From 4af6b81d41c648f31ed8113151ed8f7fee6180c8 Mon Sep 17 00:00:00 2001 From: Austin Clements Date: Fri, 13 Jan 2017 13:23:41 -0500 Subject: [PATCH] runtime: fix confusion between _MaxMem and _MaxArena32 Currently both _MaxMem and _MaxArena32 represent the maximum arena size on 32-bit hosts (except on MIPS32 where _MaxMem is confusingly smaller than _MaxArena32). Clean up sysAlloc so that it always uses _MaxMem, which is the maximum arena size on both 32- and 64-bit architectures and is the arena size we allocate auxiliary structures for. This lets us simplify and unify some code paths and eliminate _MaxArena32. Fixes #18651. mheap.sysAlloc currently assumes that if the arena is small, we must be on a 32-bit machine and can therefore grow the arena to _MaxArena32. This breaks down on darwin/arm64, where _MaxMem is only 2 GB. As a result, on darwin/arm64, we only reserve spans and bitmap space for a 2 GB heap, and if the application tries to allocate beyond that, sysAlloc takes the 32-bit path, tries to grow the arena beyond 2 GB, and panics when it tries to grow the spans array allocation past its reserved size. This has probably been a problem for several releases now, but was only noticed recently because mapSpans didn't check the bounds on the span reservation until recently. Most likely it corrupted the bitmap before. By using _MaxMem consistently, we avoid thinking that we can grow the arena larger than we have auxiliary structures for. Change-Id: Ifef28cb746a3ead4b31c1d7348495c2242fef520 Reviewed-on: https://go-review.googlesource.com/35253 Reviewed-by: David Crawshaw Reviewed-by: Elias Naur Run-TryBot: Austin Clements TryBot-Result: Gobot Gobot --- src/runtime/malloc.go | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/src/runtime/malloc.go b/src/runtime/malloc.go index e4b728981a..11c49f6657 100644 --- a/src/runtime/malloc.go +++ b/src/runtime/malloc.go @@ -160,8 +160,6 @@ const ( // collector scales well to 32 cpus. _MaxGcproc = 32 - _MaxArena32 = 1<<32 - 1 - // minLegalPointer is the smallest possible legal pointer. // This is the smallest possible architectural page size, // since we assume that the first page is never mapped. @@ -386,11 +384,11 @@ func mallocinit() { // There is no corresponding free function. func (h *mheap) sysAlloc(n uintptr) unsafe.Pointer { if n > h.arena_end-h.arena_used { - // We are in 32-bit mode, maybe we didn't use all possible address space yet. - // Reserve some more space. + // If we haven't grown the arena to _MaxMem yet, try + // to reserve some more address space. p_size := round(n+_PageSize, 256<<20) new_end := h.arena_end + p_size // Careful: can overflow - if h.arena_end <= new_end && new_end-h.arena_start-1 <= _MaxArena32 { + if h.arena_end <= new_end && new_end-h.arena_start-1 <= _MaxMem { // TODO: It would be bad if part of the arena // is reserved and part is not. var reserved bool @@ -401,7 +399,7 @@ func (h *mheap) sysAlloc(n uintptr) unsafe.Pointer { if p == h.arena_end { h.arena_end = new_end h.arena_reserved = reserved - } else if h.arena_start <= p && p+p_size-h.arena_start-1 <= _MaxArena32 { + } else if h.arena_start <= p && p+p_size-h.arena_start-1 <= _MaxMem { // Keep everything page-aligned. // Our pages are bigger than hardware pages. h.arena_end = p + p_size @@ -438,7 +436,7 @@ func (h *mheap) sysAlloc(n uintptr) unsafe.Pointer { } // If using 64-bit, our reservation is all we have. - if h.arena_end-h.arena_start > _MaxArena32 { + if sys.PtrSize != 4 { return nil } @@ -450,11 +448,10 @@ func (h *mheap) sysAlloc(n uintptr) unsafe.Pointer { return nil } - if p < h.arena_start || p+p_size-h.arena_start > _MaxArena32 { - top := ^uintptr(0) - if top-h.arena_start-1 > _MaxArena32 { - top = h.arena_start + _MaxArena32 + 1 - } + if p < h.arena_start || p+p_size-h.arena_start > _MaxMem { + // This shouldn't be possible because _MaxMem is the + // whole address space on 32-bit. + top := uint64(h.arena_start) + _MaxMem print("runtime: memory allocated by OS (", hex(p), ") not in usable range [", hex(h.arena_start), ",", hex(top), ")\n") sysFree(unsafe.Pointer(p), p_size, &memstats.heap_sys) return nil -- 2.48.1