Age | Commit message (Collapse) | Author |
|
* john/erts/inet-drv-race/OTP-15158/ERL-654:
Fix a race condition when generating async operation ids
|
|
|
|
into maint-20
* john/erts/fix-process-schedule-after-free/OTP-15067/ERL-573:
Don't enqueue system tasks if target process is in fail_state
Fix erroneous schedule of freed/exiting processes
Fix deadlock in run queue evacuation
Fix memory leak of processes that died in the run queue
|
|
The counter used for generating async operation ids was a plain int
shared between all ports, which was incorrect but mostly worked
fine since the ids only had to be unique on a per-port basis.
However, some compilers (notably GCC 8.1.1) generated code that
assumed that this value didn't change between reads. Using a
shortened version of enq_async_w_tmo as an example:
int id = async_ref++;
op->id = id; //A
return id; //B
In GCC 7 and earlier, `async_ref` would be read once and assigned
to `id` before being incremented, which kept the values at A and B
consistent. In GCC 8, `async_ref` was read when assigned at A and
read again at B, and then incremented, which made them inconsistent
if we raced with another port.
This commit fixes the issue by removing `async_ref` altogether and
replacing it with a per-port counter which makes it impossible to
race with someone else.
|
|
The fail state wasn't re-checked in the state change loop; only
the FREE state was checked. In addition to that, we would leave
the task in the queue when bailing out which could lead to a
double-free.
This commit backports active_sys_enqueue from master to make it
easier to merge onwards.
|
|
When scheduled out, the process was never checked for the FREE state
before rescheduling, which meant that a system task could sneak in
and cause a double-free later on.
|
|
|
|
* sverker/ets-auto-unfix-delete-race/OTP-15109:
erts: Fix race between ets table deletion and auto-unfix
|
|
|
|
* sverker/system-profile-bug/OTP-15085:
erts: Fix bug in system_profile
|
|
* sverker/enif_binary_to_term-bug/OTP-15080:
erts: Fix bug in enif_binary_to_term for immediates
|
|
Problem:
1. Process A fixates table T.
2. Process B starts deleting table T (either by ets:delete or exit)
and does tid_clear().
3. Process A exits and does proc_cleanup_fixed_table()
and get NULL from btid2tab() and deallocates DbFixation.
4. Process B continues deleting table in free_fixations_locked()
and finds the deallocated DbFixation in the fixing_procs tree.
Solution:
Wait with tid_clear() until after free_fixations_locked()
has traversed the fixing_procs tree.
|
|
|
|
|
|
seen to cause redundant {profile,_,active,_,_} messages
when process is terminating.
|
|
Symptom: Heap corruption
Expanded test case to provoke this bug
and test some more term types.
|
|
|
|
|
|
into maint-20
* john/erts/fix-heart-command-overflow/OTP-15034/ERIERL-166:
heart: Use ntohs instead of manual conversion
# Conflicts:
# lib/kernel/test/heart_SUITE.erl
|
|
Multiplying a signed char by 256 is undefined behavior and caused
problems on some platforms when the length was long enough. We
could cast it to an unsigned int to make it work, but it's best not
to reinvent the wheel.
Fixes OTP-15034
|
|
|
|
|
|
|
|
* sverker/erts/more-crash-dump-info/OTP-14820:
erts,observer: Add port-suspended pids to crash dump
erts,observer: Add port states and flags to crash dump
erts,observer: Add dirty schedulers to crash dump
observer: Refactor get_schedulerinfo1
erts,observer: Add more port info to crash dump
erts: Cleanup dump_process_info()
erts: Include failing garbing process in crash dump
erts: Remove unused args to collect_live_heap_frags
erts: Add binary vheap sizes to crash dump
|
|
* sverker/enif_self-doc:
erts: Clarify enif_self docs
|
|
* lukas/kernel/dist_SUITE_corefile_ignore:
kernel: Ignore cores in erl_distribution_SUITE
|
|
* lukas/erts/dirty_trace_clean_fix/OTP-14938:
erts: Delay cleanup of removed tracer on dirty scheds
|
|
It is not simple to do the correct de-allocation on
a dirty schedulers, so we just delay it until this
process runs on a normal scheduler.
|
|
|
|
|
|
|
|
|
|
Reject loading modules with slash in name
|
|
|
|
by testing F_SENSITIVE only once.
|
|
Exclude garbing processes, EXCEPT if run by crash dumping thread
in which case we assume the heap is healthy
without any move markers yet/left.
Switched order between (allocating) setup_rootset()
and (move marking) collect_live_heap_frags().
|
|
|
|
|
|
|
|
|
|
When supplied without an enclosing list, bitstrings were returned
as-is instead of badarging.
|
|
|
|
A binary is a binary as long as its size in bits is evenly divisible
by 8, regardless of whether it has a bit offset or not.
|
|
When supplied without an enclosing list, bitstrings were silently
truncated to [] instead of badarging.
|
|
This has always worked but we lacked test coverage for it.
|
|
or backslash on Windows.
Purpose: Prevent tricks to get hostile code running.
|
|
Huge inputs weren't particularly useful and took forever to run, so
this commit winds it down to a more sane level that still causes
lots of yielding.
|
|
* maint-20:
Updated OTP version
Update release notes
Update version numbers
erts: Add system_flags(erts_alloc,"+M?sbct *")
erts: Add age order first fit allocator strategies
erts: Refactor erl_ao_firstfit_alloc
erts: Add migration options "acnl" and "acfml"
kernel: Add os:cmd/2 with max_size option
erts: Add more stats for mbcs_pool
erts: Fix alloc_SUITE:migration
stdlib: Make ets_SUITE memory check try again
erts: Improve carrier pool search
erts: Improve alloc_SUITE:migration
erts: Refactor carrier dealloc migration
|
|
fmt_double() may write up to 8 characters into its format_str[]
buffer, which however only has room for 7 characters.
This case could be triggered by a call to erts_printf_format() with
any floating-point format that also includes #, and + or a space,
which may be uncommon, but a nif or driver could issue it.
|
|
|