From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <nsz@sourceware.org>
Received: by sourceware.org (Postfix, from userid 1944)
	id 173E73851524; Thu, 27 Oct 2022 14:00:30 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 173E73851524
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1666879230;
	bh=XdyydJOufM3ObiX8T3sl64T1f6OW1hkS5CqOgPgXPqE=;
	h=From:To:Subject:Date:From;
	b=wAlLwlBcQTfHvC7BhoAp4zZS5XxY6gyg6fwG6yZI9LA9z8EUtAMlTnhpWePEVlL1l
	 bA2x2gI1Qb34ZtSDsyu+kaEnhDezoaRyurQy1NYR37GjfmObUuPVniei9u6HQQZmku
	 J3wmYRFxU0HNgADLOQJUerJ09vV+R6PKg5WGJPug=
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Szabolcs Nagy <nsz@sourceware.org>
To: glibc-cvs@sourceware.org
Subject: [glibc/arm/morello/main] malloc: Don't use __libc_free for tcache
 cleanup
X-Act-Checkin: glibc
X-Git-Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
X-Git-Refname: refs/heads/arm/morello/main
X-Git-Oldrev: 86affaf7e9121e580abd27e5d423163e75e405c9
X-Git-Newrev: 131a8501116b1e9f0ac71aeeb513094be5f99b99
Message-Id: <20221027140030.173E73851524@sourceware.org>
Date: Thu, 27 Oct 2022 14:00:30 +0000 (GMT)
List-Id: <glibc-cvs.sourceware.org>

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=131a8501116b1e9f0ac71aeeb513094be5f99b99

commit 131a8501116b1e9f0ac71aeeb513094be5f99b99
Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date:   Mon Oct 3 11:58:09 2022 +0100

    malloc: Don't use __libc_free for tcache cleanup
    
    __libc_free must only be used for memory given out by __libc_malloc
    and similar public apis, but tcache stores a cache of already freed
    pointers and itself is allocated using internal malloc apis.  Strong
    double free detection in __libc_free breaks tcache_thread_shutdown,
    so use a cut down version of free to reset tcache entries.

Diff:
---
 malloc/malloc.c | 33 +++++++++++++++++++++++++++++++--
 1 file changed, 31 insertions(+), 2 deletions(-)

diff --git a/malloc/malloc.c b/malloc/malloc.c
index 701adbebca..7ada0e5ae0 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -3205,6 +3205,35 @@ tcache_get (size_t tc_idx)
   return (void *) e;
 }
 
+/* Cut down __libc_free for cleaning up tcache entries.  */
+static void
+tcache_libc_free (void *mem)
+{
+  int err = errno;
+  mchunkptr p = mem2chunk(mem);
+  if (chunk_is_mmapped (p))
+    {
+      /* See if the dynamic brk/mmap threshold needs adjusting.
+	 Dumped fake mmapped chunks do not affect the threshold.  */
+      if (!mp_.no_dyn_threshold
+          && chunksize_nomask (p) > mp_.mmap_threshold
+          && chunksize_nomask (p) <= DEFAULT_MMAP_THRESHOLD_MAX)
+        {
+          mp_.mmap_threshold = chunksize (p);
+          mp_.trim_threshold = 2 * mp_.mmap_threshold;
+          LIBC_PROBE (memory_mallopt_free_dyn_thresholds, 2,
+                      mp_.mmap_threshold, mp_.trim_threshold);
+        }
+      munmap_chunk (p);
+    }
+  else
+    {
+      mstate ar_ptr = arena_for_chunk (p);
+      _int_free (ar_ptr, p, 0);
+    }
+  __set_errno (err);
+}
+
 static void
 tcache_thread_shutdown (void)
 {
@@ -3230,11 +3259,11 @@ tcache_thread_shutdown (void)
 	    malloc_printerr ("tcache_thread_shutdown(): "
 			     "unaligned tcache chunk detected");
 	  tcache_tmp->entries[i] = REVEAL_PTR (e->next);
-	  __libc_free (e);
+	  tcache_libc_free (e);
 	}
     }
 
-  __libc_free (tcache_tmp);
+  tcache_libc_free (tcache_tmp);
 }
 
 static void