From 23528282b771d1af3df0fa17f1e909ad3b663f59 Mon Sep 17 00:00:00 2001 From: Freeman Wang Date: Sat, 19 Dec 2009 13:43:00 -0800 Subject: malloc: fix race condition and other bugs in the no-mmu malloc Fixes multiple race conditions on mmb list. This was done by making the mmb_heap_lock into a recursive lock and making the regular heap_lock extend to cover the mmb heap handling. Also move the new_mmb allocation up to before the mmb list is iterated through to find the insertion point. When the mmb_heap also runs out and needs to be extended when the regular heap is just extended, the mmb list could be messed up. Signed-off-by: Freeman Wang Signed-off-by: Austin Foxley --- libc/stdlib/malloc/free.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'libc/stdlib/malloc/free.c') diff --git a/libc/stdlib/malloc/free.c b/libc/stdlib/malloc/free.c index c17e7ec2a..e7b6a290a 100644 --- a/libc/stdlib/malloc/free.c +++ b/libc/stdlib/malloc/free.c @@ -177,14 +177,14 @@ __free_to_heap (void *mem, struct heap_free_area **heap /* Start searching again from the end of this block. */ start = mmb_end; + /* Release the descriptor block we used. */ + free_to_heap (mmb, &__malloc_mmb_heap, &__malloc_mmb_heap_lock); + /* We have to unlock the heap before we recurse to free the mmb descriptor, because we might be unmapping from the mmb heap. */ __heap_unlock (heap_lock); - /* Release the descriptor block we used. */ - free_to_heap (mmb, &__malloc_mmb_heap, &__malloc_mmb_heap_lock); - /* Do the actual munmap. */ munmap ((void *)mmb_start, mmb_end - mmb_start); -- cgit v1.2.3