When the size of the new realloc is larger than the old one and can be expanded forward and backward, the tag of oldmem needs to be set to the same as newmem, otherwise memcpy will report a kasan error.
Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>
After it is not zero, the preceding member of the next node will no longer belong to the valid area of the previous alloc node.
Due to the existence of precedence, the memory block size of the node can only be aligned with sizeof(mmsize_t).
This configuration will be applied in the following scenarios when set 8:
ARM64 MTE hardware tag KASan, which requires the tag's memory address to be 16-byte aligned and the memory size must also be 16-byte aligned
Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>
Renaming "modlib" to "libelf" is more in line with the implementation content,
which makes it easier for individual developers to understand the capabilities of this module.
CONFIG_LIBC_MODLIB -> CONFIG_LIBC_ELF
Signed-off-by: chao an <anchao.archer@bytedance.com>
Fix a memory corruption & deadlocks while calling gran_free.
The function expects a GRAN_HANDLE as a paramter, not a pointer to it.
Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae>
It will be used to distinguish between hardware KASan and software KASan. Hardware KASan does not need to use plug-in
Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>
If thread 1 is executing kasan_unpoison but a scheduling occurs and the block is trampled upon, the displayed backtracking may still be from the previously allocated backtracking
Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>
This allows mapping pages from others than the running task. Obiously
this can only be done with proper preparations (the task in question
cannot exit before the mapping is released).
Of course, there is an error here, that is, the conditional judgment of
ifeq ($(CONFIG_LTO_NONE),n)
CFLAGS += -fno-lto
endif
is wrong, it should be judged as "ifneq ($(CONFIG_LTO_NONE),)"
Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>
The search algorithm does not work with the ctz approach at all, if there
is a free range of granules that does not fit a specific allocation (i.e.
the granule allocation is fragmented) it will cause an infinite loop as
the algorithm will try to find free space from the same (free) starting
granule, causing an infinite loop.
The clz approach works for all cases, it will find the last used granule
and the search will continue from the next free granule.
Also, offsetting a full GAT must be sizeof(gat[0] - 1), which is 31 in
this case. The reason is that the upper level search function increments
the value by +1.
reason:
1: spin_lock_init and spin_initialize have similar functionalities.
2: spin_lock and spin_unlock should be called in matching pairs.
Signed-off-by: hujun5 <hujun5@xiaomi.com>
The original code did the speedup only from the other direction (from end
to start). If the starting GAT index has reservations, they are not skipped
as a bunch, but instead the GAT is iterated bit-by-bit, causing a massive
performance issue.
Fix this by:
- Skipping full GATs right away
- Skipping all of the reserved bits from the starting GAT as a bunch
reason:
Since we decoupled counting and sem count,
we changed the meanings of three key global variables:
g_iob_count: A positive number indicates the available number
of IOBs, while a negative number indicates the number of waiters in iob_alloc (when throttle == false).
g_throttle_wait: Represents the number of waiters in
iob_alloc (when throttle == true), and it will not be negative.
g_qentry_wait: Represents the number of waiters for
qentry, and it will not be negative.
Signed-off-by: hujun5 <hujun5@xiaomi.com>
reason:
We decouple semcount from business logic
by using an independent counting variable,
which allows us to remove critical sections in many cases.
Signed-off-by: hujun5 <hujun5@xiaomi.com>
1. Calling CLEAN on these folders did not have any effect
2. bin,kbin will be created during the context construction process
Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>
This patch fixed userspace headers conflict. Architecture-related definition and API should not be exposed to users.
Signed-off-by: ouyangxiangzhen <ouyangxiangzhen@xiaomi.com>
`g_iob_sem.semcount` is both manually changed in iob source code and api
nxsem_xxx.
nxsem related API uses critical_section to ensure sem value is modified
correctly. If iob using spin lock and modify sem value in the same time,
it's not safe.
This PR revert the spin lock change and uses critical section to align
with what nxsem uses.
1. When dynamically loading, the read-only data of arm64 architecture is accessed through PC offset. When opening the tag kasan, because the PC value does not have a tag, accessing the read-only data will be detected with a tag mismatch error.
2. uninitial heap use 0xff poison, initial heap use 1-254 unpoison.
Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>
