1 /* $MirOS: src/usr.sbin/httpd/src/include/ap_alloc.h,v 1.3 2013/10/31 20:07:20 tg Exp $ */ 2 /* $OpenBSD: ap_alloc.h,v 1.8 2005/03/28 23:26:51 niallo Exp $ */ 3 4 /* ==================================================================== 5 * The Apache Software License, Version 1.1 6 * 7 * Copyright © 2013 8 * Thorsten “mirabilos” Glaser <tg@mirbsd.org> 9 * Copyright (c) 2000-2003 The Apache Software Foundation. All rights 10 * reserved. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in 21 * the documentation and/or other materials provided with the 22 * distribution. 23 * 24 * 3. The end-user documentation included with the redistribution, 25 * if any, must include the following acknowledgment: 26 * "This product includes software developed by the 27 * Apache Software Foundation (http://www.apache.org/)." 28 * Alternately, this acknowledgment may appear in the software itself, 29 * if and wherever such third-party acknowledgments normally appear. 30 * 31 * 4. The names "Apache" and "Apache Software Foundation" must 32 * not be used to endorse or promote products derived from this 33 * software without prior written permission. For written 34 * permission, please contact apache@apache.org. 35 * 36 * 5. Products derived from this software may not be called "Apache", 37 * nor may "Apache" appear in their name, without prior written 38 * permission of the Apache Software Foundation. 39 * 40 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED 41 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 42 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 43 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 46 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 47 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 48 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 49 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 50 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * ==================================================================== 53 * 54 * This software consists of voluntary contributions made by many 55 * individuals on behalf of the Apache Software Foundation. For more 56 * information on the Apache Software Foundation, please see 57 * <http://www.apache.org/>. 58 * 59 * Portions of this software are based upon public domain software 60 * originally written at the National Center for Supercomputing Applications, 61 * University of Illinois, Urbana-Champaign. 62 */ 63 64 #ifndef APACHE_ALLOC_H 65 #define APACHE_ALLOC_H 66 67 #ifdef __cplusplus 68 extern "C" { 69 #endif 70 71 /* 72 * Resource allocation routines... 73 * 74 * designed so that we don't have to keep track of EVERYTHING so that 75 * it can be explicitly freed later (a fundamentally unsound strategy --- 76 * particularly in the presence of die()). 77 * 78 * Instead, we maintain pools, and allocate items (both memory and I/O 79 * handlers) from the pools --- currently there are two, one for per 80 * transaction info, and one for config info. When a transaction is over, 81 * we can delete everything in the per-transaction pool without fear, and 82 * without thinking too hard about it either. 83 * 84 * rst 85 */ 86 87 /* Arenas for configuration info and transaction info 88 * --- actual layout of the pool structure is private to 89 * alloc.c. 90 */ 91 92 typedef struct pool pool; 93 typedef struct pool ap_pool; 94 95 API_EXPORT(pool *) ap_init_alloc(void); /* Set up everything */ 96 void ap_cleanup_alloc(void); 97 API_EXPORT(pool *) ap_make_sub_pool(pool *); /* All pools are subpools of permanent_pool */ 98 typedef enum { AP_POOL_RD, AP_POOL_RW } ap_pool_lock_mode; 99 int ap_shared_pool_possible(void); 100 void ap_init_alloc_shared(int); 101 void ap_kill_alloc_shared(void); 102 API_EXPORT(pool *) ap_make_shared_sub_pool(pool *); 103 API_EXPORT(int) ap_acquire_pool(pool *, ap_pool_lock_mode); 104 API_EXPORT(int) ap_release_pool(pool *); 105 API_EXPORT(void) ap_destroy_pool(pool *); 106 107 /* pools have nested lifetimes -- sub_pools are destroyed when the 108 * parent pool is cleared. We allow certain liberties with operations 109 * on things such as tables (and on other structures in a more general 110 * sense) where we allow the caller to insert values into a table which 111 * were not allocated from the table's pool. The table's data will 112 * remain valid as long as all the pools from which its values are 113 * allocated remain valid. 114 * 115 * For example, if B is a sub pool of A, and you build a table T in 116 * pool B, then it's safe to insert data allocated in A or B into T 117 * (because B lives at most as long as A does, and T is destroyed when 118 * B is cleared/destroyed). On the other hand, if S is a table in 119 * pool A, it is safe to insert data allocated in A into S, but it 120 * is *not safe* to insert data allocated from B into S... because 121 * B can be cleared/destroyed before A is (which would leave dangling 122 * pointers in T's data structures). 123 * 124 * In general we say that it is safe to insert data into a table T 125 * if the data is allocated in any ancestor of T's pool. This is the 126 * basis on which the POOL_DEBUG code works -- it tests these ancestor 127 * relationships for all data inserted into tables. POOL_DEBUG also 128 * provides tools (ap_find_pool, and ap_pool_is_ancestor) for other 129 * folks to implement similar restrictions for their own data 130 * structures. 131 * 132 * However, sometimes this ancestor requirement is inconvenient -- 133 * sometimes we're forced to create a sub pool (such as through 134 * ap_sub_req_lookup_uri), and the sub pool is guaranteed to have 135 * the same lifetime as the parent pool. This is a guarantee implemented 136 * by the *caller*, not by the pool code. That is, the caller guarantees 137 * they won't destroy the sub pool individually prior to destroying the 138 * parent pool. 139 * 140 * In this case the caller must call ap_pool_join() to indicate this 141 * guarantee to the POOL_DEBUG code. There are a few examples spread 142 * through the standard modules. 143 */ 144 #ifndef POOL_DEBUG 145 #ifdef ap_pool_join 146 #undef ap_pool_join 147 #endif 148 #define ap_pool_join(a,b) 149 #else 150 API_EXPORT(void) ap_pool_join(pool *p, pool *sub); 151 API_EXPORT(pool *) ap_find_pool(const void *ts); 152 API_EXPORT(int) ap_pool_is_ancestor(pool *a, pool *b); 153 #endif 154 155 /* Clearing out EVERYTHING in an pool... destroys any sub-pools */ 156 157 API_EXPORT(void) ap_clear_pool(struct pool *); 158 159 /* Preparing for exec() --- close files, etc., but *don't* flush I/O 160 * buffers, *don't* wait for subprocesses, and *don't* free any memory. 161 */ 162 163 API_EXPORT(void) ap_cleanup_for_exec(void); 164 165 /* routines to allocate memory from an pool... */ 166 167 API_EXPORT(void *) ap_palloc(struct pool *, int nbytes); 168 API_EXPORT(void *) ap_pcalloc(struct pool *, int nbytes); 169 API_EXPORT(char *) ap_pstrdup(struct pool *, const char *s); 170 /* make a nul terminated copy of the n characters starting with s */ 171 API_EXPORT(char *) ap_pstrndup(struct pool *, const char *s, int n); 172 API_EXPORT_NONSTD(char *) ap_pstrcat(struct pool *,...) 173 __attribute__((__sentinel__)); 174 /* all '...' must be char* */ 175 API_EXPORT_NONSTD(char *) ap_psprintf(struct pool *, const char *fmt, ...) 176 __attribute__((__format__(__printf__, 2, 3))); 177 API_EXPORT(char *) ap_pvsprintf(struct pool *, const char *fmt, va_list); 178 179 /* array and alist management... keeping lists of things. 180 * Common enough to want common support code ... 181 */ 182 183 typedef struct { 184 ap_pool *pool; 185 int elt_size; 186 int nelts; 187 int nalloc; 188 char *elts; 189 } array_header; 190 191 API_EXPORT(array_header *) ap_make_array(pool *p, int nelts, int elt_size); 192 API_EXPORT(void *) ap_push_array(array_header *); 193 API_EXPORT(void) ap_array_cat(array_header *dst, const array_header *src); 194 API_EXPORT(array_header *) ap_append_arrays(pool *, const array_header *, 195 const array_header *); 196 197 /* ap_array_pstrcat generates a new string from the pool containing 198 * the concatenated sequence of substrings referenced as elements within 199 * the array. The string will be empty if all substrings are empty or null, 200 * or if there are no elements in the array. 201 * If sep is non-NUL, it will be inserted between elements as a separator. 202 */ 203 API_EXPORT(char *) ap_array_pstrcat(pool *p, const array_header *arr, 204 const char sep); 205 206 /* copy_array copies the *entire* array. copy_array_hdr just copies 207 * the header, and arranges for the elements to be copied if (and only 208 * if) the code subsequently does a push or arraycat. 209 */ 210 211 API_EXPORT(array_header *) ap_copy_array(pool *p, const array_header *src); 212 API_EXPORT(array_header *) ap_copy_array_hdr(pool *p, const array_header *src); 213 214 215 /* Tables. Implemented alist style, for now, though we try to keep 216 * it so that imposing a hash table structure on top in the future 217 * wouldn't be *too* hard... 218 * 219 * Note that key comparisons for these are case-insensitive, largely 220 * because that's what's appropriate and convenient everywhere they're 221 * currently being used... 222 */ 223 224 typedef struct table table; 225 226 typedef struct { 227 char *key; /* maybe NULL in future; 228 * check when iterating thru table_elts 229 */ 230 char *val; 231 } table_entry; 232 233 API_EXPORT(table *) ap_make_table(pool *p, int nelts); 234 API_EXPORT(table *) ap_copy_table(pool *p, const table *); 235 API_EXPORT(void) ap_clear_table(table *); 236 API_EXPORT(const char *) ap_table_get(const table *, const char *); 237 API_EXPORT(void) ap_table_set(table *, const char *name, const char *val); 238 API_EXPORT(void) ap_table_setn(table *, const char *name, const char *val); 239 API_EXPORT(void) ap_table_merge(table *, const char *name, 240 const char *more_val); 241 API_EXPORT(void) ap_table_mergen(table *, const char *name, 242 const char *more_val); 243 API_EXPORT(void) ap_table_unset(table *, const char *key); 244 API_EXPORT(void) ap_table_add(table *, const char *name, const char *val); 245 API_EXPORT(void) ap_table_addn(table *, const char *name, const char *val); 246 API_EXPORT_NONSTD(void) ap_table_do(int (*comp) (void *, const char *, 247 const char *), void *rec, const table *t,...); 248 249 API_EXPORT(table *) ap_overlay_tables(pool *p, const table *overlay, 250 const table *base); 251 252 /* Conceptually, ap_overlap_tables does this: 253 254 array_header *barr = ap_table_elts(b); 255 table_entry *belt = (table_entry *)barr->elts; 256 int i; 257 258 for (i = 0; i < barr->nelts; ++i) { 259 if (flags & AP_OVERLAP_TABLES_MERGE) { 260 ap_table_mergen(a, belt[i].key, belt[i].val); 261 } 262 else { 263 ap_table_setn(a, belt[i].key, belt[i].val); 264 } 265 } 266 267 Except that it is more efficient (less space and cpu-time) especially 268 when b has many elements. 269 270 Notice the assumptions on the keys and values in b -- they must be 271 in an ancestor of a's pool. In practice b and a are usually from 272 the same pool. 273 */ 274 #define AP_OVERLAP_TABLES_SET (0) 275 #define AP_OVERLAP_TABLES_MERGE (1) 276 API_EXPORT(void) ap_overlap_tables(table *a, const table *b, unsigned flags); 277 278 /* XXX: these know about the definition of struct table in alloc.c. That 279 * definition is not here because it is supposed to be private, and by not 280 * placing it here we are able to get compile-time diagnostics from modules 281 * written which assume that a table is the same as an array_header. -djg 282 */ 283 #define ap_table_elts(t) ((array_header *)(t)) 284 #define ap_is_empty_table(t) \ 285 (((t) == NULL)||(((array_header *)(t))->nelts == 0)) 286 287 /* routines to remember allocation of other sorts of things... 288 * generic interface first. Note that we want to have two separate 289 * cleanup functions in the general case, one for exec() preparation, 290 * to keep CGI scripts and the like from inheriting access to things 291 * they shouldn't be able to touch, and one for actually cleaning up, 292 * when the actual server process wants to get rid of the thing, 293 * whatever it is. 294 * 295 * kill_cleanup disarms a cleanup, presumably because the resource in 296 * question has been closed, freed, or whatever, and it's scarce 297 * enough to want to reclaim (e.g., descriptors). It arranges for the 298 * resource not to be cleaned up a second time (it might have been 299 * reallocated). run_cleanup does the same, but runs it first. 300 * 301 * Cleanups are identified for purposes of finding & running them off by the 302 * plain_cleanup and data, which should presumably be unique. 303 * 304 * NB any code which invokes register_cleanup or kill_cleanup directly 305 * is a critical section which should be guarded by block_alarms() and 306 * unblock_alarms() below... 307 * 308 * ap_register_cleanup_ex provided to allow for an optional "cleanup" 309 * to be run at call-time for things like setting CLOSEXEC flags 310 * on fd's or whatever else may make sense. 311 */ 312 313 API_EXPORT(void) ap_register_cleanup(pool *p, void *data, 314 void (*plain_cleanup) (void *), void (*child_cleanup) (void *)); 315 API_EXPORT(void) ap_register_cleanup_ex(pool *p, void *data, 316 void (*plain_cleanup) (void *), void (*child_cleanup) (void *), 317 int (*magic_cleanup) (void *)); 318 319 API_EXPORT(void) ap_kill_cleanup(pool *p, void *data, 320 void (*plain_cleanup) (void *)); 321 API_EXPORT(void) ap_run_cleanup(pool *p, void *data, 322 void (*cleanup) (void *)); 323 324 /* A "do-nothing" cleanup, for register_cleanup; it's faster to do 325 * things this way than to test for NULL. */ 326 API_EXPORT_NONSTD(void) ap_null_cleanup(void *data); 327 328 /* The time between when a resource is actually allocated, and when it 329 * its cleanup is registered is a critical section, during which the 330 * resource could leak if we got interrupted or timed out. So, anything 331 * which registers cleanups should bracket resource allocation and the 332 * cleanup registry with these. (This is done internally by run_cleanup). 333 * 334 * NB they are actually implemented in http_main.c, since they are bound 335 * up with timeout handling in general... 336 */ 337 338 API_EXPORT(void) ap_block_alarms(void); 339 API_EXPORT(void) ap_unblock_alarms(void); 340 341 /* Common cases which want utility support.. 342 * the note_cleanups_for_foo routines are for 343 */ 344 345 API_EXPORT(FILE *) ap_pfopen(struct pool *, const char *name, 346 const char *fmode); 347 API_EXPORT(FILE *) ap_pfdopen(struct pool *, int fd, 348 const char *fmode); 349 API_EXPORT(int) ap_popenf(struct pool *, const char *name, int flg, int mode); 350 API_EXPORT(int) ap_popenf_ex(struct pool *, const char *name, int flg, int mode, 351 int domagic); 352 353 API_EXPORT(void) ap_note_cleanups_for_file(pool *, FILE *); 354 API_EXPORT(void) ap_note_cleanups_for_file_ex(pool *, FILE *, int); 355 API_EXPORT(void) ap_note_cleanups_for_fd(pool *, int); 356 API_EXPORT(void) ap_note_cleanups_for_fd_ex(pool *, int, int); 357 API_EXPORT(void) ap_kill_cleanups_for_fd(pool *p, int fd); 358 359 API_EXPORT(void) ap_note_cleanups_for_socket(pool *, int); 360 API_EXPORT(void) ap_note_cleanups_for_socket_ex(pool *, int, int); 361 API_EXPORT(void) ap_kill_cleanups_for_socket(pool *p, int sock); 362 API_EXPORT(int) ap_psocket(pool *p, int, int, int); 363 API_EXPORT(int) ap_psocket_ex(pool *p, int, int, int, int); 364 API_EXPORT(int) ap_pclosesocket(pool *a, int sock); 365 366 API_EXPORT(regex_t *) ap_pregcomp(pool *p, const char *pattern, int cflags); 367 API_EXPORT(void) ap_pregfree(pool *p, regex_t * reg); 368 369 /* routines to note closes... file descriptors are constrained enough 370 * on some systems that we want to support this. 371 */ 372 373 API_EXPORT(int) ap_pfclose(struct pool *, FILE *); 374 API_EXPORT(int) ap_pclosef(struct pool *, int fd); 375 376 /* routines to deal with directories */ 377 API_EXPORT(DIR *) ap_popendir(pool *p, const char *name); 378 API_EXPORT(void) ap_pclosedir(pool *p, DIR * d); 379 380 /* ... even child processes (which we may want to wait for, 381 * or to kill outright, on unexpected termination). 382 * 383 * ap_spawn_child is a utility routine which handles an awful lot of 384 * the rigamarole associated with spawning a child --- it arranges 385 * for pipes to the child's stdin and stdout, if desired (if not, 386 * set the associated args to NULL). It takes as args a function 387 * to call in the child, and an argument to be passed to the function. 388 */ 389 390 enum kill_conditions { 391 kill_never, /* process is never sent any signals */ 392 kill_always, /* process is sent SIGKILL on pool cleanup */ 393 kill_after_timeout, /* SIGTERM, wait 3 seconds, SIGKILL */ 394 just_wait, /* wait forever for the process to complete */ 395 kill_only_once /* send SIGTERM and then wait */ 396 }; 397 398 typedef struct child_info child_info; 399 API_EXPORT(void) ap_note_subprocess(pool *a, pid_t pid, 400 enum kill_conditions how); 401 API_EXPORT(int) ap_spawn_child(pool *, int (*)(void *, child_info *), 402 void *, enum kill_conditions, FILE **pipe_in, FILE **pipe_out, 403 FILE **pipe_err); 404 int ap_close_fd_on_exec(int fd); 405 406 /* magic numbers --- min free bytes to consider a free pool block useable, 407 * and the min amount to allocate if we have to go to malloc() */ 408 409 #ifndef BLOCK_MINFREE 410 #define BLOCK_MINFREE 4096 411 #endif 412 #ifndef BLOCK_MINALLOC 413 #define BLOCK_MINALLOC 8192 414 #endif 415 416 /* Finally, some accounting */ 417 418 API_EXPORT(long) ap_bytes_in_pool(pool *p); 419 API_EXPORT(long) ap_bytes_in_free_blocks(void); 420 421 #ifdef __cplusplus 422 } 423 #endif 424 425 #endif /* !APACHE_ALLOC_H */ 426