8266742: Check W^X state on possible safepoint #3920
Conversation
|
👋 Welcome back akozlov! A progress list of the required criteria for merging this PR into |
|
@AntonKozlov The following label will be automatically applied to this pull request:
When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command. |
Webrevs
|
src/hotspot/os/bsd/globals_bsd.hpp
Outdated
| range, \ | ||
| constraint) \ | ||
| \ | ||
| AARCH64_ONLY(develop(bool, WXCheckAtSafepoint, false, \ |
There was a problem hiding this comment.
Why not enable always as this is a develop build? Do we even need to manage this on a flag?
Also not really "safepoint" as the check also applies to handshakes.
There was a problem hiding this comment.
Even in debug builds the check may be too assertive. This check exposes 22 failures in tier1 in jfr, gc, compiler, serviceability, and foreign (hope to be fixed soon), and they look like actual possible issues. So I suggest to have the option but keep it disabled. But if one meets with something similar to JDK-8265292, then it will be possible to reproduce otherwise intermittent crash.
|
Thanks! I've changed the option and the method name. |
| @@ -65,6 +65,16 @@ bool SafepointMechanism::should_process(JavaThread* thread) { | |||
| } | |||
|
|
|||
| void SafepointMechanism::process_if_requested(JavaThread* thread) { | |||
There was a problem hiding this comment.
Looking at the stack from the crash:
V [libjvm.dylib+0x8c1060] _ZN21MarkActivationClosure12do_code_blobEP8CodeBlob+0x3c
V [libjvm.dylib+0x8fea78] _ZN10JavaThread11nmethods_doEP15CodeBlobClosure+0x84
V [libjvm.dylib+0x401100] _ZN14HandshakeState18process_self_innerEv+0x18c
V [libjvm.dylib+0x400f60] _ZN14HandshakeState15process_by_selfEv+0x48
V [libjvm.dylib+0x832690] _ZN18SafepointMechanism25process_if_requested_slowEP10JavaThread+0x54
V [libjvm.dylib+0x8fe4b8] _ZN10JavaThread44check_safepoint_and_suspend_for_native_transEPS_+0x24
V [libjvm.dylib+0x92395c] _ZN19ProgrammableInvoker13invoke_nativeEPFvPhES0_P10JavaThread+0x118
V [libjvm.dylib+0x923aa8] PI_invokeNative+0x104
J 2565 jdk.internal.foreign.abi.ProgrammableInvoker.invokeNative(JJ)V jdk.incubator.foreign@17-ea (0 bytes) @ 0x00000001189eeed0
why aren't we adding the assertion closer to the frame that crashed, where we need it, like for example:
HandshakeState::process_self_inner()
There was a problem hiding this comment.
If we push the check too low we only do it when we hit this code and there is something to process, but we want to detect when we reach this code in the wrong state even if we wouldn't actually crash at this time due to there not being an active poll.
David
There was a problem hiding this comment.
David, thanks, this is exactly how it meant to be.
The crash happens when a thread is synchronized for MarkActivationClosure. Having the check in the HandshakeState::process_self_inner would catch the wrong state when a thread is synchronized also for something else. The patch catches the wrong state if a thread polls synchronization, it does not need to actually synchronize to trigger the check. So we'll catch more.
|
@AntonKozlov This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 141 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
|
Thank you for reviews! /integrate |
openjdk
bot
added
integrated
|
@AntonKozlov Since your change was applied there have been 143 commits pushed to the
Your commit was automatically rebased without conflicts. Pushed as commit 3b11d81. 💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored. |
Hi,
Please review a check for W^X mode at safepoint. As described in the bug, this explicit check aims to catch the wrong W^X mode that may lead to a crash (such crashes are rather intermittent).
This check helped to verify the fix for https://bugs.openjdk.java.net/browse/JDK-8265292 and should help to discover similar issues. It is disabled by default to avoid unexpected failures in the regular use, but eventually it should be turned on unconditionally.
I still owe a complete W^X approach description. Hope this patch does not depend much on that.
Progress
Issue
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.java.net/jdk pull/3920/head:pull/3920$ git checkout pull/3920Update a local copy of the PR:
$ git checkout pull/3920$ git pull https://git.openjdk.java.net/jdk pull/3920/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 3920View PR using the GUI difftool:
$ git pr show -t 3920Using diff file
Download this PR as a diff file:
https://git.openjdk.java.net/jdk/pull/3920.diff