aboutsummaryrefslogtreecommitdiff
path: root/sysdeps
diff options
context:
space:
mode:
authorSiddhesh Poyarekar <siddhesh@redhat.com>2012-09-25 14:10:29 +0530
committerSiddhesh Poyarekar <siddhesh@redhat.com>2012-09-25 14:30:52 +0530
commit9fab36eb583c0e585e83a01253299afed9ea9a11 (patch)
tree948ce03e0a724c8a3a7bca0fc1dbb7655f94e64e /sysdeps
parent2b4f00d1a42b705521ca205ad8285dde82d84f2b (diff)
downloadglibc-9fab36eb583c0e585e83a01253299afed9ea9a11.tar
glibc-9fab36eb583c0e585e83a01253299afed9ea9a11.tar.gz
glibc-9fab36eb583c0e585e83a01253299afed9ea9a11.tar.bz2
glibc-9fab36eb583c0e585e83a01253299afed9ea9a11.zip
Shrink heap on linux when overcommit_memory == 2
Using madvise with MADV_DONTNEED to release memory back to the kernel is not sufficient to change the commit charge accounted against the process on Linux. It is OK however, when overcommit is enabled or is heuristic. However, when overcommit is restricted to a percentage of memory setting the contents of /proc/sys/vm/overcommit_memory as 2, it makes a difference since memory requests will fail. Hence, we do what we do with secure exec binaries, which is to call mmap on the region to be dropped with MAP_FIXED. This internally unmaps the pages in question and reduces the amount of memory accounted against the process.
Diffstat (limited to 'sysdeps')
-rw-r--r--sysdeps/generic/malloc-sysdep.h25
-rw-r--r--sysdeps/unix/sysv/linux/malloc-sysdep.h57
2 files changed, 82 insertions, 0 deletions
diff --git a/sysdeps/generic/malloc-sysdep.h b/sysdeps/generic/malloc-sysdep.h
new file mode 100644
index 0000000000..bbc48c04f0
--- /dev/null
+++ b/sysdeps/generic/malloc-sysdep.h
@@ -0,0 +1,25 @@
+/* System-specific malloc support functions. Generic version.
+ Copyright (C) 2012 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+/* Force an unmap when the heap shrinks in a secure exec. This ensures that
+ the old data pages immediately cease to be accessible. */
+static inline bool
+check_may_shrink_heap (void)
+{
+ return __libc_enable_secure;
+}
diff --git a/sysdeps/unix/sysv/linux/malloc-sysdep.h b/sysdeps/unix/sysv/linux/malloc-sysdep.h
new file mode 100644
index 0000000000..f926aeafff
--- /dev/null
+++ b/sysdeps/unix/sysv/linux/malloc-sysdep.h
@@ -0,0 +1,57 @@
+/* System-specific malloc support functions. Linux version.
+ Copyright (C) 2012 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <fcntl.h>
+#include <not-cancel.h>
+
+/* The Linux kernel overcommits address space by default and if there is not
+ enough memory available, it uses various parameters to decide the process to
+ kill. It is however possible to disable or curb this overcommit behavior
+ by setting the proc sysctl vm.overcommit_memory to the value '2' and with
+ that, a process is only allowed to use the maximum of a pre-determined
+ fraction of the total address space. In such a case, we want to make sure
+ that we are judicious with our heap usage as well, and explicitly give away
+ the freed top of the heap to reduce our commit charge. See the proc(5) man
+ page to know more about overcommit behavior.
+
+ Other than that, we also force an unmap in a secure exec. */
+static inline bool
+check_may_shrink_heap (void)
+{
+ static int may_shrink_heap = -1;
+
+ if (__builtin_expect (may_shrink_heap >= 0, 1))
+ return may_shrink_heap;
+
+ may_shrink_heap = __libc_enable_secure;
+
+ if (__builtin_expect (may_shrink_heap == 0, 1))
+ {
+ int fd = open_not_cancel_2 ("/proc/sys/vm/overcommit_memory",
+ O_RDONLY | O_CLOEXEC);
+ if (fd >= 0)
+ {
+ char val;
+ ssize_t n = read_not_cancel (fd, &val, 1);
+ may_shrink_heap = n > 0 && val == '2';
+ close_not_cancel_no_status (fd);
+ }
+ }
+
+ return may_shrink_heap;
+}