mirror of
https://github.com/RGBCube/serenity
synced 2025-05-14 08:34:57 +00:00
b6d4eea7ac
Instead of returning HeapBlock memory to the kernel (or a non-type specific shared cache), we now keep a BlockAllocator per CellAllocator and implement "deallocation" by basically informing the kernel that we don't need the physical memory right now. This is done with MADV_FREE or MADV_DONTNEED if available, but for other platforms (including SerenityOS) we munmap and then re-mmap the memory to achieve the same effect. It's definitely clunky, so I've added a FIXME about implementing the madvise options on SerenityOS too. The important outcome of this change is that GC types that use a type-specific allocator become immune to use-after-free type confusion attacks, since their virtual addresses will only ever be re-used for the same exact type again and again. Fixes #22274 |
||
|---|---|---|
| .. | ||
| BlockAllocator.cpp | ||
| BlockAllocator.h | ||
| Cell.cpp | ||
| Cell.h | ||
| CellAllocator.cpp | ||
| CellAllocator.h | ||
| DeferGC.h | ||
| GCPtr.h | ||
| Handle.cpp | ||
| Handle.h | ||
| Heap.cpp | ||
| Heap.h | ||
| HeapBlock.cpp | ||
| HeapBlock.h | ||
| HeapFunction.h | ||
| HeapRoot.h | ||
| Internals.h | ||
| MarkedVector.cpp | ||
| MarkedVector.h | ||