-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
8332865: ubsan: os::attempt_reserve_memory_between reports overflow #19543
Conversation
👋 Welcome back mbaesken! A progress list of the required criteria for merging this PR into |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thanks for taking care of this.
@MBaesken This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be:
You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 47 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
Webrevs
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this better than fixing the overflow that causes the undefined behavior? IIUC, the current overflow checks is causing UB and that allows the compiler to do whatever, for example skip the return?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are you sure about the triggering code? I don't see anything in that snippet
that might overflow. The error message in JBS says the failure in on line
1928, but that doesn't look right either.
The calculation of lo_att seems like it could potentially overflow, and the
check is commented as being for overflow.
src/hotspot/share/runtime/os.cpp
Outdated
@@ -1889,6 +1889,9 @@ static void hemi_split(T* arr, unsigned num) { | |||
|
|||
// Given an address range [min, max), attempts to reserve memory within this area, with the given alignment. | |||
// If randomize is true, the location will be randomized. | |||
#if defined(__clang__) || defined(__GNUC__) | |||
__attribute__((no_sanitize("undefined"))) | |||
#endif |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this attribute addition should be made. I agree with @stefank that we should be eliminating the
potential overflow, since the compiler (without ubsan) is within its rights to discard a pointer overflow check,
since pointer overflow is UB.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From what I saw and got info from Thomas, my impression was that the method contains already overflow handling.
But if you think the current overflow handling is not 'good enough' , maybe it needs improvement.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I am more confused now than I was initially :) If you provide us with the requested info, maybe we can shed light onto this one.
I know that I spend a lot of time with this code, making sure all corner cases are clean. Therefore I am curious what ubsan digged up.
Hmm, this is partly my fault. It's my code, and Matthias asked me before whether I could spot any error, which I could not, so I adviced him to mute ubsan. I added the callstack Matthias sent me to the JBS issue. Looking closely, the error line number makes no sense. Maybe it was not in mainline, but an older JDK version? This function is called in a gtest (attempt_reserve_memory_between_combos) that tries every possible combination (even very unlikely) of range boundaries,alignments,allocation size. ubsan says that the pointer that overflowed originally was 0x1000. The only address that can be 0x1000 around the failing line number is @MBaesken : Can you please:
Also, on the box where we see the error, can you please add the print out for |
I rebuilt with current sources from this morning. Here is the stack from this src/hotspot/share/runtime/os.cpp:1938:34: runtime error: pointer index expression with base 0x000000001000 overflowed to 0xfffffffffffff000 |
btw. sysctl gives me |
Okay, I re-run the ubsan test manually on my local x64 machine. With logging, and after squashing about a zillion unrelated ubsan errors, I see:
So, the size of the mapping to be placed is larger than even the upper range boundary. The fix is simple:
|
I just ran the test with -Xlog:os+map=debug and got the same debug output.
Thanks for suggesting the fix; should I just add this to the PR instead of disabling ubsan for the method ?
Yeah there are unfortunately still a few ones remaining (I opened already JBS issues for most of them so the situation improves slowly) . |
Yes, please just use this one. Disabling is not needed.
Good job in hunting those, this is useful work |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. If checks are green and ubsan is happy, good to go.
Hi Christoph and Thomas, thanks for the reviews ! /integrate |
Going to push as commit 8de5d20.
Your commit was automatically rebased without conflicts. |
When running by ubsan-enabled binaries on Linux x86_64, os::attempt_reserve_memory_between reports overflows.
This happens in the :tier1 tests ( gtest/LargePageGtests_use-large-pages.jtr )
"runtime error: pointer index expression with base 0x000000001000 overflowed to 0xfffffffffffff000"
This coding triggers the ubsan issue
However the function already contains overflow handling, so probably it is sufficient to add an attribute to the function os::attempt_reserve_memory_between to disable ubsan checks for this function.
Progress
Issue
Reviewers
Reviewing
Using
git
Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/19543/head:pull/19543
$ git checkout pull/19543
Update a local copy of the PR:
$ git checkout pull/19543
$ git pull https://git.openjdk.org/jdk.git pull/19543/head
Using Skara CLI tools
Checkout this PR locally:
$ git pr checkout 19543
View PR using the GUI difftool:
$ git pr show -t 19543
Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/19543.diff
Webrev
Link to Webrev Comment