u-boot.git/include/malloc.h, branch v2023.01-rc1 Unnamed repository; edit this file 'description' to name the repository. test: Support testing malloc() failures 2022-09-29T20:07:58+00:00 Simon Glass sjg@chromium.org 2022-09-07T02:27:00+00:00 62d638386c17d17b929ad10956c7f60825335a4e It is helpful to test that out-of-memory checks work correctly in code that calls malloc(). Add a simple way to force failure after a given number of malloc() calls. Fix a header guard to avoid a build error on sandbox_vpl. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Sean Anderson <seanga2@gmail.com> 
It is helpful to test that out-of-memory checks work correctly in code
that calls malloc().

Add a simple way to force failure after a given number of malloc() calls.

Fix a header guard to avoid a build error on sandbox_vpl.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
malloc: Annotate allocator for valgrind 2022-04-11T14:00:30+00:00 Sean Anderson seanga2@gmail.com 2022-03-23T18:04:49+00:00 bdaeea1b6863b0ec80f2d4bc15d50b8d16efa708 This annotates malloc and friends so that valgrind can track the heap. To do this, we need to follow a few rules: * Call VALGRIND_MALLOCLIKE_BLOCK whenever we malloc something * Call VALGRIND_FREELIKE_BLOCK whenever we free something (generally after we have done our bookkeeping) * Call VALGRIND_RESIZEINPLACE_BLOCK whenever we change the size of an allocation. We don't record the original request size of a block, and neither does valgrind. For this reason, we pretend that the old size of the allocation was for 0 bytes. This marks the whole allocaton as undefined, so in order to mark all bits correctly, we must make the whole new allocation defined with VALGRIND_MAKE_MEM_DEFINED. This may cause us to miss some invalid reads, but there is no way to detect these without recording the original size of the allocation. In addition to the above, dlmalloc itself tends to make a lot of accesses which we know are safe, but which would be unsafe outside of dlmalloc. For this reason, we provide a suppression file which ignores errors ocurring in dlmalloc.c Signed-off-by: Sean Anderson <seanga2@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
This annotates malloc and friends so that valgrind can track the heap. To
do this, we need to follow a few rules:

* Call VALGRIND_MALLOCLIKE_BLOCK whenever we malloc something
* Call VALGRIND_FREELIKE_BLOCK whenever we free something (generally after
  we have done our bookkeeping)
* Call VALGRIND_RESIZEINPLACE_BLOCK whenever we change the size of an
  allocation. We don't record the original request size of a block, and
  neither does valgrind. For this reason, we pretend that the old size of
  the allocation was for 0 bytes. This marks the whole allocaton as
  undefined, so in order to mark all bits correctly, we must make the whole
  new allocation defined with VALGRIND_MAKE_MEM_DEFINED. This may cause us
  to miss some invalid reads, but there is no way to detect these without
  recording the original size of the allocation.

In addition to the above, dlmalloc itself tends to make a lot of accesses
which we know are safe, but which would be unsafe outside of dlmalloc. For
this reason, we provide a suppression file which ignores errors ocurring in
dlmalloc.c

Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
malloc: add SPDX license identifiers 2021-06-23T12:45:03+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-05-29T11:18:00+00:00 5ad9220bf7b54d958627dd8a0475a44c5a238f0a The original code is in the public domain. Licenses/README states that the general license for U-Boot is GPL 2.0+. So we can mark the malloc code as GPL 2.0+ too. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
The original code is in the public domain. Licenses/README states that the
general license for U-Boot is GPL 2.0+. So we can mark the malloc code as
GPL 2.0+ too.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
malloc: Export malloc_simple_info() 2021-03-27T02:04:31+00:00 Simon Glass sjg@chromium.org 2021-03-15T05:11:19+00:00 c197f6e27923b4cff9d782cd9be7a058d5d65aa2 Export this function always so it can be used behind IS_ENABLED() instead of requiring an #ifdef. Signed-off-by: Simon Glass <sjg@chromium.org> 
Export this function always so it can be used behind IS_ENABLED() instead
of requiring an #ifdef.

Signed-off-by: Simon Glass <sjg@chromium.org>
malloc: adjust memcpy() and memset() definitions. 2021-02-24T21:51:48+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-02-10T17:59:21+00:00 c6bf4f38988996f12c69a1cb5470bf9bea7c88ce Compiling the sandbox fails on armv7 due to conflicting definitions of memcpy() and memset() in include/malloc.h and include/linux/string.h. Use linux/string.h here. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> 
Compiling the sandbox fails on armv7 due to conflicting definitions of
memcpy() and memset() in include/malloc.h and include/linux/string.h.

Use linux/string.h here.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
sandbox: Use a prefix for all allocation functions 2020-02-06T02:33:46+00:00 Simon Glass sjg@chromium.org 2020-02-03T14:35:58+00:00 cfda60f99ae237494e9341aad9676152d3bac3c9 In order to allow use of both U-Boot's malloc() and the C library's version, set a prefix for the allocation functions so that they can co-exist. This is only done for sandbox. For other archs everything remains the same. Signed-off-by: Simon Glass <sjg@chromium.org> 
In order to allow use of both U-Boot's malloc() and the C library's
version, set a prefix for the allocation functions so that they can
co-exist.

This is only done for sandbox. For other archs everything remains the
same.

Signed-off-by: Simon Glass <sjg@chromium.org>
malloc: Fix memalign not honoring alignment prior to full malloc init 2019-04-23T21:57:27+00:00 Andreas Dannenberg dannenberg@ti.com 2019-03-27T18:17:26+00:00 4c6be01c2719e78cd7ff257dd65a666623566863 When using memalign() in a scenario where U-Boot is configured for full malloc support with simple malloc not explicitly enabled and before the full malloc support is initialized, a memory block is being allocated and returned without the alignment parameter getting honored. Fix this issue by replacing the existing memalign pre-full malloc init logic with a call to memalign_simple() this way ensuring proper alignment of the returned memory block. Fixes: ee038c58d519 ("malloc: Use malloc simple before malloc is fully initialized in memalign()") Signed-off-by: Andreas Dannenberg <dannenberg@ti.com> Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com> 
When using memalign() in a scenario where U-Boot is configured for full
malloc support with simple malloc not explicitly enabled and before the
full malloc support is initialized, a memory block is being allocated
and returned without the alignment parameter getting honored.

Fix this issue by replacing the existing memalign pre-full malloc init
logic with a call to memalign_simple() this way ensuring proper alignment
of the returned memory block.

Fixes: ee038c58d519 ("malloc: Use malloc simple before malloc is fully initialized in memalign()")
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
malloc_simple: Add logging of allocations 2018-11-29T16:30:05+00:00 Simon Glass sjg@chromium.org 2018-11-18T15:14:26+00:00 7cbd2d2e327d2971d186c41cbfdc33b7e6ae6afc It is sometimes useful to see what memory is being allocated early during boot. Add logging to support this, using a new LOGC_ALLOC category. Signed-off-by: Simon Glass <sjg@chromium.org> 
It is sometimes useful to see what memory is being allocated early during
boot. Add logging to support this, using a new LOGC_ALLOC category.

Signed-off-by: Simon Glass <sjg@chromium.org>
malloc: use hidden visibility 2016-03-08T20:01:47+00:00 Stephen Warren swarren@wwwdotorg.org 2016-03-05T17:30:52+00:00 2f0bcd4de1ab0cb03f01428a334cd91f8870504c When running sandbox, the following phases occur, each with different malloc implementations or behaviors: 1) Dynamic linker execution, using the dynamic linker's own malloc() implementation. This is fully functional. 2) After U-Boot's malloc symbol has been hooked into the GOT, but before any U-Boot code has run. This phase is entirely non-functional, since U-Boot's gd symbol is NULL and U-Boot's initf_malloc() and mem_malloc_init() have not been called. At least on Ubuntu Xenial, the dynamic linker does make both malloc() and free() calls during this phase. Currently these free() calls crash since they dereference gd, which is NULL. U-Boot itself makes no use of malloc() during this phase. 3) U-Boot execution after gd is set and initf_malloc() has been called. This is fully functional, albeit via a very simple malloc() implementation. 4) U-Boot execution after mem_malloc_init() has been called. This is fully functional with a complete malloc() implementation. Furthermore, if code that called malloc() during phase 1 calls free() in phase 3 or later, it is likely that heap corruption will occur, since U-Boot's malloc implementation will assume the pointer is part of its own heap, although it isn't. I have not actively observed this happening. To prevent phase 2 from happening, this patch makes all of U-Boot's malloc library public symbols have hidden visibility. This prevents them from being hooked into the GOT, so only code in the U-Boot binary itself actually calls them; any other code will call into the standard C library malloc(). This also avoids the "furthermore" issue mentioned above. I have seen references to this GCC pragma in blog posts from 2008, and RHEL5's ancient gcc appears to accept it fine, so I believe it's quite safe to use it without checking gcc version. Cc: Rabin Vincent <rabin@rab.in> Signed-off-by: Stephen Warren <swarren@wwwdotorg.org> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
When running sandbox, the following phases occur, each with different
malloc implementations or behaviors:

1) Dynamic linker execution, using the dynamic linker's own malloc()
implementation. This is fully functional.

2) After U-Boot's malloc symbol has been hooked into the GOT, but before
any U-Boot code has run. This phase is entirely non-functional, since
U-Boot's gd symbol is NULL and U-Boot's initf_malloc() and
mem_malloc_init() have not been called.

At least on Ubuntu Xenial, the dynamic linker does make both malloc() and
free() calls during this phase. Currently these free() calls crash since
they dereference gd, which is NULL.

U-Boot itself makes no use of malloc() during this phase.

3) U-Boot execution after gd is set and initf_malloc() has been called.
This is fully functional, albeit via a very simple malloc()
implementation.

4) U-Boot execution after mem_malloc_init() has been called. This is fully
functional with a complete malloc() implementation.

Furthermore, if code that called malloc() during phase 1 calls free() in
phase 3 or later, it is likely that heap corruption will occur, since
U-Boot's malloc implementation will assume the pointer is part of its own
heap, although it isn't. I have not actively observed this happening.

To prevent phase 2 from happening, this patch makes all of U-Boot's malloc
library public symbols have hidden visibility. This prevents them from
being hooked into the GOT, so only code in the U-Boot binary itself
actually calls them; any other code will call into the standard C library
malloc(). This also avoids the "furthermore" issue mentioned above.

I have seen references to this GCC pragma in blog posts from 2008, and
RHEL5's ancient gcc appears to accept it fine, so I believe it's quite
safe to use it without checking gcc version.

Cc: Rabin Vincent <rabin@rab.in>
Signed-off-by: Stephen Warren <swarren@wwwdotorg.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
malloc_simple: Add Kconfig option for using only malloc_simple in the SPL 2015-10-20T16:40:27+00:00 Hans de Goede hdegoede@redhat.com 2015-09-13T12:45:15+00:00 1eb0c03c2198a7ec9de456b83dacdc4831b96cbf common/dlmalloc.c is quite big, both in .text and .data usage, therefor on some boards the SPL is build to use only malloc_simple.c and not the dlmalloc.c code. This is done in various include/configs/foo.h with the following construct: #ifdef CONFIG_SPL_BUILD #define CONFIG_SYS_MALLOC_SIMPLE #endif This commit introduces a SPL_MALLOC_SIMPLE Kconfig bool which allows selecting this functionality through Kconfig instead. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Acked-by: Simon Glass <sjg@chromium.org> 
common/dlmalloc.c is quite big, both in .text and .data usage, therefor
on some boards the SPL is build to use only malloc_simple.c and not the
dlmalloc.c code. This is done in various include/configs/foo.h with the
following construct:

 #ifdef CONFIG_SPL_BUILD
 #define CONFIG_SYS_MALLOC_SIMPLE
 #endif

This commit introduces a SPL_MALLOC_SIMPLE Kconfig bool which allows
selecting this functionality through Kconfig instead.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Simon Glass <sjg@chromium.org>