tomoaki/hakmem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Box TLS-SLL + free boundary hardening: normalize C0–C6 to base (ptr-1) at free boundary; route all caches/freelists via base; replace remaining g_tls_sll_head direct writes with Box API (tls_sll_push/splice) in refill/magazine/ultra; keep C7 excluded. Fixes rbp=0xa0 free crash by preventing header overwrite and centralizing TLS-SLL invariants.

Browse Source
This commit is contained in:
Moe Charm (CI)
2025-11-10 16:48:20 +09:00
parent 1b6624dec4
commit b09ba4d40d
26 changed files with 1079 additions and 354 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
core/hakmem_tiny_metadata.inc
View File

@ -24,6 +24,8 @@
#ifndef HAKMEM_TINY_METADATA_INC
#define HAKMEM_TINY_METADATA_INC
#include "box/tls_sll_box.h" // Box TLS-SLL API
// ============================================================================
// Phase 6-1.6: Universal Allocation Header
// ============================================================================
@ -86,12 +88,8 @@ void* hak_tiny_alloc_metadata(size_t size) {
// 2. Ultra-fast path: Pop from existing TLS SLL
// NOTE: We allocate 8 bytes EXTRA for header
// The SLL stores pointers to HEADERS, not user pointers
void* hdr_ptr = g_tls_sll_head[class_idx];
if (__builtin_expect(hdr_ptr != NULL, 1)) {
// Pop from SLL
g_tls_sll_head[class_idx] = *(void**)hdr_ptr;
if (g_tls_sll_count[class_idx] > 0) g_tls_sll_count[class_idx]--;
void* hdr_ptr = NULL;
if (tls_sll_pop(class_idx, &hdr_ptr)) {
// Initialize header
struct hak_alloc_hdr* hdr = (struct hak_alloc_hdr*)hdr_ptr;
hdr->pool_type = HAK_POOL_TYPE_TINY;
@ -115,11 +113,7 @@ void* hak_tiny_alloc_metadata(size_t size) {
#else
if (sll_refill_small_from_ss(class_idx, refill_count) > 0) {
#endif
hdr_ptr = g_tls_sll_head[class_idx];
if (hdr_ptr) {
g_tls_sll_head[class_idx] = *(void**)hdr_ptr;
if (g_tls_sll_count[class_idx] > 0) g_tls_sll_count[class_idx]--;
if (tls_sll_pop(class_idx, &hdr_ptr)) {
struct hak_alloc_hdr* hdr = (struct hak_alloc_hdr*)hdr_ptr;
hdr->pool_type = HAK_POOL_TYPE_TINY;
hdr->size_class = class_idx;
@ -220,9 +214,12 @@ void hak_tiny_free_metadata(void* user_ptr) {
}
// Push HEADER pointer to SLL (not user pointer!)
*(void**)hdr = g_tls_sll_head[class_idx];
g_tls_sll_head[class_idx] = hdr;
g_tls_sll_count[class_idx]++;
// Use Box TLS-SLL API (C7-safe)
if (!tls_sll_push(class_idx, hdr, UINT32_MAX)) {
// C7 rejected or capacity exceeded - use slow path
hak_free_at(user_ptr, 0, 0);
return;
}
// Done! No owner lookup, no registry, no locks!
}