cheri: malloc: Set fixed mmap_threshold for capability narrowing

Capability narrowing requires extra alignment for large allocations,
this can cause significant heap fragmentation so ensure large
allocations use a single mmap and unmaped on free. The fragmentation
is bug 14581.

This patch disables dynamic mmap threshold when cap_narrowing is
enabled and uses a threshold of 256 kbytes on morello (which means
at most 64 byte alignment requirement on the heap). The dynamic
threshold could quickly grow very big and stay there making the
fragmentation issue common.

diff --git a/malloc/arena.c b/malloc/arena.c
index c63cb70f747c022290caa5a436f1e9c2a981a6ab..05df8c15104841c85852617d4a256100425c026c 100644 (file)
--- a/malloc/arena.c
+++ b/malloc/arena.c
@@ -331,7 +331,13 @@ ptmalloc_init (void)
   if (TUNABLE_GET_FULL (glibc, mem, cap_narrowing, int32_t, NULL) == 0)
     cap_narrowing_enabled = false;
   else
-    cap_narrowing_enabled = true;
+    {
+      cap_narrowing_enabled = true;
+# ifdef __CAP_MMAP_THRESHOLD
+      /* Default mmap threshold to avoid heap fragmentation.  */
+      do_set_mmap_threshold (__CAP_MMAP_THRESHOLD);
+# endif
+    }
 #endif
   cap_init ();
 

diff --git a/sysdeps/aarch64/morello/libc-cap.h b/sysdeps/aarch64/morello/libc-cap.h
index 3549a6db6d8b2fa9808878f965a025e025f4fa40..9e6f66aa22b63f64201ea326b8aab43fd856240f 100644 (file)
--- a/sysdeps/aarch64/morello/libc-cap.h
+++ b/sysdeps/aarch64/morello/libc-cap.h
@@ -285,6 +285,10 @@ __libc_cap_map_del (void *p)
    allocations, i.e. __libc_cap_align (n) <= MALLOC_ALIGNMENT.  */
 #define __CAP_ALIGN_THRESHOLD 32759
 
+/* Set the mmap_threshold to this value when narrowing is enabled
+   to avoid heap fragmentation due to alignment requirements.  */
+#define __CAP_MMAP_THRESHOLD 262144
+
 /* Round up the allocation size so the allocated pointer bounds
    can be represented.  Note: this may be called before any
    checks on n, so it should work with all possible n values.  */