Fix a race condition in RosAlloc.
Fix a race condition in RosAlloc between RosAlloc::BulkFree() and
RosAlloc::RevokeThreadLocalRuns() with regard to bulk_free_bit_map.
Change-Id: I128917d5bdfe2dab604174ca4cbe228282578b8a
Signed-off-by: Serguei Katkov <serguei.i.katkov@intel.com>
Bug: 12592026
diff --git a/runtime/gc/allocator/rosalloc.cc b/runtime/gc/allocator/rosalloc.cc
index 8ae61a3..6c9e6f2 100644
--- a/runtime/gc/allocator/rosalloc.cc
+++ b/runtime/gc/allocator/rosalloc.cc
@@ -904,7 +904,7 @@
uint32_t from_vec = *from_vecp;
if (from_vec != 0) {
*to_vecp |= from_vec;
- *from_vecp = 0; // clear the from free bit map.
+ *from_vecp = 0; // clear the bulk free bit map.
}
DCHECK_EQ(*from_vecp, static_cast<uint32_t>(0));
}
@@ -1468,6 +1468,8 @@
void RosAlloc::RevokeThreadLocalRuns(Thread* thread) {
Thread* self = Thread::Current();
+ // Avoid race conditions on the bulk free bit maps with BulkFree() (GC).
+ WriterMutexLock wmu(self, bulk_free_lock_);
for (size_t idx = 0; idx < kNumOfSizeBrackets; idx++) {
MutexLock mu(self, *size_bracket_locks_[idx]);
Run* thread_local_run = reinterpret_cast<Run*>(thread->rosalloc_runs_[idx]);