This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
compiler-rt/lib/scudo/standalone/
-
lib/
-
scudo/
-
standalone/
1/1
secondary.h
-
tests/
-
secondary_test.cpp

Differential D74072

[scudo][standalone] Fix a race in the secondary release
ClosedPublic

Authored by cryptoad on Feb 5 2020, 9:59 AM.

Download Raw Diff

Details

Reviewers

cferris
pcc
eugenis
hctim
morehouse

Commits

rGa9d5f8989d83: [scudo][standalone] Fix a race in the secondary release

Summary

I tried to move the madvise calls outside of one of the secondary
mutexes, but this backfired. There is situation when a low release
interval is set combined with secondary pressure that leads to a race:
a thread can get a block from the cache, while another thread is
madvise'ing that block, resulting in a null header.

I changed the secondary race test so that this situation would be
triggered, and moved the release into the cache mutex scope.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

cryptoad created this revision.Feb 5 2020, 9:59 AM

Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptFeb 5 2020, 9:59 AM

Herald added subscribers: Restricted Project, jfb. · View Herald Transcript

cryptoad marked an inline comment as done.Feb 5 2020, 10:00 AM

cryptoad added inline comments.

compiler-rt/lib/scudo/standalone/secondary.h
100	And I forgot to say that the `Data` field was not copied. In practice this didn't matter since only Fuchsia is using it and it doesn't support caching.

Unit tests: pass. 62503 tests passed, 0 failed and 844 were skipped.

clang-tidy: pass.

clang-format: fail. Please format your changes with clang-format by running git-clang-format HEAD^ or applying this patch.

Build artifacts: clang-tidy.txt, clang-format.patch, CMakeCache.txt, console-log.txt, test-results.xml

Pre-merge checks is in beta. Report issue. Please join beta or enable it for your project.

Harbormaster failed remote builds in B45786: Diff 242675!Feb 5 2020, 10:24 AM

LGTM

This revision is now accepted and ready to land.Feb 5 2020, 10:28 AM

Retrying clang-format.

Unit tests: pass. 62503 tests passed, 0 failed and 844 were skipped.

clang-tidy: pass.

clang-format: fail. Please format your changes with clang-format by running git-clang-format HEAD^ or applying this patch.

Build artifacts: clang-tidy.txt, clang-format.patch, CMakeCache.txt, console-log.txt, test-results.xml

Pre-merge checks is in beta. Report issue. Please join beta or enable it for your project.

Harbormaster failed remote builds in B45792: Diff 242691!Feb 5 2020, 10:52 AM

Closed by commit rGa9d5f8989d83: [scudo][standalone] Fix a race in the secondary release (authored by cryptoad). · Explain WhyFeb 5 2020, 11:03 AM

This revision was automatically updated to reflect the committed changes.

Revision Contents

Path

Size

compiler-rt/

lib/

scudo/

standalone/

secondary.h

36 lines

tests/

secondary_test.cpp

17 lines

Diff 242701

compiler-rt/lib/scudo/standalone/secondary.h

Show First 20 Lines • Show All 91 Lines • ▼ Show 20 Lines	const u64 Time = getMonotonicTime();
if (Entries[I].Block)		if (Entries[I].Block)
continue;		continue;
if (I != 0)		if (I != 0)
Entries[I] = Entries[0];		Entries[I] = Entries[0];
Entries[0].Block = reinterpret_cast<uptr>(H);		Entries[0].Block = reinterpret_cast<uptr>(H);
Entries[0].BlockEnd = H->BlockEnd;		Entries[0].BlockEnd = H->BlockEnd;
Entries[0].MapBase = H->MapBase;		Entries[0].MapBase = H->MapBase;
Entries[0].MapSize = H->MapSize;		Entries[0].MapSize = H->MapSize;
		Entries[0].Data = H->Data;
		cryptoadAuthorUnsubmitted Done Reply Inline Actions And I forgot to say that the `Data` field was not copied. In practice this didn't matter since only Fuchsia is using it and it doesn't support caching. cryptoad: And I forgot to say that the `Data` field was not copied. In practice this didn't matter since…
Entries[0].Time = Time;		Entries[0].Time = Time;
EntriesCount++;		EntriesCount++;
EntryCached = true;		EntryCached = true;
break;		break;
}		}
}		}
}		}
if (EmptyCache)		if (EmptyCache)
Show All 17 Lines	for (uptr I = 0; I < MaxEntriesCount; I++) {
continue;		continue;
if (Size < BlockSize - PageSize * 4U)		if (Size < BlockSize - PageSize * 4U)
continue;		continue;
H = reinterpret_cast<LargeBlock::Header >(Entries[I].Block);		H = reinterpret_cast<LargeBlock::Header >(Entries[I].Block);
Entries[I].Block = 0;		Entries[I].Block = 0;
(*H)->BlockEnd = Entries[I].BlockEnd;		(*H)->BlockEnd = Entries[I].BlockEnd;
(*H)->MapBase = Entries[I].MapBase;		(*H)->MapBase = Entries[I].MapBase;
(*H)->MapSize = Entries[I].MapSize;		(*H)->MapSize = Entries[I].MapSize;
		(*H)->Data = Entries[I].Data;
EntriesCount--;		EntriesCount--;
return true;		return true;
}		}
return false;		return false;
}		}

static bool canCache(uptr Size) {		static bool canCache(uptr Size) {
return MaxEntriesCount != 0U && Size <= MaxEntrySize;		return MaxEntriesCount != 0U && Size <= MaxEntrySize;
Show All 28 Lines	uptr N = 0;
IsFullEvents = 0;		IsFullEvents = 0;
}		}
for (uptr I = 0; I < N; I++)		for (uptr I = 0; I < N; I++)
unmap(MapInfo[I].MapBase, MapInfo[I].MapSize, UNMAP_ALL,		unmap(MapInfo[I].MapBase, MapInfo[I].MapSize, UNMAP_ALL,
&MapInfo[I].Data);		&MapInfo[I].Data);
}		}

void releaseOlderThan(u64 Time) {		void releaseOlderThan(u64 Time) {
struct {
uptr Block;
uptr BlockSize;
MapPlatformData Data;
} BlockInfo[MaxEntriesCount];
uptr N = 0;
{
ScopedLock L(Mutex);		ScopedLock L(Mutex);
if (!EntriesCount)		if (!EntriesCount)
return;		return;
for (uptr I = 0; I < MaxEntriesCount; I++) {		for (uptr I = 0; I < MaxEntriesCount; I++) {
if (!Entries[I].Block \|\| !Entries[I].Time)		if (!Entries[I].Block \|\| !Entries[I].Time \|\| Entries[I].Time > Time)
continue;		continue;
if (Entries[I].Time > Time)		releasePagesToOS(Entries[I].Block, 0,
continue;		Entries[I].BlockEnd - Entries[I].Block,
BlockInfo[N].Block = Entries[I].Block;		&Entries[I].Data);
BlockInfo[N].BlockSize = Entries[I].BlockEnd - Entries[I].Block;
BlockInfo[N].Data = Entries[I].Data;
Entries[I].Time = 0;		Entries[I].Time = 0;
N++;
}		}
}		}
for (uptr I = 0; I < N; I++)
releasePagesToOS(BlockInfo[I].Block, 0, BlockInfo[I].BlockSize,
&BlockInfo[I].Data);
}

struct CachedBlock {		struct CachedBlock {
uptr Block;		uptr Block;
uptr BlockEnd;		uptr BlockEnd;
uptr MapBase;		uptr MapBase;
uptr MapSize;		uptr MapSize;
MapPlatformData Data;		MapPlatformData Data;
u64 Time;		u64 Time;
▲ Show 20 Lines • Show All 203 Lines • Show Last 20 Lines

compiler-rt/lib/scudo/standalone/tests/secondary_test.cpp

	Show First 20 Lines • Show All 131 Lines • ▼ Show 20 Lines
	static void performAllocations(LargeAllocator *L) {			static void performAllocations(LargeAllocator *L) {
	std::vector<void *> V;			std::vector<void *> V;
	const scudo::uptr PageSize = scudo::getPageSizeCached();			const scudo::uptr PageSize = scudo::getPageSizeCached();
	{			{
	std::unique_lock<std::mutex> Lock(Mutex);			std::unique_lock<std::mutex> Lock(Mutex);
	while (!Ready)			while (!Ready)
	Cv.wait(Lock);			Cv.wait(Lock);
	}			}
	for (scudo::uptr I = 0; I < 32U; I++)			for (scudo::uptr I = 0; I < 128U; I++) {
	V.push_back(L->allocate((std::rand() % 16) * PageSize));			// Deallocate 75% of the blocks.
				const bool Deallocate = (rand() & 3) != 0;
				void P = L->allocate((std::rand() % 16) PageSize);
				if (Deallocate)
				L->deallocate(P);
				else
				V.push_back(P);
				}
	while (!V.empty()) {			while (!V.empty()) {
	L->deallocate(V.back());			L->deallocate(V.back());
	V.pop_back();			V.pop_back();
	}			}
	}			}

	TEST(ScudoSecondaryTest, SecondaryThreadsRace) {			TEST(ScudoSecondaryTest, SecondaryThreadsRace) {
	LargeAllocator *L = new LargeAllocator;			LargeAllocator *L = new LargeAllocator;
	L->init(nullptr);			L->init(nullptr, /ReleaseToOsInterval=/0);
	std::thread Threads[10];			std::thread Threads[16];
	for (scudo::uptr I = 0; I < 10U; I++)			for (scudo::uptr I = 0; I < ARRAY_SIZE(Threads); I++)
	Threads[I] = std::thread(performAllocations, L);			Threads[I] = std::thread(performAllocations, L);
	{			{
	std::unique_lock<std::mutex> Lock(Mutex);			std::unique_lock<std::mutex> Lock(Mutex);
	Ready = true;			Ready = true;
	Cv.notify_all();			Cv.notify_all();
	}			}
	for (auto &T : Threads)			for (auto &T : Threads)
	T.join();			T.join();
	scudo::ScopedString Str(1024);			scudo::ScopedString Str(1024);
	L->getStats(&Str);			L->getStats(&Str);
	Str.output();			Str.output();
	}			}