From 39f58755a7c2c5c12c9b732c17fe472c9872ab4b Mon Sep 17 00:00:00 2001
From: Jason Evans <jasone@canonware.com>
Date: Sat, 27 Feb 2016 21:18:15 -0800
Subject: [PATCH] Fix a potential tsd cleanup leak.

Prior to 767d85061a6fb88ec977bbcd9b429a43aff391e6 (Refactor arenas array
(fixes deadlock).), it was possible under some circumstances for
arena_get() to trigger recreation of the arenas cache during tsd
cleanup, and the arenas cache would then be leaked.  In principle a
similar issue could still occur as a side effect of decay-based purging,
which calls arena_tdata_get().  Fix arenas_tdata_cleanup() by setting
tsd->arenas_tdata_bypass to true, so that arena_tdata_get() will
gracefully fail (an expected behavior) rather than recreating
tsd->arena_tdata.

Reported by Christopher Ferris <cferris@google.com>.
---
 src/jemalloc.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/jemalloc.c b/src/jemalloc.c
index c8841783..0735376e 100644
--- a/src/jemalloc.c
+++ b/src/jemalloc.c
@@ -652,6 +652,9 @@ arenas_tdata_cleanup(tsd_t *tsd)
 {
 	arena_tdata_t *arenas_tdata;
 
+	/* Prevent tsd->arenas_tdata from being (re)created. */
+	*tsd_arenas_tdata_bypassp_get(tsd) = true;
+
 	arenas_tdata = tsd_arenas_tdata_get(tsd);
 	if (arenas_tdata != NULL) {
 		tsd_arenas_tdata_set(tsd, NULL);