From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <nsz@sourceware.org>
Received: by sourceware.org (Postfix, from userid 1944)
	id 96FD5385020D; Wed, 12 Oct 2022 14:18:42 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 96FD5385020D
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1665584322;
	bh=93rLzDBGejX266BYxnJbt5aleiZ9L5vYkmdlzV1Lkps=;
	h=From:To:Subject:Date:From;
	b=Sj3LUyfqqiunN2V2djedU5iF5URMfdo8RI7C6XKmq52WOM7y9qdyt2/g6x9Qi4VFo
	 yxcZoA5rVmESOtbybz+saN1y4AjqDGfP7SMFWX9C3Kype/ufHWw4KfOR2YVd20Snz4
	 7ZPNiTKVSkRpn/eRH6DS7fc0HwaohlU0/M0oGor8=
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Szabolcs Nagy <nsz@sourceware.org>
To: glibc-cvs@sourceware.org
Subject: [glibc/arm/morello/main] malloc: Don't use __libc_free for tcache
 cleanup
X-Act-Checkin: glibc
X-Git-Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
X-Git-Refname: refs/heads/arm/morello/main
X-Git-Oldrev: c0a839639b6a9baeaafe5dad8f7739e6176a2c62
X-Git-Newrev: 3d959e4b0e6e746203bfa22992d7749ff31f58be
Message-Id: <20221012141842.96FD5385020D@sourceware.org>
Date: Wed, 12 Oct 2022 14:18:42 +0000 (GMT)
List-Id: <glibc-cvs.sourceware.org>

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3d959e4b0e6e746203bfa22992d7749ff31f58be

commit 3d959e4b0e6e746203bfa22992d7749ff31f58be
Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date:   Mon Oct 3 11:58:09 2022 +0100

    malloc: Don't use __libc_free for tcache cleanup
    
    __libc_free must only be used for memory given out by __libc_malloc
    and similar public apis, but tcache stores a cache of already freed
    pointers and itself is allocated using internal malloc apis.  Strong
    double free detection in __libc_free breaks tcache_thread_shutdown,
    so use a cut down version of free to reset tcache entries.

Diff:
---
 malloc/malloc.c | 33 +++++++++++++++++++++++++++++++--
 1 file changed, 31 insertions(+), 2 deletions(-)

diff --git a/malloc/malloc.c b/malloc/malloc.c
index 02df29d2ad..56d6116102 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -3197,6 +3197,35 @@ tcache_get (size_t tc_idx)
   return (void *) e;
 }
 
+/* Cut down __libc_free for cleaning up tcache entries.  */
+static void
+tcache_libc_free (void *mem)
+{
+  int err = errno;
+  mchunkptr p = mem2chunk(mem);
+  if (chunk_is_mmapped (p))
+    {
+      /* See if the dynamic brk/mmap threshold needs adjusting.
+	 Dumped fake mmapped chunks do not affect the threshold.  */
+      if (!mp_.no_dyn_threshold
+          && chunksize_nomask (p) > mp_.mmap_threshold
+          && chunksize_nomask (p) <= DEFAULT_MMAP_THRESHOLD_MAX)
+        {
+          mp_.mmap_threshold = chunksize (p);
+          mp_.trim_threshold = 2 * mp_.mmap_threshold;
+          LIBC_PROBE (memory_mallopt_free_dyn_thresholds, 2,
+                      mp_.mmap_threshold, mp_.trim_threshold);
+        }
+      munmap_chunk (p);
+    }
+  else
+    {
+      mstate ar_ptr = arena_for_chunk (p);
+      _int_free (ar_ptr, p, 0);
+    }
+  __set_errno (err);
+}
+
 static void
 tcache_thread_shutdown (void)
 {
@@ -3222,11 +3251,11 @@ tcache_thread_shutdown (void)
 	    malloc_printerr ("tcache_thread_shutdown(): "
 			     "unaligned tcache chunk detected");
 	  tcache_tmp->entries[i] = REVEAL_PTR (e->next);
-	  __libc_free (e);
+	  tcache_libc_free (e);
 	}
     }
 
-  __libc_free (tcache_tmp);
+  tcache_libc_free (tcache_tmp);
 }
 
 static void