1/** 2 * @file 3 * Dynamic memory manager 4 * 5 * This is a lightweight replacement for the standard C library malloc(). 6 * 7 * If you want to use the standard C library malloc() instead, define 8 * MEM_LIBC_MALLOC to 1 in your lwipopts.h 9 * 10 * To let mem_malloc() use pools (prevents fragmentation and is much faster than 11 * a heap but might waste some memory), define MEM_USE_POOLS to 1, define 12 * MEMP_USE_CUSTOM_POOLS to 1 and create a file "lwippools.h" that includes a list 13 * of pools like this (more pools can be added between _START and _END): 14 * 15 * Define three pools with sizes 256, 512, and 1512 bytes 16 * LWIP_MALLOC_MEMPOOL_START 17 * LWIP_MALLOC_MEMPOOL(20, 256) 18 * LWIP_MALLOC_MEMPOOL(10, 512) 19 * LWIP_MALLOC_MEMPOOL(5, 1512) 20 * LWIP_MALLOC_MEMPOOL_END 21 */ 22 23/* 24 * Copyright (c) 2001-2004 Swedish Institute of Computer Science. 25 * All rights reserved. 26 * 27 * Redistribution and use in source and binary forms, with or without modification, 28 * are permitted provided that the following conditions are met: 29 * 30 * 1. Redistributions of source code must retain the above copyright notice, 31 * this list of conditions and the following disclaimer. 32 * 2. Redistributions in binary form must reproduce the above copyright notice, 33 * this list of conditions and the following disclaimer in the documentation 34 * and/or other materials provided with the distribution. 35 * 3. The name of the author may not be used to endorse or promote products 36 * derived from this software without specific prior written permission. 37 * 38 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 39 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 40 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 41 * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 42 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 43 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 44 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 45 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 46 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 47 * OF SUCH DAMAGE. 48 * 49 * This file is part of the lwIP TCP/IP stack. 50 * 51 * Author: Adam Dunkels <adam@sics.se> 52 * Simon Goldschmidt 53 * 54 */ 55 56#include "lwip/opt.h" 57#include "lwip/mem.h" 58#include "lwip/def.h" 59#include "lwip/sys.h" 60#include "lwip/stats.h" 61#include "lwip/err.h" 62 63#include <string.h> 64 65#if MEM_LIBC_MALLOC 66#include <stdlib.h> /* for malloc()/free() */ 67#endif 68 69/* This is overridable for tests only... */ 70#ifndef LWIP_MEM_ILLEGAL_FREE 71#define LWIP_MEM_ILLEGAL_FREE(msg) LWIP_ASSERT(msg, 0) 72#endif 73 74#define MEM_STATS_INC_LOCKED(x) SYS_ARCH_LOCKED(MEM_STATS_INC(x)) 75#define MEM_STATS_INC_USED_LOCKED(x, y) SYS_ARCH_LOCKED(MEM_STATS_INC_USED(x, y)) 76#define MEM_STATS_DEC_USED_LOCKED(x, y) SYS_ARCH_LOCKED(MEM_STATS_DEC_USED(x, y)) 77 78#if MEM_OVERFLOW_CHECK 79#define MEM_SANITY_OFFSET MEM_SANITY_REGION_BEFORE_ALIGNED 80#define MEM_SANITY_OVERHEAD (MEM_SANITY_REGION_BEFORE_ALIGNED + MEM_SANITY_REGION_AFTER_ALIGNED) 81#else 82#define MEM_SANITY_OFFSET 0 83#define MEM_SANITY_OVERHEAD 0 84#endif 85 86#if MEM_OVERFLOW_CHECK || MEMP_OVERFLOW_CHECK 87/** 88 * Check if a mep element was victim of an overflow or underflow 89 * (e.g. the restricted area after/before it has been altered) 90 * 91 * @param p the mem element to check 92 * @param size allocated size of the element 93 * @param descr1 description of the element source shown on error 94 * @param descr2 description of the element source shown on error 95 */ 96void 97mem_overflow_check_raw(void *p, size_t size, const char *descr1, const char *descr2) 98{ 99#if MEM_SANITY_REGION_AFTER_ALIGNED || MEM_SANITY_REGION_BEFORE_ALIGNED 100 u16_t k; 101 u8_t *m; 102 103#if MEM_SANITY_REGION_AFTER_ALIGNED > 0 104 m = (u8_t *)p + size; 105 for (k = 0; k < MEM_SANITY_REGION_AFTER_ALIGNED; k++) { 106 if (m[k] != 0xcd) { 107 char errstr[128]; 108 snprintf(errstr, sizeof(errstr), "detected mem overflow in %s%s", descr1, descr2); 109 LWIP_ASSERT(errstr, 0); 110 } 111 } 112#endif /* MEM_SANITY_REGION_AFTER_ALIGNED > 0 */ 113 114#if MEM_SANITY_REGION_BEFORE_ALIGNED > 0 115 m = (u8_t *)p - MEM_SANITY_REGION_BEFORE_ALIGNED; 116 for (k = 0; k < MEM_SANITY_REGION_BEFORE_ALIGNED; k++) { 117 if (m[k] != 0xcd) { 118 char errstr[128]; 119 snprintf(errstr, sizeof(errstr), "detected mem underflow in %s%s", descr1, descr2); 120 LWIP_ASSERT(errstr, 0); 121 } 122 } 123#endif /* MEM_SANITY_REGION_BEFORE_ALIGNED > 0 */ 124#else 125 LWIP_UNUSED_ARG(p); 126 LWIP_UNUSED_ARG(desc); 127 LWIP_UNUSED_ARG(descr); 128#endif 129} 130 131/** 132 * Initialize the restricted area of a mem element. 133 */ 134void 135mem_overflow_init_raw(void *p, size_t size) 136{ 137#if MEM_SANITY_REGION_BEFORE_ALIGNED > 0 || MEM_SANITY_REGION_AFTER_ALIGNED > 0 138 u8_t *m; 139#if MEM_SANITY_REGION_BEFORE_ALIGNED > 0 140 m = (u8_t *)p - MEM_SANITY_REGION_BEFORE_ALIGNED; 141 memset(m, 0xcd, MEM_SANITY_REGION_BEFORE_ALIGNED); 142#endif 143#if MEM_SANITY_REGION_AFTER_ALIGNED > 0 144 m = (u8_t *)p + size; 145 memset(m, 0xcd, MEM_SANITY_REGION_AFTER_ALIGNED); 146#endif 147#else /* MEM_SANITY_REGION_BEFORE_ALIGNED > 0 || MEM_SANITY_REGION_AFTER_ALIGNED > 0 */ 148 LWIP_UNUSED_ARG(p); 149 LWIP_UNUSED_ARG(desc); 150#endif /* MEM_SANITY_REGION_BEFORE_ALIGNED > 0 || MEM_SANITY_REGION_AFTER_ALIGNED > 0 */ 151} 152#endif /* MEM_OVERFLOW_CHECK || MEMP_OVERFLOW_CHECK */ 153 154#if MEM_LIBC_MALLOC || MEM_USE_POOLS 155 156/** mem_init is not used when using pools instead of a heap or using 157 * C library malloc(). 158 */ 159void 160mem_init(void) 161{ 162} 163 164/** mem_trim is not used when using pools instead of a heap or using 165 * C library malloc(): we can't free part of a pool element and the stack 166 * support mem_trim() to return a different pointer 167 */ 168void * 169mem_trim(void *mem, mem_size_t size) 170{ 171 LWIP_UNUSED_ARG(size); 172 return mem; 173} 174#endif /* MEM_LIBC_MALLOC || MEM_USE_POOLS */ 175 176#if MEM_LIBC_MALLOC 177/* lwIP heap implemented using C library malloc() */ 178 179/* in case C library malloc() needs extra protection, 180 * allow these defines to be overridden. 181 */ 182#ifndef mem_clib_free 183#define mem_clib_free free 184#endif 185#ifndef mem_clib_malloc 186#define mem_clib_malloc malloc 187#endif 188#ifndef mem_clib_calloc 189#define mem_clib_calloc calloc 190#endif 191 192#if LWIP_STATS && MEM_STATS 193#define MEM_LIBC_STATSHELPER_SIZE LWIP_MEM_ALIGN_SIZE(sizeof(mem_size_t)) 194#else 195#define MEM_LIBC_STATSHELPER_SIZE 0 196#endif 197 198/** 199 * Allocate a block of memory with a minimum of 'size' bytes. 200 * 201 * @param size is the minimum size of the requested block in bytes. 202 * @return pointer to allocated memory or NULL if no free memory was found. 203 * 204 * Note that the returned value must always be aligned (as defined by MEM_ALIGNMENT). 205 */ 206void * 207mem_malloc(mem_size_t size) 208{ 209 void *ret = mem_clib_malloc(size + MEM_LIBC_STATSHELPER_SIZE); 210 if (ret == NULL) { 211 MEM_STATS_INC_LOCKED(err); 212 } else { 213 LWIP_ASSERT("malloc() must return aligned memory", LWIP_MEM_ALIGN(ret) == ret); 214#if LWIP_STATS && MEM_STATS 215 *(mem_size_t *)ret = size; 216 ret = (u8_t *)ret + MEM_LIBC_STATSHELPER_SIZE; 217 MEM_STATS_INC_USED_LOCKED(used, size); 218#endif 219 } 220 return ret; 221} 222 223/** Put memory back on the heap 224 * 225 * @param rmem is the pointer as returned by a previous call to mem_malloc() 226 */ 227void 228mem_free(void *rmem) 229{ 230 LWIP_ASSERT("rmem != NULL", (rmem != NULL)); 231 LWIP_ASSERT("rmem == MEM_ALIGN(rmem)", (rmem == LWIP_MEM_ALIGN(rmem))); 232#if LWIP_STATS && MEM_STATS 233 rmem = (u8_t *)rmem - MEM_LIBC_STATSHELPER_SIZE; 234 MEM_STATS_DEC_USED_LOCKED(used, *(mem_size_t *)rmem); 235#endif 236 mem_clib_free(rmem); 237} 238 239#elif MEM_USE_POOLS 240 241/* lwIP heap implemented with different sized pools */ 242 243/** 244 * Allocate memory: determine the smallest pool that is big enough 245 * to contain an element of 'size' and get an element from that pool. 246 * 247 * @param size the size in bytes of the memory needed 248 * @return a pointer to the allocated memory or NULL if the pool is empty 249 */ 250void * 251mem_malloc(mem_size_t size) 252{ 253 void *ret; 254 struct memp_malloc_helper *element = NULL; 255 memp_t poolnr; 256 mem_size_t required_size = size + LWIP_MEM_ALIGN_SIZE(sizeof(struct memp_malloc_helper)); 257 258 for (poolnr = MEMP_POOL_FIRST; poolnr <= MEMP_POOL_LAST; poolnr = (memp_t)(poolnr + 1)) { 259 /* is this pool big enough to hold an element of the required size 260 plus a struct memp_malloc_helper that saves the pool this element came from? */ 261 if (required_size <= memp_pools[poolnr]->size) { 262 element = (struct memp_malloc_helper *)memp_malloc(poolnr); 263 if (element == NULL) { 264 /* No need to DEBUGF or ASSERT: This error is already taken care of in memp.c */ 265#if MEM_USE_POOLS_TRY_BIGGER_POOL 266 /** Try a bigger pool if this one is empty! */ 267 if (poolnr < MEMP_POOL_LAST) { 268 continue; 269 } 270#endif /* MEM_USE_POOLS_TRY_BIGGER_POOL */ 271 MEM_STATS_INC_LOCKED(err); 272 return NULL; 273 } 274 break; 275 } 276 } 277 if (poolnr > MEMP_POOL_LAST) { 278 LWIP_ASSERT("mem_malloc(): no pool is that big!", 0); 279 MEM_STATS_INC_LOCKED(err); 280 return NULL; 281 } 282 283 /* save the pool number this element came from */ 284 element->poolnr = poolnr; 285 /* and return a pointer to the memory directly after the struct memp_malloc_helper */ 286 ret = (u8_t *)element + LWIP_MEM_ALIGN_SIZE(sizeof(struct memp_malloc_helper)); 287 288#if MEMP_OVERFLOW_CHECK || (LWIP_STATS && MEM_STATS) 289 /* truncating to u16_t is safe because struct memp_desc::size is u16_t */ 290 element->size = (u16_t)size; 291 MEM_STATS_INC_USED_LOCKED(used, element->size); 292#endif /* MEMP_OVERFLOW_CHECK || (LWIP_STATS && MEM_STATS) */ 293#if MEMP_OVERFLOW_CHECK 294 /* initialize unused memory (diff between requested size and selected pool's size) */ 295 memset((u8_t *)ret + size, 0xcd, memp_pools[poolnr]->size - size); 296#endif /* MEMP_OVERFLOW_CHECK */ 297 return ret; 298} 299 300/** 301 * Free memory previously allocated by mem_malloc. Loads the pool number 302 * and calls memp_free with that pool number to put the element back into 303 * its pool 304 * 305 * @param rmem the memory element to free 306 */ 307void 308mem_free(void *rmem) 309{ 310 struct memp_malloc_helper *hmem; 311 312 LWIP_ASSERT("rmem != NULL", (rmem != NULL)); 313 LWIP_ASSERT("rmem == MEM_ALIGN(rmem)", (rmem == LWIP_MEM_ALIGN(rmem))); 314 315 /* get the original struct memp_malloc_helper */ 316 /* cast through void* to get rid of alignment warnings */ 317 hmem = (struct memp_malloc_helper *)(void *)((u8_t *)rmem - LWIP_MEM_ALIGN_SIZE(sizeof(struct memp_malloc_helper))); 318 319 LWIP_ASSERT("hmem != NULL", (hmem != NULL)); 320 LWIP_ASSERT("hmem == MEM_ALIGN(hmem)", (hmem == LWIP_MEM_ALIGN(hmem))); 321 LWIP_ASSERT("hmem->poolnr < MEMP_MAX", (hmem->poolnr < MEMP_MAX)); 322 323 MEM_STATS_DEC_USED_LOCKED(used, hmem->size); 324#if MEMP_OVERFLOW_CHECK 325 { 326 u16_t i; 327 LWIP_ASSERT("MEM_USE_POOLS: invalid chunk size", 328 hmem->size <= memp_pools[hmem->poolnr]->size); 329 /* check that unused memory remained untouched (diff between requested size and selected pool's size) */ 330 for (i = hmem->size; i < memp_pools[hmem->poolnr]->size; i++) { 331 u8_t data = *((u8_t *)rmem + i); 332 LWIP_ASSERT("MEM_USE_POOLS: mem overflow detected", data == 0xcd); 333 } 334 } 335#endif /* MEMP_OVERFLOW_CHECK */ 336 337 /* and put it in the pool we saved earlier */ 338 memp_free(hmem->poolnr, hmem); 339} 340 341#else /* MEM_USE_POOLS */ 342/* lwIP replacement for your libc malloc() */ 343 344/** 345 * The heap is made up as a list of structs of this type. 346 * This does not have to be aligned since for getting its size, 347 * we only use the macro SIZEOF_STRUCT_MEM, which automatically aligns. 348 */ 349struct mem { 350 /** index (-> ram[next]) of the next struct */ 351 mem_size_t next; 352 /** index (-> ram[prev]) of the previous struct */ 353 mem_size_t prev; 354 /** 1: this area is used; 0: this area is unused */ 355 u8_t used; 356#if MEM_OVERFLOW_CHECK 357 /** this keeps track of the user allocation size for guard checks */ 358 mem_size_t user_size; 359#endif 360}; 361 362/** All allocated blocks will be MIN_SIZE bytes big, at least! 363 * MIN_SIZE can be overridden to suit your needs. Smaller values save space, 364 * larger values could prevent too small blocks to fragment the RAM too much. */ 365#ifndef MIN_SIZE 366#define MIN_SIZE 12 367#endif /* MIN_SIZE */ 368/* some alignment macros: we define them here for better source code layout */ 369#define MIN_SIZE_ALIGNED LWIP_MEM_ALIGN_SIZE(MIN_SIZE) 370#define SIZEOF_STRUCT_MEM LWIP_MEM_ALIGN_SIZE(sizeof(struct mem)) 371#define MEM_SIZE_ALIGNED LWIP_MEM_ALIGN_SIZE(MEM_SIZE) 372 373/** If you want to relocate the heap to external memory, simply define 374 * LWIP_RAM_HEAP_POINTER as a void-pointer to that location. 375 * If so, make sure the memory at that location is big enough (see below on 376 * how that space is calculated). */ 377#ifndef LWIP_RAM_HEAP_POINTER 378/** the heap. we need one struct mem at the end and some room for alignment */ 379LWIP_DECLARE_MEMORY_ALIGNED(ram_heap, MEM_SIZE_ALIGNED + (2U * SIZEOF_STRUCT_MEM)); 380#define LWIP_RAM_HEAP_POINTER ram_heap 381#endif /* LWIP_RAM_HEAP_POINTER */ 382 383/** pointer to the heap (ram_heap): for alignment, ram is now a pointer instead of an array */ 384static u8_t *ram; 385/** the last entry, always unused! */ 386static struct mem *ram_end; 387 388/** concurrent access protection */ 389#if !NO_SYS 390static sys_mutex_t mem_mutex; 391#endif 392 393#if LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT 394 395static volatile u8_t mem_free_count; 396 397/* Allow mem_free from other (e.g. interrupt) context */ 398#define LWIP_MEM_FREE_DECL_PROTECT() SYS_ARCH_DECL_PROTECT(lev_free) 399#define LWIP_MEM_FREE_PROTECT() SYS_ARCH_PROTECT(lev_free) 400#define LWIP_MEM_FREE_UNPROTECT() SYS_ARCH_UNPROTECT(lev_free) 401#define LWIP_MEM_ALLOC_DECL_PROTECT() SYS_ARCH_DECL_PROTECT(lev_alloc) 402#define LWIP_MEM_ALLOC_PROTECT() SYS_ARCH_PROTECT(lev_alloc) 403#define LWIP_MEM_ALLOC_UNPROTECT() SYS_ARCH_UNPROTECT(lev_alloc) 404#define LWIP_MEM_LFREE_VOLATILE volatile 405 406#else /* LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT */ 407 408/* Protect the heap only by using a mutex */ 409#define LWIP_MEM_FREE_DECL_PROTECT() 410#define LWIP_MEM_FREE_PROTECT() sys_mutex_lock(&mem_mutex) 411#define LWIP_MEM_FREE_UNPROTECT() sys_mutex_unlock(&mem_mutex) 412/* mem_malloc is protected using mutex AND LWIP_MEM_ALLOC_PROTECT */ 413#define LWIP_MEM_ALLOC_DECL_PROTECT() 414#define LWIP_MEM_ALLOC_PROTECT() 415#define LWIP_MEM_ALLOC_UNPROTECT() 416#define LWIP_MEM_LFREE_VOLATILE 417 418#endif /* LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT */ 419 420/** pointer to the lowest free block, this is used for faster search */ 421static struct mem * LWIP_MEM_LFREE_VOLATILE lfree; 422 423#if MEM_SANITY_CHECK 424static void mem_sanity(void); 425#define MEM_SANITY() mem_sanity() 426#else 427#define MEM_SANITY() 428#endif 429 430#if MEM_OVERFLOW_CHECK 431static void 432mem_overflow_init_element(struct mem *mem, mem_size_t user_size) 433{ 434 void *p = (u8_t *)mem + SIZEOF_STRUCT_MEM + MEM_SANITY_OFFSET; 435 mem->user_size = user_size; 436 mem_overflow_init_raw(p, user_size); 437} 438 439static void 440mem_overflow_check_element(struct mem *mem) 441{ 442 void *p = (u8_t *)mem + SIZEOF_STRUCT_MEM + MEM_SANITY_OFFSET; 443 mem_overflow_check_raw(p, mem->user_size, "heap", ""); 444} 445#else /* MEM_OVERFLOW_CHECK */ 446#define mem_overflow_init_element(mem, size) 447#define mem_overflow_check_element(mem) 448#endif /* MEM_OVERFLOW_CHECK */ 449 450static struct mem * 451ptr_to_mem(mem_size_t ptr) 452{ 453 return (struct mem *)(void *)&ram[ptr]; 454} 455 456static mem_size_t 457mem_to_ptr(void *mem) 458{ 459 return (mem_size_t)((u8_t *)mem - ram); 460} 461 462/** 463 * "Plug holes" by combining adjacent empty struct mems. 464 * After this function is through, there should not exist 465 * one empty struct mem pointing to another empty struct mem. 466 * 467 * @param mem this points to a struct mem which just has been freed 468 * @internal this function is only called by mem_free() and mem_trim() 469 * 470 * This assumes access to the heap is protected by the calling function 471 * already. 472 */ 473static void 474plug_holes(struct mem *mem) 475{ 476 struct mem *nmem; 477 struct mem *pmem; 478 479 LWIP_ASSERT("plug_holes: mem >= ram", (u8_t *)mem >= ram); 480 LWIP_ASSERT("plug_holes: mem < ram_end", (u8_t *)mem < (u8_t *)ram_end); 481 LWIP_ASSERT("plug_holes: mem->used == 0", mem->used == 0); 482 483 /* plug hole forward */ 484 LWIP_ASSERT("plug_holes: mem->next <= MEM_SIZE_ALIGNED", mem->next <= MEM_SIZE_ALIGNED); 485 486 nmem = ptr_to_mem(mem->next); 487 if (mem != nmem && nmem->used == 0 && (u8_t *)nmem != (u8_t *)ram_end) { 488 /* if mem->next is unused and not end of ram, combine mem and mem->next */ 489 if (lfree == nmem) { 490 lfree = mem; 491 } 492 mem->next = nmem->next; 493 if (nmem->next != MEM_SIZE_ALIGNED) { 494 ptr_to_mem(nmem->next)->prev = mem_to_ptr(mem); 495 } 496 } 497 498 /* plug hole backward */ 499 pmem = ptr_to_mem(mem->prev); 500 if (pmem != mem && pmem->used == 0) { 501 /* if mem->prev is unused, combine mem and mem->prev */ 502 if (lfree == mem) { 503 lfree = pmem; 504 } 505 pmem->next = mem->next; 506 if (mem->next != MEM_SIZE_ALIGNED) { 507 ptr_to_mem(mem->next)->prev = mem_to_ptr(pmem); 508 } 509 } 510} 511 512/** 513 * Zero the heap and initialize start, end and lowest-free 514 */ 515void 516mem_init(void) 517{ 518 struct mem *mem; 519 520 LWIP_ASSERT("Sanity check alignment", 521 (SIZEOF_STRUCT_MEM & (MEM_ALIGNMENT - 1)) == 0); 522 523 /* align the heap */ 524 ram = (u8_t *)LWIP_MEM_ALIGN(LWIP_RAM_HEAP_POINTER); 525 /* initialize the start of the heap */ 526 mem = (struct mem *)(void *)ram; 527 mem->next = MEM_SIZE_ALIGNED; 528 mem->prev = 0; 529 mem->used = 0; 530 /* initialize the end of the heap */ 531 ram_end = ptr_to_mem(MEM_SIZE_ALIGNED); 532 ram_end->used = 1; 533 ram_end->next = MEM_SIZE_ALIGNED; 534 ram_end->prev = MEM_SIZE_ALIGNED; 535 MEM_SANITY(); 536 537 /* initialize the lowest-free pointer to the start of the heap */ 538 lfree = (struct mem *)(void *)ram; 539 540 MEM_STATS_AVAIL(avail, MEM_SIZE_ALIGNED); 541 542 if (sys_mutex_new(&mem_mutex) != ERR_OK) { 543 LWIP_ASSERT("failed to create mem_mutex", 0); 544 } 545} 546 547/* Check if a struct mem is correctly linked. 548 * If not, double-free is a possible reason. 549 */ 550static int 551mem_link_valid(struct mem *mem) 552{ 553 struct mem *nmem, *pmem; 554 mem_size_t rmem_idx; 555 rmem_idx = mem_to_ptr(mem); 556 nmem = ptr_to_mem(mem->next); 557 pmem = ptr_to_mem(mem->prev); 558 if ((mem->next > MEM_SIZE_ALIGNED) || (mem->prev > MEM_SIZE_ALIGNED) || 559 ((mem->prev != rmem_idx) && (pmem->next != rmem_idx)) || 560 ((nmem != ram_end) && (nmem->prev != rmem_idx))) { 561 return 0; 562 } 563 return 1; 564} 565 566#if MEM_SANITY_CHECK 567static void 568mem_sanity(void) 569{ 570 struct mem *mem; 571 u8_t last_used; 572 573 /* begin with first element here */ 574 mem = (struct mem *)ram; 575 LWIP_ASSERT("heap element used valid", (mem->used == 0) || (mem->used == 1)); 576 last_used = mem->used; 577 LWIP_ASSERT("heap element prev ptr valid", mem->prev == 0); 578 LWIP_ASSERT("heap element next ptr valid", mem->next <= MEM_SIZE_ALIGNED); 579 LWIP_ASSERT("heap element next ptr aligned", LWIP_MEM_ALIGN(ptr_to_mem(mem->next) == ptr_to_mem(mem->next))); 580 581 /* check all elements before the end of the heap */ 582 for (mem = ptr_to_mem(mem->next); 583 ((u8_t *)mem > ram) && (mem < ram_end); 584 mem = ptr_to_mem(mem->next)) { 585 LWIP_ASSERT("heap element aligned", LWIP_MEM_ALIGN(mem) == mem); 586 LWIP_ASSERT("heap element prev ptr valid", mem->prev <= MEM_SIZE_ALIGNED); 587 LWIP_ASSERT("heap element next ptr valid", mem->next <= MEM_SIZE_ALIGNED); 588 LWIP_ASSERT("heap element prev ptr aligned", LWIP_MEM_ALIGN(ptr_to_mem(mem->prev) == ptr_to_mem(mem->prev))); 589 LWIP_ASSERT("heap element next ptr aligned", LWIP_MEM_ALIGN(ptr_to_mem(mem->next) == ptr_to_mem(mem->next))); 590 591 if (last_used == 0) { 592 /* 2 unused elements in a row? */ 593 LWIP_ASSERT("heap element unused?", mem->used == 1); 594 } else { 595 LWIP_ASSERT("heap element unused member", (mem->used == 0) || (mem->used == 1)); 596 } 597 598 LWIP_ASSERT("heap element link valid", mem_link_valid(mem)); 599 600 /* used/unused altering */ 601 last_used = mem->used; 602 } 603 LWIP_ASSERT("heap end ptr sanity", mem == ptr_to_mem(MEM_SIZE_ALIGNED)); 604 LWIP_ASSERT("heap element used valid", mem->used == 1); 605 LWIP_ASSERT("heap element prev ptr valid", mem->prev == MEM_SIZE_ALIGNED); 606 LWIP_ASSERT("heap element next ptr valid", mem->next == MEM_SIZE_ALIGNED); 607} 608#endif /* MEM_SANITY_CHECK */ 609 610/** 611 * Put a struct mem back on the heap 612 * 613 * @param rmem is the data portion of a struct mem as returned by a previous 614 * call to mem_malloc() 615 */ 616void 617mem_free(void *rmem) 618{ 619 struct mem *mem; 620 LWIP_MEM_FREE_DECL_PROTECT(); 621 622 if (rmem == NULL) { 623 LWIP_DEBUGF(MEM_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_LEVEL_SERIOUS, ("mem_free(p == NULL) was called.\n")); 624 return; 625 } 626 if ((((mem_ptr_t)rmem) & (MEM_ALIGNMENT - 1)) != 0) { 627 LWIP_MEM_ILLEGAL_FREE("mem_free: sanity check alignment"); 628 LWIP_DEBUGF(MEM_DEBUG | LWIP_DBG_LEVEL_SEVERE, ("mem_free: sanity check alignment\n")); 629 /* protect mem stats from concurrent access */ 630 MEM_STATS_INC_LOCKED(illegal); 631 return; 632 } 633 634 /* Get the corresponding struct mem: */ 635 /* cast through void* to get rid of alignment warnings */ 636 mem = (struct mem *)(void *)((u8_t *)rmem - (SIZEOF_STRUCT_MEM + MEM_SANITY_OFFSET)); 637 638 if ((u8_t *)mem < ram || (u8_t *)rmem + MIN_SIZE_ALIGNED > (u8_t *)ram_end) { 639 LWIP_MEM_ILLEGAL_FREE("mem_free: illegal memory"); 640 LWIP_DEBUGF(MEM_DEBUG | LWIP_DBG_LEVEL_SEVERE, ("mem_free: illegal memory\n")); 641 /* protect mem stats from concurrent access */ 642 MEM_STATS_INC_LOCKED(illegal); 643 return; 644 } 645#if MEM_OVERFLOW_CHECK 646 mem_overflow_check_element(mem); 647#endif 648 /* protect the heap from concurrent access */ 649 LWIP_MEM_FREE_PROTECT(); 650 /* mem has to be in a used state */ 651 if (!mem->used) { 652 LWIP_MEM_ILLEGAL_FREE("mem_free: illegal memory: double free"); 653 LWIP_MEM_FREE_UNPROTECT(); 654 LWIP_DEBUGF(MEM_DEBUG | LWIP_DBG_LEVEL_SEVERE, ("mem_free: illegal memory: double free?\n")); 655 /* protect mem stats from concurrent access */ 656 MEM_STATS_INC_LOCKED(illegal); 657 return; 658 } 659 660 if (!mem_link_valid(mem)) { 661 LWIP_MEM_ILLEGAL_FREE("mem_free: illegal memory: non-linked: double free"); 662 LWIP_MEM_FREE_UNPROTECT(); 663 LWIP_DEBUGF(MEM_DEBUG | LWIP_DBG_LEVEL_SEVERE, ("mem_free: illegal memory: non-linked: double free?\n")); 664 /* protect mem stats from concurrent access */ 665 MEM_STATS_INC_LOCKED(illegal); 666 return; 667 } 668 669 /* mem is now unused. */ 670 mem->used = 0; 671 672 if (mem < lfree) { 673 /* the newly freed struct is now the lowest */ 674 lfree = mem; 675 } 676 677 MEM_STATS_DEC_USED(used, mem->next - (mem_size_t)(((u8_t *)mem - ram))); 678 679 /* finally, see if prev or next are free also */ 680 plug_holes(mem); 681 MEM_SANITY(); 682#if LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT 683 mem_free_count = 1; 684#endif /* LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT */ 685 LWIP_MEM_FREE_UNPROTECT(); 686} 687 688/** 689 * Shrink memory returned by mem_malloc(). 690 * 691 * @param rmem pointer to memory allocated by mem_malloc the is to be shrinked 692 * @param new_size required size after shrinking (needs to be smaller than or 693 * equal to the previous size) 694 * @return for compatibility reasons: is always == rmem, at the moment 695 * or NULL if newsize is > old size, in which case rmem is NOT touched 696 * or freed! 697 */ 698void * 699mem_trim(void *rmem, mem_size_t new_size) 700{ 701 mem_size_t size, newsize; 702 mem_size_t ptr, ptr2; 703 struct mem *mem, *mem2; 704 /* use the FREE_PROTECT here: it protects with sem OR SYS_ARCH_PROTECT */ 705 LWIP_MEM_FREE_DECL_PROTECT(); 706 707 /* Expand the size of the allocated memory region so that we can 708 adjust for alignment. */ 709 newsize = (mem_size_t)LWIP_MEM_ALIGN_SIZE(new_size); 710 if (newsize < MIN_SIZE_ALIGNED) { 711 /* every data block must be at least MIN_SIZE_ALIGNED long */ 712 newsize = MIN_SIZE_ALIGNED; 713 } 714#if MEM_OVERFLOW_CHECK 715 newsize += MEM_SANITY_REGION_BEFORE_ALIGNED + MEM_SANITY_REGION_AFTER_ALIGNED; 716#endif 717 if ((newsize > MEM_SIZE_ALIGNED) || (newsize < new_size)) { 718 return NULL; 719 } 720 721 LWIP_ASSERT("mem_trim: legal memory", (u8_t *)rmem >= (u8_t *)ram && 722 (u8_t *)rmem < (u8_t *)ram_end); 723 724 if ((u8_t *)rmem < (u8_t *)ram || (u8_t *)rmem >= (u8_t *)ram_end) { 725 LWIP_DEBUGF(MEM_DEBUG | LWIP_DBG_LEVEL_SEVERE, ("mem_trim: illegal memory\n")); 726 /* protect mem stats from concurrent access */ 727 MEM_STATS_INC_LOCKED(illegal); 728 return rmem; 729 } 730 /* Get the corresponding struct mem ... */ 731 /* cast through void* to get rid of alignment warnings */ 732 mem = (struct mem *)(void *)((u8_t *)rmem - (SIZEOF_STRUCT_MEM + MEM_SANITY_OFFSET)); 733#if MEM_OVERFLOW_CHECK 734 mem_overflow_check_element(mem); 735#endif 736 /* ... and its offset pointer */ 737 ptr = mem_to_ptr(mem); 738 739 size = (mem_size_t)((mem_size_t)(mem->next - ptr) - (SIZEOF_STRUCT_MEM + MEM_SANITY_OVERHEAD)); 740 LWIP_ASSERT("mem_trim can only shrink memory", newsize <= size); 741 if (newsize > size) { 742 /* not supported */ 743 return NULL; 744 } 745 if (newsize == size) { 746 /* No change in size, simply return */ 747 return rmem; 748 } 749 750 /* protect the heap from concurrent access */ 751 LWIP_MEM_FREE_PROTECT(); 752 753 mem2 = ptr_to_mem(mem->next); 754 if (mem2->used == 0) { 755 /* The next struct is unused, we can simply move it at little */ 756 mem_size_t next; 757 LWIP_ASSERT("invalid next ptr", mem->next != MEM_SIZE_ALIGNED); 758 /* remember the old next pointer */ 759 next = mem2->next; 760 /* create new struct mem which is moved directly after the shrinked mem */ 761 ptr2 = (mem_size_t)(ptr + SIZEOF_STRUCT_MEM + newsize); 762 if (lfree == mem2) { 763 lfree = ptr_to_mem(ptr2); 764 } 765 mem2 = ptr_to_mem(ptr2); 766 mem2->used = 0; 767 /* restore the next pointer */ 768 mem2->next = next; 769 /* link it back to mem */ 770 mem2->prev = ptr; 771 /* link mem to it */ 772 mem->next = ptr2; 773 /* last thing to restore linked list: as we have moved mem2, 774 * let 'mem2->next->prev' point to mem2 again. but only if mem2->next is not 775 * the end of the heap */ 776 if (mem2->next != MEM_SIZE_ALIGNED) { 777 ptr_to_mem(mem2->next)->prev = ptr2; 778 } 779 MEM_STATS_DEC_USED(used, (size - newsize)); 780 /* no need to plug holes, we've already done that */ 781 } else if (newsize + SIZEOF_STRUCT_MEM + MIN_SIZE_ALIGNED <= size) { 782 /* Next struct is used but there's room for another struct mem with 783 * at least MIN_SIZE_ALIGNED of data. 784 * Old size ('size') must be big enough to contain at least 'newsize' plus a struct mem 785 * ('SIZEOF_STRUCT_MEM') with some data ('MIN_SIZE_ALIGNED'). 786 * @todo we could leave out MIN_SIZE_ALIGNED. We would create an empty 787 * region that couldn't hold data, but when mem->next gets freed, 788 * the 2 regions would be combined, resulting in more free memory */ 789 ptr2 = (mem_size_t)(ptr + SIZEOF_STRUCT_MEM + newsize); 790 LWIP_ASSERT("invalid next ptr", mem->next != MEM_SIZE_ALIGNED); 791 mem2 = ptr_to_mem(ptr2); 792 if (mem2 < lfree) { 793 lfree = mem2; 794 } 795 mem2->used = 0; 796 mem2->next = mem->next; 797 mem2->prev = ptr; 798 mem->next = ptr2; 799 if (mem2->next != MEM_SIZE_ALIGNED) { 800 ptr_to_mem(mem2->next)->prev = ptr2; 801 } 802 MEM_STATS_DEC_USED(used, (size - newsize)); 803 /* the original mem->next is used, so no need to plug holes! */ 804 } 805 /* else { 806 next struct mem is used but size between mem and mem2 is not big enough 807 to create another struct mem 808 -> don't do anyhting. 809 -> the remaining space stays unused since it is too small 810 } */ 811#if MEM_OVERFLOW_CHECK 812 mem_overflow_init_element(mem, new_size); 813#endif 814 MEM_SANITY(); 815#if LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT 816 mem_free_count = 1; 817#endif /* LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT */ 818 LWIP_MEM_FREE_UNPROTECT(); 819 return rmem; 820} 821 822/** 823 * Allocate a block of memory with a minimum of 'size' bytes. 824 * 825 * @param size_in is the minimum size of the requested block in bytes. 826 * @return pointer to allocated memory or NULL if no free memory was found. 827 * 828 * Note that the returned value will always be aligned (as defined by MEM_ALIGNMENT). 829 */ 830void * 831mem_malloc(mem_size_t size_in) 832{ 833 mem_size_t ptr, ptr2, size; 834 struct mem *mem, *mem2; 835#if LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT 836 u8_t local_mem_free_count = 0; 837#endif /* LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT */ 838 LWIP_MEM_ALLOC_DECL_PROTECT(); 839 840 if (size_in == 0) { 841 return NULL; 842 } 843 844 /* Expand the size of the allocated memory region so that we can 845 adjust for alignment. */ 846 size = (mem_size_t)LWIP_MEM_ALIGN_SIZE(size_in); 847 if (size < MIN_SIZE_ALIGNED) { 848 /* every data block must be at least MIN_SIZE_ALIGNED long */ 849 size = MIN_SIZE_ALIGNED; 850 } 851#if MEM_OVERFLOW_CHECK 852 size += MEM_SANITY_REGION_BEFORE_ALIGNED + MEM_SANITY_REGION_AFTER_ALIGNED; 853#endif 854 if ((size > MEM_SIZE_ALIGNED) || (size < size_in)) { 855 return NULL; 856 } 857 858 /* protect the heap from concurrent access */ 859 sys_mutex_lock(&mem_mutex); 860 LWIP_MEM_ALLOC_PROTECT(); 861#if LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT 862 /* run as long as a mem_free disturbed mem_malloc or mem_trim */ 863 do { 864 local_mem_free_count = 0; 865#endif /* LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT */ 866 867 /* Scan through the heap searching for a free block that is big enough, 868 * beginning with the lowest free block. 869 */ 870 for (ptr = mem_to_ptr(lfree); ptr < MEM_SIZE_ALIGNED - size; 871 ptr = ptr_to_mem(ptr)->next) { 872 mem = ptr_to_mem(ptr); 873#if LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT 874 mem_free_count = 0; 875 LWIP_MEM_ALLOC_UNPROTECT(); 876 /* allow mem_free or mem_trim to run */ 877 LWIP_MEM_ALLOC_PROTECT(); 878 if (mem_free_count != 0) { 879 /* If mem_free or mem_trim have run, we have to restart since they 880 could have altered our current struct mem. */ 881 local_mem_free_count = 1; 882 break; 883 } 884#endif /* LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT */ 885 886 if ((!mem->used) && 887 (mem->next - (ptr + SIZEOF_STRUCT_MEM)) >= size) { 888 /* mem is not used and at least perfect fit is possible: 889 * mem->next - (ptr + SIZEOF_STRUCT_MEM) gives us the 'user data size' of mem */ 890 891 if (mem->next - (ptr + SIZEOF_STRUCT_MEM) >= (size + SIZEOF_STRUCT_MEM + MIN_SIZE_ALIGNED)) { 892 /* (in addition to the above, we test if another struct mem (SIZEOF_STRUCT_MEM) containing 893 * at least MIN_SIZE_ALIGNED of data also fits in the 'user data space' of 'mem') 894 * -> split large block, create empty remainder, 895 * remainder must be large enough to contain MIN_SIZE_ALIGNED data: if 896 * mem->next - (ptr + (2*SIZEOF_STRUCT_MEM)) == size, 897 * struct mem would fit in but no data between mem2 and mem2->next 898 * @todo we could leave out MIN_SIZE_ALIGNED. We would create an empty 899 * region that couldn't hold data, but when mem->next gets freed, 900 * the 2 regions would be combined, resulting in more free memory 901 */ 902 ptr2 = (mem_size_t)(ptr + SIZEOF_STRUCT_MEM + size); 903 LWIP_ASSERT("invalid next ptr",ptr2 != MEM_SIZE_ALIGNED); 904 /* create mem2 struct */ 905 mem2 = ptr_to_mem(ptr2); 906 mem2->used = 0; 907 mem2->next = mem->next; 908 mem2->prev = ptr; 909 /* and insert it between mem and mem->next */ 910 mem->next = ptr2; 911 mem->used = 1; 912 913 if (mem2->next != MEM_SIZE_ALIGNED) { 914 ptr_to_mem(mem2->next)->prev = ptr2; 915 } 916 MEM_STATS_INC_USED(used, (size + SIZEOF_STRUCT_MEM)); 917 } else { 918 /* (a mem2 struct does no fit into the user data space of mem and mem->next will always 919 * be used at this point: if not we have 2 unused structs in a row, plug_holes should have 920 * take care of this). 921 * -> near fit or exact fit: do not split, no mem2 creation 922 * also can't move mem->next directly behind mem, since mem->next 923 * will always be used at this point! 924 */ 925 mem->used = 1; 926 MEM_STATS_INC_USED(used, mem->next - mem_to_ptr(mem)); 927 } 928#if LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT 929mem_malloc_adjust_lfree: 930#endif /* LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT */ 931 if (mem == lfree) { 932 struct mem *cur = lfree; 933 /* Find next free block after mem and update lowest free pointer */ 934 while (cur->used && cur != ram_end) { 935#if LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT 936 mem_free_count = 0; 937 LWIP_MEM_ALLOC_UNPROTECT(); 938 /* prevent high interrupt latency... */ 939 LWIP_MEM_ALLOC_PROTECT(); 940 if (mem_free_count != 0) { 941 /* If mem_free or mem_trim have run, we have to restart since they 942 could have altered our current struct mem or lfree. */ 943 goto mem_malloc_adjust_lfree; 944 } 945#endif /* LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT */ 946 cur = ptr_to_mem(cur->next); 947 } 948 lfree = cur; 949 LWIP_ASSERT("mem_malloc: !lfree->used", ((lfree == ram_end) || (!lfree->used))); 950 } 951 LWIP_MEM_ALLOC_UNPROTECT(); 952 sys_mutex_unlock(&mem_mutex); 953 LWIP_ASSERT("mem_malloc: allocated memory not above ram_end.", 954 (mem_ptr_t)mem + SIZEOF_STRUCT_MEM + size <= (mem_ptr_t)ram_end); 955 LWIP_ASSERT("mem_malloc: allocated memory properly aligned.", 956 ((mem_ptr_t)mem + SIZEOF_STRUCT_MEM) % MEM_ALIGNMENT == 0); 957 LWIP_ASSERT("mem_malloc: sanity check alignment", 958 (((mem_ptr_t)mem) & (MEM_ALIGNMENT - 1)) == 0); 959 960#if MEM_OVERFLOW_CHECK 961 mem_overflow_init_element(mem, size_in); 962#endif 963 MEM_SANITY(); 964 return (u8_t *)mem + SIZEOF_STRUCT_MEM + MEM_SANITY_OFFSET; 965 } 966 } 967#if LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT 968 /* if we got interrupted by a mem_free, try again */ 969 } while (local_mem_free_count != 0); 970#endif /* LWIP_ALLOW_MEM_FREE_FROM_OTHER_CONTEXT */ 971 MEM_STATS_INC(err); 972 LWIP_MEM_ALLOC_UNPROTECT(); 973 sys_mutex_unlock(&mem_mutex); 974 LWIP_DEBUGF(MEM_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("mem_malloc: could not allocate %"S16_F" bytes\n", (s16_t)size)); 975 return NULL; 976} 977 978#endif /* MEM_USE_POOLS */ 979 980#if MEM_LIBC_MALLOC && (!LWIP_STATS || !MEM_STATS) 981void * 982mem_calloc(mem_size_t count, mem_size_t size) 983{ 984 return mem_clib_calloc(count, size); 985} 986 987#else /* MEM_LIBC_MALLOC && (!LWIP_STATS || !MEM_STATS) */ 988/** 989 * Contiguously allocates enough space for count objects that are size bytes 990 * of memory each and returns a pointer to the allocated memory. 991 * 992 * The allocated memory is filled with bytes of value zero. 993 * 994 * @param count number of objects to allocate 995 * @param size size of the objects to allocate 996 * @return pointer to allocated memory / NULL pointer if there is an error 997 */ 998void * 999mem_calloc(mem_size_t count, mem_size_t size) 1000{ 1001 void *p; 1002 size_t alloc_size = (size_t)count * (size_t)size; 1003 1004 if ((size_t)(mem_size_t)alloc_size != alloc_size) { 1005 LWIP_DEBUGF(MEM_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("mem_calloc: could not allocate %"SZT_F" bytes\n", alloc_size)); 1006 return NULL; 1007 } 1008 1009 /* allocate 'count' objects of size 'size' */ 1010 p = mem_malloc((mem_size_t)alloc_size); 1011 if (p) { 1012 /* zero the memory */ 1013 memset(p, 0, alloc_size); 1014 } 1015 return p; 1016} 1017#endif /* MEM_LIBC_MALLOC && (!LWIP_STATS || !MEM_STATS) */ 1018