Date: Fri, 18 Dec 2020 10:09:21 +0000 (UTC) From: Marcin Wojtas <mw@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r368756 - head/contrib/jemalloc/src Message-ID: <202012181009.0BIA9LvF012741@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mw Date: Fri Dec 18 10:09:21 2020 New Revision: 368756 URL: https://svnweb.freebsd.org/changeset/base/368756 Log: Fix abort in jemalloc extent coalescing. Fix error in extent_try_coalesce_impl(), which could cause abort to happen when trying to coalesce extents backwards. The error could happen because of how extent_before_get() function works. This function gets address of previous extent, by subtracting page size from current extent address. If current extent is located at PAGE_SIZE offset, this address resolved to 0x0000. An assertion in rtree_leaf_elm_lookup then caused the running program to abort. This problem was discovered when trying to build world on 32-bit machines with ASLR and PIE enabled. The problem was encountered on armv7 and i386 machines, but most likely other 32-bit architectures are affected as well. While this patch fixes one problem with buildworld on 32-bit platforms with ASLR, the build still fails, however it happens much later and due to lack of memory. The change is aligned with accepted fix in the upstream Jemalloc repository (https://github.com/jemalloc/jemalloc/pull/1973). As it doesn't apply on top of Jemalloc tree, its updated version was eventually merged: https://github.com/jemalloc/jemalloc/pull/2003 PR: 249937 Submitted by: Dawid Gorecki <dgr@semihalf.com> Obtained from: Semihalf Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D27025 Modified: head/contrib/jemalloc/src/extent.c Modified: head/contrib/jemalloc/src/extent.c ============================================================================== --- head/contrib/jemalloc/src/extent.c Fri Dec 18 10:08:11 2020 (r368755) +++ head/contrib/jemalloc/src/extent.c Fri Dec 18 10:09:21 2020 (r368756) @@ -1641,8 +1641,11 @@ extent_try_coalesce_impl(tsdn_t *tsdn, arena_t *arena, } /* Try to coalesce backward. */ - extent_t *prev = extent_lock_from_addr(tsdn, rtree_ctx, - extent_before_get(extent), inactive_only); + extent_t *prev = NULL; + if (extent_before_get(extent) != NULL) { + prev = extent_lock_from_addr(tsdn, rtree_ctx, + extent_before_get(extent), inactive_only); + } if (prev != NULL) { bool can_coalesce = extent_can_coalesce(arena, extents, extent, prev);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202012181009.0BIA9LvF012741>