1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* Copyright (c) The Exim maintainers 2019 - 2020 */
7 /* See the file NOTICE for conditions of use and distribution. */
9 /* Exim gets and frees all its store through these functions. In the original
10 implementation there was a lot of mallocing and freeing of small bits of store.
11 The philosophy has now changed to a scheme which includes the concept of
12 "stacking pools" of store. For the short-lived processes, there isn't any real
13 need to do any garbage collection, but the stack concept allows quick resetting
14 in places where this seems sensible.
16 Obviously the long-running processes (the daemon, the queue runner, and eximon)
17 must take care not to eat store.
19 The following different types of store are recognized:
21 . Long-lived, large blocks: This is implemented by retaining the original
22 malloc/free functions, and it used for permanent working buffers and for
23 getting blocks to cut up for the other types.
25 . Long-lived, small blocks: This is used for blocks that have to survive until
26 the process exits. It is implemented as a stacking pool (POOL_PERM). This is
27 functionally the same as store_malloc(), except that the store can't be
28 freed, but I expect it to be more efficient for handling small blocks.
30 . Short-lived, short blocks: Most of the dynamic store falls into this
31 category. It is implemented as a stacking pool (POOL_MAIN) which is reset
32 after accepting a message when multiple messages are received by a single
33 process. Resetting happens at some other times as well, usually fairly
34 locally after some specific processing that needs working store.
36 . There is a separate pool (POOL_SEARCH) that is used only for lookup storage.
37 This means it can be freed when search_tidyup() is called to close down all
40 - There is another pool (POOL_MESSAGE) used for medium-lifetime objects; within
41 a single message transaction but needed for longer than the use of the main
42 pool permits. Currently this means only receive-time DKIM information.
44 . Orthogonal to the three pool types, there are two classes of memory: untainted
45 and tainted. The latter is used for values derived from untrusted input, and
46 the string-expansion mechanism refuses to operate on such values (obviously,
47 it can expand an untainted value to return a tainted result). The classes
48 are implemented by duplicating the four pool types. Pool resets are requested
49 against the nontainted sibling and apply to both siblings.
51 Only memory blocks requested for tainted use are regarded as tainted; anything
52 else (including stack auto variables) is untainted. Care is needed when coding
53 to not copy untrusted data into untainted memory, as downstream taint-checks
56 Intermediate layers (eg. the string functions) can test for taint, and use this
57 for ensurinng that results have proper state. For example the
58 string_vformat_trc() routing supporting the string_sprintf() interface will
59 recopy a string being built into a tainted allocation if it meets a %s for a
60 tainted argument. Any intermediate-layer function that (can) return a new
61 allocation should behave this way; returning a tainted result if any tainted
62 content is used. Intermediate-layer functions (eg. Ustrncpy) that modify
63 existing allocations fail if tainted data is written into an untainted area.
64 Users of functions that modify existing allocations should check if a tainted
65 source and an untainted destination is used, and fail instead (sprintf() being
71 /* keep config.h before memcheck.h, for NVALGRIND */
78 /* We need to know how to align blocks of data for general use. I'm not sure
79 how to get an alignment factor in general. In the current world, a value of 8
80 is probably right, and this is sizeof(double) on some systems and sizeof(void
81 *) on others, so take the larger of those. Since everything in this expression
82 is a constant, the compiler should optimize it to a simple constant wherever it
83 appears (I checked that gcc does do this). */
86 (sizeof(void *) > sizeof(double) ? sizeof(void *) : sizeof(double))
88 /* store_reset() will not free the following block if the last used block has
89 less than this much left in it. */
91 #define STOREPOOL_MIN_SIZE 256
93 /* Structure describing the beginning of each big block. */
95 typedef struct storeblock {
96 struct storeblock *next;
100 /* Just in case we find ourselves on a system where the structure above has a
101 length that is not a multiple of the alignment, set up a macro for the padded
104 #define ALIGNED_SIZEOF_STOREBLOCK \
105 (((sizeof(storeblock) + alignment - 1) / alignment) * alignment)
107 /* Size of block to get from malloc to carve up into smaller ones. This
108 must be a multiple of the alignment. We assume that 4096 is going to be
109 suitably aligned. Double the size per-pool for every malloc, to mitigate
110 certain denial-of-service attacks. Don't bother to decrease on block frees.
111 We waste average half the current alloc size per pool. This could be several
112 hundred kB now, vs. 4kB with a constant-size block size. But the search time
113 for is_tainted(), linear in the number of blocks for the pool, is O(n log n)
115 A test of 2000 RCPTs and just accept ACL had 370kB in 21 blocks before,
116 504kB in 6 blocks now, for the untainted-main (largest) pool.
117 Builds for restricted-memory system can disable the expansion by
118 defining RESTRICTED_MEMORY */
119 /*XXX should we allow any for malloc's own overhead? But how much? */
121 /* #define RESTRICTED_MEMORY */
122 #define STORE_BLOCK_SIZE(order) ((1U << (order)) - ALIGNED_SIZEOF_STOREBLOCK)
124 /* Variables holding data for the local pools of store. The current pool number
125 is held in store_pool, which is global so that it can be changed from outside.
126 Setting the initial length values to -1 forces a malloc for the first call,
127 even if the length is zero (which is used for getting a point to reset to). */
129 int store_pool = POOL_MAIN;
131 static storeblock *chainbase[NPOOLS];
132 static storeblock *current_block[NPOOLS];
133 static void *next_yield[NPOOLS];
134 static int yield_length[NPOOLS];
135 static unsigned store_block_order[NPOOLS];
137 /* pool_malloc holds the amount of memory used by the store pools; this goes up
138 and down as store is reset or released. nonpool_malloc is the total got by
139 malloc from other calls; this doesn't go down because it is just freed by
142 static int pool_malloc;
143 static int nonpool_malloc;
145 /* This variable is set by store_get() to its yield, and by store_reset() to
146 NULL. This enables string_cat() to optimize its store handling for very long
147 strings. That's why the variable is global. */
149 void *store_last_get[NPOOLS];
151 /* These are purely for stats-gathering */
153 static int nbytes[NPOOLS]; /* current bytes allocated */
154 static int maxbytes[NPOOLS]; /* max number reached */
155 static int nblocks[NPOOLS]; /* current number of blocks allocated */
156 static int maxblocks[NPOOLS];
157 static unsigned maxorder[NPOOLS];
158 static int n_nonpool_blocks; /* current number of direct store_malloc() blocks */
159 static int max_nonpool_blocks;
160 static int max_pool_malloc; /* max value for pool_malloc */
161 static int max_nonpool_malloc; /* max value for nonpool_malloc */
164 #ifndef COMPILE_UTILITY
165 static const uschar * pooluse[NPOOLS] = {
166 [POOL_MAIN] = US"main",
167 [POOL_PERM] = US"perm",
168 [POOL_SEARCH] = US"search",
169 [POOL_MESSAGE] = US"message",
170 [POOL_TAINT_MAIN] = US"main",
171 [POOL_TAINT_PERM] = US"perm",
172 [POOL_TAINT_SEARCH] = US"search",
173 [POOL_TAINT_SEARCH] = US"search",
174 [POOL_TAINT_MESSAGE] = US"message",
176 static const uschar * poolclass[NPOOLS] = {
177 [POOL_MAIN] = US"untainted",
178 [POOL_PERM] = US"untainted",
179 [POOL_SEARCH] = US"untainted",
180 [POOL_MESSAGE] = US"untainted",
181 [POOL_TAINT_MAIN] = US"tainted",
182 [POOL_TAINT_PERM] = US"tainted",
183 [POOL_TAINT_SEARCH] = US"tainted",
184 [POOL_TAINT_MESSAGE] = US"tainted",
189 static void * internal_store_malloc(int, const char *, int);
190 static void internal_store_free(void *, const char *, int linenumber);
192 /******************************************************************************/
193 /* Initialisation, for things fragile with parameter channges when using
194 static initialisers. */
199 for (int i = 0; i < NPOOLS; i++)
201 yield_length[i] = -1;
202 store_block_order[i] = 12; /* log2(allocation_size) ie. 4kB */
206 /******************************************************************************/
208 /* Test if a pointer refers to tainted memory.
210 Slower version check, for use when platform intermixes malloc and mmap area
211 addresses. Test against the current-block of all tainted pools first, then all
212 blocks of all tainted pools.
214 Return: TRUE iff tainted
218 is_tainted_fn(const void * p)
222 for (int pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++)
223 if ((b = current_block[pool]))
225 uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK;
226 if (US p >= bc && US p < bc + b->length) return TRUE;
229 for (int pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++)
230 for (b = chainbase[pool]; b; b = b->next)
232 uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK;
233 if (US p >= bc && US p < bc + b->length) return TRUE;
240 die_tainted(const uschar * msg, const uschar * func, int line)
242 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Taint mismatch, %s: %s %d\n",
248 /*************************************************
249 * Get a block from the current pool *
250 *************************************************/
252 /* Running out of store is a total disaster. This function is called via the
253 macro store_get(). It passes back a block of store within the current big
254 block, getting a new one if necessary. The address is saved in
258 size amount wanted, bytes
259 tainted class: set to true for untrusted data (eg. from smtp input)
260 func function from which called
261 linenumber line number in source file
263 Returns: pointer to store (panic on malloc failure)
267 store_get_3(int size, BOOL tainted, const char *func, int linenumber)
269 int pool = tainted ? store_pool + POOL_TAINT_BASE : store_pool;
271 /* Round up the size to a multiple of the alignment. Although this looks a
272 messy statement, because "alignment" is a constant expression, the compiler can
273 do a reasonable job of optimizing, especially if the value of "alignment" is a
274 power of two. I checked this with -O2, and gcc did very well, compiling it to 4
275 instructions on a Sparc (alignment = 8). */
277 if (size % alignment != 0) size += alignment - (size % alignment);
279 /* If there isn't room in the current block, get a new one. The minimum
280 size is STORE_BLOCK_SIZE, and we would expect this to be the norm, since
281 these functions are mostly called for small amounts of store. */
283 if (size > yield_length[pool])
285 int length = MAX(STORE_BLOCK_SIZE(store_block_order[pool]), size);
286 int mlength = length + ALIGNED_SIZEOF_STOREBLOCK;
287 storeblock * newblock;
289 /* Sometimes store_reset() may leave a block for us; check if we can use it */
291 if ( (newblock = current_block[pool])
292 && (newblock = newblock->next)
293 && newblock->length < length
296 /* Give up on this block, because it's too small */
298 internal_store_free(newblock, func, linenumber);
302 /* If there was no free block, get a new one */
306 if ((nbytes[pool] += mlength) > maxbytes[pool])
307 maxbytes[pool] = nbytes[pool];
308 if ((pool_malloc += mlength) > max_pool_malloc) /* Used in pools */
309 max_pool_malloc = pool_malloc;
310 nonpool_malloc -= mlength; /* Exclude from overall total */
311 if (++nblocks[pool] > maxblocks[pool])
312 maxblocks[pool] = nblocks[pool];
314 newblock = internal_store_malloc(mlength, func, linenumber);
315 newblock->next = NULL;
316 newblock->length = length;
317 #ifndef RESTRICTED_MEMORY
318 if (store_block_order[pool]++ > maxorder[pool])
319 maxorder[pool] = store_block_order[pool];
322 if (!chainbase[pool])
323 chainbase[pool] = newblock;
325 current_block[pool]->next = newblock;
328 current_block[pool] = newblock;
329 yield_length[pool] = newblock->length;
331 (void *)(CS current_block[pool] + ALIGNED_SIZEOF_STOREBLOCK);
332 (void) VALGRIND_MAKE_MEM_NOACCESS(next_yield[pool], yield_length[pool]);
335 /* There's (now) enough room in the current block; the yield is the next
338 store_last_get[pool] = next_yield[pool];
340 /* Cut out the debugging stuff for utilities, but stop picky compilers from
343 #ifndef COMPILE_UTILITY
345 debug_printf("---%d Get %6p %5d %-14s %4d\n", pool,
346 store_last_get[pool], size, func, linenumber);
347 #endif /* COMPILE_UTILITY */
349 (void) VALGRIND_MAKE_MEM_UNDEFINED(store_last_get[pool], size);
350 /* Update next pointer and number of bytes left in the current block. */
352 next_yield[pool] = (void *)(CS next_yield[pool] + size);
353 yield_length[pool] -= size;
354 return store_last_get[pool];
359 /*************************************************
360 * Get a block from the PERM pool *
361 *************************************************/
363 /* This is just a convenience function, useful when just a single block is to
368 func function from which called
369 linenumber line number in source file
371 Returns: pointer to store (panic on malloc failure)
375 store_get_perm_3(int size, BOOL tainted, const char *func, int linenumber)
378 int old_pool = store_pool;
379 store_pool = POOL_PERM;
380 yield = store_get_3(size, tainted, func, linenumber);
381 store_pool = old_pool;
387 /*************************************************
388 * Extend a block if it is at the top *
389 *************************************************/
391 /* While reading strings of unknown length, it is often the case that the
392 string is being read into the block at the top of the stack. If it needs to be
393 extended, it is more efficient just to extend within the top block rather than
394 allocate a new block and then have to copy the data. This function is provided
395 for the use of string_cat(), but of course can be used elsewhere too.
396 The block itself is not expanded; only the top allocation from it.
399 ptr pointer to store block
400 oldsize current size of the block, as requested by user
401 newsize new size required
402 func function from which called
403 linenumber line number in source file
405 Returns: TRUE if the block is at the top of the stack and has been
406 extended; FALSE if it isn't at the top of the stack, or cannot
411 store_extend_3(void *ptr, BOOL tainted, int oldsize, int newsize,
412 const char *func, int linenumber)
414 int pool = tainted ? store_pool + POOL_TAINT_BASE : store_pool;
415 int inc = newsize - oldsize;
416 int rounded_oldsize = oldsize;
418 /* Check that the block being extended was already of the required taint status;
419 refuse to extend if not. */
421 if (is_tainted(ptr) != tainted)
424 if (rounded_oldsize % alignment != 0)
425 rounded_oldsize += alignment - (rounded_oldsize % alignment);
427 if (CS ptr + rounded_oldsize != CS (next_yield[pool]) ||
428 inc > yield_length[pool] + rounded_oldsize - oldsize)
431 /* Cut out the debugging stuff for utilities, but stop picky compilers from
434 #ifndef COMPILE_UTILITY
436 debug_printf("---%d Ext %6p %5d %-14s %4d\n", pool, ptr, newsize,
438 #endif /* COMPILE_UTILITY */
440 if (newsize % alignment != 0) newsize += alignment - (newsize % alignment);
441 next_yield[pool] = CS ptr + newsize;
442 yield_length[pool] -= newsize - rounded_oldsize;
443 (void) VALGRIND_MAKE_MEM_UNDEFINED(ptr + oldsize, inc);
451 is_pwr2_size(int len)
454 return (x & (x - 1)) == 0;
458 /*************************************************
459 * Back up to a previous point on the stack *
460 *************************************************/
462 /* This function resets the next pointer, freeing any subsequent whole blocks
463 that are now unused. Call with a cookie obtained from store_mark() only; do
464 not call with a pointer returned by store_get(). Both the untainted and tainted
465 pools corresposding to store_pool are reset.
468 r place to back up to
469 func function from which called
470 linenumber line number in source file
476 internal_store_reset(void * ptr, int pool, const char *func, int linenumber)
479 storeblock * b = current_block[pool];
480 char * bc = CS b + ALIGNED_SIZEOF_STOREBLOCK;
481 int newlength, count;
482 #ifndef COMPILE_UTILITY
483 int oldmalloc = pool_malloc;
486 /* Last store operation was not a get */
488 store_last_get[pool] = NULL;
490 /* See if the place is in the current block - as it often will be. Otherwise,
491 search for the block in which it lies. */
493 if (CS ptr < bc || CS ptr > bc + b->length)
495 for (b = chainbase[pool]; b; b = b->next)
497 bc = CS b + ALIGNED_SIZEOF_STOREBLOCK;
498 if (CS ptr >= bc && CS ptr <= bc + b->length) break;
501 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "internal error: store_reset(%p) "
502 "failed: pool=%d %-14s %4d", ptr, pool, func, linenumber);
505 /* Back up, rounding to the alignment if necessary. When testing, flatten
506 the released memory. */
508 newlength = bc + b->length - CS ptr;
509 #ifndef COMPILE_UTILITY
512 assert_no_variables(ptr, newlength, func, linenumber);
513 if (f.running_in_test_harness)
515 (void) VALGRIND_MAKE_MEM_DEFINED(ptr, newlength);
516 memset(ptr, 0xF0, newlength);
520 (void) VALGRIND_MAKE_MEM_NOACCESS(ptr, newlength);
521 next_yield[pool] = CS ptr + (newlength % alignment);
522 count = yield_length[pool];
523 count = (yield_length[pool] = newlength - (newlength % alignment)) - count;
524 current_block[pool] = b;
526 /* Free any subsequent block. Do NOT free the first
527 successor, if our current block has less than 256 bytes left. This should
528 prevent us from flapping memory. However, keep this block only when it has
529 a power-of-two size so probably is not a custom inflated one. */
531 if ( yield_length[pool] < STOREPOOL_MIN_SIZE
533 && is_pwr2_size(b->next->length + ALIGNED_SIZEOF_STOREBLOCK))
536 #ifndef COMPILE_UTILITY
538 assert_no_variables(b, b->length + ALIGNED_SIZEOF_STOREBLOCK,
541 (void) VALGRIND_MAKE_MEM_NOACCESS(CS b + ALIGNED_SIZEOF_STOREBLOCK,
542 b->length - ALIGNED_SIZEOF_STOREBLOCK);
548 /* If there will be only one block left in the pool, drop one
549 most-recent allocation size increase, ensuring it does not increase
552 if (!bb && store_block_order[pool] > 12) store_block_order[pool]--;
556 int siz = b->length + ALIGNED_SIZEOF_STOREBLOCK;
557 #ifndef COMPILE_UTILITY
559 assert_no_variables(b, b->length + ALIGNED_SIZEOF_STOREBLOCK,
566 internal_store_free(b, func, linenumber);
569 /* Cut out the debugging stuff for utilities, but stop picky compilers from
572 #ifndef COMPILE_UTILITY
574 debug_printf("---%d Rst %6p %5d %-14s %4d\tpool %d\n", pool, ptr,
575 count + oldmalloc - pool_malloc,
576 func, linenumber, pool_malloc);
577 #endif /* COMPILE_UTILITY */
582 store_reset_3(rmark r, const char *func, int linenumber)
586 if (store_pool >= POOL_TAINT_BASE)
587 log_write(0, LOG_MAIN|LOG_PANIC_DIE,
588 "store_reset called for pool %d: %s %d\n", store_pool, func, linenumber);
590 log_write(0, LOG_MAIN|LOG_PANIC_DIE,
591 "store_reset called with bad mark: %s %d\n", func, linenumber);
593 internal_store_reset(*ptr, store_pool + POOL_TAINT_BASE, func, linenumber);
594 internal_store_reset(ptr, store_pool, func, linenumber);
600 /* Free tail-end unused allocation. This lets us allocate a big chunk
601 early, for cases when we only discover later how much was really needed.
603 Can be called with a value from store_get(), or an offset after such. Only
604 the tainted or untainted pool that serviced the store_get() will be affected.
606 This is mostly a cut-down version of internal_store_reset().
607 XXX needs rationalising
611 store_release_above_3(void *ptr, const char *func, int linenumber)
613 /* Search all pools' "current" blocks. If it isn't one of those,
614 ignore it (it usually will be). */
616 for (int pool = 0; pool < nelem(current_block); pool++)
618 storeblock * b = current_block[pool];
620 int count, newlength;
625 bc = CS b + ALIGNED_SIZEOF_STOREBLOCK;
626 if (CS ptr < bc || CS ptr > bc + b->length)
629 /* Last store operation was not a get */
631 store_last_get[pool] = NULL;
633 /* Back up, rounding to the alignment if necessary. When testing, flatten
634 the released memory. */
636 newlength = bc + b->length - CS ptr;
637 #ifndef COMPILE_UTILITY
640 assert_no_variables(ptr, newlength, func, linenumber);
641 if (f.running_in_test_harness)
643 (void) VALGRIND_MAKE_MEM_DEFINED(ptr, newlength);
644 memset(ptr, 0xF0, newlength);
648 (void) VALGRIND_MAKE_MEM_NOACCESS(ptr, newlength);
649 next_yield[pool] = CS ptr + (newlength % alignment);
650 count = yield_length[pool];
651 count = (yield_length[pool] = newlength - (newlength % alignment)) - count;
653 /* Cut out the debugging stuff for utilities, but stop picky compilers from
656 #ifndef COMPILE_UTILITY
658 debug_printf("---%d Rel %6p %5d %-14s %4d\tpool %d\n", pool, ptr, count,
659 func, linenumber, pool_malloc);
663 #ifndef COMPILE_UTILITY
665 debug_printf("non-last memory release try: %s %d\n", func, linenumber);
672 store_mark_3(const char *func, int linenumber)
676 #ifndef COMPILE_UTILITY
678 debug_printf("---%d Mrk %-14s %4d\tpool %d\n",
679 store_pool, func, linenumber, pool_malloc);
680 #endif /* COMPILE_UTILITY */
682 if (store_pool >= POOL_TAINT_BASE)
683 log_write(0, LOG_MAIN|LOG_PANIC_DIE,
684 "store_mark called for pool %d: %s %d\n", store_pool, func, linenumber);
686 /* Stash a mark for the tainted-twin release, in the untainted twin. Return
687 a cookie (actually the address in the untainted pool) to the caller.
688 Reset uses the cookie to recover the t-mark, winds back the tainted pool with it
689 and winds back the untainted pool with the cookie. */
691 p = store_get_3(sizeof(void *), FALSE, func, linenumber);
692 *p = store_get_3(0, TRUE, func, linenumber);
699 /************************************************
701 ************************************************/
703 /* This function checks that the pointer it is given is the first thing in a
704 block, and if so, releases that block.
707 block block of store to consider
708 func function from which called
709 linenumber line number in source file
715 store_release_3(void * block, int pool, const char * func, int linenumber)
717 /* It will never be the first block, so no need to check that. */
719 for (storeblock * b = chainbase[pool]; b; b = b->next)
721 storeblock * bb = b->next;
722 if (bb && CS block == CS bb + ALIGNED_SIZEOF_STOREBLOCK)
724 int siz = bb->length + ALIGNED_SIZEOF_STOREBLOCK;
730 /* Cut out the debugging stuff for utilities, but stop picky compilers
731 from giving warnings. */
733 #ifndef COMPILE_UTILITY
735 debug_printf("-Release %6p %-20s %4d %d\n", (void *)bb, func,
736 linenumber, pool_malloc);
738 if (f.running_in_test_harness)
739 memset(bb, 0xF0, bb->length+ALIGNED_SIZEOF_STOREBLOCK);
740 #endif /* COMPILE_UTILITY */
749 /************************************************
751 ************************************************/
753 /* Allocate a new block big enough to expend to the given size and
754 copy the current data into it. Free the old one if possible.
756 This function is specifically provided for use when reading very
757 long strings, e.g. header lines. When the string gets longer than a
758 complete block, it gets copied to a new block. It is helpful to free
759 the old block iff the previous copy of the string is at its start,
760 and therefore the only thing in it. Otherwise, for very long strings,
761 dead store can pile up somewhat disastrously. This function checks that
762 the pointer it is given is the first thing in a block, and that nothing
763 has been allocated since. If so, releases that block.
770 Returns: new location of data
774 store_newblock_3(void * block, BOOL tainted, int newsize, int len,
775 const char * func, int linenumber)
777 int pool = tainted ? store_pool + POOL_TAINT_BASE : store_pool;
778 BOOL release_ok = !tainted && store_last_get[pool] == block;
781 #if !defined(MACRO_PREDEF) && !defined(COMPILE_UTILITY)
782 if (is_tainted(block) != tainted)
783 die_tainted(US"store_newblock", CUS func, linenumber);
786 newtext = store_get(newsize, tainted);
787 memcpy(newtext, block, len);
788 if (release_ok) store_release_3(block, pool, func, linenumber);
789 return (void *)newtext;
795 /*************************************************
797 *************************************************/
799 /* Running out of store is a total disaster for exim. Some malloc functions
800 do not run happily on very small sizes, nor do they document this fact. This
801 function is called via the macro store_malloc().
804 size amount of store wanted
805 func function from which called
806 line line number in source file
808 Returns: pointer to gotten store (panic on failure)
812 internal_store_malloc(int size, const char *func, int line)
816 size += sizeof(int); /* space to store the size, used under debug */
817 if (size < 16) size = 16;
819 if (!(yield = malloc((size_t)size)))
820 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to malloc %d bytes of memory: "
821 "called from line %d in %s", size, line, func);
823 #ifndef COMPILE_UTILITY
824 DEBUG(D_any) *(int *)yield = size;
826 yield = US yield + sizeof(int);
828 if ((nonpool_malloc += size) > max_nonpool_malloc)
829 max_nonpool_malloc = nonpool_malloc;
831 /* Cut out the debugging stuff for utilities, but stop picky compilers from
834 #ifndef COMPILE_UTILITY
835 /* If running in test harness, spend time making sure all the new store
836 is not filled with zeros so as to catch problems. */
838 if (f.running_in_test_harness)
839 memset(yield, 0xF0, (size_t)size - sizeof(int));
840 DEBUG(D_memory) debug_printf("--Malloc %6p %5d bytes\t%-20s %4d\tpool %5d nonpool %5d\n",
841 yield, size, func, line, pool_malloc, nonpool_malloc);
842 #endif /* COMPILE_UTILITY */
848 store_malloc_3(int size, const char *func, int linenumber)
850 if (n_nonpool_blocks++ > max_nonpool_blocks)
851 max_nonpool_blocks = n_nonpool_blocks;
852 return internal_store_malloc(size, func, linenumber);
856 /************************************************
858 ************************************************/
860 /* This function is called by the macro store_free().
863 block block of store to free
864 func function from which called
865 linenumber line number in source file
871 internal_store_free(void * block, const char * func, int linenumber)
873 uschar * p = US block - sizeof(int);
874 #ifndef COMPILE_UTILITY
875 DEBUG(D_any) nonpool_malloc -= *(int *)p;
876 DEBUG(D_memory) debug_printf("----Free %6p %5d bytes\t%-20s %4d\n", block, *(int *)p, func, linenumber);
882 store_free_3(void * block, const char * func, int linenumber)
885 internal_store_free(block, func, linenumber);
888 /******************************************************************************/
889 /* Stats output on process exit */
893 #ifndef COMPILE_UTILITY
896 debug_printf("----Exit nonpool max: %3d kB in %d blocks\n",
897 (max_nonpool_malloc+1023)/1024, max_nonpool_blocks);
898 debug_printf("----Exit npools max: %3d kB\n", max_pool_malloc/1024);
899 for (int i = 0; i < NPOOLS; i++)
900 debug_printf("----Exit pool %d max: %3d kB in %d blocks at order %u\t%s %s\n",
901 i, maxbytes[i]/1024, maxblocks[i], maxorder[i],
902 poolclass[i], pooluse[i]);
908 /******************************************************************************/
909 /* Per-message pool management */
911 static rmark message_reset_point = NULL;
916 int oldpool = store_pool;
917 store_pool = POOL_MESSAGE;
918 if (!message_reset_point) message_reset_point = store_mark();
919 store_pool = oldpool;
922 void message_tidyup(void)
925 if (!message_reset_point) return;
926 oldpool = store_pool;
927 store_pool = POOL_MESSAGE;
928 message_reset_point = store_reset(message_reset_point);
929 store_pool = oldpool;