 after accepting a message when multiple messages are received by a single
33 process. Resetting happens at some other times as well, usually fairly
34 locally after some specific processing that needs working store.
35
36 . There is a separate pool (POOL_SEARCH) that is used only for lookup storage.
37 This means it can be freed when search_tidyup() is called to close down all
38 the lookup caching.
39
40 . Orthogonal to the three pool types, there are two classes of memory: untainted
41 and tainted. The latter is used for values derived from untrusted input, and
42 the string-expansion mechanism refuses to operate on such values (obviously,
43 it can expand an untainted value to return a tainted result). The classes
44 are implemented by duplicating the three pool types. Pool resets are requested
45 against the nontainted sibling and apply to both siblings.
46
47 Only memory blocks requested for tainted use are regarded as tainted; anything
48 else (including stack auto variables) is untainted. Care is needed when coding
49 to not copy untrusted data into untainted memory, as downstream taint-checks
50 would be avoided.
51
52 Intermediate layers (eg. the string functions) can test for taint, and use this
53 for ensuringn that results have proper state. For example the
54 string_vformat_trc() routing supporting the string_sprintf() interface will
55 recopy a string being built into a tainted allocation if it meets a %s for a
56 tainted argument.
57
58 Internally we currently use malloc for nontainted pools, and mmap for tainted
59 pools. The disparity is for speed of testing the taintedness of pointers;
60 because Linux appears to use distinct non-overlapping address allocations for
61 mmap vs. everything else, which means only two pointer-compares suffice for the
62 test. Other OS' cannot use that optimisation, and a more lengthy test against
63 the limits of tainted-pool allcations has to be done.
64 */
65
66
67 #include "exim.h"
68 /* keep config.h before memcheck.h, for NVALGRIND */
69 #include "config.h"
70
71 #include <sys/mman.h>
72 #include "memcheck.h"
73
74
75 /* We need to know how to align blocks of data for general use. I'm not sure
76 how to get an alignment factor in general. In the current world, a value of 8
77 is probably right, and this is sizeof(double) on some systems and sizeof(void
78 *) on others, so take the larger of those. Since everything in this expression
79 is a constant, the compiler should optimize it to a simple constant wherever it
80 appears (I checked that gcc does do this). */
81
82 #define alignment \
83 (sizeof(void *) > sizeof(double) ? sizeof(void *) : sizeof(double))
84
85 /* store_reset() will not free the following block if the last used block has
86 less than this much left in it. */
87
88 #define STOREPOOL_MIN_SIZE 256
89
90 /* Structure describing the beginning of each big block. */
91
92 typedef struct storeblock {
93 struct storeblock *next;
94 size_t length;
95 } storeblock;
96
97 /* Just in case we find ourselves on a system where the structure above has a
98 length that is not a multiple of the alignment, set up a macro for the padded
99 length. */
100
101 #define ALIGNED_SIZEOF_STOREBLOCK \
102 (((sizeof(storeblock) + alignment - 1) / alignment) * alignment)
103
104 /* Size of block to get from malloc to carve up into smaller ones. This
105 must be a multiple of the alignment. We assume that 8192 is going to be
106 suitably aligned. */
107
108 #define STORE_BLOCK_SIZE (8192 - ALIGNED_SIZEOF_STOREBLOCK)
109
110 /* Variables holding data for the local pools of store. The current pool number
111 is held in store_pool, which is global so that it can be changed from outside.
112 Setting the initial length values to -1 forces a malloc for the first call,
113 even if the length is zero (which is used for getting a point to reset to). */
114
115 int store_pool = POOL_MAIN;
116
117 #define NPOOLS 6
118 static storeblock *chainbase[NPOOLS];
119 static storeblock *current_block[NPOOLS];
120 static void *next_yield[NPOOLS];
121 static int yield_length[NPOOLS] = { -1, -1, -1, -1, -1, -1 };
122
123 /* The limits of the tainted pools. Tracking these on new allocations enables
124 a fast is_tainted implementation. We assume the kernel only allocates mmaps using
125 one side or the other of data+heap, not both. */
126
127 void * tainted_base = (void *)-1;
128 void * tainted_top = (void *)0;
129
130 /* pool_malloc holds the amount of memory used by the store pools; this goes up
131 and down as store is reset or released. nonpool_malloc is the total got by
132 malloc from other calls; this doesn't go down because it is just freed by
133 pointer. */
134
135 static int pool_malloc;
136 static int nonpool_malloc;
137
138 /* This variable is set by store_get() to its yield, and by store_reset() to
139 NULL. This enables string_cat() to optimize its store handling for very long
140 strings. That's why the variable is global. */
141
142 void *store_last_get[NPOOLS];
143
144 /* These are purely for stats-gathering */
145
146 static int nbytes[NPOOLS]; /* current bytes allocated */
147 static int maxbytes[NPOOLS]; /* max number reached */
148 static int nblocks[NPOOLS]; /* current number of blocks allocated */
149 static int maxblocks[NPOOLS];
150 static int n_nonpool_blocks; /* current number of direct store_malloc() blocks */
151 static int max_nonpool_blocks;
152 static int max_pool_malloc; /* max value for pool_malloc */
153 static int max_nonpool_malloc; /* max value for nonpool_malloc */
154
155
156 #ifndef COMPILE_UTILITY
157 static const uschar * pooluse[NPOOLS] = {
158 [POOL_MAIN] = US"main",
159 [POOL_PERM] = US"perm",
160 [POOL_SEARCH] = US"search",
161 [POOL_TAINT_MAIN] = US"main",
162 [POOL_TAINT_PERM] = US"perm",
163 [POOL_TAINT_SEARCH] = US"search",
164 };
165 static const uschar * poolclass[NPOOLS] = {
166 [POOL_MAIN] = US"untainted",
167 [POOL_PERM] = US"untainted",
168 [POOL_SEARCH] = US"untainted",
169 [POOL_TAINT_MAIN] = US"tainted",
170 [POOL_TAINT_PERM] = US"tainted",
171 [POOL_TAINT_SEARCH] = US"tainted",
172 };
173 #endif
174
175
176 static void * store_mmap(int, const char *, int);
177 static void * internal_store_malloc(int, const char *, int);
178 static void internal_untainted_free(void *, const char *, int linenumber);
179 static void internal_tainted_free(storeblock *, const char *, int linenumber);
180
181 /******************************************************************************/
182
183 /* Slower version check, for use when platform intermixes malloc and mmap area
184 addresses. */
185
186 BOOL
187 is_tainted_fn(const void * p)
188 {
189 storeblock * b;
190 int pool;
191
192 for (pool = 0; pool < nelem(chainbase); pool++)
193 if ((b = current_block[pool]))
194 {
195 char * bc = CS b + ALIGNED_SIZEOF_STOREBLOCK;
196 if (CS p >= bc && CS p <= bc + b->length) goto hit;
197 }
198
199 for (pool = 0; pool < nelem(chainbase); pool++)
200 for (b = chainbase[pool]; b; b = b->next)
201 {
202 char * bc = CS b + ALIGNED_SIZEOF_STOREBLOCK;
203 if (CS p >= bc && CS p <= bc + b->length) goto hit;
204 }
205 return FALSE;
206
207 hit:
208 return pool >= POOL_TAINT_BASE;
209 }
210
211
212 void
213 die_tainted(const uschar * msg, const uschar * func, int line)
214 {
215 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Taint mismatch, %s: %s %d\n",
216 msg, func, line);
217 }
218
219
220 /*************************************************
221 * Get a block from the current pool *
222 *************************************************/
223
224 /* Running out of store is a total disaster. This function is called via the
225 macro store_get(). It passes back a block of store within the current big
226 block, getting a new one if necessary. The address is saved in
227 store_last_was_get.
228
229 Arguments:
230 size amount wanted, bytes
231 tainted class: set to true for untrusted data (eg. from smtp input)
232 func function from which called
233 linenumber line number in source file
234
235 Returns: pointer to store (panic on malloc failure)
236 */
237
238 void *
239 store_get_3(int size, BOOL tainted, const char *func, int linenumber)
240 {
241 int pool = tainted ? store_pool + POOL_TAINT_BASE : store_pool;
242
243 /* Round up the size to a multiple of the alignment. Although this looks a
244 messy statement, because "alignment" is a constant expression, the compiler can
245 do a reasonable job of optimizing, especially if the value of "alignment" is a
246 power of two. I checked this with -O2, and gcc did very well, compiling it to 4
247 instructions on a Sparc (alignment = 8). */
248
249 if (size % alignment != 0) size += alignment - (size % alignment);
250
251 /* If there isn't room in the current block, get a new one. The minimum
252 size is STORE_BLOCK_SIZE, and we would expect this to be the norm, since
253 these functions are mostly called for small amounts of store. */
254
255 if (size > yield_length[pool])
256 {
257 int length = size <= STORE_BLOCK_SIZE ? STORE_BLOCK_SIZE : size;
258 int mlength = length + ALIGNED_SIZEOF_STOREBLOCK;
259 storeblock * newblock;
260
261 /* Sometimes store_reset() may leave a block for us; check if we can use it */
262
263 if ( (newblock = current_block[pool])
264 && (newblock = newblock->next)
265 && newblock->length < length
266 )
267 {
268 /* Give up on this block, because it's too small */
269 nblocks[pool]--;
270 if (pool < POOL_TAINT_BASE)
271 internal_untainted_free(newblock, func, linenumber);
272 else
273 internal_tainted_free(newblock, func, linenumber);
274 newblock = NULL;
275 }
276
277 /* If there was no free block, get a new one */
278
279 if (!newblock)
280 {
281 if ((nbytes[pool] += mlength) > maxbytes[pool])
282 maxbytes[pool] = nbytes[pool];
283 if ((pool_malloc += mlength) > max_pool_malloc) /* Used in pools */
284 max_pool_malloc = pool_malloc;
285 nonpool_malloc -= mlength; /* Exclude from overall total */
286 if (++nblocks[pool] > maxblocks[pool])
287 maxblocks[pool] = nblocks[pool];
288
289 newblock = tainted
290 ? store_mmap(mlength, func, linenumber)
291 : internal_store_malloc(mlength, func, linenumber);
292 newblock->next = NULL;
293 newblock->length = length;
294
295 if (!chainbase[pool])
296 chainbase[pool] = newblock;
297 else
298 current_block[pool]->next = newblock;
299 }
300
301 current_block[pool] = newblock;
302 yield_length[pool] = newblock->length;
303 next_yield[pool] =
304 (void *)(CS current_block[pool] + ALIGNED_SIZEOF_STOREBLOCK);
305 (void) VALGRIND_MAKE_MEM_NOACCESS(next_yield[pool], yield_length[pool]);
306 }
307
308 /* There's (now) enough room in the current block; the yield is the next
309 pointer. */
310
311 store_last_get[pool] = next_yield[pool];
312
313 /* Cut out the debugging stuff for utilities, but stop picky compilers from
314 giving warnings. */
315
316 #ifdef COMPILE_UTILITY
317 func = func;
318 linenumber = linenumber;
319 #else
320 DEBUG(D_memory)
321 debug_printf("---%d Get %6p %5d %-14s %4d\n", pool,
322 store_last_get[pool], size, func, linenumber);
323 #endif /* COMPILE_UTILITY */
324
325 (void) VALGRIND_MAKE_MEM_UNDEFINED(store_last_get[pool], size);
326 /* Update next pointer and number of bytes left in the current block. */
327
328 next_yield[pool] = (void *)(CS next_yield[pool] + size);
329 yield_length[pool] -= size;
330 return store_last_get[pool];
331 }
332
333
334
335 /*************************************************
336 * Get a block from the PERM pool *
337 *************************************************/
338
339 /* This is just a convenience function, useful when just a single block is to
340 be obtained.
341
342 Arguments:
343 size amount wanted
344 func function from which called
345 linenumber line number in source file
346
347 Returns: pointer to store (panic on malloc failure)
348 */
349
350 void *
351 store_get_perm_3(int size, BOOL tainted, const char *func, int linenumber)
352 {
353 void *yield;
354 int old_pool = store_pool;
355 store_pool = POOL_PERM;
356 yield = store_get_3(size, tainted, func, linenumber);
357 store_pool = old_pool;
358 return yield;
359 }
360
361
362
363 /*************************************************
364 * Extend a block if it is at the top *
365 *************************************************/
366
367 /* While reading strings of unknown length, it is often the case that the
368 string is being read into the block at the top of the stack. If it needs to be
369 extended, it is more efficient just to extend within the top block rather than
370 allocate a new block and then have to copy the data. This function is provided
371 for the use of string_cat(), but of course can be used elsewhere too.
372 The block itself is not expanded; only the top allocation from it.
373
374 Arguments:
375 ptr pointer to store block
376 oldsize current size of the block, as requested by user
377 newsize new size required
378 func function from which called
379 linenumber line number in source file
380
381 Returns: TRUE if the block is at the top of the stack and has been
382 extended; FALSE if it isn't at the top of the stack, or cannot
383 be extended
384 */
385
386 BOOL
387 store_extend_3(void *ptr, BOOL tainted, int oldsize, int newsize,
388 const char *func, int linenumber)
389 {
390 int pool = tainted ? store_pool + POOL_TAINT_BASE : store_pool;
391 int inc = newsize - oldsize;
392 int rounded_oldsize = oldsize;
393
394 /* Check that the block being extended was already of the required taint status;
395 refuse to extend if not. */
396
397 if (is_tainted(ptr) != tainted)
398 return FALSE;
399
400 if (rounded_oldsize % alignment != 0)
401 rounded_oldsize += alignment - (rounded_oldsize % alignment);
402
403 if (CS ptr + rounded_oldsize != CS (next_yield[pool]) ||
404 inc > yield_length[pool] + rounded_oldsize - oldsize)
405 return FALSE;
406
407 /* Cut out the debugging stuff for utilities, but stop picky compilers from
408 giving warnings. */
409
410 #ifdef COMPILE_UTILITY
411 func = func;
412 linenumber = linenumber;
413 #else
414 DEBUG(D_memory)
415 debug_printf("---%d Ext %6p %5d %-14s %4d\n", pool, ptr, newsize,
416 func, linenumber);
417 #endif /* COMPILE_UTILITY */
418
419 if (newsize % alignment != 0) newsize += alignment - (newsize % alignment);
420 next_yield[pool] = CS ptr + newsize;
421 yield_length[pool] -= newsize - rounded_oldsize;
422 (void) VALGRIND_MAKE_MEM_UNDEFINED(ptr + oldsize, inc);
423 return TRUE;
424 }
425
426
427
428
429 /*************************************************
430 * Back up to a previous point on the stack *
431 *************************************************/
432
433 /* This function resets the next pointer, freeing any subsequent whole blocks
434 that are now unused. Call with a cookie obtained from store_mark() only; do
435 not call with a pointer returned by store_get(). Both the untainted and tainted
436 pools corresposding to store_pool are reset.
437
438 Arguments:
439 r place to back up to
440 func function from which called
441 linenumber line number in source file
442
443 Returns: nothing
444 */
445
446 static void
447 internal_store_reset(void * ptr, int pool, const char *func, int linenumber)
448 {
449 storeblock * bb;
450 storeblock * b = current_block[pool];
451 char * bc = CS b + ALIGNED_SIZEOF_STOREBLOCK;
452 int newlength, count;
453 #ifndef COMPILE_UTILITY
454 int oldmalloc = pool_malloc;
455 #endif
456
457 /* Last store operation was not a get */
458
459 store_last_get[pool] = NULL;
460
461 /* See if the place is in the current block - as it often will be. Otherwise,
462 search for the block in which it lies. */
463
464 if (CS ptr < bc || CS ptr > bc + b->length)
465 {
466 for (b = chainbase[pool]; b; b = b->next)
467 {
468 bc = CS b + ALIGNED_SIZEOF_STOREBLOCK;
469 if (CS ptr >= bc && CS ptr <= bc + b->length) break;
470 }
471 if (!b)
472 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "internal error: store_reset(%p) "
473 "failed: pool=%d %-14s %4d", ptr, pool, func, linenumber);
474 }
475
476 /* Back up, rounding to the alignment if necessary. When testing, flatten
477 the released memory. */
478
479 newlength = bc + b->length - CS ptr;
480 #ifndef COMPILE_UTILITY
481 if (debug_store)
482 {
483 assert_no_variables(ptr, newlength, func, linenumber);
484 if (f.running_in_test_harness)
485 {
486 (void) VALGRIND_MAKE_MEM_DEFINED(ptr, newlength);
487 memset(ptr, 0xF0, newlength);
488 }
489 }
490 #endif
491 (void) VALGRIND_MAKE_MEM_NOACCESS(ptr, newlength);
492 next_yield[pool] = CS ptr + (newlength % alignment);
493 count = yield_length[pool];
494 count = (yield_length[pool] = newlength - (newlength % alignment)) - count;
495 current_block[pool] = b;
496
497 /* Free any subsequent block. Do NOT free the first
498 successor, if our current block has less than 256 bytes left. This should
499 prevent us from flapping memory. However, keep this block only when it has
500 the default size. */
501
502 if ( yield_length[pool] < STOREPOOL_MIN_SIZE
503 && b->next
504 && b->next->length == STORE_BLOCK_SIZE)
505 {
506 b = b->next;
507 #ifndef COMPILE_UTILITY
508 if (debug_store)
509 assert_no_variables(b, b->length + ALIGNED_SIZEOF_STOREBLOCK,
510 func, linenumber);
511 #endif
512 (void) VALGRIND_MAKE_MEM_NOACCESS(CS b + ALIGNED_SIZEOF_STOREBLOCK,
513 b->length - ALIGNED_SIZEOF_STOREBLOCK);
514 }
515
516 bb = b->next;
517 b->next = NULL;
518
519 while ((b = bb))
520 {
521 int siz = b->length + ALIGNED_SIZEOF_STOREBLOCK;
522 #ifndef COMPILE_UTILITY
523 if (debug_store)
524 assert_no_variables(b, b->length + ALIGNED_SIZEOF_STOREBLOCK,
525 func, linenumber);
526 #endif
527 bb = bb->next;
528 nbytes[pool] -= siz;
529 pool_malloc -= siz;
530 nblocks[pool]--;
531 if (pool < POOL_TAINT_BASE)
532 internal_untainted_free(b, func, linenumber);
533 else
534 internal_tainted_free(b, func, linenumber);
535 }
536
537 /* Cut out the debugging stuff for utilities, but stop picky compilers from
538 giving warnings. */
539
540 #ifdef COMPILE_UTILITY
541 func = func;
542 linenumber = linenumber;
543 #else
544 DEBUG(D_memory)
545 debug_printf("---%d Rst %6p %5d %-14s %4d %d\n", pool, ptr,
546 count + oldmalloc - pool_malloc,
547 func, linenumber, pool_malloc);
548 #endif /* COMPILE_UTILITY */
549 }
550
551
552 rmark
553 store_reset_3(rmark r, int pool, const char *func, int linenumber)
554 {
555 void ** ptr = r;
556
557 if (pool >= POOL_TAINT_BASE)
558 log_write(0, LOG_MAIN|LOG_PANIC_DIE,
559 "store_reset called for pool %d: %s %d\n", pool, func, linenumber);
560 if (!r)
561 log_write(0, LOG_MAIN|LOG_PANIC_DIE,
562 "store_reset called with bad mark: %s %d\n", func, linenumber);
563
564 internal_store_reset(*ptr, pool + POOL_TAINT_BASE, func, linenumber);
565 internal_store_reset(ptr, pool, func, linenumber);
566 return NULL;
567 }
568
569
570
571 /* Free tail-end unused allocation. This lets us allocate a big chunk
572 early, for cases when we only discover later how much was really needed.
573
574 Can be called with a value from store_get(), or an offset after such. Only
575 the tainted or untainted pool that serviced the store_get() will be affected.
576
577 This is mostly a cut-down version of internal_store_reset().
578 XXX needs rationalising
579 */
580
581 void
582 store_release_above_3(void *ptr, const char *func, int linenumber)
583 {
584 /* Search all pools' "current" blocks. If it isn't one of those,
585 ignore it (it usually will be). */
586
587 for (int pool = 0; pool < nelem(current_block); pool++)
588 {
589 storeblock * b = current_block[pool];
590 char * bc;
591 int count, newlength;
592
593 if (!b)
594 continue;
595
596 bc = CS b + ALIGNED_SIZEOF_STOREBLOCK;
597 if (CS ptr < bc || CS ptr > bc + b->length)
598 continue;
599
600 /* Last store operation was not a get */
601
602 store_last_get[pool] = NULL;
603
604 /* Back up, rounding to the alignment if necessary. When testing, flatten
605 the released memory. */
606
607 newlength = bc + b->length - CS ptr;
608 #ifndef COMPILE_UTILITY
609 if (debug_store)
610 {
611 assert_no_variables(ptr, newlength, func, linenumber);
612 if (f.running_in_test_harness)
613 {
614 (void) VALGRIND_MAKE_MEM_DEFINED(ptr, newlength);
615 memset(ptr, 0xF0, newlength);
616 }
617 }
618 #endif
619 (void) VALGRIND_MAKE_MEM_NOACCESS(ptr, newlength);
620 next_yield[pool] = CS ptr + (newlength % alignment);
621 count = yield_length[pool];
622 count = (yield_length[pool] = newlength - (newlength % alignment)) - count;
623
624 /* Cut out the debugging stuff for utilities, but stop picky compilers from
625 giving warnings. */
626
627 #ifdef COMPILE_UTILITY
628 func = func;
629 linenumber = linenumber;
630 #else
631 DEBUG(D_memory)
632 debug_printf("---%d Rel %6p %5d %-14s %4d %d\n", pool, ptr, count,
633 func, linenumber, pool_malloc);
634 #endif
635 return;
636 }
637 #ifndef COMPILE_UTILITY
638 DEBUG(D_memory)
639 debug_printf("non-last memory release try: %s %d\n", func, linenumber);
640 #endif
641 }
642
643
644
645 rmark
646 store_mark_3(const char *func, int linenumber)
647 {
648 void ** p;
649
650 if (store_pool >= POOL_TAINT_BASE)
651 log_write(0, LOG_MAIN|LOG_PANIC_DIE,
652 "store_mark called for pool %d: %s %d\n", store_pool, func, linenumber);
653
654 /* Stash a mark for the tainted-twin release, in the untainted twin. Return
655 a cookie (actually the address in the untainted pool) to the caller.
656 Reset uses the cookie to recover the t-mark, winds back the tainted pool with it
657 and winds back the untainted pool with the cookie. */
658
659 p = store_get_3(sizeof(void *), FALSE, func, linenumber);
660 *p = store_get_3(0, TRUE, func, linenumber);
661 return p;
662 }
663
664
665
666
667 /************************************************
668 * Release store *
669 ************************************************/
670
671 /* This function checks that the pointer it is given is the first thing in a
672 block, and if so, releases that block.
673
674 Arguments:
675 block block of store to consider
676 func function from which called
677 linenumber line number in source file
678
679 Returns: nothing
680 */
681
682 static void
683 store_release_3(void * block, int pool, const char * func, int linenumber)
684 {
685 /* It will never be the first block, so no need to check that. */
686
687 for (storeblock * b = chainbase[pool]; b; b = b->next)
688 {
689 storeblock * bb = b->next;
690 if (bb && CS block == CS bb + ALIGNED_SIZEOF_STOREBLOCK)
691 {
692 int siz = bb->length + ALIGNED_SIZEOF_STOREBLOCK;
693 b->next = bb->next;
694 nbytes[pool] -= siz;
695 pool_malloc -= siz;
696 nblocks[pool]--;
697
698 /* Cut out the debugging stuff for utilities, but stop picky compilers
699 from giving warnings. */
700
701 #ifdef COMPILE_UTILITY
702 func = func;
703 linenumber = linenumber;
704 #else
705 DEBUG(D_memory)
706 debug_printf("-Release %6p %-20s %4d %d\n", (void *)bb, func,
707 linenumber, pool_malloc);
708
709 if (f.running_in_test_harness)
710 memset(bb, 0xF0, bb->length+ALIGNED_SIZEOF_STOREBLOCK);
711 #endif /* COMPILE_UTILITY */
712
713 free(bb);
714 return;
715 }
716 }
717 }
718
719
720 /************************************************
721 * Move store *
722 ************************************************/
723
724 /* Allocate a new block big enough to expend to the given size and
725 copy the current data into it. Free the old one if possible.
726
727 This function is specifically provided for use when reading very
728 long strings, e.g. header lines. When the string gets longer than a
729 complete block, it gets copied to a new block. It is helpful to free
730 the old block iff the previous copy of the string is at its start,
731 and therefore the only thing in it. Otherwise, for very long strings,
732 dead store can pile up somewhat disastrously. This function checks that
733 the pointer it is given is the first thing in a block, and that nothing
734 has been allocated since. If so, releases that block.
735
736 Arguments:
737 block
738 newsize
739 len
740
741 Returns: new location of data
742 */
743
744 void *
745 store_newblock_3(void * block, BOOL tainted, int newsize, int len,
746 const char * func, int linenumber)
747 {
748 int pool = tainted ? store_pool + POOL_TAINT_BASE : store_pool;
749 BOOL release_ok = !tainted && store_last_get[pool] == block;
750 uschar * newtext;
751
752 #ifndef MACRO_PREDEF
753 if (is_tainted(block) != tainted)
754 die_tainted(US"store_newblock", CUS func, linenumber);
755 #endif
756
757 newtext = store_get(newsize, tainted);
758 memcpy(newtext, block, len);
759 if (release_ok) store_release_3(block, pool, func, linenumber);
760 return (void *)newtext;
761 }
762
763
764
765
766 /******************************************************************************/
767 static void *
768 store_alloc_tail(void * yield, int size, const char * func, int line,
769 const uschar * type)
770 {
771 if ((nonpool_malloc += size) > max_nonpool_malloc)
772 max_nonpool_malloc = nonpool_malloc;
773
774 /* Cut out the debugging stuff for utilities, but stop picky compilers from
775 giving warnings. */
776
777 #ifdef COMPILE_UTILITY
778 func = func; line = line; type = type;
779 #else
780
781 /* If running in test harness, spend time making sure all the new store
782 is not filled with zeros so as to catch problems. */
783
784 if (f.running_in_test_harness)
785 memset(yield, 0xF0, (size_t)size);
786 DEBUG(D_memory) debug_printf("--%6s %6p %5d bytes\t%-14s %4d\tpool %5d nonpool %5d\n",
787 type, yield, size, func, line, pool_malloc, nonpool_malloc);
788 #endif /* COMPILE_UTILITY */
789
790 return yield;
791 }
792
793 /*************************************************
794 * Mmap store *
795 *************************************************/
796
797 static void *
798 store_mmap(int size, const char * func, int line)
799 {
800 void * yield, * top;
801
802 if (size < 16) size = 16;
803
804 if (!(yield = mmap(NULL, (size_t)size,
805 PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)))
806 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to mmap %d bytes of memory: "
807 "called from line %d of %s", size, line, func);
808
809 if (yield < tainted_base) tainted_base = yield;
810 if ((top = US yield + size) > tainted_top) tainted_top = top;
811
812 return store_alloc_tail(yield, size, func, line, US"Mmap");
813 }
814
815 /*************************************************
816 * Malloc store *
817 *************************************************/
818
819 /* Running out of store is a total disaster for exim. Some malloc functions
820 do not run happily on very small sizes, nor do they document this fact. This
821 function is called via the macro store_malloc().
822
823 Arguments:
824 size amount of store wanted
825 func function from which called
826 linenumber line number in source file
827
828 Returns: pointer to gotten store (panic on failure)
829 */
830
831 static void *
832 internal_store_malloc(int size, const char *func, int linenumber)
833 {
834 void * yield;
835
836 if (size < 16) size = 16;
837
838 if (!(yield = malloc((size_t)size)))
839 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to malloc %d bytes of memory: "
840 "called from line %d in %s", size, linenumber, func);
841
842 return store_alloc_tail(yield, size, func, linenumber, US"Malloc");
843 }
844
845 void *
846 store_malloc_3(int size, const char *func, int linenumber)
847 {
848 if (n_nonpool_blocks++ > max_nonpool_blocks)
849 max_nonpool_blocks = n_nonpool_blocks;
850 return internal_store_malloc(size, func, linenumber);
851 }
852
853
854 /************************************************
855 * Free store *
856 ************************************************/
857
858 /* This function is called by the macro store_free().
859
860 Arguments:
861 block block of store to free
862 func function from which called
863 linenumber line number in source file
864
865 Returns: nothing
866 */
867
868 static void
869 internal_untainted_free(void * block, const char * func, int linenumber)
870 {
871 #ifdef COMPILE_UTILITY
872 func = func;
873 linenumber = linenumber;
874 #else
875 DEBUG(D_memory)
876 debug_printf("----Free %6p %-20s %4d\n", block, func, linenumber);
877 #endif /* COMPILE_UTILITY */
878 free(block);
879 }
880
881 void
882 store_free_3(void * block, const char * func, int linenumber)
883 {
884 n_nonpool_blocks--;
885 internal_untainted_free(block, func, linenumber);
886 }
887
888 /******************************************************************************/
889 static void
890 internal_tainted_free(storeblock * block, const char * func, int linenumber)
891 {
892 #ifdef COMPILE_UTILITY
893 func = func;
894 linenumber = linenumber;
895 #else
896 DEBUG(D_memory)
897 debug_printf("---Unmap %6p %-20s %4d\n", block, func, linenumber);
898 #endif
899 munmap((void *)block, block->length + ALIGNED_SIZEOF_STOREBLOCK);
900 }
901
902 /******************************************************************************/
903 /* Stats output on process exit */
904 void
905 store_exit(void)
906 {
907 #ifndef COMPILE_UTILITY
908 DEBUG(D_memory)
909 {
910 debug_printf("----Exit nonpool max: %3d kB in %d blocks\n",
911 (max_nonpool_malloc+1023)/1024, max_nonpool_blocks);
912 debug_printf("----Exit npools max: %3d kB\n", max_pool_malloc/1024);
913 for (int i = 0; i < NPOOLS; i++)
914 debug_printf("----Exit pool %d max: %3d kB in %d blocks\t%s %s\n",
915 i, maxbytes[i]/1024, maxblocks[i], poolclass[i], pooluse[i]);
916 }
917 #endif
918 }
919
920 /* End of store.c */
Unnamed repository; edit this file 'description' to name the repository.