optee应用程序中malloc函数的原理介绍
生活随笔
收集整理的這篇文章主要介紹了
optee应用程序中malloc函数的原理介绍
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
文章目錄
- 1、TA的反匯編文件
- 2、TA中的堆的定義
- 3、malloc
★★★ 友情鏈接 : 個人博客導讀首頁—點擊此處 ★★★
TA(trust application)是optee種的應用程序,也就是userspace
1、TA的反匯編文件
內核棧定義在nozi段
architecture: aarch64, flags 0x00000150: HAS_SYMS, DYNAMIC, D_PAGED start address 0x0000000000000020Program Header:LOAD off 0x0000000000010000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**16filesz 0x000000000000777c memsz 0x000000000000777c flags r-xLOAD off 0x0000000000017780 vaddr 0x0000000000007780 paddr 0x0000000000007780 align 2**16filesz 0x0000000000001c34 memsz 0x0000000000001c34 flags r--LOAD off 0x000000000001a000 vaddr 0x000000000000a000 paddr 0x000000000000a000 align 2**16filesz 0x0000000000001cfc memsz 0x000000000000c740 flags rw-DYNAMIC off 0x0000000000019040 vaddr 0x0000000000009040 paddr 0x0000000000009040 align 2**3filesz 0x00000000000000f0 memsz 0x00000000000000f0 flags rw-Dynamic Section:HASH 0x0000000000009360STRTAB 0x00000000000092b0SYMTAB 0x0000000000009130STRSZ 0x00000000000000acSYMENT 0x0000000000000018DEBUG 0x0000000000000000RELA 0x0000000000008d38RELASZ 0x00000000000002a0RELAENT 0x0000000000000018RELACOUNT 0x0000000000000013 private flags = 0:Sections: Idx Name Size VMA LMA File off Algn0 .ta_head 00000020 0000000000000000 0000000000000000 00010000 2**3CONTENTS, ALLOC, LOAD, DATA1 .text 0000775c 0000000000000020 0000000000000020 00010020 2**2CONTENTS, ALLOC, LOAD, READONLY, CODE2 .rodata 000015b4 0000000000007780 0000000000007780 00017780 2**3CONTENTS, ALLOC, LOAD, READONLY, DATA3 .dynsym 00000180 0000000000009130 0000000000009130 00019130 2**3CONTENTS, ALLOC, LOAD, READONLY, DATA4 .rela.dyn 000001c8 0000000000008d38 0000000000008d38 00018d38 2**3CONTENTS, ALLOC, LOAD, READONLY, DATA5 .got 00000068 0000000000008f00 0000000000008f00 00018f00 2**3CONTENTS, ALLOC, LOAD, DATA6 .rela.got 000000d8 0000000000008f68 0000000000008f68 00018f68 2**3CONTENTS, ALLOC, LOAD, READONLY, DATA7 .dynamic 000000f0 0000000000009040 0000000000009040 00019040 2**3CONTENTS, ALLOC, LOAD, DATA8 .dynstr 000000ac 00000000000092b0 00000000000092b0 000192b0 2**0CONTENTS, ALLOC, LOAD, READONLY, DATA9 .hash 00000054 0000000000009360 0000000000009360 00019360 2**3CONTENTS, ALLOC, LOAD, READONLY, DATA10 .data 00001cfc 000000000000a000 000000000000a000 0001a000 2**3CONTENTS, ALLOC, LOAD, DATA11 .bss 0000aa40 000000000000bd00 000000000000bd00 0001bcfc 2**3ALLOC12 .debug_info 000103be 0000000000000000 0000000000000000 0001bcfc 2**0CONTENTS, READONLY, DEBUGGING13 .debug_abbrev 00003fbb 0000000000000000 0000000000000000 0002c0ba 2**0CONTENTS, READONLY, DEBUGGING14 .debug_loc 00015e83 0000000000000000 0000000000000000 00030075 2**0CONTENTS, READONLY, DEBUGGING15 .debug_aranges 00000b70 0000000000000000 0000000000000000 00045f00 2**4CONTENTS, READONLY, DEBUGGING16 .debug_ranges 00000ea0 0000000000000000 0000000000000000 00046a70 2**4CONTENTS, READONLY, DEBUGGING17 .debug_line 00003bde 0000000000000000 0000000000000000 00047910 2**0CONTENTS, READONLY, DEBUGGING18 .debug_str 0000267d 0000000000000000 0000000000000000 0004b4ee 2**0CONTENTS, READONLY, DEBUGGING19 .comment 0000003c 0000000000000000 0000000000000000 0004db6b 2**0CONTENTS, READONLY20 .debug_frame 00002220 0000000000000000 0000000000000000 0004dba8 2**3CONTENTS, READONLY, DEBUGGING2、TA中的堆的定義
堆空間ta_heap是一個全局數組,全局數組都是分配在bss段的,所以堆ta_heap就是在編譯時,分配到bss段種的一塊數組
/* Keeping the heap in bss */ uint8_t ta_heap[TA_DATA_SIZE]; const size_t ta_heap_size = sizeof(ta_heap);堆和棧的大小,都是在User_ta_header_defines.h文件種定義的:
#define TA_STACK_SIZE (2 * 1024) #define TA_DATA_SIZE (4 * 1024 * 1024 + 32 * 1024)在系統加載TA時init_instance()函數中,將堆空間加入到malloc_poolset鏈表(內存池)
static TEE_Result init_instance(void) {trace_set_level(tahead_get_trace_level());__utee_gprof_init();malloc_add_pool(ta_heap, ta_heap_size);_TEE_MathAPI_Init();return TA_CreateEntryPoint(); } void malloc_add_pool(void *buf, size_t len) {void *p;size_t l;uint32_t exceptions;uintptr_t start = (uintptr_t)buf;uintptr_t end = start + len;const size_t min_len = ((sizeof(struct malloc_pool) + (SizeQuant - 1)) &(~(SizeQuant - 1))) +sizeof(struct bhead) * 2;start = ROUNDUP(start, SizeQuant);end = ROUNDDOWN(end, SizeQuant);assert(start < end);if ((end - start) < min_len) {DMSG("Skipping too small pool");return;}exceptions = malloc_lock();tag_asan_free((void *)start, end - start);bpool((void *)start, end - start, &malloc_poolset);l = malloc_pool_len + 1;p = realloc_unlocked(malloc_pool, sizeof(struct malloc_pool) * l);assert(p);malloc_pool = p;malloc_pool[malloc_pool_len].buf = (void *)start;malloc_pool[malloc_pool_len].len = end - start; #ifdef BufStatsmstats.size += malloc_pool[malloc_pool_len].len; #endifmalloc_pool_len = l;malloc_unlock(exceptions); }3、malloc
應用程序調用malloc,其實就是在調用mdbg_malloc,從malloc_poolset鏈表(內存池)分配內存
#define malloc(size) mdbg_malloc(__FILE__, __LINE__, (size)) #define calloc(nmemb, size) \mdbg_calloc(__FILE__, __LINE__, (nmemb), (size))void *mdbg_malloc(const char *fname, int lineno, size_t size) {struct mdbg_hdr *hdr;uint32_t exceptions = malloc_lock();/** Check struct mdbg_hdr doesn't get bad alignment.* This is required by C standard: the buffer returned from* malloc() should be aligned with a fundamental alignment.* For ARM32, the required alignment is 8. For ARM64, it is 16.*/COMPILE_TIME_ASSERT((sizeof(struct mdbg_hdr) % (__alignof(uintptr_t) * 2)) == 0);hdr = raw_malloc(sizeof(struct mdbg_hdr),mdbg_get_ftr_size(size), size, &malloc_poolset);if (hdr) {mdbg_update_hdr(hdr, fname, lineno, size);hdr++;}malloc_unlock(exceptions);return hdr; }總結
以上是生活随笔為你收集整理的optee应用程序中malloc函数的原理介绍的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: optee内核中malloc函数的原理介
- 下一篇: [architecture]-ARMV8