romenskiy2012/jemalloc
1
0
Fork 0
mirror of https://github.com/jemalloc/jemalloc.git synced 2026-04-17 08:01:49 +03:00
Code Issues Projects Releases Packages Wiki Activity
jemalloc/include/jemalloc/internal
History
LD-RW 65a7d19928 bin: enforce bin->lock ownership in bin_slab_reg_alloc() 
bitmap_set() performs a plain (non-atomic) read-modify-write on every
level of the bitmap tree:

    g  = *gp;            /* READ                              */
    g ^= ZU(1) << bit;  /* MODIFY — thread-local copy        */
    *gp = g;             /* WRITE BACK — no barrier, no CAS  */

Two threads that reach bitmap_sfu() -> bitmap_set() concurrently on the
same slab bitmap — even for different bits that share a group word —
will clobber each other's write.  The clobbered bit still looks free on
the next allocation; bitmap_sfu() selects it again; the second call to
bitmap_set() aborts on:

    assert(!bitmap_get(bitmap, binfo, bit));   /* bitmap.h:220 */

or, once tree propagation begins for a newly-full group:

    assert(g & (ZU(1) << (bit & BITMAP_GROUP_NBITS_MASK)));  /* bitmap.h:237 */

Either assert calls abort() and produces the coredump reported in
issues #2875 and #2772.

The immediate callers (bin_malloc_with_fresh_slab,
bin_malloc_no_fresh_slab) already assert lock ownership, but
bin_slab_reg_alloc() itself had no such check, making it easy for new
call sites to silently bypass the requirement.

Fix:
- Thread tsdn_t *tsdn and bin_t *bin through bin_slab_reg_alloc() and
  call malloc_mutex_assert_owner() as the first statement.
- Update both internal callers (bin_malloc_with_fresh_slab,
  bin_malloc_no_fresh_slab) to pass the context they already hold.
- Document the locking contract in bin.h and the thread-safety
  constraint in bitmap.h directly above bitmap_set().

Note: bin_slab_reg_alloc_batch() is left unchanged because it has one
legitimate unlocked caller (arena_fill_small_fresh) which operates on
freshly allocated slabs that are not yet visible to any other thread.
Its locking contract is now documented in bin.h.

Fixes #2875
2026-04-10 20:45:51 +03:00
..
arena_externs.h Move bin functions from arena.c to bin.c 2026-03-10 18:14:33 -07:00
arena_inlines_a.h Make headers self-contained by fixing #includes 2023-07-14 09:06:32 -07:00
arena_inlines_b.h Move bin inline functions from arena_inlines_b.h to bin_inlines.h 2026-03-10 18:14:33 -07:00
arena_stats.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
arena_structs.h Revert PR #2608: Manually revert commits 70c94d..f9c0b5 2026-03-10 18:14:33 -07:00
arena_types.h move fill/flush pointer array out of tcache.c 2026-03-10 18:14:33 -07:00
assert.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
atomic.h [process_madvise] Make init lazy so that python tests pass. Reset the pidfd on fork 2026-03-10 18:14:33 -07:00
atomic_c11.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
atomic_gcc_atomic.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
atomic_gcc_sync.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
atomic_msvc.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
background_thread_externs.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
background_thread_inlines.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
background_thread_structs.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
base.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
bin.h bin: enforce bin->lock ownership in bin_slab_reg_alloc() 2026-04-10 20:45:51 +03:00
bin_info.h Revert PR #2608: Manually revert commits 70c94d..f9c0b5 2026-03-10 18:14:33 -07:00
bin_inlines.h Move bin inline functions from arena_inlines_b.h to bin_inlines.h 2026-03-10 18:14:33 -07:00
bin_stats.h Revert PR #2608: Manually revert commits 70c94d..f9c0b5 2026-03-10 18:14:33 -07:00
bin_types.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
bit_util.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
bitmap.h bin: enforce bin->lock ownership in bin_slab_reg_alloc() 2026-04-10 20:45:51 +03:00
buf_writer.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
cache_bin.h move fill/flush pointer array out of tcache.c 2026-03-10 18:14:33 -07:00
ckh.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
conf.h Fix conf_handle_char_p zero-sized dest and remove unused conf_handle_unsigned 2026-04-01 23:15:19 -04:00
counter.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
ctl.h [SEC] Make SEC owned by hpa_shard, simplify the code, add stats, lock per bin 2026-03-10 18:14:33 -07:00
decay.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
div.h Make headers self-contained by fixing #includes 2023-07-14 09:06:32 -07:00
ecache.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
edata.h [EASY] Spelling in the comments 2026-03-10 18:14:33 -07:00
edata_cache.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
ehooks.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
emap.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
emitter.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
eset.h Make headers self-contained by fixing #includes 2023-07-14 09:06:32 -07:00
exp_grow.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
extent.h Remove dead code: extent_commit_wrapper, large_salloc, tcache_gc_dalloc event waits 2026-04-01 17:48:19 -04:00
extent_dss.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
extent_mmap.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
fb.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
fxp.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
hash.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
hook.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
hpa.h [SEC] Make SEC owned by hpa_shard, simplify the code, add stats, lock per bin 2026-03-10 18:14:33 -07:00
hpa_central.h [EASY] Extract hpa_central component from hpa source file 2026-03-10 18:14:33 -07:00
hpa_hooks.h Revert "Do not dehugify when purging" 2026-03-10 18:14:33 -07:00
hpa_opts.h [HPA] Add ability to start page as huge and more flexibility for purging 2026-03-10 18:14:33 -07:00
hpa_utils.h [EASY] Encapsulate better, do not pass hpa_shard when hooks are enough, move shard independent actions to hpa_utils 2026-03-10 18:14:33 -07:00
hpdata.h improve hpdata_assert_consistent() 2026-03-26 10:39:23 -07:00
inspect.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
jemalloc_internal_decls.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
jemalloc_internal_defs.h.in Revert "Experimental configuration option for fast path prefetch from cache_bin" 2026-03-10 18:14:33 -07:00
jemalloc_internal_externs.h Separate out the configuration code from initialization 2026-03-10 18:14:33 -07:00
jemalloc_internal_includes.h fix some typos 2022-04-25 11:29:00 -07:00
jemalloc_internal_inlines_a.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
jemalloc_internal_inlines_b.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
jemalloc_internal_inlines_c.h Revert "Experimental configuration option for fast path prefetch from cache_bin" 2026-03-10 18:14:33 -07:00
jemalloc_internal_macros.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
jemalloc_internal_overrides.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
jemalloc_internal_types.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
jemalloc_preamble.h.in Remove build-time configuration 'config_limit_usize_gap' 2025-05-06 14:47:35 -07:00
jemalloc_probe.h Add experimental support for usdt systemtap probes 2026-03-10 18:14:33 -07:00
jemalloc_probe_custom.h Add experimental support for usdt systemtap probes 2026-03-10 18:14:33 -07:00
jemalloc_probe_stap.h Add experimental support for usdt systemtap probes 2026-03-10 18:14:33 -07:00
large_externs.h Remove dead code: extent_commit_wrapper, large_salloc, tcache_gc_dalloc event waits 2026-04-01 17:48:19 -04:00
lockedint.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
log.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
malloc_io.h Define malloc_{write,read}_fd as non-inline global functions 2026-03-10 18:14:33 -07:00
mpsc_queue.h Turn clang-format off for codes with multi-line commands in macros 2025-05-28 19:22:21 -07:00
mutex.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
mutex_prof.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
nstime.h [HPA] Add ability to start page as huge and more flexibility for purging 2026-03-10 18:14:33 -07:00
pa.h [SEC] Make SEC owned by hpa_shard, simplify the code, add stats, lock per bin 2026-03-10 18:14:33 -07:00
pac.h [EASY][BUGFIX] Spelling and format 2026-03-10 18:14:33 -07:00
pages.h Refactor init_system_thp_mode and print it in malloc stats. 2026-03-10 18:14:33 -07:00
pai.h [SEC] Make SEC owned by hpa_shard, simplify the code, add stats, lock per bin 2026-03-10 18:14:33 -07:00
peak.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
peak_event.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
ph.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
private_namespace.sh Automatically generate private symbol name mangling macros. 2017-05-11 23:06:54 -07:00
private_symbols.sh Automatically generate private symbol name mangling macros. 2017-05-11 23:06:54 -07:00
prng.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
prof_data.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
prof_externs.h Remove prof_threshold built-in event. It is trivial to implement it as user event if needed 2026-03-10 18:14:33 -07:00
prof_hook.h Remove prof_threshold built-in event. It is trivial to implement it as user event if needed 2026-03-10 18:14:33 -07:00
prof_inlines.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
prof_log.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
prof_recent.h Make headers self-contained by fixing #includes 2023-07-14 09:06:32 -07:00
prof_stats.h Make headers self-contained by fixing #includes 2023-07-14 09:06:32 -07:00
prof_structs.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
prof_sys.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
prof_types.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
psset.h [HPA] Add ability to start page as huge and more flexibility for purging 2026-03-10 18:14:33 -07:00
public_namespace.sh Replace tabs following #define with spaces. 2017-01-20 21:45:53 -08:00
public_unnamespace.sh Fix name mangling for stress tests. 2014-01-16 17:38:01 -08:00
ql.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
qr.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
quantum.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
rb.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
rtree.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
rtree_tsd.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
safety_check.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
san.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
san_bump.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
sc.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
sec.h [SEC] Make SEC owned by hpa_shard, simplify the code, add stats, lock per bin 2026-03-10 18:14:33 -07:00
sec_opts.h [SEC] Make SEC owned by hpa_shard, simplify the code, add stats, lock per bin 2026-03-10 18:14:33 -07:00
seq.h Turn clang-format off for codes with multi-line commands in macros 2025-05-28 19:22:21 -07:00
slab_data.h Make headers self-contained by fixing #includes 2023-07-14 09:06:32 -07:00
smoothstep.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
smoothstep.sh Cleanup smoothstep.sh / .h. 2017-05-25 16:52:10 -07:00
spin.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
stats.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
sz.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
tcache_externs.h Handle tcache init failures gracefully 2026-03-10 18:14:33 -07:00
tcache_inlines.h Fix large alloc nrequests under-counting on cache misses 2026-04-01 23:15:19 -04:00
tcache_structs.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
tcache_types.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
test_hooks.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
thread_event.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
thread_event_registry.h Remove prof_threshold built-in event. It is trivial to implement it as user event if needed 2026-03-10 18:14:33 -07:00
ticker.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
tsd.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
tsd_generic.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
tsd_internals.h Remove experimental.thread.activity_callback 2026-04-01 16:23:41 -07:00
tsd_malloc_thread_cleanup.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
tsd_tls.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
tsd_types.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
tsd_win.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
typed_list.h Reformat the codebase with the clang-format 18. 2026-03-10 18:14:33 -07:00
util.h Fix missing negation in large_ralloc_no_move usize_min fallback 2026-04-01 23:15:19 -04:00
witness.h [SEC] Make SEC owned by hpa_shard, simplify the code, add stats, lock per bin 2026-03-10 18:14:33 -07:00