JDK-8257828: SafeFetch may crash if invoked in non-JavaThreads #1695
Conversation
|
👋 Welcome back stuefe! A progress list of the required criteria for merging this PR into |
Webrevs
|
|
@tstuefe This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 79 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
There was a problem hiding this comment.
if (info != NULL && uc != NULL && thread != NULL) {
So the cause of the problem is the thread != NULL in that test. And just
removing all of those would fix the problem.
But I agree that eliminating all the (near) copied variants and merging this
functionality into signals_posix is good.
This is unfortunate since SafeFetch is used [...]
Another place this hits is OopStorage, which uses SafeFetchN in two places.
Correct code shouldn't have a problem with one of them because the access
won't be invalid (if code is correct). But the other could be a problem,
though I think not seen in practice.
Might there be any similar problem on Windows?
This might be kind of related?
https://bugs.openjdk.java.net/browse/JDK-8185734
|
Hi, I made this work on Windows too (thanks @kimbarrett for reminding me). This involved fixing I excluded the I also fixed a small issue for AIX where the zero page is readable so we need another guaranteed-to-be-invalid address. Since we need invalid addresses in a number of places in text code, I plan to centralize this definition at some point. Thanks, Thomas |
| if (thread != nullptr && thread->is_Java_thread()) { | ||
| thread->as_Java_thread()->set_saved_exception_pc((address)(DWORD_PTR)exceptionInfo->ContextRecord->PC_NAME); |
There was a problem hiding this comment.
Is this a full fix? If the thread is not a JavaThread we no longer hit a problem in as_Java_thread() but is doing nothing for a non-JavaThread actually the right thing to do?
There was a problem hiding this comment.
The saved_exception_pc mechanism is only implemented for JavaThreads. But all threads go through the code below, where we change the pc in the context structure.
|
Mailing list message from David Holmes on hotspot-runtime-dev: On 14/12/2020 3:24 pm, Thomas Stuefe wrote:
My query is whether it makes sense for only JavaThreads to have this Thanks, |
IIUC, JavaThread::_saved_exception_pc contains the pc from which a safepoint was triggered, and to which we may want to return once the safepoint was handled. Safepoint handling only works for java threads, so limiting this to JavaThread makes sense. |
|
Mailing list message from David Holmes on hotspot-runtime-dev: On 14/12/2020 6:34 pm, Thomas Stuefe wrote:
I see now that it relates to the safepoint polling page exception. Thanks, |
|
/integrate |
openjdk
bot
added
integrated
|
@tstuefe Since your change was applied there have been 99 commits pushed to the
Your commit was automatically rebased without conflicts. Pushed as commit 3ab1dfe. 💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored. |
In our primary hotspot signal handlers, SafeFetch handling is limited to JavaThread objects:
As a result of this, using SafeFetch may crash non-JavaThreads if the location is invalid. E.g. using SafeFetch inside a VMOperation may crash the VM.
This is unfortunate since SafeFetch is used for os::is_readable_pointer() which explicitly promises to not crash. It is used e.g. in os::print_hex_dump(). There is also no reason why SafeFetch would not work for non-JavaThreads. In fact, SafeFetch handling for the secondary signal handler works just fine for all threads.
The patch makes handling of SafeFetch faults independent on whether the crashing thread is a JavaThread (indeed, whether we have a current Thread at all). This had been the case for AIX and Linux ppc, s390 before, since we already fixed this issue for our platform, so we know this works.
I also hauled the SafeFetch handling out of the platform dependent part of the signal handler into the generic signal handler. This removes some duplicate coding.
To be consistent, I moved the SafeFetch handling for Zero up into the generic signal handler too. Zero did not have a problem, but this reduces code.
I added a gtest which reproduces the issue and used that to check that the patch works.
Thanks, Thomas
Progress
Issue
Reviewers
Download
$ git fetch https://git.openjdk.java.net/jdk pull/1695/head:pull/1695$ git checkout pull/1695