tomoaki/hakmem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: Restore headers in box_carve_and_push_with_freelist()

Browse Source 
Root cause identified by Task exploration agent:
- box_carve_and_push_with_freelist() pops blocks from slab
  freelist without restoring headers before pushing to TLS SLL
- Freelist blocks have stale data at offset 0
- When popped from TLS SLL, header validation fails
- Error: [TLS_SLL_HDR_RESET] cls=1 got=0x00 expect=0xa1

Fix applied:
1. Added HEADER_MAGIC restoration before tls_sll_push()
   in box_carve_and_push_with_freelist() (carve_push_box.c:193-198)
2. Added tiny_region_id.h include for HEADER_MAGIC definition

Results:
- 20 threads: Header corruption ELIMINATED ✓
- 4 threads: Still shows 1 corruption (partial fix)
- Suggests multiple freelist pop paths exist

Additional work needed:
- Check hakmem_tiny_alloc_new.inc freelist pops
- Verify all freelist → TLS SLL paths write headers

Reference:
Same pattern as tiny_superslab_alloc.inc.h:159-169 (correct impl)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Moe Charm (CI)
2025-11-29 05:44:13 +09:00
parent d5645ec42d
commit 3c6c76cb11
2 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
core/box/carve_push_box.c
View File

@ -7,6 +7,7 @@
#include "../hakmem_tiny_config.h" // TINY_NUM_CLASSES
#include "../hakmem_tiny_superslab.h" // ss_active_add(), SuperSlab
#include "../hakmem_tiny_integrity.h" // HAK_CHECK_CLASS_IDX
#include "../tiny_region_id.h" // HEADER_MAGIC, HEADER_CLASS_MASK
#include "carve_push_box.h"
#include "capacity_box.h" // box_cap_has_room()
#include "tls_sll_box.h" // tls_sll_push()
@ -190,6 +191,13 @@ uint32_t box_carve_and_push_with_freelist(int class_idx, uint32_t want) {
meta->freelist = tiny_next_read(class_idx, p);
meta->used++;
// CRITICAL FIX: Restore header BEFORE pushing to TLS SLL
// Freelist blocks may have stale data at offset 0
// (same fix as in tiny_superslab_alloc.inc.h:159-169)
#if HAKMEM_TINY_HEADER_CLASSIDX
*(uint8_t*)p = HEADER_MAGIC | (class_idx & HEADER_CLASS_MASK);
#endif
if (!tls_sll_push(class_idx, p, sll_cap)) {
// Rollback
tiny_next_write(class_idx, p, meta->freelist);