This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: libc/malloc malloc.c hooks.c arena.c

From: Petr Baudis <pasky at suse dot cz>
To: drepper at sourceware dot org
Cc: libc-alpha at sourceware dot org
Date: Mon, 8 Jun 2009 17:54:29 +0200
Subject: Re: libc/malloc malloc.c hooks.c arena.c
References: <20090313235210.8239.qmail@sourceware.org>

Hi!

On Fri, Mar 13, 2009 at 11:52:10PM -0000, drepper@sourceware.org wrote:
> CVSROOT:	/cvs/glibc
> Module name:	libc
> Changes by:	drepper@sourceware.org	2009-03-13 23:52:10
> 
> Modified files:
> 	malloc         : malloc.c hooks.c arena.c 
> 
> Log message:
> 	Implement PER_THREAD and ATOMIC_FASTBINS features.
> 
> Patches:
> http://sourceware.org/cgi-bin/cvsweb.cgi/libc/malloc/malloc.c.diff?cvsroot=glibc&r1=1.194&r2=1.195
> http://sourceware.org/cgi-bin/cvsweb.cgi/libc/malloc/hooks.c.diff?cvsroot=glibc&r1=1.25&r2=1.26
> http://sourceware.org/cgi-bin/cvsweb.cgi/libc/malloc/arena.c.diff?cvsroot=glibc&r1=1.31&r2=1.32
> 
> ===================================================================
> RCS file: /cvs/glibc/libc/malloc/hooks.c,v
> retrieving revision 1.25
> retrieving revision 1.26
> diff -u -r1.25 -r1.26
> --- libc/malloc/hooks.c	2009/02/07 22:49:24	1.25
> +++ libc/malloc/hooks.c	2009/03/13 23:52:10	1.26
> @@ -275,17 +275,13 @@
>    mchunkptr p;
>  
>    if(!mem) return;
> -  (void)mutex_lock(&main_arena.mutex);
>    p = mem2chunk_check(mem, NULL);
>    if(!p) {
> -    (void)mutex_unlock(&main_arena.mutex);
> -
>      malloc_printerr(check_action, "free(): invalid pointer", mem);
>      return;
>    }
>  #if HAVE_MMAP
>    if (chunk_is_mmapped(p)) {
> -    (void)mutex_unlock(&main_arena.mutex);
>      munmap_chunk(p);
>      return;
>    }
> @@ -293,8 +289,13 @@
>  #if 0 /* Erase freed memory. */
>    memset(mem, 0, chunksize(p) - (SIZE_SZ+1));
>  #endif
> +#ifdef ATOMIC_FASTBINS
> +  _int_free(&main_arena, p, 0);
> +#else
> +  (void)mutex_lock(&main_arena.mutex);
>    _int_free(&main_arena, p);
>    (void)mutex_unlock(&main_arena.mutex);
> +#endif
>  }
>  
>  static Void_t*

In multi-threaded programs, we are seeing a lot of free() aborts with
MALLOC_CHECK_ turned on (our default settings) with glibc-2.10 on
openSUSE:Factory.

I think this locking change is the cause. In realloc_check(), the mutex
is explicitly taken when calling mem2chunk_check(), and mem2chunk_check
appears to be accessing other parts of the arena which I guess is unsafe
without the mutex.

Shouldn't the mutex be held during mem2chunk_check()?

-- 
				Petr "Pasky" Baudis
The lyf so short, the craft so long to lerne. -- Chaucer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]