mirror of
https://github.com/microsoft/mimalloc.git
synced 2025-05-05 15:09:31 +03:00
make secure a build option only
This commit is contained in:
daan
parent
d72b5350e3
commit
60efb62155
4 changed files with 9 additions and 16 deletions
|
|
@ -260,7 +260,6 @@ typedef enum mi_option_e {
|
||||||
mi_option_show_stats,
|
mi_option_show_stats,
|
||||||
mi_option_verbose,
|
mi_option_verbose,
|
||||||
// the following options are experimental
|
// the following options are experimental
|
||||||
mi_option_secure,
|
|
||||||
mi_option_eager_commit,
|
mi_option_eager_commit,
|
||||||
mi_option_eager_region_commit,
|
mi_option_eager_region_commit,
|
||||||
mi_option_large_os_pages, // implies eager commit
|
mi_option_large_os_pages, // implies eager commit
|
||||||
|
|
|
||||||
|
|
@ -51,12 +51,6 @@ static mi_option_desc_t options[_mi_option_last] =
|
||||||
{ 0, UNINIT, MI_OPTION(show_stats) },
|
{ 0, UNINIT, MI_OPTION(show_stats) },
|
||||||
{ 0, UNINIT, MI_OPTION(verbose) },
|
{ 0, UNINIT, MI_OPTION(verbose) },
|
||||||
|
|
||||||
#if MI_SECURE
|
|
||||||
{ MI_SECURE, INITIALIZED, MI_OPTION(secure) }, // in a secure build the environment setting is ignored
|
|
||||||
#else
|
|
||||||
{ 0, UNINIT, MI_OPTION(secure) },
|
|
||||||
#endif
|
|
||||||
|
|
||||||
// the following options are experimental and not all combinations make sense.
|
// the following options are experimental and not all combinations make sense.
|
||||||
{ 1, UNINIT, MI_OPTION(eager_commit) }, // note: needs to be on when eager_region_commit is enabled
|
{ 1, UNINIT, MI_OPTION(eager_commit) }, // note: needs to be on when eager_region_commit is enabled
|
||||||
#ifdef _WIN32 // and BSD?
|
#ifdef _WIN32 // and BSD?
|
||||||
|
|
|
||||||
|
|
@ -679,7 +679,7 @@ static inline mi_page_t* mi_find_free_page(mi_heap_t* heap, size_t size) {
|
||||||
mi_page_queue_t* pq = mi_page_queue(heap,size);
|
mi_page_queue_t* pq = mi_page_queue(heap,size);
|
||||||
mi_page_t* page = pq->first;
|
mi_page_t* page = pq->first;
|
||||||
if (page != NULL) {
|
if (page != NULL) {
|
||||||
if (mi_option_get(mi_option_secure) >= 3 && page->capacity < page->reserved && ((_mi_heap_random(heap) & 1) == 1)) {
|
if ((MI_SECURE >= 3) && page->capacity < page->reserved && ((_mi_heap_random(heap) & 1) == 1)) {
|
||||||
// in secure mode, we extend half the time to increase randomness
|
// in secure mode, we extend half the time to increase randomness
|
||||||
mi_page_extend_free(heap, page, &heap->tld->stats);
|
mi_page_extend_free(heap, page, &heap->tld->stats);
|
||||||
mi_assert_internal(mi_page_immediate_available(page));
|
mi_assert_internal(mi_page_immediate_available(page));
|
||||||
|
|
|
||||||
|
|
@ -165,8 +165,8 @@ uint8_t* _mi_segment_page_start(const mi_segment_t* segment, const mi_page_t* pa
|
||||||
mi_assert_internal((uintptr_t)p % block_size == 0);
|
mi_assert_internal((uintptr_t)p % block_size == 0);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
long secure = mi_option_get(mi_option_secure);
|
|
||||||
if (secure > 1 || (secure == 1 && page->segment_idx == segment->capacity - 1)) {
|
if (MI_SECURE > 1 || (MI_SECURE == 1 && page->segment_idx == segment->capacity - 1)) {
|
||||||
// secure == 1: the last page has an os guard page at the end
|
// secure == 1: the last page has an os guard page at the end
|
||||||
// secure > 1: every page has an os guard page
|
// secure > 1: every page has an os guard page
|
||||||
psize -= _mi_os_page_size();
|
psize -= _mi_os_page_size();
|
||||||
|
|
@ -190,7 +190,7 @@ static size_t mi_segment_size(size_t capacity, size_t required, size_t* pre_size
|
||||||
size_t guardsize = 0;
|
size_t guardsize = 0;
|
||||||
size_t isize = 0;
|
size_t isize = 0;
|
||||||
|
|
||||||
if (!mi_option_is_enabled(mi_option_secure)) {
|
if (MI_SECURE == 0) {
|
||||||
// normally no guard pages
|
// normally no guard pages
|
||||||
isize = _mi_align_up(minsize, 16 * MI_MAX_ALIGN_SIZE);
|
isize = _mi_align_up(minsize, 16 * MI_MAX_ALIGN_SIZE);
|
||||||
}
|
}
|
||||||
|
|
@ -228,7 +228,7 @@ static void mi_segments_track_size(long segment_size, mi_segments_tld_t* tld) {
|
||||||
static void mi_segment_os_free(mi_segment_t* segment, size_t segment_size, mi_segments_tld_t* tld) {
|
static void mi_segment_os_free(mi_segment_t* segment, size_t segment_size, mi_segments_tld_t* tld) {
|
||||||
segment->thread_id = 0;
|
segment->thread_id = 0;
|
||||||
mi_segments_track_size(-((long)segment_size),tld);
|
mi_segments_track_size(-((long)segment_size),tld);
|
||||||
if (mi_option_is_enabled(mi_option_secure)) {
|
if (MI_SECURE != 0) {
|
||||||
mi_assert_internal(!segment->mem_is_fixed);
|
mi_assert_internal(!segment->mem_is_fixed);
|
||||||
_mi_mem_unprotect(segment, segment->segment_size); // ensure no more guard pages are set
|
_mi_mem_unprotect(segment, segment->segment_size); // ensure no more guard pages are set
|
||||||
}
|
}
|
||||||
|
|
@ -333,7 +333,7 @@ static mi_segment_t* mi_segment_alloc(size_t required, mi_page_kind_t page_kind,
|
||||||
bool is_zero = false;
|
bool is_zero = false;
|
||||||
mi_segment_t* segment = mi_segment_cache_pop(segment_size, tld);
|
mi_segment_t* segment = mi_segment_cache_pop(segment_size, tld);
|
||||||
if (segment != NULL) {
|
if (segment != NULL) {
|
||||||
if (mi_option_is_enabled(mi_option_secure)) {
|
if (MI_SECURE!=0) {
|
||||||
mi_assert_internal(!segment->mem_is_fixed);
|
mi_assert_internal(!segment->mem_is_fixed);
|
||||||
if (segment->page_kind != page_kind) {
|
if (segment->page_kind != page_kind) {
|
||||||
_mi_mem_unprotect(segment, segment->segment_size); // reset protection if the page kind differs
|
_mi_mem_unprotect(segment, segment->segment_size); // reset protection if the page kind differs
|
||||||
|
|
@ -357,7 +357,7 @@ static mi_segment_t* mi_segment_alloc(size_t required, mi_page_kind_t page_kind,
|
||||||
else {
|
else {
|
||||||
// Allocate the segment from the OS
|
// Allocate the segment from the OS
|
||||||
size_t memid;
|
size_t memid;
|
||||||
bool mem_large = (!eager_delay && !mi_option_is_enabled(mi_option_secure)); // only allow large OS pages once we are no longer lazy
|
bool mem_large = (!eager_delay && (MI_SECURE==0)); // only allow large OS pages once we are no longer lazy
|
||||||
segment = (mi_segment_t*)_mi_mem_alloc_aligned(segment_size, MI_SEGMENT_SIZE, &commit, &mem_large, &is_zero, &memid, os_tld);
|
segment = (mi_segment_t*)_mi_mem_alloc_aligned(segment_size, MI_SEGMENT_SIZE, &commit, &mem_large, &is_zero, &memid, os_tld);
|
||||||
if (segment == NULL) return NULL; // failed to allocate
|
if (segment == NULL) return NULL; // failed to allocate
|
||||||
if (!commit) {
|
if (!commit) {
|
||||||
|
|
@ -378,13 +378,13 @@ static mi_segment_t* mi_segment_alloc(size_t required, mi_page_kind_t page_kind,
|
||||||
memset((uint8_t*)segment + ofs, 0, info_size - ofs);
|
memset((uint8_t*)segment + ofs, 0, info_size - ofs);
|
||||||
|
|
||||||
// guard pages
|
// guard pages
|
||||||
if (mi_option_is_enabled(mi_option_secure) && !protection_still_good) {
|
if ((MI_SECURE != 0) && !protection_still_good) {
|
||||||
// in secure mode, we set up a protected page in between the segment info
|
// in secure mode, we set up a protected page in between the segment info
|
||||||
// and the page data
|
// and the page data
|
||||||
mi_assert_internal( info_size == pre_size - _mi_os_page_size() && info_size % _mi_os_page_size() == 0);
|
mi_assert_internal( info_size == pre_size - _mi_os_page_size() && info_size % _mi_os_page_size() == 0);
|
||||||
_mi_mem_protect( (uint8_t*)segment + info_size, (pre_size - info_size) );
|
_mi_mem_protect( (uint8_t*)segment + info_size, (pre_size - info_size) );
|
||||||
size_t os_page_size = _mi_os_page_size();
|
size_t os_page_size = _mi_os_page_size();
|
||||||
if (mi_option_get(mi_option_secure) <= 1) {
|
if (MI_SECURE <= 1) {
|
||||||
// and protect the last page too
|
// and protect the last page too
|
||||||
_mi_mem_protect( (uint8_t*)segment + segment_size - os_page_size, os_page_size );
|
_mi_mem_protect( (uint8_t*)segment + segment_size - os_page_size, os_page_size );
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue