This is an archive of the discontinued LLVM Phabricator instance.

Differential D149141

[scudo] Fix missing pushing 1 block to BatchClassId
ClosedPublic

Authored by Chia-hungDuan on Apr 25 2023, 2:57 AM.

Details

Reviewers
cferris
cryptoad
Commits
rGc266bfe278bb: [scudo] Fix missing pushing 1 block to BatchClassId
Summary

This may happen when thread is teared down and it only has 1 block of BatchClass left and the freelist of BatchClass is empty. The side effect is that it leaks 1 block of BatchClass

Diff Detail

Event Timeline

Chia-hungDuan created this revision.Apr 25 2023, 2:57 AM
Herald added a project: Restricted Project. · View Herald TranscriptApr 25 2023, 2:57 AM
Herald added subscribers: yaneury, Enna1. · View Herald Transcript
Chia-hungDuan requested review of this revision.Apr 25 2023, 2:57 AM
Herald added a project: Restricted Project. · View Herald TranscriptApr 25 2023, 2:57 AM
Herald added a subscriber: Restricted Project. · View Herald Transcript
Chia-hungDuan added a child revision: D149140: [scudo] Finer lock granularity in Region of SizeClassAllocator64.Apr 25 2023, 2:59 AM
Chia-hungDuan added a parent revision: D149142: [scudo] Group MappedUser/AllocatedUser into PagesInfo (NFC).
Chia-hungDuan added reviewers: cferris, cryptoad.Apr 25 2023, 3:03 AM
Chia-hungDuan edited the summary of this revision. (Show Details)Apr 25 2023, 3:42 AM
Chia-hungDuan updated this revision to Diff 516739.EditedApr 25 2023, 4:04 AM

Please ignore this revision, uploaded to the wrong revision number

Chia-hungDuan updated this revision to Diff 516740.Apr 25 2023, 4:06 AM

Revise the logic

Chia-hungDuan edited the summary of this revision. (Show Details)Apr 25 2023, 4:07 AM
Harbormaster completed remote builds in B227984: Diff 516740.Apr 25 2023, 4:31 AM
cferris requested changes to this revision.Apr 25 2023, 3:08 PM

Are there already tests for this corner case?

compiler-rt/lib/scudo/standalone/primary64.h
217–218

Is this comment not true any more? Otherwise, you are holding the lock while getStats could be called.

This revision now requires changes to proceed.Apr 25 2023, 3:08 PM
Chia-hungDuan updated this revision to Diff 516986.Apr 25 2023, 4:54 PM

Release lock before calling getStats().

Oops, uploaded wrong version

Harbormaster completed remote builds in B228160: Diff 516986.Apr 25 2023, 5:13 PM
Chia-hungDuan added a comment.Apr 25 2023, 5:21 PM
In D149141#4297278, @Chia-hungDuan wrote:

Release lock before calling getStats().

Oops, uploaded wrong version

One thing to add, the problem is not in primary32.

cferris requested changes to this revision.Apr 25 2023, 5:51 PM
cferris added inline comments.
compiler-rt/lib/scudo/standalone/primary64.h
210

Shouldn't this be:

PrintStats = Region->Exhausted;

Since you only print the stats when it wasn't previously exhausted and the region is now exhausted?

This revision now requires changes to proceed.Apr 25 2023, 5:51 PM
Chia-hungDuan updated this revision to Diff 517053.Apr 25 2023, 9:47 PM
Chia-hungDuan marked an inline comment as done.

Rebase and amend missing code which was supposed to be included in last patch

compiler-rt/lib/scudo/standalone/primary64.h
210

Per discussion, even though only region exhaustion will return false from populateFreeList(), any failure from populateFreeList() should be viewed as critical in BatchClass region.

BTW, I thought I added a DCHECK(!Region->Exhausted) but it seems that I didn't include it...

Chia-hungDuan removed a parent revision: D149142: [scudo] Group MappedUser/AllocatedUser into PagesInfo (NFC).Apr 25 2023, 9:48 PM
Chia-hungDuan added a child revision: D149143: [scudo] Group poppedBlocks/pushedBlocks into BlocksInfo (NFC).
Chia-hungDuan removed a child revision: D149140: [scudo] Finer lock granularity in Region of SizeClassAllocator64.
Harbormaster completed remote builds in B228213: Diff 517053.Apr 25 2023, 10:12 PM
cferris accepted this revision.Apr 26 2023, 4:15 PM

LGTM

This revision is now accepted and ready to land.Apr 26 2023, 4:15 PM
This revision was landed with ongoing or failed builds.Apr 26 2023, 5:05 PM
Closed by commit rGc266bfe278bb: [scudo] Fix missing pushing 1 block to BatchClassId (authored by Chia-hungDuan). · Explain Why
This revision was automatically updated to reflect the committed changes.
Chia-hungDuan added a commit: rGc266bfe278bb: [scudo] Fix missing pushing 1 block to BatchClassId.
Chia-hungDuan removed a child revision: D149143: [scudo] Group poppedBlocks/pushedBlocks into BlocksInfo (NFC).Jun 6 2023, 3:03 PM

Revision Contents

PathSize
compiler-rt/
lib/
scudo/
standalone/
19 lines

Diff 517395

compiler-rt/lib/scudo/standalone/primary64.h

Show First 20 LinesShow All 195 Lines▼ Show 20 Lines if (ClassId == SizeClassMap::BatchClassId) {
{ {
ScopedLock L(Region->Mutex); ScopedLock L(Region->Mutex);
// Constructing a batch group in the free list will use two blocks in // Constructing a batch group in the free list will use two blocks in
// BatchClassId. If we are pushing BatchClassId blocks, we will use the // BatchClassId. If we are pushing BatchClassId blocks, we will use the
// blocks in the array directly (can't delegate local cache which will // blocks in the array directly (can't delegate local cache which will
// cause a recursive allocation). However, The number of free blocks may // cause a recursive allocation). However, The number of free blocks may
// be less than two. Therefore, populate the free list before inserting // be less than two. Therefore, populate the free list before inserting
// the blocks. // the blocks.
if (Size >= 2U) { const bool NeedToRefill = Size == 1U && Region->FreeList.empty();
pushBlocksImpl(C, SizeClassMap::BatchClassId, Region, Array, Size); // If BatchClass has been exhausted, the program should have been
Region->Stats.PushedBlocks += Size; // aborted.
} else { DCHECK(!Region->Exhausted);
const bool RegionIsExhausted = Region->Exhausted;
if (UNLIKELY( if (UNLIKELY(
RegionIsExhausted || NeedToRefill &&
cferrisUnsubmitted
Done
ReplyInline Actions

Shouldn't this be:

PrintStats = Region->Exhausted;

Since you only print the stats when it wasn't previously exhausted and the region is now exhausted?

cferris: Shouldn't this be: PrintStats = Region->Exhausted; Since you only print the stats when it…
Chia-hungDuanAuthorUnsubmitted
Done
ReplyInline Actions

Per discussion, even though only region exhaustion will return false from populateFreeList(), any failure from populateFreeList() should be viewed as critical in BatchClass region.

BTW, I thought I added a DCHECK(!Region->Exhausted) but it seems that I didn't include it...

Chia-hungDuan: Per discussion, even though only region exhaustion will return false from populateFreeList()…
!populateFreeList(C, SizeClassMap::BatchClassId, Region))) { !populateFreeList(C, SizeClassMap::BatchClassId, Region))) {
PrintStats = !RegionIsExhausted && Region->Exhausted; PrintStats = true;
} } else {
pushBlocksImpl(C, SizeClassMap::BatchClassId, Region, Array, Size);
Region->Stats.PushedBlocks += Size;
} }
} }
// Note that `getStats()` requires the lock of each region so we can't // Note that `getStats()` requires the lock of each region so we can't
// call it while locking the Region->Mutex in the above. // call it while locking the Region->Mutex in the above.
cferrisUnsubmitted
Not Done
ReplyInline Actions

Is this comment not true any more? Otherwise, you are holding the lock while getStats could be called.

cferris: Is this comment not true any more? Otherwise, you are holding the lock while getStats could be…
if (UNLIKELY(PrintStats)) { if (UNLIKELY(PrintStats)) {
ScopedString Str; ScopedString Str;
getStats(&Str); getStats(&Str);
Str.append( Str.append(
"Scudo OOM: The process has exhausted %zuM for size class %zu.\n", "Scudo OOM: The process has exhausted %zuM for size class %zu.\n",
RegionSize >> 20, getSizeByClassId(ClassId)); RegionSize >> 20, getSizeByClassId(ClassId));
Str.output(); Str.output();
// Theoretically, BatchClass shouldn't be used up. Abort immediately // Theoretically, BatchClass shouldn't be used up. Abort immediately
// when it happens. // when it happens.
reportOutOfBatchClass(); reportOutOfBatchClass();
} }
return; return;
} }
// TODO(chiahungduan): Consider not doing grouping if the group size is not // TODO(chiahungduan): Consider not doing grouping if the group size is not
// greater than the block size with a certain scale. // greater than the block size with a certain scale.
// Sort the blocks so that blocks belonging to the same group can be pushed // Sort the blocks so that blocks belonging to the same group can be pushed
// together. // together.
▲ Show 20 LinesShow All 973 LinesShow Last 20 Lines