[Pixman] [PATCH 1/5] Add fence_malloc() and fence_free().

[Siarhei Siamashka]

On Tuesday 14 September 2010 16:18:18 Søren Sandmann wrote:
> From: Søren Sandmann Pedersen <ssp at redhat.com>
> 
> These variants of malloc() and free() try to surround the allocated
> memory with protected pages so that out-of-bounds accessess will cause
> a segmentation fault.
> 
> If mprotect() and getpagesize() are not available, these functions are
> simply equivalent to malloc() and free().

[...]

> +void *
> +fence_malloc (uint32_t len)
> +{
> +    unsigned long page_size = getpagesize();
> +    unsigned long page_mask = page_size - 1;
> +    uint32_t n_payload_bytes = (len + page_mask) & ~page_mask;
> +    uint32_t n_bytes =
> +	(len +
> +	 page_size * (N_LEADING_PROTECTED + N_TRAILING_PROTECTED + 2) +
> +	 n_payload_bytes) & ~page_mask;
> +    uint8_t *initial_page;
> +    uint8_t *leading_protected;
> +    uint8_t *trailing_protected;
> +    uint8_t *payload;
> +    uint8_t *addr;
> +
> +    addr = malloc (n_bytes);
> +
> +    if (!addr)
> +    {
> +	printf ("malloc failed on %u %u\n", len, n_bytes);
> +	return NULL;
> +    }
> +
> +    initial_page = (uint8_t *)(((unsigned long)addr + page_mask) &
> ~page_mask); +    leading_protected = initial_page + page_size;
> +    payload = leading_protected + N_LEADING_PROTECTED * page_size;
> +    trailing_protected = payload + n_payload_bytes;
> +
> +    ((info_t *)initial_page)->addr = addr;
> +    ((info_t *)initial_page)->len = len;
> +    ((info_t *)initial_page)->trailing = trailing_protected;
> +
> +    if (mprotect (leading_protected, N_LEADING_PROTECTED * page_size,
> +		  PROT_NONE) == -1)

There is the following warning in mprotect man page: "SVr4, POSIX.1-2001.  
POSIX says that the behavior of mprotect() is unspecified if it is applied to a 
region of memory that was not obtained via mmap(2)."

Also I wonder if it makes sense to be able to configure whether to align 
allocated memory blocks at the lower or upper page boundary?

-- 
Best regards,
Siarhei Siamashka