[release-branch.go1.24] runtime: cleanup M vgetrandom state before dropping P

When an M is destroyed, we put its vgetrandom state back on the shared list for another M to reuse. This list is simply a slice, so appending to the slice may allocate. Currently this operation is performed in mdestroy, after the P is released, meaning allocation is not allowed. More the cleanup earlier in mdestroy when allocation is still OK. Also add //go:nowritebarrierrec to mdestroy since it runs without a P, which would have caught this bug. Fixes #73144. For #73141. Change-Id: I6a6a636c3fbf5c6eec09d07a260e39dbb4d2db12 Reviewed-on: https://go-review.googlesource.com/c/go/+/662455 Reviewed-by: Jason Donenfeld <Jason@zx2c4.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Keith Randall <khr@golang.org> Reviewed-by: Keith Randall <khr@google.com> (cherry picked from commit 0b31e6d4cc804ab76ae8ced151ee2f50657aec14) Reviewed-on: https://go-review.googlesource.com/c/go/+/662496
2025-05-05 23:53:05 +00:00 · 2025-04-03 03:26:25 +00:00 · 2025-04-03 03:26:25 +00:00 · 0ab64e2caa
commit 0ab64e2caa
parent 56eb99859d
12 changed files with 48 additions and 16 deletions
--- a/src/runtime/os3_solaris.go
+++ b/src/runtime/os3_solaris.go
@ -234,8 +234,11 @@ func unminit() {
 	getg().m.procid = 0
 }
-// Called from exitm, but not from drop, to undo the effect of thread-owned
+// Called from mexit, but not from dropm, to undo the effect of thread-owned
 // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
 //
 // This always runs without a P, so //go:nowritebarrierrec is required.
 //go:nowritebarrierrec
 func mdestroy(mp *m) {
 }
--- a/src/runtime/os_aix.go
+++ b/src/runtime/os_aix.go
@ -186,8 +186,11 @@ func unminit() {
 	getg().m.procid = 0
 }
-// Called from exitm, but not from drop, to undo the effect of thread-owned
+// Called from mexit, but not from dropm, to undo the effect of thread-owned
 // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
 //
 // This always runs without a P, so //go:nowritebarrierrec is required.
 //go:nowritebarrierrec
 func mdestroy(mp *m) {
 }
--- a/src/runtime/os_darwin.go
+++ b/src/runtime/os_darwin.go
@ -344,8 +344,11 @@ func unminit() {
 	getg().m.procid = 0
 }
-// Called from exitm, but not from drop, to undo the effect of thread-owned
+// Called from mexit, but not from dropm, to undo the effect of thread-owned
 // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
 //
 // This always runs without a P, so //go:nowritebarrierrec is required.
 //go:nowritebarrierrec
 func mdestroy(mp *m) {
 }
--- a/src/runtime/os_dragonfly.go
+++ b/src/runtime/os_dragonfly.go
@ -216,8 +216,11 @@ func unminit() {
 	getg().m.procid = 0
 }
-// Called from exitm, but not from drop, to undo the effect of thread-owned
+// Called from mexit, but not from dropm, to undo the effect of thread-owned
 // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
 //
 // This always runs without a P, so //go:nowritebarrierrec is required.
 //go:nowritebarrierrec
 func mdestroy(mp *m) {
 }
--- a/src/runtime/os_linux.go
+++ b/src/runtime/os_linux.go
@ -412,13 +412,12 @@ func unminit() {
 	getg().m.procid = 0
 }
-// Called from exitm, but not from drop, to undo the effect of thread-owned
+// Called from mexit, but not from dropm, to undo the effect of thread-owned
 // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
 //
 // This always runs without a P, so //go:nowritebarrierrec is required.
 //go:nowritebarrierrec
 func mdestroy(mp *m) {
 	if mp.vgetrandomState != 0 {
 		vgetrandomPutState(mp.vgetrandomState)
 		mp.vgetrandomState = 0
 	}
 }
 // #ifdef GOARCH_386
--- a/src/runtime/os_netbsd.go
+++ b/src/runtime/os_netbsd.go
@ -320,8 +320,11 @@ func unminit() {
 	// must continue working after unminit.
 }
-// Called from exitm, but not from drop, to undo the effect of thread-owned
+// Called from mexit, but not from dropm, to undo the effect of thread-owned
 // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
 //
 // This always runs without a P, so //go:nowritebarrierrec is required.
 //go:nowritebarrierrec
 func mdestroy(mp *m) {
 }
--- a/src/runtime/os_openbsd.go
+++ b/src/runtime/os_openbsd.go
@ -182,8 +182,11 @@ func unminit() {
 	getg().m.procid = 0
 }
-// Called from exitm, but not from drop, to undo the effect of thread-owned
+// Called from mexit, but not from dropm, to undo the effect of thread-owned
 // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
 //
 // This always runs without a P, so //go:nowritebarrierrec is required.
 //go:nowritebarrierrec
 func mdestroy(mp *m) {
 }
--- a/src/runtime/os_plan9.go
+++ b/src/runtime/os_plan9.go
@ -217,8 +217,11 @@ func minit() {
 func unminit() {
 }
-// Called from exitm, but not from drop, to undo the effect of thread-owned
+// Called from mexit, but not from dropm, to undo the effect of thread-owned
 // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
 //
 // This always runs without a P, so //go:nowritebarrierrec is required.
 //go:nowritebarrierrec
 func mdestroy(mp *m) {
 }
--- a/src/runtime/os_windows.go
+++ b/src/runtime/os_windows.go
@ -906,9 +906,11 @@ func unminit() {
 	mp.procid = 0
 }
-// Called from exitm, but not from drop, to undo the effect of thread-owned
+// Called from mexit, but not from dropm, to undo the effect of thread-owned
 // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
 //
 // This always runs without a P, so //go:nowritebarrierrec is required.
 //go:nowritebarrierrec
 //go:nosplit
 func mdestroy(mp *m) {
 	if mp.highResTimer != 0 {
--- a/src/runtime/proc.go
+++ b/src/runtime/proc.go
@ -1935,6 +1935,9 @@ func mexit(osStack bool) {
 		mp.gsignal = nil
 	}
 	// Free vgetrandom state.
 	vgetrandomDestroy(mp)
 	// Remove m from allm.
 	lock(&sched.lock)
 	for pprev := &allm; *pprev != nil; pprev = &(*pprev).alllink {
--- a/src/runtime/vgetrandom_linux.go
+++ b/src/runtime/vgetrandom_linux.go
@ -73,9 +73,16 @@ func vgetrandomGetState() uintptr {
 	return state
 }
-func vgetrandomPutState(state uintptr) {
+// Free vgetrandom state from the M (if any) prior to destroying the M.
 //
 // This may allocate, so it must have a P.
 func vgetrandomDestroy(mp *m) {
 	if mp.vgetrandomState == 0 {
 		return
 	}
 	lock(&vgetrandomAlloc.statesLock)
-	vgetrandomAlloc.states = append(vgetrandomAlloc.states, state)
+	vgetrandomAlloc.states = append(vgetrandomAlloc.states, mp.vgetrandomState)
 	unlock(&vgetrandomAlloc.statesLock)
 }
--- a/src/runtime/vgetrandom_unsupported.go
+++ b/src/runtime/vgetrandom_unsupported.go
@ -13,6 +13,6 @@ func vgetrandom(p []byte, flags uint32) (ret int, supported bool) {
 	return -1, false
 }
-func vgetrandomPutState(state uintptr) {}
+func vgetrandomDestroy(mp *m) {}
 func vgetrandomInit() {}