2020-05-27 10:51:33 -04:00
|
|
|
/*
|
|
|
|
|
* include/haproxy/bug.h
|
|
|
|
|
* Assertions and instant crash macros needed everywhere.
|
|
|
|
|
*
|
|
|
|
|
* Copyright (C) 2000-2020 Willy Tarreau - w@1wt.eu
|
|
|
|
|
*
|
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining
|
|
|
|
|
* a copy of this software and associated documentation files (the
|
|
|
|
|
* "Software"), to deal in the Software without restriction, including
|
|
|
|
|
* without limitation the rights to use, copy, modify, merge, publish,
|
|
|
|
|
* distribute, sublicense, and/or sell copies of the Software, and to
|
|
|
|
|
* permit persons to whom the Software is furnished to do so, subject to
|
|
|
|
|
* the following conditions:
|
|
|
|
|
*
|
|
|
|
|
* The above copyright notice and this permission notice shall be
|
|
|
|
|
* included in all copies or substantial portions of the Software.
|
|
|
|
|
*
|
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
|
|
|
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
|
|
|
|
|
* OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
|
|
|
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
|
|
|
|
|
* HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
|
|
|
|
|
* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
|
|
|
|
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
|
|
|
|
|
* OTHER DEALINGS IN THE SOFTWARE.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef _HAPROXY_BUG_H
|
|
|
|
|
#define _HAPROXY_BUG_H
|
|
|
|
|
|
2022-02-25 04:10:00 -05:00
|
|
|
#include <haproxy/atomic.h>
|
2020-05-27 10:51:33 -04:00
|
|
|
#include <haproxy/compiler.h>
|
|
|
|
|
|
|
|
|
|
/* quick debugging hack, should really be removed ASAP */
|
|
|
|
|
#ifdef DEBUG_FULL
|
|
|
|
|
#define DPRINTF(x...) fprintf(x)
|
|
|
|
|
#else
|
|
|
|
|
#define DPRINTF(x...)
|
|
|
|
|
#endif
|
|
|
|
|
|
2022-02-25 01:49:18 -05:00
|
|
|
#define DUMP_TRACE() do { extern void ha_backtrace_to_stderr(void); ha_backtrace_to_stderr(); } while (0)
|
|
|
|
|
|
DEBUG: crash using an invalid opcode on x86/x86_64 instead of an invalid access
BUG_ON() calls currently trigger a segfault. This is more convenient
than abort() as it doesn't rely on any function call nor signal handler
and never causes non-unwindable stacks when opening cores. But it adds
quite some confusion in bug reports which are rightfully tagged "segv"
and do not instantly allow to distinguish real segv (e.g. null derefs)
from code asserts.
Some CPU architectures offer various crashing methods. On x86 we have
INT3 (0xCC), which stops into the debugger, and UD0/UD1/UD2. INT3 looks
appealing but for whatever reason (maybe signal handling somewhere) it
loses the last call point in the stack, making backtraces unusable. UD2
has the merit of being only 2 bytes and causing an invalid instruction,
which almost never happens normally, so it's easily distinguishable.
Here it was defined as a macro so that the line number in the core
matches the one where the BUG_ON() macro is called, and the debugger
shows the last frame exactly at its calligg point.
E.g. when calling "debug dev bug":
Program terminated with signal SIGILL, Illegal instruction.
#0 debug_parse_cli_bug (args=<optimized out>, payload=<optimized out>, appctx=<optimized out>, private=<optimized out>) at src/debug.c:408
408 BUG_ON(one > zero);
[Current thread is 1 (Thread 0x7f7a660cc1c0 (LWP 14238))]
(gdb) bt
#0 debug_parse_cli_bug (args=<optimized out>, payload=<optimized out>, appctx=<optimized out>, private=<optimized out>) at src/debug.c:408
#1 debug_parse_cli_bug (args=<optimized out>, payload=<optimized out>, appctx=<optimized out>, private=<optimized out>) at src/debug.c:402
#2 0x000000000061a69f in cli_parse_request (appctx=appctx@entry=0x181c0160) at src/cli.c:832
#3 0x000000000061af86 in cli_io_handler (appctx=0x181c0160) at src/cli.c:1035
#4 0x00000000006ca2f2 in task_run_applet (t=0x181c0290, context=0x181c0160, state=<optimized out>) at src/applet.c:449
2023-04-25 12:44:58 -04:00
|
|
|
/* First, let's try to handle some arch-specific crashing methods. We prefer
|
|
|
|
|
* the macro to the function because when opening the core, the debugger will
|
|
|
|
|
* directly show the calling point (e.g. the BUG_ON() condition) based on the
|
|
|
|
|
* line number, while the function will create new line numbers. But the
|
|
|
|
|
* function is needed e.g. if some pragmas are needed.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#if defined(__i386__) || defined(__x86_64__)
|
|
|
|
|
#define ha_crash_now() do { \
|
|
|
|
|
/* ud2 opcode: 2 bytes, raises illegal instruction */ \
|
|
|
|
|
__asm__ volatile(".byte 0x0f,0x0b\n"); \
|
|
|
|
|
my_unreachable(); \
|
|
|
|
|
} while (0)
|
|
|
|
|
|
2023-04-25 13:01:48 -04:00
|
|
|
#elif defined(__aarch64__)
|
|
|
|
|
#define ha_crash_now() do { \
|
|
|
|
|
/* udf#imm16: 4 bytes (), raises illegal instruction */ \
|
|
|
|
|
__asm__ volatile(".byte 0x00,0x00,0x00,0x00\n"); \
|
|
|
|
|
my_unreachable(); \
|
|
|
|
|
} while (0)
|
|
|
|
|
|
DEBUG: crash using an invalid opcode on x86/x86_64 instead of an invalid access
BUG_ON() calls currently trigger a segfault. This is more convenient
than abort() as it doesn't rely on any function call nor signal handler
and never causes non-unwindable stacks when opening cores. But it adds
quite some confusion in bug reports which are rightfully tagged "segv"
and do not instantly allow to distinguish real segv (e.g. null derefs)
from code asserts.
Some CPU architectures offer various crashing methods. On x86 we have
INT3 (0xCC), which stops into the debugger, and UD0/UD1/UD2. INT3 looks
appealing but for whatever reason (maybe signal handling somewhere) it
loses the last call point in the stack, making backtraces unusable. UD2
has the merit of being only 2 bytes and causing an invalid instruction,
which almost never happens normally, so it's easily distinguishable.
Here it was defined as a macro so that the line number in the core
matches the one where the BUG_ON() macro is called, and the debugger
shows the last frame exactly at its calligg point.
E.g. when calling "debug dev bug":
Program terminated with signal SIGILL, Illegal instruction.
#0 debug_parse_cli_bug (args=<optimized out>, payload=<optimized out>, appctx=<optimized out>, private=<optimized out>) at src/debug.c:408
408 BUG_ON(one > zero);
[Current thread is 1 (Thread 0x7f7a660cc1c0 (LWP 14238))]
(gdb) bt
#0 debug_parse_cli_bug (args=<optimized out>, payload=<optimized out>, appctx=<optimized out>, private=<optimized out>) at src/debug.c:408
#1 debug_parse_cli_bug (args=<optimized out>, payload=<optimized out>, appctx=<optimized out>, private=<optimized out>) at src/debug.c:402
#2 0x000000000061a69f in cli_parse_request (appctx=appctx@entry=0x181c0160) at src/cli.c:832
#3 0x000000000061af86 in cli_io_handler (appctx=0x181c0160) at src/cli.c:1035
#4 0x00000000006ca2f2 in task_run_applet (t=0x181c0290, context=0x181c0160, state=<optimized out>) at src/applet.c:449
2023-04-25 12:44:58 -04:00
|
|
|
#else // not x86
|
|
|
|
|
|
|
|
|
|
/* generic implementation, causes a segfault */
|
BUILD: debug: work around gcc-12 excessive -Warray-bounds warnings
As was first reported by Ilya in issue #1513, compiling with gcc-12
adds warnings about size 0 around each BUG_ON() call due to the
ABORT_NOW() macro that tries to dereference pointer value 1.
The problem is known, seems to be complex inside gcc and could only
be worked around for now by adjusting a pointer limit so that the
warning still catches NULL derefs in the first page but not other
values commonly used in kernels and boot loaders:
https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=91f7d7e1b
It's described in more details here:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104657
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99578
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103768
And some projects had to work around it using various approaches,
some of which are described in the bugs reports above, plus another
one here:
https://mail.coreboot.org/hyperkitty/list/seabios@seabios.org/thread/HLK3BHP2T3FN6FZ46BIPIK3VD5FOU74Z/
In haproxy we can hide it by hiding the pointer in a DISGUISE() macro,
but this forces the pointer to be loaded into a register, so that
register is lost precisely where we want to get the maximum of them.
In our case we purposely use a low-value non-null pointer because:
- it's mandatory that this value fits within an unmapped page and
only the lowest one has this property
- we really want to avoid register loads for the address, as these
will be lost and will complicate the bug analysis, and they tend
to be used for large addresses (i.e. instruction length limit).
- the compiler may decide to optimize away the null deref when it
sees it (seen in the past already)
As such, the current workaround merged in gcc-12 is not effective for
us.
Another approach consists in using pragmas to silently disable
-Warray-bounds and -Wnull-dereference only for this part. The problem
is that pragmas cannot be placed into macros.
The resulting solution consists in defining a forced-inlined function
only to trigger the crash, and surround the dereference with pragmas,
themselves conditionned to gcc >= 5 since older versions don't
understand them (but they don't complain on the dereference at least).
This way the code remains the same even at -O0, without the stack
pointer being modified nor any address register being modified on
common archs (x86 at least). A variation could have been to rely on
__builtin_trap() but it's not everywhere and it behaves differently
on different platforms (undefined opcode or a nasty abort()) while
the segv remains uniform and effective.
This may need to be backported to older releases once users start to
complain about gcc-12 breakage.
2022-05-09 14:07:21 -04:00
|
|
|
static inline __attribute((always_inline)) void ha_crash_now(void)
|
|
|
|
|
{
|
|
|
|
|
#if __GNUC_PREREQ__(5, 0)
|
|
|
|
|
#pragma GCC diagnostic push
|
|
|
|
|
#pragma GCC diagnostic ignored "-Warray-bounds"
|
2022-07-10 07:09:54 -04:00
|
|
|
#if __GNUC_PREREQ__(6, 0)
|
BUILD: debug: work around gcc-12 excessive -Warray-bounds warnings
As was first reported by Ilya in issue #1513, compiling with gcc-12
adds warnings about size 0 around each BUG_ON() call due to the
ABORT_NOW() macro that tries to dereference pointer value 1.
The problem is known, seems to be complex inside gcc and could only
be worked around for now by adjusting a pointer limit so that the
warning still catches NULL derefs in the first page but not other
values commonly used in kernels and boot loaders:
https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=91f7d7e1b
It's described in more details here:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104657
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99578
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103768
And some projects had to work around it using various approaches,
some of which are described in the bugs reports above, plus another
one here:
https://mail.coreboot.org/hyperkitty/list/seabios@seabios.org/thread/HLK3BHP2T3FN6FZ46BIPIK3VD5FOU74Z/
In haproxy we can hide it by hiding the pointer in a DISGUISE() macro,
but this forces the pointer to be loaded into a register, so that
register is lost precisely where we want to get the maximum of them.
In our case we purposely use a low-value non-null pointer because:
- it's mandatory that this value fits within an unmapped page and
only the lowest one has this property
- we really want to avoid register loads for the address, as these
will be lost and will complicate the bug analysis, and they tend
to be used for large addresses (i.e. instruction length limit).
- the compiler may decide to optimize away the null deref when it
sees it (seen in the past already)
As such, the current workaround merged in gcc-12 is not effective for
us.
Another approach consists in using pragmas to silently disable
-Warray-bounds and -Wnull-dereference only for this part. The problem
is that pragmas cannot be placed into macros.
The resulting solution consists in defining a forced-inlined function
only to trigger the crash, and surround the dereference with pragmas,
themselves conditionned to gcc >= 5 since older versions don't
understand them (but they don't complain on the dereference at least).
This way the code remains the same even at -O0, without the stack
pointer being modified nor any address register being modified on
common archs (x86 at least). A variation could have been to rely on
__builtin_trap() but it's not everywhere and it behaves differently
on different platforms (undefined opcode or a nasty abort()) while
the segv remains uniform and effective.
This may need to be backported to older releases once users start to
complain about gcc-12 breakage.
2022-05-09 14:07:21 -04:00
|
|
|
#pragma GCC diagnostic ignored "-Wnull-dereference"
|
2022-07-10 07:09:54 -04:00
|
|
|
#endif
|
BUILD: debug: work around gcc-12 excessive -Warray-bounds warnings
As was first reported by Ilya in issue #1513, compiling with gcc-12
adds warnings about size 0 around each BUG_ON() call due to the
ABORT_NOW() macro that tries to dereference pointer value 1.
The problem is known, seems to be complex inside gcc and could only
be worked around for now by adjusting a pointer limit so that the
warning still catches NULL derefs in the first page but not other
values commonly used in kernels and boot loaders:
https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=91f7d7e1b
It's described in more details here:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104657
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99578
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103768
And some projects had to work around it using various approaches,
some of which are described in the bugs reports above, plus another
one here:
https://mail.coreboot.org/hyperkitty/list/seabios@seabios.org/thread/HLK3BHP2T3FN6FZ46BIPIK3VD5FOU74Z/
In haproxy we can hide it by hiding the pointer in a DISGUISE() macro,
but this forces the pointer to be loaded into a register, so that
register is lost precisely where we want to get the maximum of them.
In our case we purposely use a low-value non-null pointer because:
- it's mandatory that this value fits within an unmapped page and
only the lowest one has this property
- we really want to avoid register loads for the address, as these
will be lost and will complicate the bug analysis, and they tend
to be used for large addresses (i.e. instruction length limit).
- the compiler may decide to optimize away the null deref when it
sees it (seen in the past already)
As such, the current workaround merged in gcc-12 is not effective for
us.
Another approach consists in using pragmas to silently disable
-Warray-bounds and -Wnull-dereference only for this part. The problem
is that pragmas cannot be placed into macros.
The resulting solution consists in defining a forced-inlined function
only to trigger the crash, and surround the dereference with pragmas,
themselves conditionned to gcc >= 5 since older versions don't
understand them (but they don't complain on the dereference at least).
This way the code remains the same even at -O0, without the stack
pointer being modified nor any address register being modified on
common archs (x86 at least). A variation could have been to rely on
__builtin_trap() but it's not everywhere and it behaves differently
on different platforms (undefined opcode or a nasty abort()) while
the segv remains uniform and effective.
This may need to be backported to older releases once users start to
complain about gcc-12 breakage.
2022-05-09 14:07:21 -04:00
|
|
|
#endif
|
|
|
|
|
*(volatile char *)1 = 0;
|
|
|
|
|
#if __GNUC_PREREQ__(5, 0)
|
|
|
|
|
#pragma GCC diagnostic pop
|
|
|
|
|
#endif
|
|
|
|
|
my_unreachable();
|
|
|
|
|
}
|
|
|
|
|
|
DEBUG: crash using an invalid opcode on x86/x86_64 instead of an invalid access
BUG_ON() calls currently trigger a segfault. This is more convenient
than abort() as it doesn't rely on any function call nor signal handler
and never causes non-unwindable stacks when opening cores. But it adds
quite some confusion in bug reports which are rightfully tagged "segv"
and do not instantly allow to distinguish real segv (e.g. null derefs)
from code asserts.
Some CPU architectures offer various crashing methods. On x86 we have
INT3 (0xCC), which stops into the debugger, and UD0/UD1/UD2. INT3 looks
appealing but for whatever reason (maybe signal handling somewhere) it
loses the last call point in the stack, making backtraces unusable. UD2
has the merit of being only 2 bytes and causing an invalid instruction,
which almost never happens normally, so it's easily distinguishable.
Here it was defined as a macro so that the line number in the core
matches the one where the BUG_ON() macro is called, and the debugger
shows the last frame exactly at its calligg point.
E.g. when calling "debug dev bug":
Program terminated with signal SIGILL, Illegal instruction.
#0 debug_parse_cli_bug (args=<optimized out>, payload=<optimized out>, appctx=<optimized out>, private=<optimized out>) at src/debug.c:408
408 BUG_ON(one > zero);
[Current thread is 1 (Thread 0x7f7a660cc1c0 (LWP 14238))]
(gdb) bt
#0 debug_parse_cli_bug (args=<optimized out>, payload=<optimized out>, appctx=<optimized out>, private=<optimized out>) at src/debug.c:408
#1 debug_parse_cli_bug (args=<optimized out>, payload=<optimized out>, appctx=<optimized out>, private=<optimized out>) at src/debug.c:402
#2 0x000000000061a69f in cli_parse_request (appctx=appctx@entry=0x181c0160) at src/cli.c:832
#3 0x000000000061af86 in cli_io_handler (appctx=0x181c0160) at src/cli.c:1035
#4 0x00000000006ca2f2 in task_run_applet (t=0x181c0290, context=0x181c0160, state=<optimized out>) at src/applet.c:449
2023-04-25 12:44:58 -04:00
|
|
|
#endif // end of arch-specific ha_crash_now() definitions
|
|
|
|
|
|
2020-09-12 02:24:48 -04:00
|
|
|
#ifdef DEBUG_USE_ABORT
|
|
|
|
|
/* abort() is better recognized by code analysis tools */
|
2022-02-25 01:49:18 -05:00
|
|
|
#define ABORT_NOW() do { DUMP_TRACE(); abort(); } while (0)
|
2020-09-12 02:24:48 -04:00
|
|
|
#else
|
|
|
|
|
/* More efficient than abort() because it does not mangle the
|
BUILD: debug: work around gcc-12 excessive -Warray-bounds warnings
As was first reported by Ilya in issue #1513, compiling with gcc-12
adds warnings about size 0 around each BUG_ON() call due to the
ABORT_NOW() macro that tries to dereference pointer value 1.
The problem is known, seems to be complex inside gcc and could only
be worked around for now by adjusting a pointer limit so that the
warning still catches NULL derefs in the first page but not other
values commonly used in kernels and boot loaders:
https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=91f7d7e1b
It's described in more details here:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104657
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99578
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103768
And some projects had to work around it using various approaches,
some of which are described in the bugs reports above, plus another
one here:
https://mail.coreboot.org/hyperkitty/list/seabios@seabios.org/thread/HLK3BHP2T3FN6FZ46BIPIK3VD5FOU74Z/
In haproxy we can hide it by hiding the pointer in a DISGUISE() macro,
but this forces the pointer to be loaded into a register, so that
register is lost precisely where we want to get the maximum of them.
In our case we purposely use a low-value non-null pointer because:
- it's mandatory that this value fits within an unmapped page and
only the lowest one has this property
- we really want to avoid register loads for the address, as these
will be lost and will complicate the bug analysis, and they tend
to be used for large addresses (i.e. instruction length limit).
- the compiler may decide to optimize away the null deref when it
sees it (seen in the past already)
As such, the current workaround merged in gcc-12 is not effective for
us.
Another approach consists in using pragmas to silently disable
-Warray-bounds and -Wnull-dereference only for this part. The problem
is that pragmas cannot be placed into macros.
The resulting solution consists in defining a forced-inlined function
only to trigger the crash, and surround the dereference with pragmas,
themselves conditionned to gcc >= 5 since older versions don't
understand them (but they don't complain on the dereference at least).
This way the code remains the same even at -O0, without the stack
pointer being modified nor any address register being modified on
common archs (x86 at least). A variation could have been to rely on
__builtin_trap() but it's not everywhere and it behaves differently
on different platforms (undefined opcode or a nasty abort()) while
the segv remains uniform and effective.
This may need to be backported to older releases once users start to
complain about gcc-12 breakage.
2022-05-09 14:07:21 -04:00
|
|
|
* stack and stops at the exact location we need.
|
|
|
|
|
*/
|
|
|
|
|
#define ABORT_NOW() do { DUMP_TRACE(); ha_crash_now(); } while (0)
|
2020-09-12 02:24:48 -04:00
|
|
|
#endif
|
2020-05-27 10:51:33 -04:00
|
|
|
|
2022-02-25 02:45:52 -05:00
|
|
|
/* This is the generic low-level macro dealing with conditional warnings and
|
|
|
|
|
* bugs. The caller decides whether to crash or not and what prefix and suffix
|
2022-02-25 03:10:26 -05:00
|
|
|
* to pass. The macro returns the boolean value of the condition as an int for
|
2022-02-25 04:20:29 -05:00
|
|
|
* the case where it wouldn't die. The <crash> flag is made of:
|
|
|
|
|
* - crash & 1: crash yes/no;
|
|
|
|
|
* - crash & 2: taint as bug instead of warn
|
2022-02-25 02:45:52 -05:00
|
|
|
*/
|
|
|
|
|
#define _BUG_ON(cond, file, line, crash, pfx, sfx) \
|
|
|
|
|
__BUG_ON(cond, file, line, crash, pfx, sfx)
|
|
|
|
|
|
|
|
|
|
#define __BUG_ON(cond, file, line, crash, pfx, sfx) \
|
2023-09-04 10:42:53 -04:00
|
|
|
(void)(unlikely(cond) ? ({ \
|
DEBUG: reduce the footprint of BUG_ON() calls
Many inline functions involve some BUG_ON() calls and because of the
partial complexity of the functions, they're not inlined anymore (e.g.
co_data()). The reason is that the expression instantiates the message,
its size, sometimes a counter, then the atomic OR to taint the process,
and the back trace. That can be a lot for an inline function and most
of it is always the same.
This commit modifies this by delegating the common parts to a dedicated
function "complain()" that takes care of updating the counter if needed,
writing the message and measuring its length, and tainting the process.
This way the caller only has to check a condition, pass a pointer to the
preset message, and the info about the type (bug or warn) for the tainting,
then decide whether to dump or crash. Note that this part could also be
moved to the function but resulted in complain() always being at the top
of the stack, which didn't seem like an improvement.
Thanks to these changes, the BUG_ON() calls do not result in uninlining
functions anymore and the overall code size was reduced by 60 to 120 kB
depending on the build options.
2022-03-02 09:52:03 -05:00
|
|
|
complain(NULL, "\n" pfx "condition \"" #cond "\" matched at " file ":" #line "" sfx "\n", crash); \
|
|
|
|
|
if (crash & 1) \
|
|
|
|
|
ABORT_NOW(); \
|
|
|
|
|
else \
|
|
|
|
|
DUMP_TRACE(); \
|
|
|
|
|
1; /* let's return the true condition */ \
|
|
|
|
|
}) : 0)
|
2022-02-25 02:45:52 -05:00
|
|
|
|
2022-02-25 02:55:11 -05:00
|
|
|
/* This one is equivalent except that it only emits the message once by
|
|
|
|
|
* maintaining a static counter. This may be used with warnings to detect
|
|
|
|
|
* certain unexpected conditions in field. Later on, in cores it will be
|
|
|
|
|
* possible to verify these counters.
|
|
|
|
|
*/
|
|
|
|
|
#define _BUG_ON_ONCE(cond, file, line, crash, pfx, sfx) \
|
|
|
|
|
__BUG_ON_ONCE(cond, file, line, crash, pfx, sfx)
|
|
|
|
|
|
|
|
|
|
#define __BUG_ON_ONCE(cond, file, line, crash, pfx, sfx) \
|
2023-09-04 10:42:53 -04:00
|
|
|
(void)(unlikely(cond) ? ({ \
|
2022-02-25 02:55:11 -05:00
|
|
|
static int __match_count_##line; \
|
DEBUG: reduce the footprint of BUG_ON() calls
Many inline functions involve some BUG_ON() calls and because of the
partial complexity of the functions, they're not inlined anymore (e.g.
co_data()). The reason is that the expression instantiates the message,
its size, sometimes a counter, then the atomic OR to taint the process,
and the back trace. That can be a lot for an inline function and most
of it is always the same.
This commit modifies this by delegating the common parts to a dedicated
function "complain()" that takes care of updating the counter if needed,
writing the message and measuring its length, and tainting the process.
This way the caller only has to check a condition, pass a pointer to the
preset message, and the info about the type (bug or warn) for the tainting,
then decide whether to dump or crash. Note that this part could also be
moved to the function but resulted in complain() always being at the top
of the stack, which didn't seem like an improvement.
Thanks to these changes, the BUG_ON() calls do not result in uninlining
functions anymore and the overall code size was reduced by 60 to 120 kB
depending on the build options.
2022-03-02 09:52:03 -05:00
|
|
|
complain(&__match_count_##line, "\n" pfx "condition \"" #cond "\" matched at " file ":" #line "" sfx "\n", crash); \
|
|
|
|
|
if (crash & 1) \
|
|
|
|
|
ABORT_NOW(); \
|
|
|
|
|
else \
|
|
|
|
|
DUMP_TRACE(); \
|
|
|
|
|
1; /* let's return the true condition */ \
|
|
|
|
|
}) : 0)
|
2022-02-25 02:55:11 -05:00
|
|
|
|
2022-02-28 08:59:25 -05:00
|
|
|
/* DEBUG_STRICT enables/disables runtime checks on condition <cond>
|
|
|
|
|
* DEBUG_STRICT_ACTION indicates the level of verification on the rules when
|
|
|
|
|
* <cond> is true:
|
|
|
|
|
*
|
|
|
|
|
* macro BUG_ON() WARN_ON() CHECK_IF()
|
|
|
|
|
* value 0 warn warn warn
|
|
|
|
|
* 1 CRASH warn warn
|
|
|
|
|
* 2 CRASH CRASH warn
|
|
|
|
|
* 3 CRASH CRASH CRASH
|
2020-05-27 10:51:33 -04:00
|
|
|
*/
|
2022-02-28 08:59:25 -05:00
|
|
|
|
2022-02-28 09:25:58 -05:00
|
|
|
/* The macros below are for general use */
|
2020-05-27 10:51:33 -04:00
|
|
|
#if defined(DEBUG_STRICT)
|
2022-02-28 08:59:25 -05:00
|
|
|
# if defined(DEBUG_STRICT_ACTION) && (DEBUG_STRICT_ACTION < 1)
|
|
|
|
|
/* Lowest level: BUG_ON() warns, WARN_ON() warns, CHECK_IF() warns */
|
|
|
|
|
# define BUG_ON(cond) _BUG_ON (cond, __FILE__, __LINE__, 2, "WARNING: bug ", " (not crashing but process is untrusted now, please report to developers)")
|
2022-02-28 08:15:41 -05:00
|
|
|
# define WARN_ON(cond) _BUG_ON (cond, __FILE__, __LINE__, 0, "WARNING: warn ", " (please report to developers)")
|
|
|
|
|
# define CHECK_IF(cond) _BUG_ON_ONCE(cond, __FILE__, __LINE__, 0, "WARNING: check ", " (please report to developers)")
|
2022-02-28 08:59:25 -05:00
|
|
|
# elif !defined(DEBUG_STRICT_ACTION) || (DEBUG_STRICT_ACTION == 1)
|
|
|
|
|
/* default level: BUG_ON() crashes, WARN_ON() warns, CHECK_IF() warns */
|
|
|
|
|
# define BUG_ON(cond) _BUG_ON (cond, __FILE__, __LINE__, 3, "FATAL: bug ", "")
|
2022-02-28 08:15:41 -05:00
|
|
|
# define WARN_ON(cond) _BUG_ON (cond, __FILE__, __LINE__, 0, "WARNING: warn ", " (please report to developers)")
|
|
|
|
|
# define CHECK_IF(cond) _BUG_ON_ONCE(cond, __FILE__, __LINE__, 0, "WARNING: check ", " (please report to developers)")
|
2022-02-28 11:57:19 -05:00
|
|
|
# elif defined(DEBUG_STRICT_ACTION) && (DEBUG_STRICT_ACTION == 2)
|
2022-02-28 08:59:25 -05:00
|
|
|
/* Stricter level: BUG_ON() crashes, WARN_ON() crashes, CHECK_IF() warns */
|
|
|
|
|
# define BUG_ON(cond) _BUG_ON (cond, __FILE__, __LINE__, 3, "FATAL: bug ", "")
|
|
|
|
|
# define WARN_ON(cond) _BUG_ON (cond, __FILE__, __LINE__, 1, "FATAL: warn ", "")
|
|
|
|
|
# define CHECK_IF(cond) _BUG_ON_ONCE(cond, __FILE__, __LINE__, 0, "WARNING: check ", " (please report to developers)")
|
2022-02-28 11:57:19 -05:00
|
|
|
# elif defined(DEBUG_STRICT_ACTION) && (DEBUG_STRICT_ACTION >= 3)
|
2022-02-28 08:59:25 -05:00
|
|
|
/* Developer/CI level: BUG_ON() crashes, WARN_ON() crashes, CHECK_IF() crashes */
|
|
|
|
|
# define BUG_ON(cond) _BUG_ON (cond, __FILE__, __LINE__, 3, "FATAL: bug ", "")
|
|
|
|
|
# define WARN_ON(cond) _BUG_ON (cond, __FILE__, __LINE__, 1, "FATAL: warn ", "")
|
|
|
|
|
# define CHECK_IF(cond) _BUG_ON_ONCE(cond, __FILE__, __LINE__, 1, "FATAL: check ", "")
|
|
|
|
|
# endif
|
2020-05-27 10:51:33 -04:00
|
|
|
#else
|
2022-08-31 04:52:25 -04:00
|
|
|
# define BUG_ON(cond) do { } while (0)
|
|
|
|
|
# define WARN_ON(cond) do { } while (0)
|
|
|
|
|
# define CHECK_IF(cond) do { } while (0)
|
2020-05-27 10:51:33 -04:00
|
|
|
#endif
|
2022-02-28 09:25:58 -05:00
|
|
|
|
|
|
|
|
/* These macros are only for hot paths and remain disabled unless DEBUG_STRICT is 2 or above.
|
|
|
|
|
* Only developers/CI should use these levels as they may significantly impact performance by
|
|
|
|
|
* enabling checks in sensitive areas.
|
|
|
|
|
*/
|
|
|
|
|
#if defined(DEBUG_STRICT) && (DEBUG_STRICT > 1)
|
|
|
|
|
# if defined(DEBUG_STRICT_ACTION) && (DEBUG_STRICT_ACTION < 1)
|
|
|
|
|
/* Lowest level: BUG_ON() warns, CHECK_IF() warns */
|
|
|
|
|
# define BUG_ON_HOT(cond) _BUG_ON_ONCE(cond, __FILE__, __LINE__, 2, "WARNING: bug ", " (not crashing but process is untrusted now, please report to developers)")
|
|
|
|
|
# define CHECK_IF_HOT(cond) _BUG_ON_ONCE(cond, __FILE__, __LINE__, 0, "WARNING: check ", " (please report to developers)")
|
|
|
|
|
# elif !defined(DEBUG_STRICT_ACTION) || (DEBUG_STRICT_ACTION < 3)
|
|
|
|
|
/* default level: BUG_ON() crashes, CHECK_IF() warns */
|
|
|
|
|
# define BUG_ON_HOT(cond) _BUG_ON (cond, __FILE__, __LINE__, 3, "FATAL: bug ", "")
|
|
|
|
|
# define CHECK_IF_HOT(cond) _BUG_ON_ONCE(cond, __FILE__, __LINE__, 0, "WARNING: check ", " (please report to developers)")
|
2022-02-28 11:57:19 -05:00
|
|
|
# elif defined(DEBUG_STRICT_ACTION) && (DEBUG_STRICT_ACTION >= 3)
|
2022-02-28 09:25:58 -05:00
|
|
|
/* Developer/CI level: BUG_ON() crashes, CHECK_IF() crashes */
|
|
|
|
|
# define BUG_ON_HOT(cond) _BUG_ON (cond, __FILE__, __LINE__, 3, "FATAL: bug ", "")
|
|
|
|
|
# define CHECK_IF_HOT(cond) _BUG_ON_ONCE(cond, __FILE__, __LINE__, 1, "FATAL: check ", "")
|
|
|
|
|
# endif
|
|
|
|
|
#else
|
2022-08-31 04:52:25 -04:00
|
|
|
# define BUG_ON_HOT(cond) do { } while (0)
|
|
|
|
|
# define CHECK_IF_HOT(cond) do { } while (0)
|
2022-02-28 09:25:58 -05:00
|
|
|
#endif
|
|
|
|
|
|
2020-05-27 10:51:33 -04:00
|
|
|
|
2021-03-05 10:42:14 -05:00
|
|
|
/* When not optimizing, clang won't remove that code, so only compile it in when optimizing */
|
2021-03-09 04:08:05 -05:00
|
|
|
#if defined(__GNUC__) && defined(__OPTIMIZE__)
|
2021-03-05 10:42:14 -05:00
|
|
|
#define HA_LINK_ERROR(what) \
|
|
|
|
|
do { \
|
|
|
|
|
/* provoke a build-time error */ \
|
|
|
|
|
extern volatile int what; \
|
|
|
|
|
what = 1; \
|
|
|
|
|
} while (0)
|
|
|
|
|
#else
|
|
|
|
|
#define HA_LINK_ERROR(what) \
|
|
|
|
|
do { \
|
|
|
|
|
} while (0)
|
|
|
|
|
#endif /* __OPTIMIZE__ */
|
|
|
|
|
|
2021-02-20 04:46:51 -05:00
|
|
|
/* more reliable free() that clears the pointer */
|
|
|
|
|
#define ha_free(x) do { \
|
|
|
|
|
typeof(x) __x = (x); \
|
|
|
|
|
if (__builtin_constant_p((x)) || __builtin_constant_p(*(x))) { \
|
2021-03-05 10:42:14 -05:00
|
|
|
HA_LINK_ERROR(call_to_ha_free_attempts_to_free_a_constant); \
|
2021-02-20 04:46:51 -05:00
|
|
|
} \
|
|
|
|
|
free(*__x); \
|
|
|
|
|
*__x = NULL; \
|
|
|
|
|
} while (0)
|
2020-07-02 03:14:48 -04:00
|
|
|
|
2022-09-06 01:55:44 -04:00
|
|
|
/* describes a call place in the code, for example for tracing memory
|
|
|
|
|
* allocations or task wakeups. These must be declared static const.
|
|
|
|
|
*/
|
|
|
|
|
struct ha_caller {
|
|
|
|
|
const char *func; // function name
|
|
|
|
|
const char *file; // file name
|
|
|
|
|
uint16_t line; // line number
|
|
|
|
|
uint8_t what; // description of the call, usage specific
|
|
|
|
|
uint8_t arg8; // optional argument, usage specific
|
|
|
|
|
uint32_t arg32; // optional argument, usage specific
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
#define MK_CALLER(_what, _arg8, _arg32) \
|
|
|
|
|
({ static const struct ha_caller _ = { \
|
|
|
|
|
.func = __func__, .file = __FILE__, .line = __LINE__, \
|
|
|
|
|
.what = _what, .arg8 = _arg8, .arg32 = _arg32 }; \
|
|
|
|
|
&_; })
|
2022-02-25 04:10:00 -05:00
|
|
|
|
|
|
|
|
/* handle 'tainted' status */
|
|
|
|
|
enum tainted_flags {
|
|
|
|
|
TAINTED_CONFIG_EXP_KW_DECLARED = 0x00000001,
|
|
|
|
|
TAINTED_ACTION_EXP_EXECUTED = 0x00000002,
|
|
|
|
|
TAINTED_CLI_EXPERT_MODE = 0x00000004,
|
|
|
|
|
TAINTED_CLI_EXPERIMENTAL_MODE = 0x00000008,
|
2022-02-25 04:20:29 -05:00
|
|
|
TAINTED_WARN = 0x00000010, /* a WARN_ON triggered */
|
|
|
|
|
TAINTED_BUG = 0x00000020, /* a BUG_ON triggered */
|
2022-06-19 10:41:59 -04:00
|
|
|
TAINTED_SHARED_LIBS = 0x00000040, /* a shared library was loaded */
|
2022-06-19 10:49:51 -04:00
|
|
|
TAINTED_REDEFINITION = 0x00000080, /* symbol redefinition detected */
|
2023-03-22 13:01:41 -04:00
|
|
|
TAINTED_REPLACED_MEM_ALLOCATOR = 0x00000100, /* memory allocator was replaced using LD_PRELOAD */
|
2023-10-25 08:34:08 -04:00
|
|
|
TAINTED_PANIC = 0x00000200, /* a panic dump has started */
|
2023-10-25 09:02:59 -04:00
|
|
|
TAINTED_LUA_STUCK = 0x00000400, /* stuck in a Lua context */
|
|
|
|
|
TAINTED_LUA_STUCK_SHARED = 0x00000800, /* stuck in a shared Lua context */
|
2023-10-25 09:42:27 -04:00
|
|
|
TAINTED_MEM_TRIMMING_STUCK = 0x00001000, /* stuck while trimming memory */
|
2022-02-25 04:10:00 -05:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/* this is a bit field made of TAINTED_*, and is declared in haproxy.c */
|
|
|
|
|
extern unsigned int tainted;
|
|
|
|
|
|
DEBUG: reduce the footprint of BUG_ON() calls
Many inline functions involve some BUG_ON() calls and because of the
partial complexity of the functions, they're not inlined anymore (e.g.
co_data()). The reason is that the expression instantiates the message,
its size, sometimes a counter, then the atomic OR to taint the process,
and the back trace. That can be a lot for an inline function and most
of it is always the same.
This commit modifies this by delegating the common parts to a dedicated
function "complain()" that takes care of updating the counter if needed,
writing the message and measuring its length, and tainting the process.
This way the caller only has to check a condition, pass a pointer to the
preset message, and the info about the type (bug or warn) for the tainting,
then decide whether to dump or crash. Note that this part could also be
moved to the function but resulted in complain() always being at the top
of the stack, which didn't seem like an improvement.
Thanks to these changes, the BUG_ON() calls do not result in uninlining
functions anymore and the overall code size was reduced by 60 to 120 kB
depending on the build options.
2022-03-02 09:52:03 -05:00
|
|
|
void complain(int *counter, const char *msg, int taint);
|
|
|
|
|
|
2022-02-25 04:10:00 -05:00
|
|
|
static inline void mark_tainted(const enum tainted_flags flag)
|
|
|
|
|
{
|
|
|
|
|
HA_ATOMIC_OR(&tainted, flag);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline unsigned int get_tainted()
|
|
|
|
|
{
|
|
|
|
|
return HA_ATOMIC_LOAD(&tainted);
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-02 03:14:48 -04:00
|
|
|
#if defined(DEBUG_MEM_STATS)
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
|
|
/* Memory allocation statistics are centralized into a global "mem_stats"
|
|
|
|
|
* section. This will not work with some linkers.
|
|
|
|
|
*/
|
|
|
|
|
enum {
|
|
|
|
|
MEM_STATS_TYPE_UNSET = 0,
|
|
|
|
|
MEM_STATS_TYPE_CALLOC,
|
|
|
|
|
MEM_STATS_TYPE_FREE,
|
|
|
|
|
MEM_STATS_TYPE_MALLOC,
|
|
|
|
|
MEM_STATS_TYPE_REALLOC,
|
|
|
|
|
MEM_STATS_TYPE_STRDUP,
|
2022-06-23 04:54:17 -04:00
|
|
|
MEM_STATS_TYPE_P_ALLOC,
|
|
|
|
|
MEM_STATS_TYPE_P_FREE,
|
2020-07-02 03:14:48 -04:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct mem_stats {
|
|
|
|
|
size_t calls;
|
|
|
|
|
size_t size;
|
2022-09-06 02:05:59 -04:00
|
|
|
struct ha_caller caller;
|
2022-08-09 02:15:27 -04:00
|
|
|
const void *extra; // extra info specific to this call (e.g. pool ptr)
|
2022-08-09 02:09:24 -04:00
|
|
|
} __attribute__((aligned(sizeof(void*))));
|
2020-07-02 03:14:48 -04:00
|
|
|
|
2020-07-02 04:25:01 -04:00
|
|
|
#undef calloc
|
2020-07-02 03:14:48 -04:00
|
|
|
#define calloc(x,y) ({ \
|
|
|
|
|
size_t __x = (x); size_t __y = (y); \
|
2022-08-09 02:09:24 -04:00
|
|
|
static struct mem_stats _ __attribute__((used,__section__("mem_stats"),__aligned__(sizeof(void*)))) = { \
|
2022-09-06 02:05:59 -04:00
|
|
|
.caller = { \
|
|
|
|
|
.file = __FILE__, .line = __LINE__, \
|
|
|
|
|
.what = MEM_STATS_TYPE_CALLOC, \
|
|
|
|
|
.func = __func__, \
|
|
|
|
|
}, \
|
2020-07-02 03:14:48 -04:00
|
|
|
}; \
|
2022-11-13 06:14:10 -05:00
|
|
|
HA_WEAK(__start_mem_stats); \
|
|
|
|
|
HA_WEAK(__stop_mem_stats); \
|
2021-04-06 07:53:36 -04:00
|
|
|
_HA_ATOMIC_INC(&_.calls); \
|
2020-07-02 03:14:48 -04:00
|
|
|
_HA_ATOMIC_ADD(&_.size, __x * __y); \
|
|
|
|
|
calloc(__x,__y); \
|
|
|
|
|
})
|
|
|
|
|
|
2020-07-02 04:25:01 -04:00
|
|
|
/* note: we can't redefine free() because we have a few variables and struct
|
2022-08-09 03:08:18 -04:00
|
|
|
* members called like this. This one may be used before a call to free(),
|
|
|
|
|
* and when known, the size should be indicated, otherwise pass zero. The
|
|
|
|
|
* pointer is used to know whether the call should be accounted for (null is
|
|
|
|
|
* ignored).
|
2020-07-02 04:25:01 -04:00
|
|
|
*/
|
2022-08-09 03:08:18 -04:00
|
|
|
#undef will_free
|
|
|
|
|
#define will_free(x, y) ({ \
|
|
|
|
|
void *__x = (x); size_t __y = (y); \
|
2022-08-09 02:09:24 -04:00
|
|
|
static struct mem_stats _ __attribute__((used,__section__("mem_stats"),__aligned__(sizeof(void*)))) = { \
|
2022-09-06 02:05:59 -04:00
|
|
|
.caller = { \
|
|
|
|
|
.file = __FILE__, .line = __LINE__, \
|
|
|
|
|
.what = MEM_STATS_TYPE_FREE, \
|
|
|
|
|
.func = __func__, \
|
|
|
|
|
}, \
|
2020-07-02 03:14:48 -04:00
|
|
|
}; \
|
2022-11-13 06:14:10 -05:00
|
|
|
HA_WEAK(__start_mem_stats); \
|
|
|
|
|
HA_WEAK(__stop_mem_stats); \
|
2022-08-09 03:08:18 -04:00
|
|
|
if (__x) { \
|
2021-04-06 07:53:36 -04:00
|
|
|
_HA_ATOMIC_INC(&_.calls); \
|
2022-08-09 03:08:18 -04:00
|
|
|
_HA_ATOMIC_ADD(&_.size, __y); \
|
|
|
|
|
} \
|
2020-07-02 03:14:48 -04:00
|
|
|
})
|
|
|
|
|
|
2021-02-20 04:46:51 -05:00
|
|
|
#undef ha_free
|
|
|
|
|
#define ha_free(x) ({ \
|
|
|
|
|
typeof(x) __x = (x); \
|
2022-08-09 02:09:24 -04:00
|
|
|
static struct mem_stats _ __attribute__((used,__section__("mem_stats"),__aligned__(sizeof(void*)))) = { \
|
2022-09-06 02:05:59 -04:00
|
|
|
.caller = { \
|
|
|
|
|
.file = __FILE__, .line = __LINE__, \
|
|
|
|
|
.what = MEM_STATS_TYPE_FREE, \
|
|
|
|
|
.func = __func__, \
|
|
|
|
|
}, \
|
2021-02-20 04:46:51 -05:00
|
|
|
}; \
|
2022-11-13 06:14:10 -05:00
|
|
|
HA_WEAK(__start_mem_stats); \
|
|
|
|
|
HA_WEAK(__stop_mem_stats); \
|
2021-02-20 04:46:51 -05:00
|
|
|
if (__builtin_constant_p((x)) || __builtin_constant_p(*(x))) { \
|
2021-03-05 10:42:14 -05:00
|
|
|
HA_LINK_ERROR(call_to_ha_free_attempts_to_free_a_constant); \
|
2021-02-20 04:46:51 -05:00
|
|
|
} \
|
|
|
|
|
if (*__x) \
|
2021-04-06 07:53:36 -04:00
|
|
|
_HA_ATOMIC_INC(&_.calls); \
|
2021-02-20 04:46:51 -05:00
|
|
|
free(*__x); \
|
|
|
|
|
*__x = NULL; \
|
|
|
|
|
})
|
|
|
|
|
|
2020-07-02 04:25:01 -04:00
|
|
|
#undef malloc
|
2020-07-02 03:14:48 -04:00
|
|
|
#define malloc(x) ({ \
|
|
|
|
|
size_t __x = (x); \
|
2022-08-09 02:09:24 -04:00
|
|
|
static struct mem_stats _ __attribute__((used,__section__("mem_stats"),__aligned__(sizeof(void*)))) = { \
|
2022-09-06 02:05:59 -04:00
|
|
|
.caller = { \
|
|
|
|
|
.file = __FILE__, .line = __LINE__, \
|
|
|
|
|
.what = MEM_STATS_TYPE_MALLOC, \
|
|
|
|
|
.func = __func__, \
|
|
|
|
|
}, \
|
2020-07-02 03:14:48 -04:00
|
|
|
}; \
|
2022-11-13 06:14:10 -05:00
|
|
|
HA_WEAK(__start_mem_stats); \
|
|
|
|
|
HA_WEAK(__stop_mem_stats); \
|
2021-04-06 07:53:36 -04:00
|
|
|
_HA_ATOMIC_INC(&_.calls); \
|
2020-07-02 03:14:48 -04:00
|
|
|
_HA_ATOMIC_ADD(&_.size, __x); \
|
|
|
|
|
malloc(__x); \
|
|
|
|
|
})
|
|
|
|
|
|
2020-07-02 04:25:01 -04:00
|
|
|
#undef realloc
|
2020-07-02 03:14:48 -04:00
|
|
|
#define realloc(x,y) ({ \
|
|
|
|
|
void *__x = (x); size_t __y = (y); \
|
2022-08-09 02:09:24 -04:00
|
|
|
static struct mem_stats _ __attribute__((used,__section__("mem_stats"),__aligned__(sizeof(void*)))) = { \
|
2022-09-06 02:05:59 -04:00
|
|
|
.caller = { \
|
|
|
|
|
.file = __FILE__, .line = __LINE__, \
|
|
|
|
|
.what = MEM_STATS_TYPE_REALLOC, \
|
|
|
|
|
.func = __func__, \
|
|
|
|
|
}, \
|
2020-07-02 03:14:48 -04:00
|
|
|
}; \
|
2022-11-13 06:14:10 -05:00
|
|
|
HA_WEAK(__start_mem_stats); \
|
|
|
|
|
HA_WEAK(__stop_mem_stats); \
|
2021-04-06 07:53:36 -04:00
|
|
|
_HA_ATOMIC_INC(&_.calls); \
|
2020-07-02 03:14:48 -04:00
|
|
|
_HA_ATOMIC_ADD(&_.size, __y); \
|
|
|
|
|
realloc(__x,__y); \
|
|
|
|
|
})
|
|
|
|
|
|
2020-07-02 04:25:01 -04:00
|
|
|
#undef strdup
|
2020-07-02 03:14:48 -04:00
|
|
|
#define strdup(x) ({ \
|
|
|
|
|
const char *__x = (x); size_t __y = strlen(__x); \
|
2022-08-09 02:09:24 -04:00
|
|
|
static struct mem_stats _ __attribute__((used,__section__("mem_stats"),__aligned__(sizeof(void*)))) = { \
|
2022-09-06 02:05:59 -04:00
|
|
|
.caller = { \
|
|
|
|
|
.file = __FILE__, .line = __LINE__, \
|
|
|
|
|
.what = MEM_STATS_TYPE_STRDUP, \
|
|
|
|
|
.func = __func__, \
|
|
|
|
|
}, \
|
2020-07-02 03:14:48 -04:00
|
|
|
}; \
|
2022-11-13 06:14:10 -05:00
|
|
|
HA_WEAK(__start_mem_stats); \
|
|
|
|
|
HA_WEAK(__stop_mem_stats); \
|
2021-04-06 07:53:36 -04:00
|
|
|
_HA_ATOMIC_INC(&_.calls); \
|
2020-07-02 03:14:48 -04:00
|
|
|
_HA_ATOMIC_ADD(&_.size, __y); \
|
|
|
|
|
strdup(__x); \
|
|
|
|
|
})
|
2022-08-09 03:08:18 -04:00
|
|
|
#else // DEBUG_MEM_STATS
|
|
|
|
|
|
|
|
|
|
#define will_free(x, y) do { } while (0)
|
|
|
|
|
|
2020-07-02 03:14:48 -04:00
|
|
|
#endif /* DEBUG_MEM_STATS*/
|
|
|
|
|
|
2023-04-07 08:57:13 -04:00
|
|
|
/* Add warnings to users of such functions. These will be reported at link time
|
|
|
|
|
* indicating what file name and line used them. The goal is to remind their
|
|
|
|
|
* users that these are extremely unsafe functions that never have a valid
|
|
|
|
|
* reason for being used.
|
|
|
|
|
*/
|
|
|
|
|
#undef strcat
|
|
|
|
|
__attribute__warning("\n"
|
|
|
|
|
" * WARNING! strcat() must never be used, because there is no convenient way\n"
|
|
|
|
|
" * to use it that is safe. Use memcpy() instead!\n")
|
|
|
|
|
extern char *strcat(char *__restrict dest, const char *__restrict src);
|
|
|
|
|
|
|
|
|
|
#undef strcpy
|
|
|
|
|
__attribute__warning("\n"
|
|
|
|
|
" * WARNING! strcpy() must never be used, because there is no convenient way\n"
|
|
|
|
|
" * to use it that is safe. Use memcpy() or strlcpy2() instead!\n")
|
|
|
|
|
extern char *strcpy(char *__restrict dest, const char *__restrict src);
|
|
|
|
|
|
|
|
|
|
#undef strncat
|
|
|
|
|
__attribute__warning("\n"
|
|
|
|
|
" * WARNING! strncat() must never be used, because there is no convenient way\n"
|
|
|
|
|
" * to use it that is safe. Use memcpy() instead!\n")
|
|
|
|
|
extern char *strncat(char *__restrict dest, const char *__restrict src, size_t n);
|
|
|
|
|
|
|
|
|
|
#undef sprintf
|
|
|
|
|
__attribute__warning("\n"
|
|
|
|
|
" * WARNING! sprintf() must never be used, because there is no convenient way\n"
|
|
|
|
|
" * to use it that is safe. Use snprintf() instead!\n")
|
|
|
|
|
extern int sprintf(char *__restrict dest, const char *__restrict fmt, ...);
|
|
|
|
|
|
|
|
|
|
#if defined(_VA_LIST_DEFINED) || defined(_VA_LIST_DECLARED) || defined(_VA_LIST)
|
|
|
|
|
#undef vsprintf
|
|
|
|
|
__attribute__warning("\n"
|
|
|
|
|
" * WARNING! vsprintf() must never be used, because there is no convenient way\n"
|
|
|
|
|
" * to use it that is safe. Use vsnprintf() instead!\n")
|
|
|
|
|
extern int vsprintf(char *__restrict dest, const char *__restrict fmt, va_list ap);
|
|
|
|
|
#endif
|
|
|
|
|
|
2020-05-27 10:51:33 -04:00
|
|
|
#endif /* _HAPROXY_BUG_H */
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Local variables:
|
|
|
|
|
* c-indent-level: 8
|
|
|
|
|
* c-basic-offset: 8
|
|
|
|
|
* End:
|
|
|
|
|
*/
|
