sgen marksweep-conc 64-bit pointer arithmetic fix for segfault #586
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
On 64-bit mono with marksweep-conc enabled, sgen_los_pin_object() would mistakenly set the cardtable_mod_union pointer field to 1 due to the incorrect pointer math in sgen_los_header_for_object()
Contributor
|
Could you release you patch under the MIT/X11 license? To do so, either state it here, on this pull request, or make a new pull request with such a comment on the commit message. |
Contributor
|
@kumpera For changes under 10 lines we do not need to request the MIT X11 statement or copyright license. |
Contributor
|
In such a case, we just need @schani to review & merge it. |
Contributor
|
Good catch. Thanks! |
schani
added a commit
that referenced
this pull request
Mar 4, 2013
[sgen] marksweep-conc 64-bit pointer arithmetic fix for segfault
picenka21
pushed a commit
to picenka21/runtime
that referenced
this pull request
Feb 18, 2022
…sizeof-fix [sgen] marksweep-conc 64-bit pointer arithmetic fix for segfault Commit migrated from mono/mono@3a87e57
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I turned on marksweep-conc on mono-3.0.6 on my 64-bit CentOS 6.2 system and got the following segfault when running some in-house software:
Thread 7 (Thread 0x7f604e580700 (LWP 12247)):
#0 0x00007f605cd6809d in __libc_waitpid (pid=, stat_loc=, options=) at ../sysdeps/unix/sysv/linux/waitpid.c:41
#1 0x000000000049c935 in mono_handle_native_sigsegv (signal=, ctx=) at mini-exceptions.c:2331
#2 0x00000000004f5cdb in mono_arch_handle_altstack_exception (sigctx=0x7f604e37fc40, fault_addr=, stack_ovf=0) at exceptions-amd64.c:884
#3 0x0000000000415239 in mono_sigsegv_signal_handler (_dummy=11, info=0x7f604e37fd70, context=0x7f604e37fc40) at mini.c:6371
#4
#5 sgen_los_update_cardtable_mod_union () at sgen-los.c:569
#6 0x00000000005c957b in major_update_or_finish_concurrent_collection (requested_size=8224, generation_to_collect=1, reason=0x6f49fa "Finish concurrent collection", wait_to_finish=0) at sgen-gc.c:3321
#7 sgen_perform_collection (requested_size=8224, generation_to_collect=1, reason=0x6f49fa "Finish concurrent collection", wait_to_finish=0) at sgen-gc.c:3415
#8 0x00000000005db3a3 in sgen_los_alloc_large_inner (vtable=vtable("System.Byte[]"), size=8224) at sgen-los.c:346
#9 0x00000000005e4383 in mono_gc_alloc_obj_nolock (vtable=vtable("System.Byte[]"), size=) at sgen-alloc.c:204
#10 0x00000000005e48fc in mono_gc_alloc_vector (vtable=vtable("System.Byte[]"), size=8224, max_length=8192) at sgen-alloc.c:472
(gdb) up 5
#5 sgen_los_update_cardtable_mod_union () at sgen-los.c:569
569 obj->cardtable_mod_union [i] |= start_card [i];
(gdb) p *obj
$1 = {next = 0x7f600ed01000, size = 839360, cardtable_mod_union = 0x1 <Address 0x1 out of bounds>, data = 0x7f600eb01000 ""}
Looks like cardtable_mod_union got set to 1 due to some bad pointer arithmetic.