From 24b79264df82974fd7efb27f6d822a59f4cf42ba Mon Sep 17 00:00:00 2001
From: Nathaniel Wesley Filardo <nfilardo@microsoft.com>
Date: Sun, 12 Nov 2023 00:06:41 +0000
Subject: [PATCH] remotealloc: can_dequeue needs both domesticators

If we're running with the freelist_backward_edge mitigation turned on, then
we're going to follow the pointer, not just de-obfuscate it (in freelist's
atomic_read_next), so even if the queue heads are tame, we still need to
do this domestication.
---
 src/snmalloc/mem/corealloc.h       | 28 +++++++++++++++++-----------
 src/snmalloc/mem/remoteallocator.h |  7 ++++---
 2 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/src/snmalloc/mem/corealloc.h b/src/snmalloc/mem/corealloc.h
index 61fe5805c..e164f5921 100644
--- a/src/snmalloc/mem/corealloc.h
+++ b/src/snmalloc/mem/corealloc.h
@@ -450,19 +450,25 @@ namespace snmalloc
      */
     SNMALLOC_FAST_PATH bool has_messages()
     {
-      auto domesticate = [local_state = backend_state_ptr()](
-                           freelist::QueuePtr p) SNMALLOC_FAST_PATH_LAMBDA {
-        if constexpr (Config::Options.QueueHeadsAreTame)
-        {
-          return freelist::HeadPtr::unsafe_from(p.unsafe_ptr());
-        }
-        else
-        {
+      auto local_state = backend_state_ptr();
+      auto domesticate_head =
+        [local_state](freelist::QueuePtr p) SNMALLOC_FAST_PATH_LAMBDA {
+          if constexpr (Config::Options.QueueHeadsAreTame)
+          {
+            UNUSED(local_state);
+            return freelist::HeadPtr::unsafe_from(p.unsafe_ptr());
+          }
+          else
+          {
+            return capptr_domesticate<Config>(local_state, p);
+          }
+        };
+      auto domesticate_queue =
+        [local_state](freelist::QueuePtr p) SNMALLOC_FAST_PATH_LAMBDA {
           return capptr_domesticate<Config>(local_state, p);
-        }
-      };
+        };
 
-      return message_queue().can_dequeue(domesticate);
+      return message_queue().can_dequeue(domesticate_head, domesticate_queue);
     }
 
     /**
diff --git a/src/snmalloc/mem/remoteallocator.h b/src/snmalloc/mem/remoteallocator.h
index e3c45bc10..f441d1aeb 100644
--- a/src/snmalloc/mem/remoteallocator.h
+++ b/src/snmalloc/mem/remoteallocator.h
@@ -87,11 +87,12 @@ namespace snmalloc
       return fnt;
     }
 
-    template<typename Domesticator_head>
-    inline bool can_dequeue(Domesticator_head domesticate_head)
+    template<typename Domesticator_head, typename Domesticator_queue>
+    inline bool can_dequeue(
+      Domesticator_head domesticate_head, Domesticator_queue domesticate_queue)
     {
       return domesticate_head(front.load())
-               ->atomic_read_next(key_global, domesticate_head) != nullptr;
+               ->atomic_read_next(key_global, domesticate_queue) != nullptr;
     }
 
     /**