diff options
| author | Wilco Dijkstra <wdijkstr@arm.com> | 2019-05-10 16:38:21 +0100 |
|---|---|---|
| committer | Wilco Dijkstra <wdijkstr@arm.com> | 2019-05-22 15:41:24 +0100 |
| commit | ac92c66821fae2ae6587114acc454f97a6bc7859 (patch) | |
| tree | 0a6c4a683a39efeeb03970404e70bc65de387222 | |
| parent | 4385ec1d8af4203b23dce8c9dc2f1aff5acaf094 (diff) | |
| download | glibc-ac92c66821fae2ae6587114acc454f97a6bc7859.tar.gz glibc-ac92c66821fae2ae6587114acc454f97a6bc7859.tar.xz glibc-ac92c66821fae2ae6587114acc454f97a6bc7859.zip | |
Fix tcache count maximum (BZ #24531)
The tcache counts[] array is a char, which has a very small range and thus may overflow. When setting tcache_count tunable, there is no overflow check. However the tunable must not be larger than the maximum value of the tcache counts[] array, otherwise it can overflow when filling the tcache. [BZ #24531] * malloc/malloc.c (MAX_TCACHE_COUNT): New define. (do_set_tcache_count): Only update if count is small enough. * manual/tunables.texi (glibc.malloc.tcache_count): Document max value. (cherry picked from commit 5ad533e8e65092be962e414e0417112c65d154fb)
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | malloc/malloc.c | 9 | ||||
| -rw-r--r-- | manual/tunables.texi | 4 |
3 files changed, 16 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog index 78924ef13e..fff671fd43 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2019-05-22 Wilco Dijkstra <wdijkstr@arm.com> + + [BZ #24531] + * malloc/malloc.c (MAX_TCACHE_COUNT): New define. + (do_set_tcache_count): Only update if count is small enough. + * manual/tunables.texi (glibc.malloc.tcache_count): Document max value. + 2019-05-15 Andreas Schwab <schwab@suse.de> [BZ #20568] diff --git a/malloc/malloc.c b/malloc/malloc.c index 49e8ed69c2..9896230b21 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -2924,6 +2924,8 @@ typedef struct tcache_perthread_struct tcache_entry *entries[TCACHE_MAX_BINS]; } tcache_perthread_struct; +#define MAX_TCACHE_COUNT 127 /* Maximum value of counts[] entries. */ + static __thread bool tcache_shutting_down = false; static __thread tcache_perthread_struct *tcache = NULL; @@ -5097,8 +5099,11 @@ static inline int __always_inline do_set_tcache_count (size_t value) { - LIBC_PROBE (memory_tunable_tcache_count, 2, value, mp_.tcache_count); - mp_.tcache_count = value; + if (value <= MAX_TCACHE_COUNT) + { + LIBC_PROBE (memory_tunable_tcache_count, 2, value, mp_.tcache_count); + mp_.tcache_count = value; + } return 1; } diff --git a/manual/tunables.texi b/manual/tunables.texi index b09e3fe791..a23c8d076a 100644 --- a/manual/tunables.texi +++ b/manual/tunables.texi @@ -187,8 +187,8 @@ per-thread cache. The default (and maximum) value is 1032 bytes on @deftp Tunable glibc.malloc.tcache_count The maximum number of chunks of each size to cache. The default is 7. -There is no upper limit, other than available system memory. If set -to zero, the per-thread cache is effectively disabled. +The upper limit is 127. If set to zero, the per-thread cache is effectively +disabled. The approximate maximum overhead of the per-thread cache is thus equal to the number of bins times the chunk count in each bin times the size |