tomoaki/hakmem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix potential freelist corruption in unified_cache_refill (Class 0) and improve TLS SLL logging/safety

Browse Source
This commit is contained in:
Moe Charm (CI)
2025-12-03 12:43:02 +09:00
parent c91602f181
commit b5be708b6a
3 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
core/box/tiny_front_config_box.h
View File

@ -130,7 +130,9 @@ static inline int tiny_front_is_pgo_build(void) {
// Get effective configuration (for diagnostics)
static inline void tiny_front_config_report(void) {
#if !HAKMEM_BUILD_RELEASE
#if 0 // !HAKMEM_BUILD_RELEASE
// Disabled to avoid circular dependency / implicit declaration issues
// re-enable when include order is fixed
fprintf(stderr, "[TINY_FRONT_CONFIG]\n");
fprintf(stderr, " PGO Build: %d\n", HAKMEM_TINY_FRONT_PGO);
fprintf(stderr, " Ultra SLIM: %d\n", TINY_FRONT_ULTRA_SLIM_ENABLED);

4
core/box/tls_sll_box.h
View File

@ -538,8 +538,8 @@ static inline bool tls_sll_pop_impl(int class_idx, hak_base_ptr_t* out, const ch
uint64_t cnt = atomic_fetch_add_explicit(&g_tls_sll_invalid_head[class_idx], 1, memory_order_relaxed);
static __thread uint8_t s_log_limit[TINY_NUM_CLASSES] = {0};
if (s_log_limit[class_idx] < 4) {
fprintf(stderr, "[TLS_SLL_POP_INVALID] cls=%d head=%p dropped count=%llu\n",
class_idx, raw_base, (unsigned long long)cnt + 1);
fprintf(stderr, "[TLS_SLL_POP_INVALID] cls=%d head=%p (val=%llx) dropped count=%llu\n",
class_idx, raw_base, (unsigned long long)base_addr, (unsigned long long)cnt + 1);
s_log_limit[class_idx]++;
}
// Help triage: show last successful push base for this thread/class

10
core/front/tiny_unified_cache.c
View File

@ -337,18 +337,18 @@ void* unified_cache_refill(int class_idx) {
if (m->freelist) {
// Freelist pop
void* p = m->freelist;
void* next_node = tiny_next_read(class_idx, p);
// ROOT CAUSE FIX: Write header BEFORE tiny_next_read()
// Without this, compiler can reorder header write after out[] assignment
// causing SEGVAULT in release builds (unified_cache_refill+0x46f)
// ROOT CAUSE FIX: Write header BEFORE exposing block (but AFTER reading next)
// For Class 0 (offset 0), next overlaps header, so we must read next first.
#if HAKMEM_TINY_HEADER_CLASSIDX
*(uint8_t*)p = (uint8_t)(0xa0 | (class_idx & 0x0f));
// Prevent compiler from reordering operations
// Prevent compiler from reordering header write after out[] assignment
__atomic_thread_fence(__ATOMIC_RELEASE);
#endif
m->freelist = tiny_next_read(class_idx, p);
m->freelist = next_node;
unified_refill_validate_base(class_idx, tls, m, p,
"unified_refill_freelist");