diff options
| author | Michael Pratt <mpratt@google.com> | 2025-06-27 17:21:20 -0400 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2025-06-30 11:45:37 -0700 |
| commit | 740857f529ce4074c7f9aa1d6f38db8c4a00246c (patch) | |
| tree | 41369128a296fc41d400785111a2cd36bcebb980 /src/encoding | |
| parent | 9ae38be3025fa71ec2967111e0a184f886876cb1 (diff) | |
| download | go-740857f529ce4074c7f9aa1d6f38db8c4a00246c.tar.xz | |
runtime: stash allpSnapshot on the M
findRunnable takes a snapshot of allp prior to dropping the P because
afterwards procresize may mutate allp without synchronization.
procresize is careful to never mutate the contents up to cap(allp), so
findRunnable can still safely access the Ps in the slice.
Unfortunately, growing allp is problematic. If procresize grows the allp
backing array, it drops the reference to the old array. allpSnapshot
still refers to the old array, but allpSnapshot is on the system stack
in findRunnable, which also likely no longer has a P at all.
This means that a future GC will not find the reference and can free the
array and use it for another allocation. This would corrupt later reads
that findRunnable does from the array.
The fix is simple: the M struct itself is reachable by the GC, so we can
stash the snapshot in the M to ensure it is visible to the GC.
The ugliest part of the CL is the cleanup when we are done with the
snapshot because there are so many return/goto top sites. I am tempted
to put mp.clearAllpSnapshot() in the caller and at top to make this less
error prone, at the expensive of extra unnecessary writes.
Fixes #74414.
Change-Id: I6a6a636c484e4f4b34794fd07910b3fffeca830b
Reviewed-on: https://go-review.googlesource.com/c/go/+/684460
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Michael Pratt <mpratt@google.com>
Diffstat (limited to 'src/encoding')
0 files changed, 0 insertions, 0 deletions