diff options
| author | Marcin Wojtas <mw@FreeBSD.org> | 2020-12-18 10:09:21 +0000 |
|---|---|---|
| committer | Marcin Wojtas <mw@FreeBSD.org> | 2020-12-18 10:09:21 +0000 |
| commit | b62ae61446ee19ab524fea4a066f585cbd7aa727 (patch) | |
| tree | b059bd73a15f3a0f704bc34dccb3afc47dd2c405 /contrib | |
| parent | 150367e9aa1c1fee46f81bcf7b30ab879a1bfa6e (diff) | |
| download | src-b62ae61446ee19ab524fea4a066f585cbd7aa727.tar.gz src-b62ae61446ee19ab524fea4a066f585cbd7aa727.zip | |
Fix abort in jemalloc extent coalescing.
Fix error in extent_try_coalesce_impl(), which could cause abort
to happen when trying to coalesce extents backwards. The error could
happen because of how extent_before_get() function works. This function
gets address of previous extent, by subtracting page size from current
extent address. If current extent is located at PAGE_SIZE offset, this
address resolved to 0x0000. An assertion in rtree_leaf_elm_lookup
then caused the running program to abort.
This problem was discovered when trying to build world on 32-bit
machines with ASLR and PIE enabled. The problem was encountered
on armv7 and i386 machines, but most likely other 32-bit
architectures are affected as well.
While this patch fixes one problem with buildworld on 32-bit platforms
with ASLR, the build still fails, however it happens much later
and due to lack of memory.
The change is aligned with accepted fix in the upstream Jemalloc
repository (https://github.com/jemalloc/jemalloc/pull/1973).
As it doesn't apply on top of Jemalloc tree, its updated version
was eventually merged: https://github.com/jemalloc/jemalloc/pull/2003
PR: 249937
Submitted by: Dawid Gorecki <dgr@semihalf.com>
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D27025
Notes
Notes:
svn path=/head/; revision=368756
Diffstat (limited to 'contrib')
| -rw-r--r-- | contrib/jemalloc/src/extent.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/contrib/jemalloc/src/extent.c b/contrib/jemalloc/src/extent.c index 9237f903dc3d..b4ef382676be 100644 --- a/contrib/jemalloc/src/extent.c +++ b/contrib/jemalloc/src/extent.c @@ -1641,8 +1641,11 @@ extent_try_coalesce_impl(tsdn_t *tsdn, arena_t *arena, } /* Try to coalesce backward. */ - extent_t *prev = extent_lock_from_addr(tsdn, rtree_ctx, - extent_before_get(extent), inactive_only); + extent_t *prev = NULL; + if (extent_before_get(extent) != NULL) { + prev = extent_lock_from_addr(tsdn, rtree_ctx, + extent_before_get(extent), inactive_only); + } if (prev != NULL) { bool can_coalesce = extent_can_coalesce(arena, extents, extent, prev); |