/* * libslack - https://libslack.org * * Copyright (C) 1999-2004, 2010, 2020-2023 raf * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . * * 20230824 raf */ /* =head1 NAME I - memory module =head1 SYNOPSIS #include #include typedef struct Pool Pool; #define null NULL #define nul '\0' #define mem_new(type) #define mem_create(size, type) #define mem_resize(mem, size) void *mem_resize_fn(void **mem, size_t size); #define mem_release(mem) void *mem_destroy(void **mem); void *mem_create_secure(size_t size); void mem_release_secure(void *mem); void *mem_destroy_secure(void **mem); char *mem_strdup(const char *str); #define mem_create2d(type, x, y) #define mem_create3d(type, x, y, z) #define mem_create4d(type, x, y, z, a) void *mem_create_space(size_t size, ...); size_t mem_space_start(size_t size, ...); #define mem_release2d(space) #define mem_release3d(space) #define mem_release4d(space) #define mem_release_space(space) #define mem_destroy2d(space) #define mem_destroy3d(space) #define mem_destroy4d(space) #define mem_destroy_space(space) Pool *pool_create(size_t size); Pool *pool_create_with_locker(Locker *locker, size_t size); void pool_release(Pool *pool); void *pool_destroy(Pool **pool); Pool *pool_create_secure(size_t size); Pool *pool_create_secure_with_locker(Locker *locker, size_t size); void pool_release_secure(Pool *pool); void *pool_destroy_secure(Pool **pool); void pool_clear_secure(Pool *pool); #define pool_new(pool, type) #define pool_newsz(pool, size, type) void *pool_alloc(Pool *pool, size_t size); void pool_clear(Pool *pool); =head1 DESCRIPTION This module is mostly just an interface to I, I and I that tries to ensure that pointers that don't point to anything get set to C. It also provides dynamically allocated multi-dimensional arrays, memory pools and secure memory for the more adventurous. =over 4 =cut */ #include "config.h" #include "std.h" #ifdef HAVE_MLOCK #include #endif #include "err.h" #include "mem.h" struct Pool { size_t size; /* number of bytes in the pool */ size_t used; /* number of bytes allocated from the pool */ char *pool; /* address of the pool */ Locker *locker; /* locking strategy for the pool */ }; #ifndef TEST /* =item C< #define null NULL> Easier to type. Easier to read. Feel free to keep using C if you prefer. =item C< #define nul '\0'> A name for the C character. =item C< #define mem_new(type)> Allocates enough memory (with I) to store an object of type C. It is the caller's responsibility to deallocate the allocated memory with I, I, or I. It is strongly recommended to use I, because it also sets the pointer variable to C. On success, returns the address of the allocated memory. On error, returns C. =item C< #define mem_create(size, type)> Allocates enough memory (with I) to store C objects of type C. It is the caller's responsibility to deallocate the allocated memory with I, I, or I. It is strongly recommended to use I, because it also sets the pointer variable to C. On success, returns the address of the allocated memory. On error, returns C. =item C< #define mem_resize(mem, num)> Alters the amount of memory pointed to by C<*mem>. If C<*mem> is C, new memory is allocated and assigned to C<*mem>. If size is zero, C<*mem> is deallocated and C is assigned to C<*mem>. Otherwise, C<*mem> is reallocated and assigned back to C<*mem>. On success, returns C<*mem> (which will be C if C is zero). On error, returns C with C set appropriately, and C<*mem> is not altered. =item C An interface to I that also assigns to a pointer variable unless an error occurred. C points to the pointer to be affected. C is the requested size in bytes. If C is zero, C<*mem> is deallocated and set to C. This function is exposed as an implementation side effect. Don't call it directly. Call I instead. On error, returns C with C set appropriately. =cut */ #ifdef HAVE_ISOC_REALLOC #define isoc_realloc realloc #else static void *isoc_realloc(void *ptr, size_t size) { void *p; if (size) { if (!(p = (ptr) ? realloc(ptr, size) : malloc(size))) errno = ENOMEM; /* Not required by ISO C but handy */ } else { free(ptr); p = NULL; } return p; } #endif void *mem_resize_fn(void **mem, size_t size) { void *ptr; if (!mem) return set_errnull(EINVAL); ptr = isoc_realloc(*mem, size); if (size && !ptr) return NULL; return *mem = ptr; } /* =item C< #define mem_release(mem)> Releases (deallocates) C. Same as I. Only to be used in destructor functions. In other cases, use I which also sets C to C. =item C Calls I on the pointer, C<*mem>. Then assigns C to this pointer. Returns C. =cut */ void *(mem_destroy)(void **mem) { if (mem && *mem) { free(*mem); *mem = NULL; } return NULL; } /* =item C Allocates C bytes of memory (with I), and then locks it into RAM with I so that it can't be paged to disk, where some nefarious local user with root access might read its contents. Note that additional operating system dependent measures might be required to prevent the I user from accessing the RAM of arbitrary processes (e.g. On I: C). It is the caller's responsibility to deallocate the secure memory with I or I which will clear the memory and unlock it before deallocating it. It is strongly recommended to use I, because it also sets the pointer variable to C. On success, returns the address of the secure allocated memory. On error, returns C with C set appropriately. Note that entire memory pages are locked by I, so don't create many, small pieces of secure memory or many entire pages will be locked. Use a secure memory pool instead. Also note that on old systems, secure memory requires root privileges. On some systems (e.g. I), memory locks must start on page boundaries. So we need to I enough memory to extend from whatever address I may return to the next page boundary (worst case: C) and then the actual number of bytes requested. We need an additional C bytes (e.g. C<8> or C<16>) to store the address returned by I (so we can I it later), and the size passed to I so we can pass it to I later. Unfortunately, we need to store the address and the size after the page boundary and not before it, because I might return a page boundary or an address less than C bytes to the left of a page boundary. It will look like: for free() +-------+ +- size+n for munlock() v | v +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |* * * *|# # # #| | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ^ ^ ^ . . . size bytes . . . . . . | +- next page | +- malloc() +- address returned If your system doesn't require page boundaries (e.g. I), the address returned by I is locked, and only the size is stored. =cut */ void *mem_create_secure(size_t size) { #ifdef HAVE_MLOCK char *addr, *lock; #ifdef MLOCK_REQUIRES_PAGE_BOUNDARY long pagesize; if ((pagesize = sysconf(_SC_PAGESIZE)) == -1) return set_errnull(EINVAL); size += sizeof(void *) + sizeof(size_t); addr = malloc(pagesize - sizeof(int) + size); #else size += sizeof(size_t); addr = malloc(size); #endif if (!addr) return NULL; #ifdef MLOCK_REQUIRES_PAGE_BOUNDARY if ((long)addr & (pagesize - 1)) /* addr not on page boundary */ lock = (void *)(((long)addr & ~(pagesize - 1)) + pagesize); else lock = addr; #else lock = addr; #endif if (mlock(lock, size) == -1) { free(addr); return NULL; } #ifdef MLOCK_REQUIRES_PAGE_BOUNDARY *(void **)lock = addr; lock += sizeof(void *); #endif *(size_t *)lock = size; lock += sizeof(size_t); return lock; #else errno = ENOSYS; return NULL; #endif } /* =item C Sets the memory pointed to by C to C<0xff> bytes, then to C<0xaa> bytes, then to C<0x55> bytes, then to C bytes, then unlocks and releases (deallocates) C. Only to be used on memory returned by I. Only to be used in destructor functions. In other cases, use I which also sets C to C. =cut */ void mem_release_secure(void *mem) { #ifdef HAVE_MLOCK char *addr, *lock; size_t size; if (!mem) return; lock = mem; lock -= sizeof(size_t); size = *(size_t *)lock; #ifdef MLOCK_REQUIRES_PAGE_BOUNDARY lock -= sizeof(void *); addr = *(void **)lock; #else addr = lock; #endif memset(lock, 0xff, size); memset(lock, 0xaa, size); memset(lock, 0x55, size); memset(lock, 0x00, size); munlock(lock, size); free(addr); #endif } /* =item C Sets the memory pointed to by C<*mem> to C<0xff> bytes, then to C<0xaa> bytes, then to C<0x55> bytes, then to C bytes, then unlocks and destroys (deallocates and sets to C) C<*mem>. Only to be used on memory returned by I. Returns C. =cut */ void *(mem_destroy_secure)(void **mem) { if (mem && *mem) { mem_release_secure(*mem); *mem = NULL; } return NULL; } /* =item C Returns a dynamically allocated copy of C. It is the caller's responsibility to deallocate the new string with I, I, or I. It is strongly recommended to use I, because it also sets the pointer variable to C. This function exists because I is not part of the I standard. On error, returns C with C set appropriately. =cut */ char *mem_strdup(const char *str) { size_t size; char *copy; if (!str) return set_errnull(EINVAL); if (!(copy = mem_create(size = strlen(str) + 1, char))) return NULL; return memcpy(copy, str, size); } /* =item C< #define mem_create2d(i, j, type)> Alias for allocating a 2-dimensional array. See I. =item C< #define mem_create3d(i, j, k, type)> Alias for allocating a 3-dimensional array. See I. =item C< #define mem_create4d(i, j, k, l, type)> Alias for allocating a 4-dimensional array. See I. =item C Allocates a multi-dimensional array of elements of size C and sets the memory to C bytes. The remaining arguments specify the sizes of each dimension. The last argument must be zero. There is an arbitrary limit of 32 dimensions. The memory returned is set to C bytes. The memory returned needs to be cast or assigned into the appropriate pointer type. You can then set and access elements exactly like a real multi-dimensional C array. Finally, it must be deallocated with I or I or I or I or I. It is strongly recommended to use I or I, because they also set the pointer variable to C. Note: You must not use I on all of the returned memory because the start of this memory contains pointers into the remainder. The exact amount of this overhead depends on the number and size of dimensions. The memory is allocated with I to reduce the need to I the elements, but if you need to know where the elements begin, use I. The memory returned looks like (e.g.): char ***a = mem_create3d(2, 2, 3, char); +-------------------------+ +-------|-------------------+ | a +-------|-------|-------------+ | | | +-------|-------|-------|-------+ | | | v | | | | V V V V +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | a[0] | a[1] |a[0][0]|a[0][1]|a[1][0]|a[1][1]| | | | | | | | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ^ ^ a a a a a a a a a a a a +-------|-------+ | 0 0 0 0 0 0 1 1 1 1 1 1 +-----------------------+ 0 0 0 1 1 1 0 0 0 1 1 1 0 1 2 0 1 2 0 1 2 0 1 2 =cut */ #ifndef MEM_MAX_DIM #define MEM_MAX_DIM 32 #endif void *mem_create_space(size_t size, ...) { size_t dim[MEM_MAX_DIM], d, i, j; size_t lengths[MEM_MAX_DIM]; size_t starts[MEM_MAX_DIM]; size_t sizes[MEM_MAX_DIM]; char *space; size_t arg, length; va_list args; va_start(args, size); for (d = 0; d < MEM_MAX_DIM && (arg = va_arg(args, size_t)); ++d) dim[d] = arg; va_end(args); for (length = i = 0; i < d; ++i) { starts[i] = length; lengths[i] = sizes[i] = (i == d - 1) ? size : sizeof(void *); for (j = 0; j <= i; ++j) lengths[i] *= dim[j]; length += lengths[i]; } if (!(space = calloc(length, 1))) return NULL; for (i = 0; i < d - 1; ++i) { size_t num = dim[i]; for (j = 0; j < i; ++j) num *= dim[j]; for (j = 0; j < num; ++j) *(char **)(space + starts[i] + j * sizes[i]) = space + starts[i + 1] + j * dim[i + 1] * sizes[i + 1]; } return space; } /* =item C Calculates the amount of overhead required for a dynamically allocated multi-dimensional array created by a call to I with the same arguments. If you need to reset all elements in such an array to C bytes: int ****space = mem_create_space(sizeof(int), 2, 3, 4, 5, 0); size_t start = mem_space_start(sizeof(int), 2, 3, 4, 5, 0); memset((char *)space + start, '\0', sizeof(int) * 2 * 3 * 4 * 5); =cut */ size_t mem_space_start(size_t size, ...) { size_t dim[MEM_MAX_DIM], d, i, j; size_t lengths[MEM_MAX_DIM]; size_t arg, length; va_list args; va_start(args, size); for (d = 0; d < MEM_MAX_DIM && (arg = va_arg(args, size_t)); ++d) dim[d] = arg; va_end(args); for (length = i = 0; i < d; ++i) { lengths[i] = (i == d - 1) ? size : sizeof(void *); for (j = 0; j <= i; ++j) lengths[i] *= dim[j]; length += lengths[i]; } return length - lengths[d - 1]; } /* =item C< #define mem_release2d(space)> Alias for releasing (deallocating) a dynamically allocated 2-dimensional array. See I. =item C< #define mem_release3d(space)> Alias for releasing (deallocating) a dynamically allocated 3-dimensional array. See I. =item C< #define mem_release4d(space)> Alias for releasing (deallocating) a dynamically allocated 4-dimensional array. See I. =item C< #define mem_release_space(space)> Releases (deallocates) a multi-dimensional array, C, allocated with I. Same as I. Only to be used in destructor functions. In other cases, use I or I which also set C to C. =item C< #define mem_destroy2d(space)> Alias for destroying (deallocating and setting to C) a 2-dimensional array. See I. =item C< #define mem_destroy3d(space)> Alias for destroying (deallocating and setting to C) a 3-dimensional array. See I. =item C< #define mem_destroy4d(space)> Alias for destroying (deallocating and setting to C) a 4-dimensional array. See I. =item C< #define mem_destroy_space(mem)> Destroys (deallocates and sets to C) the multi-dimensional array pointed to by C. =cut */ /* =item C Creates a memory pool of size C from which smaller chunks of memory may be subsequently allocated (with I) without resorting to the use of I. Useful when you have many small objects to allocate, but I is slowing your program down too much. It is the caller's responsibility to deallocate the new pool with I or I. It is strongly recommended to use I, because it also sets the pointer variable to C. On success, returns the pool. On error, returns C. The size of a pool can't be changed after it is created, and the individual chunks of memory allocated from within a pool can't be separately deallocated. The entire pool can be emptied with I. =cut */ Pool *pool_create(size_t size) { return pool_create_with_locker(NULL, size); } /* =item C Equivalent to I except that multiple threads accessing the new pool will be synchronised by C. =cut */ Pool *pool_create_with_locker(Locker *locker, size_t size) { Pool *pool = mem_create(1, Pool); if (!pool) return NULL; if (!(pool->pool = malloc(size))) { mem_release(pool); return NULL; } pool->size = size; pool->used = 0; pool->locker = locker; return pool; } /* C Claims a write lock on C. On success, returns C<0>. On error, returns an error code. C Unlocks a write lock on C. On success, returns C<0>. On error, returns an error code. */ #define pool_lock(pool) locker_wrlock((pool)->locker) #define pool_unlock(pool) locker_unlock((pool)->locker) /* =item C Releases (deallocates) C. Only to be used in destructor functions. In other cases, use I which also sets C to C. =cut */ void pool_release(Pool *pool) { Locker *locker; int err; if (!pool) return; if ((err = pool_lock(pool))) { set_errno(err); return; } locker = pool->locker; mem_release(pool->pool); mem_release(pool); if ((err = locker_unlock(locker))) set_errno(err); } /* =item C Destroys (deallocates and sets to C) C<*pool>. Returns C. B pools shared by multiple threads must not be destroyed until after all threads have finished with it. =cut */ void *pool_destroy(Pool **pool) { if (pool && *pool) { pool_release(*pool); *pool = NULL; } return NULL; } /* =item C Creates a memory pool of size C just like I except that the memory pool is locked into RAM with I so that it can't be paged to disk where some nefarious local user with root access might read its contents. Note that additional operating system dependent measures might be required to prevent the I user from accessing the RAM of arbitrary processes (e.g. On I: C). It is the caller's responsibility to deallocate the new pool with I or I which will clear the memory pool and unlock it before deallocating it. In all other ways, the pool returned is exactly like a pool returned by I. On success, returns the pool. On error, returns C with C set appropriately. Note that on old systems, secure memory requires root privileges. =cut */ Pool *pool_create_secure(size_t size) { return pool_create_secure_with_locker(NULL, size); } /* =item C Equivalent to I except that multiple threads accessing the new pool will be synchronised by C. =cut */ Pool *pool_create_secure_with_locker(Locker *locker, size_t size) { #ifdef HAVE_MLOCK Pool *pool = mem_create(1, Pool); if (!pool) return NULL; if (!(pool->pool = mem_create_secure(size))) { mem_release(pool); return NULL; } pool->size = size; pool->used = 0; pool->locker = locker; return pool; #else errno = ENOSYS; return NULL; #endif } /* =item C Sets the contents of the memory pool to C<0xff> bytes, then to C<0xaa> bytes, then to C<0x55> bytes, then to C bytes, then unlocks and releases (deallocates) C. Only to be used on pools returned by I. Only to be used in destructor functions. In other cases, use I which also sets C to C. =cut */ void pool_release_secure(Pool *pool) { #ifdef HAVE_MLOCK Locker *locker; int err; if (!pool) return; if ((err = pool_lock(pool))) { set_errno(err); return; } locker = pool->locker; mem_release_secure(pool->pool); mem_release(pool); if ((err = locker_unlock(locker))) set_errno(err); #endif } /* =item C Sets the contents of the memory pool to C<0xff> bytes, then to C<0xaa> bytes, then to C<0x55> bytes, then to C bytes, then unlocks and destroys (deallocates and sets to C) C<*pool>. Returns C. B secure pools shared by multiple threads must not be destroyed until after all threads have finished with it. =cut */ void *pool_destroy_secure(Pool **pool) { if (pool && *pool) { pool_release_secure(*pool); *pool = NULL; } return NULL; } /* =item C Fills the secure C with C<0xff> bytes, then C<0xaa> bytes, then C<0x55> bytes, then C bytes, and deallocates all of the chunks of secure memory previously allocated from C so that it can be reused. Does not use I. =cut */ static void pool_clear_unlocked(Pool *pool); void pool_clear_secure(Pool *pool) { int err; if (!pool) return; if ((err = pool_lock(pool))) { set_errno(err); return; } pool_clear_unlocked(pool); memset(pool->pool, 0xff, pool->size); memset(pool->pool, 0xaa, pool->size); memset(pool->pool, 0x55, pool->size); memset(pool->pool, 0x00, pool->size); if ((err = pool_unlock(pool))) set_errno(err); } /* =item C< #define pool_new(pool, type)> Allocates enough memory from C to store an object of type C. On success, returns the address of the allocated memory. On error, returns C with C set appropriately. =item C< #define pool_newsz(pool, size, type)> Allocates enough memory from C to store C objects of type C. On success, returns the address of the allocated memory. On error, returns C with C set appropriately. =item C Allocates a chunk of memory of C bytes from C. Does not use I. The pointer returned must not be passed to I or I. Only the entire pool can be deallocated with I or I. All of the chunks can be deallocated in one go with I without deallocating the pool itself. On success, returns the pointer to the allocated pool memory. On error, returns C with C set appropriately (i.e. C if C is C, C if C does not have enough unused memory to allocate C bytes). It is the caller's responsibility to ensure the correct alignment if necessary by allocating the right numbers of bytes. The easiest way to do ensure is to use separate pools for each specific data type that requires specific alignment. =cut */ void *pool_alloc(Pool *pool, size_t size) { void *addr; int err; if (!pool) return set_errnull(EINVAL); if ((err = pool_lock(pool))) return set_errnull(err); if (pool->used + size > pool->size) { pool_unlock(pool); return set_errnull(ENOSPC); } addr = pool->pool + pool->used; pool->used += size; if ((err = pool_unlock(pool))) return set_errnull(err); return addr; } /* =item C Deallocates all of the chunks of memory previously allocated from C so that it can be reused. Does not use I. =cut */ static void pool_clear_with_locker(Pool *pool, int lock_pool) { int err; if (!pool) return; if (lock_pool && (err = pool_lock(pool))) { set_errno(err); return; } pool->used = 0; if (lock_pool && (err = pool_unlock(pool))) set_errno(err); } static void pool_clear_unlocked(Pool *pool) { pool_clear_with_locker(pool, 0); } void pool_clear(Pool *pool) { pool_clear_with_locker(pool, 1); } /* =back =head1 ERRORS On error, C is set by underlying functions or as follows: =over 4 =item C When arguments are invalid. =item C When there is insufficient available space in a pool for I to satisfy a request. =item C Returned by I and I when I is not supported (e.g. I). =back =head1 MT-Level I (mem) I (pool) man I for details. =head1 EXAMPLES 1D array of longs: long *mem = mem_create(100, long); mem_resize(&mem, 200); mem_destroy(&mem); 3D array of ints: int ***space = mem_create3d(10, 20, 30, int); int i, j, k; for (i = 0; i < 10; ++i) for (j = 0; j < 20; ++j) for (k = 0; k < 30; ++k) space[i][j][k] = i + j + j; mem_destroy3d(&space); A pool of a million integers: void pool() { Pool *pool; int i, *p; if (!(pool = pool_create(1024 * 1024 * sizeof(int)))) return; for (i = 0; i < 1024 * 1024; ++i) { if (!(p = pool_new(pool, int))) break; *p = i; } pool_destroy(&pool); } Secure memory: char *secure_passwd = mem_create_secure(32); if (!secure_passwd) exit(EXIT_FAILURE); get_passwd(secure_passwd, 32); use_passwd(secure_passwd); mem_destroy_secure(&secure_passwd); Secure memory pool: Pool *secure_pool; char *secure_passwd; if (!(secure_pool = pool_create_secure(1024 * 1024))) exit(EXIT_FAILURE); secure_passwd = pool_alloc(secure_pool, 32); get_passwd(secure_passwd, 32); use_passwd(secure_passwd); pool_destroy_secure(&secure_pool); =head1 SEE ALSO I, I, I, I, I, I, I, I =head1 AUTHOR 20230824 raf =cut */ #endif #ifdef TEST #include #include #include #include int main(int ac, char **av) { int *mem1 = NULL; char *mem2 = NULL; char *str = NULL; int **space2 = NULL; int ***space3 = NULL; int ****space4 = NULL; int *****space5 = NULL; char **space2d = NULL; double ***space3d = NULL; int i, j, k, l, m; Pool *pool; clock_t start_clock; clock_t end_clock; long malloc_time; long pool_time; int errors = 0; int no_secure_mem; pid_t pid; if (ac == 2 && !strcmp(av[1], "help")) { printf("usage: %s [pool]\n", *av); return EXIT_SUCCESS; } printf("Testing: %s\n", "mem"); /* Test create, resize and destroy */ if (!(mem1 = mem_create(100, int))) ++errors, printf("Test1: mem_create(100, int) failed\n"); if (!(mem_resize(&mem1, 50))) ++errors, printf("Test2: mem_resize(100 -> 50) failed\n"); if (mem_resize(&mem1, 0)) ++errors, printf("Test3: mem_resize(50 -> 0) failed\n"); if (!(mem_resize(&mem1, 50))) ++errors, printf("Test4: mem_resize(0 -> 50) failed\n"); if (mem_destroy(&mem1)) ++errors, printf("Test5: mem_destroy() failed\n"); if (!(mem2 = mem_create(0, char))) ++errors, printf("Test6: mem_create(0, char) failed\n"); if (!(mem_resize(&mem2, 10))) ++errors, printf("Test7: mem_resize(0 -> 10) failed\n"); if (mem_resize(&mem2, 0)) ++errors, printf("Test8: mem_resize(10 -> 0) failed\n"); if (mem_destroy(&mem2)) ++errors, printf("Test9: mem_destroy() failed\n"); /* This used to segfault a broken version of mem_resize() */ switch (pid = fork()) { case -1: { fprintf(stderr, "Failed to perform test - fork() failed (%s)\n", strerror(errno)); break; } case 0: { size_t size = 16; sockopt_t *so = mem_create(size, sockopt_t); sockaddr_any_t *sa = mem_create(size, sockaddr_any_t); mem_resize(&so, size << 1); memset(so + size, 0, size * sizeof(sockopt_t)); mem_resize(&sa, size << 1); memset(sa + size, 0, size * sizeof(sockaddr_any_t)); mem_destroy(&so); mem_destroy(&sa); _exit(EXIT_SUCCESS); break; } default: { int status; if (waitpid(pid, &status, 0) == -1) { fprintf(stderr, "Failed to evaluate test - waitpid(%d) failed (%s)\n", (int)pid, strerror(errno)); break; } if (WIFSIGNALED(status) && WTERMSIG(status) != SIGABRT) ++errors, printf("Test10: mem_resize() failed - killed by signal %d\n", WTERMSIG(status)); else if (WIFEXITED(status) && WEXITSTATUS(status) != EXIT_SUCCESS) ++errors, printf("Test10: mem_resize() failed - exit status %d\n", WEXITSTATUS(status)); break; } } /* Test strdup */ if (!(str = mem_strdup("test"))) ++errors, printf("Test11: mem_strdup() failed (returned NULL)\n"); else { if (strcmp(str, "test")) ++errors, printf("Test12: mem_strdup() failed (equals \"%s\", not \"test\")\n", str); mem_release(str); } /* Test 2D space allocation and deallocation */ if (!(space2 = mem_create_space(sizeof(int), (size_t)1, (size_t)1, (size_t)0))) ++errors, printf("Test13: mem_create_space(1, 1) failed (returned NULL)\n"); else { space2[0][0] = 37; if (space2[0][0] != 37) ++errors, printf("Test14: mem_create_space(1, 1) failed (space2[%d][%d] = %d, not %d)\n", 0, 0, space2[0][0], 37); mem_destroy_space(&space2); if (space2) ++errors, printf("Test15: mem_destroy_space(1, 1) failed\n"); } if (!(space2 = mem_create_space(sizeof(int), (size_t)10, (size_t)10, (size_t)0))) ++errors, printf("Test16: mem_create_space(10, 10) failed (returned NULL)\n"); else { int error = 0; for (i = 0; i < 10; ++i) for (j = 0; j < 10; ++j) space2[i][j] = i + j; for (i = 0; i < 10; ++i) for (j = 0; j < 10; ++j) if (space2[i][j] != i + j) ++error, printf("Test17: mem_create_space(10, 10) failed (space2[%d][%d] = %d, not %d)\n", i, j, space2[i][j], i + j); if (error) ++errors; mem_destroy_space(&space2); if (space2) ++errors, printf("Test18: mem_destroy_space(10, 10) failed\n"); } /* Test 3D space allocation and deallocation */ if (!(space3 = mem_create_space(sizeof(int), (size_t)1, (size_t)1, (size_t)1, (size_t)0))) ++errors, printf("Test19: mem_create_space(1, 1, 1) failed (returned NULL)\n"); else { space3[0][0][0] = 37; if (space3[0][0][0] != 37) ++errors, printf("Test20: mem_create_space(1, 1, 1) failed (space3[%d][%d][%d] = %d, not %d)\n", 0, 0, 0, space3[0][0][0], 37); mem_destroy_space(&space3); if (space3) ++errors, printf("Test21: mem_destroy_space(1, 1, 1) failed\n"); } if (!(space3 = mem_create_space(sizeof(int), (size_t)10, (size_t)10, (size_t)10, (size_t)0))) ++errors, printf("Test22: mem_create_space(10, 10, 10) failed (returned NULL)\n"); else { int error = 0; for (i = 0; i < 10; ++i) for (j = 0; j < 10; ++j) for (k = 0; k < 10; ++k) space3[i][j][k] = i + j + k; for (i = 0; i < 10; ++i) for (j = 0; j < 10; ++j) for (k = 0; k < 10; ++k) if (space3[i][j][k] != i + j + k) ++error, printf("Test23: mem_create_space(10, 10, 10) failed (space3[%d][%d][%d] = %d, not %d)\n", i, j, k, space3[i][j][k], i + j + k); if (error) ++errors; mem_destroy_space(&space3); if (space3) ++errors, printf("Test24: mem_destroy_space(10, 10, 10) failed\n"); } /* Test 4D space allocation and deallocation */ if (!(space4 = mem_create_space(sizeof(int), (size_t)1, (size_t)1, (size_t)1, (size_t)1, (size_t)0))) ++errors, printf("Test25: mem_create_space(1, 1, 1, 1) failed (returned NULL)\n"); else { space4[0][0][0][0] = 37; if (space4[0][0][0][0] != 37) ++errors, printf("Test26: mem_create_space(1, 1, 1, 1) failed (space4[%d][%d][%d][%d] = %d, not %d)\n", 0, 0, 0, 0, space4[0][0][0][0], 37); mem_destroy_space(&space4); if (space4) ++errors, printf("Test27: mem_destroy_space(1, 1, 1, 1) failed\n"); } if (!(space4 = mem_create_space(sizeof(int), (size_t)10, (size_t)10, (size_t)10, (size_t)10, (size_t)0))) ++errors, printf("Test28: mem_create_space(10, 10, 10, 10) failed (returned NULL)\n"); else { int error = 0; for (i = 0; i < 10; ++i) for (j = 0; j < 10; ++j) for (k = 0; k < 10; ++k) for (l = 0; l < 10; ++l) space4[i][j][k][l] = i + j + k + l; for (i = 0; i < 10; ++i) for (j = 0; j < 10; ++j) for (k = 0; k < 10; ++k) for (l = 0; l < 10; ++l) if (space4[i][j][k][l] != i + j + k + l) ++error, printf("Test29: mem_create_space(10, 10, 10, 10) failed (space4[%d][%d][%d][%d] = %d, not %d)\n", i, j, k, l, space4[i][j][k][l], i + j + k + l); if (error) ++errors; mem_destroy_space(&space4); if (space4) ++errors, printf("Test30: mem_destroy_space(10, 10, 10, 10) failed\n"); } /* Test 5D space allocation and deallocation */ if (!(space5 = mem_create_space(sizeof(int), (size_t)1, (size_t)1, (size_t)1, (size_t)1, (size_t)1, (size_t)0))) ++errors, printf("Test31: mem_create_space(1, 1, 1, 1, 1) failed (returned NULL)\n"); else { space5[0][0][0][0][0] = 37; if (space5[0][0][0][0][0] != 37) ++errors, printf("Test32: mem_create_space(1, 1, 1, 1, 1) failed (space5[%d][%d][%d][%d][%d] = %d, not %d)\n", 0, 0, 0, 0, 0, space5[0][0][0][0][0], 37); mem_destroy_space(&space5); if (space5) ++errors, printf("Test33: mem_destroy_space(1, 1, 1, 1, 1) failed\n"); } if (!(space5 = mem_create_space(sizeof(int), (size_t)10, (size_t)10, (size_t)10, (size_t)10, (size_t)10, (size_t)0))) ++errors, printf("Test34: mem_create_space(10, 10, 10, 10, 10) failed (returned NULL)\n"); else { int error = 0; for (i = 0; i < 10; ++i) for (j = 0; j < 10; ++j) for (k = 0; k < 10; ++k) for (l = 0; l < 10; ++l) for (m = 0; m < 10; ++m) space5[i][j][k][l][m] = i + j + k + l + m; for (i = 0; i < 10; ++i) for (j = 0; j < 10; ++j) for (k = 0; k < 10; ++k) for (l = 0; l < 10; ++l) for (m = 0; m < 10; ++m) if (space5[i][j][k][l][m] != i + j + k + l + m) ++error, printf("Test35: mem_create_space(10, 10, 10, 10, 10) failed (space5[%d][%d][%d][%d][%d] = %d, not %d)\n", i, j, k, l, m, space5[i][j][k][l][m], i + j + k + l + m); if (error) ++errors; mem_destroy_space(&space5); if (space5) ++errors, printf("Test36: mem_destroy_space(10, 10, 10, 10, 10) failed\n"); } /* Test element sizes smaller than sizeof(void *) */ if (!(space2d = mem_create_space(sizeof(char), (size_t)1, (size_t)1, (size_t)0))) ++errors, printf("Test37: mem_create_space(char, 1, 1) failed (returned NULL)\n"); else { space2d[0][0] = 'a'; if (space2d[0][0] != 'a') ++errors, printf("Test38: mem_create_space(char, 1, 1) failed (space2d[%d][%d] = '%c', not '%c')\n", 0, 0, space2d[0][0], 'a'); mem_destroy_space(&space2d); if (space2d) ++errors, printf("Test39: mem_destroy_space(char, 1, 1) failed\n"); } if (!(space2d = mem_create_space(sizeof(char), (size_t)10, (size_t)10, (size_t)0))) ++errors, printf("Test40: mem_create_space(char, 10, 10) failed (returned NULL)\n"); else { int error = 0; for (i = 0; i < 10; ++i) for (j = 0; j < 10; ++j) space2d[i][j] = 'a' + (i + j) % 26; for (i = 0; i < 10; ++i) for (j = 0; j < 10; ++j) if (space2d[i][j] != 'a' + (i + j) % 26) ++error, printf("Test41: mem_create_space(char, 10, 10) failed (space2d[%d][%d] = '%c', not '%c')\n", i, j, space2d[i][j], 'a' + (i + j) % 26); if (error) ++errors; mem_destroy_space(&space2d); if (space2d) ++errors, printf("Test42: mem_destroy_space(char, 10, 10) failed\n"); } /* Test element sizes larger than sizeof(void *) */ if (!(space3d = mem_create_space(sizeof(double), (size_t)1, (size_t)1, (size_t)1, (size_t)0))) ++errors, printf("Test43: mem_create_space(double, 1, 1, 1) failed (returned NULL)\n"); else { space3d[0][0][0] = 37.5; if (space3d[0][0][0] != 37.5) ++errors, printf("Test44: mem_create_space(double, 1, 1, 1) failed (space3d[%d][%d][%d] = %g, not %g)\n", 0, 0, 0, space3d[0][0][0], 37.5); mem_destroy_space(&space3d); if (space3d) ++errors, printf("Test45: mem_destroy_space(double, 1, 1, 1) failed\n"); } if (!(space3d = mem_create_space(sizeof(double), (size_t)10, (size_t)10, (size_t)10, (size_t)0))) ++errors, printf("Test46: mem_create_space(double, 10, 10, 10) failed (returned NULL)\n"); else { int error = 0; for (i = 0; i < 10; ++i) for (j = 0; j < 10; ++j) for (k = 0; k < 10; ++k) space3d[i][j][k] = (double)(i + j + k); for (i = 0; i < 10; ++i) for (j = 0; j < 10; ++j) for (k = 0; k < 10; ++k) if (space3d[i][j][k] != (double)(i + j + k)) ++error, printf("Test47: mem_create_space(double, 10, 10, 10) failed (space3[%d][%d][%d] = %g, not %g)\n", i, j, k, space3d[i][j][k], (double)(i + j + k)); if (error) ++errors; mem_destroy_space(&space3d); if (space3d) ++errors, printf("Test48: mem_destroy_space(double, 10, 10, 10) failed\n"); } /* Test mem_space_start() */ if (!(space4 = mem_create_space(sizeof(int), (size_t)2, (size_t)3, (size_t)4, (size_t)5, (size_t)0))) ++errors, printf("Test49: mem_create_space(int, 2, 3, 4, 5) failed (returned NULL)\n"); else { int error = 0; size_t start; for (i = 0; i < 2; ++i) for (j = 0; j < 3; ++j) for (k = 0; k < 4; ++k) for (l = 0; l < 5; ++l) space4[i][j][k][l] = i + j + k + l; for (i = 0; i < 2; ++i) for (j = 0; j < 3; ++j) for (k = 0; k < 4; ++k) for (l = 0; l < 5; ++l) if (space4[i][j][k][l] != i + j + k + l) ++error, printf("Test50: mem_create_space(int, 2, 3, 4, 5) failed (space4[%d][%d][%d][%d] = %d, not %d)\n", i, j, k, l, space4[i][j][k][l], i + j + k + l); if (error) ++errors; start = mem_space_start(sizeof(int), (size_t)2, (size_t)3, (size_t)4, (size_t)5, (size_t)0); memset((char *)space4 + start, 0, sizeof(int) * 2 * 3 * 4 * 5); for (i = 0; i < 2; ++i) for (j = 0; j < 3; ++j) for (k = 0; k < 4; ++k) for (l = 0; l < 4; ++l) if (space4[i][j][k][l] != 0) ++error, printf("Test51: mem_space_start(int, 2, 3, 4, 5) failed (space4[%d][%d][%d][%d] = %d, not %d)\n", i, j, k, l, space4[i][j][k][l], 0); for (i = 0; i < 2; ++i) for (j = 0; j < 3; ++j) for (k = 0; k < 4; ++k) for (l = 0; l < 5; ++l) space4[i][j][k][l] = i + j + k + l; for (i = 0; i < 2; ++i) for (j = 0; j < 3; ++j) for (k = 0; k < 4; ++k) for (l = 0; l < 5; ++l) if (space4[i][j][k][l] != i + j + k + l) ++error, printf("Test52: mem_space_start(int, 2, 3, 4, 5) failed (space4[%d][%d][%d][%d] = %d, not %d)\n", i, j, k, l, space4[i][j][k][l], i + j + k + l); if (error) ++errors; mem_destroy_space(&space4); if (space4) ++errors, printf("Test53: mem_destroy_space(int, 2, 3, 4, 5) failed\n"); } /* Test pool functions */ start_clock = clock(); if (!(pool = pool_create(1024 * 1024))) ++errors, printf("Test54: pool_create(1024 * 1024) failed: %s\n", strerror(errno)); else { for (i = 0; i < 1024 * 1024; ++i) { if (!pool_new(pool, char)) { ++errors, printf("Test55: pool_alloc() failed: %s\n", strerror(errno)); break; } } errno = 0; if (pool_alloc(pool, 1) != NULL || errno != ENOSPC) ++errors, printf("Test56: pool_alloc(pool, 1) failed (errno %d, not %d)\n", errno, ENOSPC); errno = 0; if (pool_alloc(NULL, 1) != NULL || errno != EINVAL) ++errors, printf("Test57: pool_alloc(NULL, 1) failed (errno %d, not %d)\n", errno, EINVAL); pool_clear(pool); if (!pool_alloc(pool, 1)) ++errors, printf("Test58: pool_clear(), pool_alloc() failed: %s\n", strerror(errno)); pool_destroy(&pool); if (pool) ++errors, printf("Test59: pool_destroy() failed (%p, not NULL)\n", (void *)pool); } end_clock = clock(); pool_time = end_clock - start_clock; if (ac == 2 && !strcmp(av[1], "pool")) { start_clock = clock(); for (i = 0; i < 1024 * 1024; ++i) free(malloc(1)); end_clock = clock(); malloc_time = end_clock - start_clock; printf("malloc %ldus, pool %ldus (pool %g times faster than malloc)\n", malloc_time, pool_time, (double)malloc_time / (double)pool_time); } /* Test secure mem/pool functions */ no_secure_mem = 0; /* (getuid() != 0); */ if (!no_secure_mem) { #ifdef MLOCK_REQUIRES_PAGE_BOUNDARY /* Test that page boundary is a power of two */ long pagesize; if ((pagesize = sysconf(_SC_PAGESIZE)) == -1) ++errors, printf("Test60: Failed to perform test: sysconf(_SC_PAGESIZE) failed\n"); else { long size = pagesize; int bits; for (bits = 0; size; size >>= 1) if (size & 1) ++bits; if (bits != 1) ++errors, printf("Test60: pagesize (%ld) is not a power of 2! Secure memory won't work\n", pagesize); } #endif if (!(mem1 = mem_create_secure(1024))) ++errors, printf("Test61: mem_create_secure(1024) failed: %s (Does mlock() require root privileges on this system? If so, audit this code and rerun it as root)\n", strerror(errno)); else { mem_destroy_secure(&mem1); if (mem1) ++errors, printf("Test62: mem_destroy_secure(1024) failed: mem == %p, not NULL\n", (void *)mem1); } if (!(pool = pool_create_secure(32))) ++errors, printf("Test63: pool_create_secure(32) failed: %s (Does mlock() require root privileges on this system? If so, audit this code and rerun it as root)\n", strerror(errno)); else { void *whitebox = pool->pool; if (!(mem1 = pool_alloc(pool, 32))) ++errors, printf("Test64: pool_alloc(pool, 32) failed: %s\n", strerror(errno)); memset(mem1, 0xff, 32); pool_destroy_secure(&pool); /* Note: This test may be invalid because the memory has already been deallocated */ if (memcmp(whitebox, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 32)) { if (!memcmp(whitebox, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff", 32)) ++errors, printf("Test65: pool_destroy_secure(32) failed: memory not cleared\n"); else { int i, num_nuls = 0; for (i = 0; i < 32; i++) if (((unsigned char *)whitebox)[i] == '\0') ++num_nuls; if (num_nuls < 32 - 8) { ++errors, printf("Test65: pool_destroy_secure(32) failed: memory not cleared (possibly - or maybe the already-deallocated memory has just been reused by now)\n"); printf("content = \""); for (i = 0; i < 32; i++) printf("\\x%02x", ((unsigned char *)whitebox)[i]); printf("\" (should be all or mostly \\x00)\n"); } } } if (pool) ++errors, printf("Test66: pool_destroy_secure(32) failed: pool == %p, not NULL\n", (void *)pool); } } /* Test assumption: memory failure results in errno == ENOMEM */ errno = 0; str = NULL; if (!mem_resize(&str, UINT_MAX) && errno != ENOMEM) ++errors, printf("Test67: assumption failed: realloc failed but errno == \"%s\" (not \"%s\")\n", strerror(errno), strerror(ENOMEM)); if (errors) printf("%d/67 tests failed\n", errors); else printf("All tests passed\n"); if (no_secure_mem) { printf("\n"); printf(" Note: Can't perform secure memory tests.\n"); printf(" Audit the code and rerun the test as root.\n"); } return (errors == 0) ? EXIT_SUCCESS : EXIT_FAILURE; } #endif /* vi:set ts=4 sw=4: */