runtime: clear stale values from G.param and SudoG.elem

This change was necessary on the dev.garbage branch to keep the garbage collector from seeing pointers into invalid heap areas. On this default (Go 1.4) branch, the change removes some possibility for memory leaks. LGTM=khr R=golang-codereviews, khr CC=golang-codereviews, iant, r, rlh https://golang.org/cl/155760043
2025-05-25 17:31:22 +00:00 · 2014-10-03 13:36:48 -04:00 · 2014-10-03 13:36:48 -04:00 · 0120f8378d
commit 0120f8378d
parent 3ffd29fb2c
4 changed files with 27 additions and 2 deletions
--- a/src/runtime/chan.go
+++ b/src/runtime/chan.go
@ -140,10 +140,11 @@ func chansend(t *chantype, c *hchan, ep unsafe.Pointer, block bool, callerpc uin
 			unlock(&c.lock)

 			recvg := sg.g
-			recvg.param = unsafe.Pointer(sg)
 			if sg.elem != nil {
 				memmove(unsafe.Pointer(sg.elem), ep, uintptr(c.elemsize))
+				sg.elem = nil
 			}
+			recvg.param = unsafe.Pointer(sg)
 			if sg.releasetime != 0 {
 				sg.releasetime = cputicks()
 			}
@ -179,6 +180,7 @@ func chansend(t *chantype, c *hchan, ep unsafe.Pointer, block bool, callerpc uin
 			}
 			panic("send on closed channel")
 		}
+		gp.param = nil
 		if mysg.releasetime > 0 {
 			blockevent(int64(mysg.releasetime)-t0, 2)
 		}
@ -278,6 +280,7 @@ func closechan(c *hchan) {
 			break
 		}
 		gp := sg.g
+		sg.elem = nil
 		gp.param = nil
 		if sg.releasetime != 0 {
 			sg.releasetime = cputicks()
@ -292,6 +295,7 @@ func closechan(c *hchan) {
 			break
 		}
 		gp := sg.g
+		sg.elem = nil
 		gp.param = nil
 		if sg.releasetime != 0 {
 			sg.releasetime = cputicks()
@ -372,6 +376,7 @@ func chanrecv(t *chantype, c *hchan, ep unsafe.Pointer, block bool) (selected, r
 			if ep != nil {
 				memmove(ep, sg.elem, uintptr(c.elemsize))
 			}
+			sg.elem = nil
 			gp := sg.g
 			gp.param = unsafe.Pointer(sg)
 			if sg.releasetime != 0 {
@ -409,9 +414,11 @@ func chanrecv(t *chantype, c *hchan, ep unsafe.Pointer, block bool) (selected, r
 		if mysg.releasetime > 0 {
 			blockevent(mysg.releasetime-t0, 2)
 		}
+		haveData := gp.param != nil
+		gp.param = nil
 		releaseSudog(mysg)

-		if gp.param != nil {
+		if haveData {
 			// a sender sent us some data. It already wrote to ep.
 			selected = true
 			received = true
--- a/src/runtime/proc.go
+++ b/src/runtime/proc.go
@ -148,6 +148,9 @@ func acquireSudog() *sudog {
 	c := gomcache()
 	s := c.sudogcache
 	if s != nil {
+		if s.elem != nil {
+			gothrow("acquireSudog: found s.elem != nil in cache")
+		}
 		c.sudogcache = s.next
 		return s
 	}
@ -168,6 +171,13 @@ func acquireSudog() *sudog {

 //go:nosplit
 func releaseSudog(s *sudog) {
+	if s.elem != nil {
+		gothrow("runtime: sudog with non-nil elem")
+	}
+	gp := getg()
+	if gp.param != nil {
+		gothrow("runtime: releaseSudog with non-nil gp.param")
+	}
 	c := gomcache()
 	s.next = c.sudogcache
 	c.sudogcache = s
--- a/src/runtime/select.go
+++ b/src/runtime/select.go
@ -368,6 +368,7 @@ loop:
 	// someone woke us up
 	sellock(sel)
 	sg = (*sudog)(gp.param)
+	gp.param = nil

 	// pass 3 - dequeue from unsuccessful chans
 	// otherwise they stack up on quiet channels
@ -376,6 +377,10 @@ loop:
 	// iterating through the linked list they are in reverse order.
 	cas = nil
 	sglist = gp.waiting
+	// Clear all elem before unlinking from gp.waiting.
+	for sg1 := gp.waiting; sg1 != nil; sg1 = sg1.waitlink {
+		sg1.elem = nil
+	}
 	gp.waiting = nil
 	for i := int(sel.ncase) - 1; i >= 0; i-- {
 		k = &scases[pollorder[i]]
@ -506,6 +511,7 @@ syncrecv:
 	if cas.elem != nil {
 		memmove(cas.elem, sg.elem, uintptr(c.elemsize))
 	}
+	sg.elem = nil
 	gp = sg.g
 	gp.param = unsafe.Pointer(sg)
 	if sg.releasetime != 0 {
@ -541,6 +547,7 @@ syncsend:
 	if sg.elem != nil {
 		memmove(sg.elem, cas.elem, uintptr(c.elemsize))
 	}
+	sg.elem = nil
 	gp = sg.g
 	gp.param = unsafe.Pointer(sg)
 	if sg.releasetime != 0 {
--- a/src/runtime/sema.go
+++ b/src/runtime/sema.go
@ -173,6 +173,7 @@ func (root *semaRoot) dequeue(s *sudog) {
 	} else {
 		root.head = s.next
 	}
+	s.elem = nil
 	s.next = nil
 	s.prev = nil
 }