-
Notifications
You must be signed in to change notification settings - Fork 5.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
8302218: CHeapBitMap::free frees with incorrect size #14079
Conversation
👋 Welcome back quadhier! A progress list of the required criteria for merging this PR into |
/label remove hotspot |
@quadhier |
@quadhier |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fix looks good.
Wonder if there is any value in adding a test which lowers ArrayAllocatorMallocLimit to verify that this is working, and that the bug is not reintroduced.
Thanks for your review @xmas92.
IMHO, exploiting this bug to crack VM is a little bit hard. This bug may cause crash because:
I think this is a bug that may cause crashes unexpectedly someday and need to be fixed. |
|
@quadhier This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be:
You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 11 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. As you do not have Committer status in this project an existing Committer must agree to sponsor your change. Possible candidates are the reviewers of this PR (@xmas92, @iklam, @tschatzl) but any other Committer may sponsor as well. ➡️ To flag this PR as ready for integration with the above commit message, type |
@quadhier Do you actually use I have filed https://bugs.openjdk.org/browse/JDK-8308575 for removing this flag. |
Great, maybe I could also help with it. I don't use this flag in production myself. |
/integrate |
Hi, @iklam could you please sponsor this change? Thanks in advance! |
Actually there's already a bug filed for the same issue. See https://bugs.openjdk.org/browse/JDK-8299915 and #11931 |
/sponsor |
Going to push as commit f99ad11.
Your commit was automatically rebased without conflicts. |
This patch should fix JDK-8302218.
In destructor of
CHeapBitMap
, it invokesfree()
to free allocated memory:jdk/src/hotspot/share/utilities/bitMap.cpp
Lines 133 to 135 in b3cb82b
free()
's argument should be size in words, according to:jdk/src/hotspot/share/utilities/bitMap.cpp
Lines 141 to 143 in b3cb82b
But the destructor pass the argument of
size()
(which returns_size
). It is "size in bits" according tojdk/src/hotspot/share/utilities/bitMap.hpp
Lines 63 to 65 in b3cb82b
Instead, it should use the return value of
size_in_words()
to invokefree()
.Once
ArrayAllocatorMallocLimit
option is set,munmap()
may be used byfree()
, which does use the size argument and this may cause crash.I have tested this patch for tier 1-3 on x86-64 linux.
Progress
Issue
Reviewers
Reviewing
Using
git
Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/14079/head:pull/14079
$ git checkout pull/14079
Update a local copy of the PR:
$ git checkout pull/14079
$ git pull https://git.openjdk.org/jdk.git pull/14079/head
Using Skara CLI tools
Checkout this PR locally:
$ git pr checkout 14079
View PR using the GUI difftool:
$ git pr show -t 14079
Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/14079.diff
Webrev
Link to Webrev Comment