tomoaki/hakmem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Box TLS-SLL + free boundary hardening: normalize C0–C6 to base (ptr-1) at free boundary; route all caches/freelists via base; replace remaining g_tls_sll_head direct writes with Box API (tls_sll_push/splice) in refill/magazine/ultra; keep C7 excluded. Fixes rbp=0xa0 free crash by preventing header overwrite and centralizing TLS-SLL invariants.

Browse Source
This commit is contained in:
Moe Charm (CI)
2025-11-10 16:48:20 +09:00
parent 1b6624dec4
commit b09ba4d40d
26 changed files with 1079 additions and 354 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
core/hakmem_tiny_refill_p0.inc.h
View File

@ -43,16 +43,13 @@ static inline int p0_should_log(void) {
}
static inline int sll_refill_batch_from_ss(int class_idx, int max_take) {
// Conservative guard: class7(1KB) uses legacy path by default until fully stabilized.
// Opt-in via HAKMEM_TINY_P0_C7_ENABLE=1
// CRITICAL: C7 (1KB) is headerless - incompatible with TLS SLL refill
// Reason: TLS SLL stores next pointer in first 8 bytes (user data for C7)
// Solution: Skip refill for C7, force slow path allocation
if (__builtin_expect(class_idx == 7, 0)) {
static int c7_en = -1;
if (c7_en == -1) {
const char* e = getenv("HAKMEM_TINY_P0_C7_ENABLE");
c7_en = (e && *e && *e != '0') ? 1 : 0;
}
if (!c7_en) return 0;
return 0; // C7 uses slow path exclusively
}
// Runtime A/B kill switch (defensive). Set HAKMEM_TINY_P0_DISABLE=1 to bypass P0 path.
do {
static int g_p0_disable = -1;