Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Doubly linked freelist fix #44585

Merged
merged 10 commits into from
Nov 13, 2020
Merged

Doubly linked freelist fix #44585

merged 10 commits into from
Nov 13, 2020

Conversation

PeterSolMS
Copy link
Contributor

In gc_heap::allocate_uoh_object. we set the background mark bit if the new object is in a range that has the corresponding portions of the background mark_array committed.

However, if the object is in a segment that is allocated during background_sweep, we won't actually sweep the segment, and so the background mark bit stays on, causing confusion in the next background GC - the object itself will survive, but we won't keep the objects that it points at, so we'll have heap corruption.

@PeterSolMS
delete backport.yml so I can push to master
3d639f2
@PeterSolMS
Merge remote-tracking branch 'upstream/master'
c78344e
@PeterSolMS
Undo unintended changes
0fc9aeb
@PeterSolMS
Merge remote-tracking branch 'upstream/master'
9073278
@PeterSolMS
Merge remote-tracking branch 'upstream/master'
eb4f188
@PeterSolMS
Merge remote-tracking branch 'upstream/master'
c809f97
@PeterSolMS
Merge remote-tracking branch 'upstream/master'
808750e
@PeterSolMS
Merge remote-tracking branch 'upstream/master'
8985284
@PeterSolMS
Fix inconsistency with concurrent allocation of large objects.
77dd41b 
Details:

In gc_heap::allocate_uoh_object. we set the background mark bit if the new object is in a range that has mark bits committed.

However, if the object is in a segment that is allocated during background_sweep, we won't actually sweep the segment, and so the background mark bits stays on, causing confusion in the next background GC - the object itself will survive, but we won't keep the objects that it points at, so we'll have heap corruption.
@PeterSolMS PeterSolMS requested review from cshung and Maoni0 November 12, 2020 10:47
@ghost
Copy link

ghost commented Nov 12, 2020

Tagging subscribers to this area: @dotnet/gc
See info in area-owners.md if you want to be subscribed.

Issue meta data
Issue content: 
In gc_heap::allocate_uoh_object. we set the background mark bit if the new object is in a range that has the corresponding portions of the background mark_array committed.

However, if the object is in a segment that is allocated during background_sweep, we won't actually sweep the segment, and so the background mark bit stays on, causing confusion in the next background GC - the object itself will survive, but we won't keep the objects that it points at, so we'll have heap corruption.

</td>
Issue author: PeterSolMS
Assignees: -
Labels: 
`area-GC-coreclr`

</td>
Milestone: -

jkotas
jkotas reviewed Nov 12, 2020
View reviewed changes
@PeterSolMS PeterSolMS merged commit 9f4650a into dotnet:master Nov 13, 2020
@mangod9 mangod9 mentioned this pull request Nov 16, 2020
Closed
@ghost ghost locked as resolved and limited conversation to collaborators Dec 13, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jkotas jkotas jkotas left review comments

@mangod9 mangod9 mangod9 approved these changes

@cshung cshung Awaiting requested review from cshung

@Maoni0 Maoni0 Awaiting requested review from Maoni0

Assignees
No one assigned
Labels
area-GC-coreclr
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@PeterSolMS @jkotas @mangod9 @Dotnet-GitSync-Bot