Closed Bug 1121314 Opened 5 years ago Closed 5 years ago

Infinite loop involving a0malloc with jemalloc 3

Categories

(Core :: Memory Allocator, defect)

x86_64
Linux
defect
Not set

Tracking

()

RESOLVED FIXED
mozilla38

People

(Reporter: glandium, Assigned: glandium)

References

Details

Attachments

(1 file)

The infinite loop happens if chunk_alloc_arena needs to be called when a0malloc
is called. It in turn calls chunk_alloc_default, which uses tsd, which calls
a0malloc if it's the first time the tsd is being gotten from the current thread.
tsd only uses a0malloc on platforms where there is no native thread local storage
support, which, for Mozilla, essentially means anything that is not Linux.

But the tsd is only neededto get the dss precedence setting of the given arena.
That setting has no effect when dss is disabled, which it is on Windows and Mac.

Moreover, the default setting for dss precedence is "secondary", which means
jemalloc only tries dss after it failed to get memory with mmap/VirtualAlloc.
Considering the cases where mmap/VirtualAlloc would fail essentially means
there is shortage of address space, sbrk() is not going to have much more
success, so we might as well disable dss support on all platforms, avoiding
the infinite loop problem on Android and B2G as well.
Assignee: nobody → mh+mozilla
Attachment #8548621 - Flags: review?(n.nethercote)
Comment on attachment 8548621 [details] [diff] [review]
0001-Bug-1121314-Avoid-needing-the-arena-in-chunk_alloc_d.patch

Review of attachment 8548621 [details] [diff] [review]:
-----------------------------------------------------------------

rs=me
Attachment #8548621 - Flags: review?(n.nethercote) → review+
https://hg.mozilla.org/mozilla-central/rev/dbd00d4ec628
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
You need to log in before you can comment on or make changes to this bug.