tomoaki/hakmem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Box TLS-SLL + free boundary hardening: normalize C0–C6 to base (ptr-1) at free boundary; route all caches/freelists via base; replace remaining g_tls_sll_head direct writes with Box API (tls_sll_push/splice) in refill/magazine/ultra; keep C7 excluded. Fixes rbp=0xa0 free crash by preventing header overwrite and centralizing TLS-SLL invariants.

Browse Source
This commit is contained in:
Moe Charm (CI)
2025-11-10 16:48:20 +09:00
parent 1b6624dec4
commit b09ba4d40d
26 changed files with 1079 additions and 354 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
core/hakmem_tiny_ultra_front.inc.h
View File

@ -6,6 +6,8 @@
// - __thread void* g_tls_sll_head[]; __thread uint32_t g_tls_sll_count[];
// - tiny_mag_init_if_needed(), g_tls_mags[]
#include "box/tls_sll_box.h" // Box TLS-SLL API
static inline void ultra_init_if_needed(int class_idx) {
if (!g_ultra_simple || class_idx < 0) return;
// nothing to do; zero-initialized
@ -34,10 +36,8 @@ static inline int ultra_refill_small(int class_idx) {
int took = 0;
if (g_tls_sll_enable) {
while (room > 0) {
void* h = g_tls_sll_head[class_idx];
if (!h) break;
g_tls_sll_head[class_idx] = *(void**)h;
if (g_tls_sll_count[class_idx] > 0) g_tls_sll_count[class_idx]--;
void* h = NULL;
if (!tls_sll_pop(class_idx, &h)) break;
uf->slots[uf->top++] = h; room--; took++;
}
}