runtime: pageAlloc.searchAddr may point to unmapped memory in discontiguous heaps, violating its invariant [1.14 backport] #40192
Comments
@mknyszek Can you please include a short rationale about why the backport might be needed? (Per MinorReleases.) Thanks. |
Yes, sorry. I mentioned it in #40191 but forgot to copy it here.
Specifically, this bug causes a segfault that can happen to anyone for reasons outside of their control, with no workaround at the user level. Although it's generally very rare because OSes generally try to keep the mapped regions contiguous, if future versions of e.g. Linux decided not to try so hard to keep |
Approving for backport. This is a serious issue with no workaround. |
Change https://golang.org/cl/246197 mentions this issue: |
Closed by merging 060e0c8 to release-branch.go1.14. |
…geAlloc.find Currently pageAlloc.find attempts to find a better estimate for the first free page in the heap, even if the space its looking for isn't necessarily going to be the first free page in the heap (e.g. if npages >= 2). However, in doing so it has the potential to return a searchAddr candidate that doesn't actually correspond to mapped memory, but this candidate might still be adopted. As a result, pageAlloc.alloc's fast path may look at unmapped summary memory and segfault. This case is rare on most operating systems since the heap is kept fairly contiguous, so the chance that the candidate searchAddr discovered is unmapped is fairly low. Even so, this is totally possible and outside the user's control when it happens (in fact, it's likely to happen consistently for a given user on a given system). Fix this problem by ensuring that our candidate always points to mapped memory. We do this by looking at mheap's arenas structure first. If it turns out our candidate doesn't correspond to mapped memory, then we look at inUse to round up the searchAddr to the next mapped address. While we're here, clean up some documentation related to searchAddr. For #40191. Fixes #40192. Change-Id: I759efec78987e4a8fde466ae45aabbaa3d9d4214 Reviewed-on: https://go-review.googlesource.com/c/go/+/242680 Run-TryBot: Michael Knyszek <mknyszek@google.com> Reviewed-by: Austin Clements <austin@google.com> Reviewed-by: Michael Pratt <mpratt@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org> (cherry picked from commit b56791c) Reviewed-on: https://go-review.googlesource.com/c/go/+/246197 Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
@mknyszek requested issue #40191 to be considered for backport to the next 1.14 minor release.
The text was updated successfully, but these errors were encountered: