cheri: malloc: Set fixed mmap_threshold for capability narrowing

Capability narrowing requires extra alignment for large allocations,
this can cause significant heap fragmentation so ensure large
allocations use a single mmap and unmaped on free. The fragmentation
is bug 14581.

This patch disables dynamic mmap threshold when cap_narrowing is
enabled and uses a threshold of 256 kbytes on morello (which means
at most 64 byte alignment requirement on the heap). The dynamic
threshold could quickly grow very big and stay there making the
fragmentation issue common.

2 files changed, 11 insertions, 1 deletions

diff --git a/malloc/arena.c b/malloc/arena.c
index c63cb70f74..05df8c1510 100644
--- a/malloc/arena.c
+++ b/malloc/arena.c
@@ -331,7 +331,13 @@ ptmalloc_init (void)
   if (TUNABLE_GET_FULL (glibc, mem, cap_narrowing, int32_t, NULL) == 0)
     cap_narrowing_enabled = false;
   else
-    cap_narrowing_enabled = true;
+    {
+      cap_narrowing_enabled = true;
+# ifdef __CAP_MMAP_THRESHOLD
+      /* Default mmap threshold to avoid heap fragmentation.  */
+      do_set_mmap_threshold (__CAP_MMAP_THRESHOLD);
+# endif
+    }
 #endif
   cap_init ();
 
diff --git a/sysdeps/aarch64/morello/libc-cap.h b/sysdeps/aarch64/morello/libc-cap.h
index 3549a6db6d..9e6f66aa22 100644
--- a/sysdeps/aarch64/morello/libc-cap.h
+++ b/sysdeps/aarch64/morello/libc-cap.h
@@ -285,6 +285,10 @@ __libc_cap_map_del (void *p)
    allocations, i.e. __libc_cap_align (n) <= MALLOC_ALIGNMENT.  */
 #define __CAP_ALIGN_THRESHOLD 32759
 
+/* Set the mmap_threshold to this value when narrowing is enabled
+   to avoid heap fragmentation due to alignment requirements.  */
+#define __CAP_MMAP_THRESHOLD 262144
+
 /* Round up the allocation size so the allocated pointer bounds
    can be represented.  Note: this may be called before any
    checks on n, so it should work with all possible n values.  */