tomoaki/hakmem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix potential freelist corruption in unified_cache_refill (Class 0) and improve TLS SLL logging/safety

Browse Source
This commit is contained in:
Moe Charm (CI)
2025-12-03 12:43:02 +09:00
parent c91602f181
commit b5be708b6a
3 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
core/front/tiny_unified_cache.c
View File

@ -337,18 +337,18 @@ void* unified_cache_refill(int class_idx) {
if (m->freelist) {
// Freelist pop
void* p = m->freelist;
void* next_node = tiny_next_read(class_idx, p);
// ROOT CAUSE FIX: Write header BEFORE tiny_next_read()
// Without this, compiler can reorder header write after out[] assignment
// causing SEGVAULT in release builds (unified_cache_refill+0x46f)
// ROOT CAUSE FIX: Write header BEFORE exposing block (but AFTER reading next)
// For Class 0 (offset 0), next overlaps header, so we must read next first.
#if HAKMEM_TINY_HEADER_CLASSIDX
*(uint8_t*)p = (uint8_t)(0xa0 | (class_idx & 0x0f));
// Prevent compiler from reordering operations
// Prevent compiler from reordering header write after out[] assignment
__atomic_thread_fence(__ATOMIC_RELEASE);
#endif
m->freelist = tiny_next_read(class_idx, p);
m->freelist = next_node;
unified_refill_validate_base(class_idx, tls, m, p,
"unified_refill_freelist");