[glibc/arm/morello/main] malloc: Don't use __libc_free for tcache cleanup

Szabolcs Nagy nsz@sourceware.org
Thu Oct 27 14:00:30 GMT 2022 

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=131a8501116b1e9f0ac71aeeb513094be5f99b99

commit 131a8501116b1e9f0ac71aeeb513094be5f99b99
Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date:   Mon Oct 3 11:58:09 2022 +0100

    malloc: Don't use __libc_free for tcache cleanup
    
    __libc_free must only be used for memory given out by __libc_malloc
    and similar public apis, but tcache stores a cache of already freed
    pointers and itself is allocated using internal malloc apis.  Strong
    double free detection in __libc_free breaks tcache_thread_shutdown,
    so use a cut down version of free to reset tcache entries.

Diff:
---
 malloc/malloc.c | 33 +++++++++++++++++++++++++++++++--
 1 file changed, 31 insertions(+), 2 deletions(-)

diff --git a/malloc/malloc.c b/malloc/malloc.c
index 701adbebca..7ada0e5ae0 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -3205,6 +3205,35 @@ tcache_get (size_t tc_idx)
   return (void *) e;
 }
 
+/* Cut down __libc_free for cleaning up tcache entries.  */
+static void
+tcache_libc_free (void *mem)
+{
+  int err = errno;
+  mchunkptr p = mem2chunk(mem);
+  if (chunk_is_mmapped (p))
+    {
+      /* See if the dynamic brk/mmap threshold needs adjusting.
+	 Dumped fake mmapped chunks do not affect the threshold.  */
+      if (!mp_.no_dyn_threshold
+          && chunksize_nomask (p) > mp_.mmap_threshold
+          && chunksize_nomask (p) <= DEFAULT_MMAP_THRESHOLD_MAX)
+        {
+          mp_.mmap_threshold = chunksize (p);
+          mp_.trim_threshold = 2 * mp_.mmap_threshold;
+          LIBC_PROBE (memory_mallopt_free_dyn_thresholds, 2,
+                      mp_.mmap_threshold, mp_.trim_threshold);
+        }
+      munmap_chunk (p);
+    }
+  else
+    {
+      mstate ar_ptr = arena_for_chunk (p);
+      _int_free (ar_ptr, p, 0);
+    }
+  __set_errno (err);
+}
+
 static void
 tcache_thread_shutdown (void)
 {
@@ -3230,11 +3259,11 @@ tcache_thread_shutdown (void)
 	    malloc_printerr ("tcache_thread_shutdown(): "
 			     "unaligned tcache chunk detected");
 	  tcache_tmp->entries[i] = REVEAL_PTR (e->next);
-	  __libc_free (e);
+	  tcache_libc_free (e);
 	}
     }
 
-  __libc_free (tcache_tmp);
+  tcache_libc_free (tcache_tmp);
 }
 
 static void

More information about the Glibc-cvs mailing list