Commit 373e1e94 authored by Dmitriy Vyukov's avatar Dmitriy Vyukov

runtime: fix crash during cpu profiling

mp->mcache can be concurrently modified by runtime·helpgc.
In such case sigprof can remember mcache=nil, then helpgc sets it to non-nil,
then sigprof restores it back to nil, GC crashes with nil mcache.

R=rsc
CC=golang-codereviews
https://golang.org/cl/58860044
parent e56e4e01
......@@ -2115,7 +2115,6 @@ runtime·sigprof(uint8 *pc, uint8 *sp, uint8 *lr, G *gp, M *mp)
{
int32 n;
bool traceback;
MCache *mcache;
// Do not use global m in this function, use mp instead.
// On windows one m is sending reports about all the g's, so m means a wrong thing.
byte m;
......@@ -2127,8 +2126,7 @@ runtime·sigprof(uint8 *pc, uint8 *sp, uint8 *lr, G *gp, M *mp)
return;
// Profiling runs concurrently with GC, so it must not allocate.
mcache = mp->mcache;
mp->mcache = nil;
mp->mallocing++;
// Define that a "user g" is a user-created goroutine, and a "system g"
// is one that is m->g0 or m->gsignal. We've only made sure that we
......@@ -2216,7 +2214,7 @@ runtime·sigprof(uint8 *pc, uint8 *sp, uint8 *lr, G *gp, M *mp)
runtime·lock(&prof);
if(prof.fn == nil) {
runtime·unlock(&prof);
mp->mcache = mcache;
mp->mallocing--;
return;
}
n = 0;
......@@ -2229,7 +2227,7 @@ runtime·sigprof(uint8 *pc, uint8 *sp, uint8 *lr, G *gp, M *mp)
}
prof.fn(prof.pcbuf, n);
runtime·unlock(&prof);
mp->mcache = mcache;
mp->mallocing--;
}
// Arrange to call fn with a traceback hz times a second.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment