467 lines
17 KiB
Diff
467 lines
17 KiB
Diff
From 75a9d946d252ce70460144615ca17dbdf2e80fab Mon Sep 17 00:00:00 2001
|
|
From: Xavi Hernandez <xhernandez@redhat.com>
|
|
Date: Fri, 7 Feb 2020 10:19:57 +0100
|
|
Subject: [PATCH 354/355] core: fix memory pool management races
|
|
|
|
Objects allocated from a per-thread memory pool keep a reference to it
|
|
to be able to return the object to the pool when not used anymore. The
|
|
object holding this reference can have a long life cycle that could
|
|
survive a glfs_fini() call.
|
|
|
|
This means that it's unsafe to destroy memory pools from glfs_fini().
|
|
|
|
Another side effect of destroying memory pools from glfs_fini() is that
|
|
the TLS variable that points to one of those pools cannot be reset for
|
|
all alive threads. This means that any attempt to allocate memory from
|
|
those threads will access already free'd memory, which is very
|
|
dangerous.
|
|
|
|
To fix these issues, mem_pools_fini() doesn't destroy pool lists
|
|
anymore. Only at process termination the pools are destroyed.
|
|
|
|
Upatream patch:
|
|
> Upstream patch link: https://review.gluster.org/c/glusterfs/+/24099
|
|
> Change-Id: Ib189a5510ab6bdac78983c6c65a022e9634b0965
|
|
> Fixes: bz#1801684
|
|
> Signed-off-by: Xavi Hernandez <xhernandez@redhat.com>
|
|
|
|
Change-Id: Ib189a5510ab6bdac78983c6c65a022e9634b0965
|
|
BUG: 1800703
|
|
Signed-off-by: Xavi Hernandez <xhernandez@redhat.com>
|
|
Reviewed-on: https://code.engineering.redhat.com/gerrit/192262
|
|
Tested-by: RHGS Build Bot <nigelb@redhat.com>
|
|
Reviewed-by: Sunil Kumar Heggodu Gopala Acharya <sheggodu@redhat.com>
|
|
---
|
|
libglusterfs/src/globals.c | 13 ++-
|
|
libglusterfs/src/glusterfs/globals.h | 3 +
|
|
libglusterfs/src/glusterfs/mem-pool.h | 28 ++---
|
|
libglusterfs/src/mem-pool.c | 201 ++++++++++++++++++----------------
|
|
libglusterfs/src/syncop.c | 7 ++
|
|
5 files changed, 146 insertions(+), 106 deletions(-)
|
|
|
|
diff --git a/libglusterfs/src/globals.c b/libglusterfs/src/globals.c
|
|
index 02098e6..e433ee8 100644
|
|
--- a/libglusterfs/src/globals.c
|
|
+++ b/libglusterfs/src/globals.c
|
|
@@ -319,7 +319,18 @@ glusterfs_cleanup(void *ptr)
|
|
GF_FREE(thread_syncopctx.groups);
|
|
}
|
|
|
|
- mem_pool_thread_destructor();
|
|
+ mem_pool_thread_destructor(NULL);
|
|
+}
|
|
+
|
|
+void
|
|
+gf_thread_needs_cleanup(void)
|
|
+{
|
|
+ /* The value stored in free_key TLS is not really used for anything, but
|
|
+ * pthread implementation doesn't call the TLS destruction function unless
|
|
+ * it's != NULL. This function must be called whenever something is
|
|
+ * allocated for this thread so that glusterfs_cleanup() will be called
|
|
+ * and resources can be released. */
|
|
+ (void)pthread_setspecific(free_key, (void *)1);
|
|
}
|
|
|
|
static void
|
|
diff --git a/libglusterfs/src/glusterfs/globals.h b/libglusterfs/src/glusterfs/globals.h
|
|
index e218285..31717ed 100644
|
|
--- a/libglusterfs/src/glusterfs/globals.h
|
|
+++ b/libglusterfs/src/glusterfs/globals.h
|
|
@@ -181,6 +181,9 @@ glusterfs_leaseid_exist(void);
|
|
int
|
|
glusterfs_globals_init(glusterfs_ctx_t *ctx);
|
|
|
|
+void
|
|
+gf_thread_needs_cleanup(void);
|
|
+
|
|
struct tvec_base *
|
|
glusterfs_ctx_tw_get(glusterfs_ctx_t *ctx);
|
|
void
|
|
diff --git a/libglusterfs/src/glusterfs/mem-pool.h b/libglusterfs/src/glusterfs/mem-pool.h
|
|
index be0a26d..97bf76c 100644
|
|
--- a/libglusterfs/src/glusterfs/mem-pool.h
|
|
+++ b/libglusterfs/src/glusterfs/mem-pool.h
|
|
@@ -245,24 +245,26 @@ typedef struct per_thread_pool {
|
|
} per_thread_pool_t;
|
|
|
|
typedef struct per_thread_pool_list {
|
|
- /*
|
|
- * These first two members are protected by the global pool lock. When
|
|
- * a thread first tries to use any pool, we create one of these. We
|
|
- * link it into the global list using thr_list so the pool-sweeper
|
|
- * thread can find it, and use pthread_setspecific so this thread can
|
|
- * find it. When the per-thread destructor runs, we "poison" the pool
|
|
- * list to prevent further allocations. This also signals to the
|
|
- * pool-sweeper thread that the list should be detached and freed after
|
|
- * the next time it's swept.
|
|
- */
|
|
+ /* thr_list is used to place the TLS pool_list into the active global list
|
|
+ * (pool_threads) or the inactive global list (pool_free_threads). It's
|
|
+ * protected by the global pool_lock. */
|
|
struct list_head thr_list;
|
|
- unsigned int poison;
|
|
+
|
|
+ /* This lock is used to update poison and the hot/cold lists of members
|
|
+ * of 'pools' array. */
|
|
+ pthread_spinlock_t lock;
|
|
+
|
|
+ /* This field is used to mark a pool_list as not being owned by any thread.
|
|
+ * This means that the sweeper thread won't be cleaning objects stored in
|
|
+ * its pools. mem_put() uses it to decide if the object being released is
|
|
+ * placed into its original pool_list or directly destroyed. */
|
|
+ bool poison;
|
|
+
|
|
/*
|
|
* There's really more than one pool, but the actual number is hidden
|
|
* in the implementation code so we just make it a single-element array
|
|
* here.
|
|
*/
|
|
- pthread_spinlock_t lock;
|
|
per_thread_pool_t pools[1];
|
|
} per_thread_pool_list_t;
|
|
|
|
@@ -307,7 +309,7 @@ void
|
|
mem_pool_destroy(struct mem_pool *pool);
|
|
|
|
void
|
|
-mem_pool_thread_destructor(void);
|
|
+mem_pool_thread_destructor(per_thread_pool_list_t *pool_list);
|
|
|
|
void
|
|
gf_mem_acct_enable_set(void *ctx);
|
|
diff --git a/libglusterfs/src/mem-pool.c b/libglusterfs/src/mem-pool.c
|
|
index d88041d..2b41c01 100644
|
|
--- a/libglusterfs/src/mem-pool.c
|
|
+++ b/libglusterfs/src/mem-pool.c
|
|
@@ -367,7 +367,6 @@ static __thread per_thread_pool_list_t *thread_pool_list = NULL;
|
|
#define POOL_SWEEP_SECS 30
|
|
|
|
typedef struct {
|
|
- struct list_head death_row;
|
|
pooled_obj_hdr_t *cold_lists[N_COLD_LISTS];
|
|
unsigned int n_cold_lists;
|
|
} sweep_state_t;
|
|
@@ -384,36 +383,33 @@ static pthread_mutex_t init_mutex = PTHREAD_MUTEX_INITIALIZER;
|
|
static unsigned int init_count = 0;
|
|
static pthread_t sweeper_tid;
|
|
|
|
-gf_boolean_t
|
|
+static bool
|
|
collect_garbage(sweep_state_t *state, per_thread_pool_list_t *pool_list)
|
|
{
|
|
unsigned int i;
|
|
per_thread_pool_t *pt_pool;
|
|
- gf_boolean_t poisoned;
|
|
|
|
(void)pthread_spin_lock(&pool_list->lock);
|
|
|
|
- poisoned = pool_list->poison != 0;
|
|
- if (!poisoned) {
|
|
- for (i = 0; i < NPOOLS; ++i) {
|
|
- pt_pool = &pool_list->pools[i];
|
|
- if (pt_pool->cold_list) {
|
|
- if (state->n_cold_lists >= N_COLD_LISTS) {
|
|
- break;
|
|
- }
|
|
- state->cold_lists[state->n_cold_lists++] = pt_pool->cold_list;
|
|
+ for (i = 0; i < NPOOLS; ++i) {
|
|
+ pt_pool = &pool_list->pools[i];
|
|
+ if (pt_pool->cold_list) {
|
|
+ if (state->n_cold_lists >= N_COLD_LISTS) {
|
|
+ (void)pthread_spin_unlock(&pool_list->lock);
|
|
+ return true;
|
|
}
|
|
- pt_pool->cold_list = pt_pool->hot_list;
|
|
- pt_pool->hot_list = NULL;
|
|
+ state->cold_lists[state->n_cold_lists++] = pt_pool->cold_list;
|
|
}
|
|
+ pt_pool->cold_list = pt_pool->hot_list;
|
|
+ pt_pool->hot_list = NULL;
|
|
}
|
|
|
|
(void)pthread_spin_unlock(&pool_list->lock);
|
|
|
|
- return poisoned;
|
|
+ return false;
|
|
}
|
|
|
|
-void
|
|
+static void
|
|
free_obj_list(pooled_obj_hdr_t *victim)
|
|
{
|
|
pooled_obj_hdr_t *next;
|
|
@@ -425,82 +421,96 @@ free_obj_list(pooled_obj_hdr_t *victim)
|
|
}
|
|
}
|
|
|
|
-void *
|
|
+static void *
|
|
pool_sweeper(void *arg)
|
|
{
|
|
sweep_state_t state;
|
|
per_thread_pool_list_t *pool_list;
|
|
- per_thread_pool_list_t *next_pl;
|
|
- per_thread_pool_t *pt_pool;
|
|
- unsigned int i;
|
|
- gf_boolean_t poisoned;
|
|
+ uint32_t i;
|
|
+ bool pending;
|
|
|
|
/*
|
|
* This is all a bit inelegant, but the point is to avoid doing
|
|
* expensive things (like freeing thousands of objects) while holding a
|
|
- * global lock. Thus, we split each iteration into three passes, with
|
|
+ * global lock. Thus, we split each iteration into two passes, with
|
|
* only the first and fastest holding the lock.
|
|
*/
|
|
|
|
+ pending = true;
|
|
+
|
|
for (;;) {
|
|
- sleep(POOL_SWEEP_SECS);
|
|
+ /* If we know there's pending work to do (or it's the first run), we
|
|
+ * do collect garbage more often. */
|
|
+ sleep(pending ? POOL_SWEEP_SECS / 5 : POOL_SWEEP_SECS);
|
|
+
|
|
(void)pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL);
|
|
- INIT_LIST_HEAD(&state.death_row);
|
|
state.n_cold_lists = 0;
|
|
+ pending = false;
|
|
|
|
/* First pass: collect stuff that needs our attention. */
|
|
(void)pthread_mutex_lock(&pool_lock);
|
|
- list_for_each_entry_safe(pool_list, next_pl, &pool_threads, thr_list)
|
|
+ list_for_each_entry(pool_list, &pool_threads, thr_list)
|
|
{
|
|
- (void)pthread_mutex_unlock(&pool_lock);
|
|
- poisoned = collect_garbage(&state, pool_list);
|
|
- (void)pthread_mutex_lock(&pool_lock);
|
|
-
|
|
- if (poisoned) {
|
|
- list_move(&pool_list->thr_list, &state.death_row);
|
|
+ if (collect_garbage(&state, pool_list)) {
|
|
+ pending = true;
|
|
}
|
|
}
|
|
(void)pthread_mutex_unlock(&pool_lock);
|
|
|
|
- /* Second pass: free dead pools. */
|
|
- (void)pthread_mutex_lock(&pool_free_lock);
|
|
- list_for_each_entry_safe(pool_list, next_pl, &state.death_row, thr_list)
|
|
- {
|
|
- for (i = 0; i < NPOOLS; ++i) {
|
|
- pt_pool = &pool_list->pools[i];
|
|
- free_obj_list(pt_pool->cold_list);
|
|
- free_obj_list(pt_pool->hot_list);
|
|
- pt_pool->hot_list = pt_pool->cold_list = NULL;
|
|
- }
|
|
- list_del(&pool_list->thr_list);
|
|
- list_add(&pool_list->thr_list, &pool_free_threads);
|
|
- }
|
|
- (void)pthread_mutex_unlock(&pool_free_lock);
|
|
-
|
|
- /* Third pass: free cold objects from live pools. */
|
|
+ /* Second pass: free cold objects from live pools. */
|
|
for (i = 0; i < state.n_cold_lists; ++i) {
|
|
free_obj_list(state.cold_lists[i]);
|
|
}
|
|
(void)pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL);
|
|
}
|
|
+
|
|
+ return NULL;
|
|
}
|
|
|
|
void
|
|
-mem_pool_thread_destructor(void)
|
|
+mem_pool_thread_destructor(per_thread_pool_list_t *pool_list)
|
|
{
|
|
- per_thread_pool_list_t *pool_list = thread_pool_list;
|
|
-
|
|
- /* The pool-sweeper thread will take it from here.
|
|
- *
|
|
- * We can change 'poison' here without taking locks because the change
|
|
- * itself doesn't interact with other parts of the code and a simple write
|
|
- * is already atomic from the point of view of the processor.
|
|
- *
|
|
- * This change can modify what mem_put() does, but both possibilities are
|
|
- * fine until the sweeper thread kicks in. The real synchronization must be
|
|
- * between mem_put() and the sweeper thread. */
|
|
+ per_thread_pool_t *pt_pool;
|
|
+ uint32_t i;
|
|
+
|
|
+ if (pool_list == NULL) {
|
|
+ pool_list = thread_pool_list;
|
|
+ }
|
|
+
|
|
+ /* The current thread is terminating. None of the allocated objects will
|
|
+ * be used again. We can directly destroy them here instead of delaying
|
|
+ * it until the next sweeper loop. */
|
|
if (pool_list != NULL) {
|
|
- pool_list->poison = 1;
|
|
+ /* Remove pool_list from the global list to avoid that sweeper
|
|
+ * could touch it. */
|
|
+ pthread_mutex_lock(&pool_lock);
|
|
+ list_del(&pool_list->thr_list);
|
|
+ pthread_mutex_unlock(&pool_lock);
|
|
+
|
|
+ /* We need to protect hot/cold changes from potential mem_put() calls
|
|
+ * that reference this pool_list. Once poison is set to true, we are
|
|
+ * sure that no one else will touch hot/cold lists. The only possible
|
|
+ * race is when at the same moment a mem_put() is adding a new item
|
|
+ * to the hot list. We protect from that by taking pool_list->lock.
|
|
+ * After that we don't need the lock to destroy the hot/cold lists. */
|
|
+ pthread_spin_lock(&pool_list->lock);
|
|
+ pool_list->poison = true;
|
|
+ pthread_spin_unlock(&pool_list->lock);
|
|
+
|
|
+ for (i = 0; i < NPOOLS; i++) {
|
|
+ pt_pool = &pool_list->pools[i];
|
|
+
|
|
+ free_obj_list(pt_pool->hot_list);
|
|
+ pt_pool->hot_list = NULL;
|
|
+
|
|
+ free_obj_list(pt_pool->cold_list);
|
|
+ pt_pool->cold_list = NULL;
|
|
+ }
|
|
+
|
|
+ pthread_mutex_lock(&pool_free_lock);
|
|
+ list_add(&pool_list->thr_list, &pool_free_threads);
|
|
+ pthread_mutex_unlock(&pool_free_lock);
|
|
+
|
|
thread_pool_list = NULL;
|
|
}
|
|
}
|
|
@@ -528,6 +538,30 @@ mem_pools_preinit(void)
|
|
init_done = GF_MEMPOOL_INIT_EARLY;
|
|
}
|
|
|
|
+static __attribute__((destructor)) void
|
|
+mem_pools_postfini(void)
|
|
+{
|
|
+ per_thread_pool_list_t *pool_list, *next;
|
|
+
|
|
+ /* This is part of a process shutdown (or dlclose()) which means that
|
|
+ * most probably all threads should be stopped. However this is not the
|
|
+ * case for gluster and there are even legitimate situations in which we
|
|
+ * could have some threads alive. What is sure is that none of those
|
|
+ * threads should be using anything from this library, so destroying
|
|
+ * everything here should be fine and safe. */
|
|
+
|
|
+ list_for_each_entry_safe(pool_list, next, &pool_threads, thr_list)
|
|
+ {
|
|
+ mem_pool_thread_destructor(pool_list);
|
|
+ }
|
|
+
|
|
+ list_for_each_entry_safe(pool_list, next, &pool_free_threads, thr_list)
|
|
+ {
|
|
+ list_del(&pool_list->thr_list);
|
|
+ FREE(pool_list);
|
|
+ }
|
|
+}
|
|
+
|
|
/* Call mem_pools_init() once threading has been configured completely. This
|
|
* prevent the pool_sweeper thread from getting killed once the main() thread
|
|
* exits during deamonizing. */
|
|
@@ -560,10 +594,6 @@ mem_pools_fini(void)
|
|
*/
|
|
break;
|
|
case 1: {
|
|
- per_thread_pool_list_t *pool_list;
|
|
- per_thread_pool_list_t *next_pl;
|
|
- unsigned int i;
|
|
-
|
|
/* if mem_pools_init() was not called, sweeper_tid will be invalid
|
|
* and the functions will error out. That is not critical. In all
|
|
* other cases, the sweeper_tid will be valid and the thread gets
|
|
@@ -571,32 +601,11 @@ mem_pools_fini(void)
|
|
(void)pthread_cancel(sweeper_tid);
|
|
(void)pthread_join(sweeper_tid, NULL);
|
|
|
|
- /* At this point all threads should have already terminated, so
|
|
- * it should be safe to destroy all pending per_thread_pool_list_t
|
|
- * structures that are stored for each thread. */
|
|
- mem_pool_thread_destructor();
|
|
-
|
|
- /* free all objects from all pools */
|
|
- list_for_each_entry_safe(pool_list, next_pl, &pool_threads,
|
|
- thr_list)
|
|
- {
|
|
- for (i = 0; i < NPOOLS; ++i) {
|
|
- free_obj_list(pool_list->pools[i].hot_list);
|
|
- free_obj_list(pool_list->pools[i].cold_list);
|
|
- pool_list->pools[i].hot_list = NULL;
|
|
- pool_list->pools[i].cold_list = NULL;
|
|
- }
|
|
-
|
|
- list_del(&pool_list->thr_list);
|
|
- FREE(pool_list);
|
|
- }
|
|
-
|
|
- list_for_each_entry_safe(pool_list, next_pl, &pool_free_threads,
|
|
- thr_list)
|
|
- {
|
|
- list_del(&pool_list->thr_list);
|
|
- FREE(pool_list);
|
|
- }
|
|
+ /* There could be threads still running in some cases, so we can't
|
|
+ * destroy pool_lists in use. We can also not destroy unused
|
|
+ * pool_lists because some allocated objects may still be pointing
|
|
+ * to them. */
|
|
+ mem_pool_thread_destructor(NULL);
|
|
|
|
init_done = GF_MEMPOOL_INIT_DESTROY;
|
|
/* Fall through. */
|
|
@@ -617,7 +626,7 @@ mem_pools_fini(void)
|
|
{
|
|
}
|
|
void
|
|
-mem_pool_thread_destructor(void)
|
|
+mem_pool_thread_destructor(per_thread_pool_list_t *pool_list)
|
|
{
|
|
}
|
|
|
|
@@ -738,13 +747,21 @@ mem_get_pool_list(void)
|
|
}
|
|
}
|
|
|
|
+ /* There's no need to take pool_list->lock, because this is already an
|
|
+ * atomic operation and we don't need to synchronize it with any change
|
|
+ * in hot/cold lists. */
|
|
+ pool_list->poison = false;
|
|
+
|
|
(void)pthread_mutex_lock(&pool_lock);
|
|
- pool_list->poison = 0;
|
|
list_add(&pool_list->thr_list, &pool_threads);
|
|
(void)pthread_mutex_unlock(&pool_lock);
|
|
|
|
thread_pool_list = pool_list;
|
|
|
|
+ /* Ensure that all memory objects associated to the new pool_list are
|
|
+ * destroyed when the thread terminates. */
|
|
+ gf_thread_needs_cleanup();
|
|
+
|
|
return pool_list;
|
|
}
|
|
|
|
diff --git a/libglusterfs/src/syncop.c b/libglusterfs/src/syncop.c
|
|
index 2eb7b49..0de53c6 100644
|
|
--- a/libglusterfs/src/syncop.c
|
|
+++ b/libglusterfs/src/syncop.c
|
|
@@ -97,6 +97,13 @@ syncopctx_setfsgroups(int count, const void *groups)
|
|
|
|
/* set/reset the ngrps, this is where reset of groups is handled */
|
|
opctx->ngrps = count;
|
|
+
|
|
+ if ((opctx->valid & SYNCOPCTX_GROUPS) == 0) {
|
|
+ /* This is the first time we are storing groups into the TLS structure
|
|
+ * so we mark the current thread so that it will be properly cleaned
|
|
+ * up when the thread terminates. */
|
|
+ gf_thread_needs_cleanup();
|
|
+ }
|
|
opctx->valid |= SYNCOPCTX_GROUPS;
|
|
|
|
out:
|
|
--
|
|
1.8.3.1
|
|
|