From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp63.i.mail.ru (smtp63.i.mail.ru [217.69.128.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id CCCC745C305 for ; Fri, 4 Dec 2020 18:40:55 +0300 (MSK) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) From: Sergey Ostanevich In-Reply-To: Date: Fri, 4 Dec 2020 18:40:53 +0300 Content-Transfer-Encoding: quoted-printable Message-Id: <4865FA83-2678-4DC6-BF45-273617601613@tarantool.org> References: Subject: Re: [Tarantool-patches] [PATCH luajit] x64: Fix __call metamethod return dispatch. List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Igor Munkin Cc: tarantool-patches@dev.tarantool.org Hi!=20 Thanks for the patch, LGTM. Sergos > On 4 Dec 2020, at 16:42, Igor Munkin wrote: >=20 > From: Mike Pall >=20 > After linking new cframe to the chain KBASEa still stores the address = of > the previous one. If the execution proceeds to KBASE > value (i.e. low 32 bits of the stored address) might be equal to the > current BASE address value so the execution takes the invalid path. = Such > address clashing occurs only on x86_64 platform with disabled LJ_GC64, > so 64-bit registers have to be compared in x64 build. >=20 > NB: Though there is only 32-bit load to restore BASE value prior to = the > comparison, the high 32 bits of RDX are reset to zeros, according to = x86 > long mode semantics. >=20 > Igor Munkin: > * backported the original patch to tarantool/luajit repo > * extended the original commit message with the rationale >=20 > For more info and explanation see LuaJIT/LuaJIT#636. >=20 > Relates to tarantool/tarantool#4518 > Relates to tarantool/tarantool#4649 >=20 > Signed-off-by: Igor Munkin > --- >=20 > Issues: > * https://github.com/tarantool/tarantool/issues/4518 > * https://github.com/tarantool/tarantool/issues/4649 > Branch: > * = https://github.com/tarantool/luajit/tree/imun/gh-4518-cmp-64-bit-regs-in-v= meta-call >=20 > CI is kinda green, considering C6 EOL and the corresponding failures: > * https://gitlab.com/tarantool/tarantool/-/pipelines/225349795 >=20 > @ChangeLog: > * Fixed address clashing occurring while __call metamethod dispatching > (gh-4518, gh-4649). >=20 > Unfortunately, there is neither test nor reproducer for this failure, = so > we'll know that the patch works only on production installations. >=20 > src/vm_x86.dasc | 4 ++++ > 1 file changed, 4 insertions(+) >=20 > diff --git a/src/vm_x86.dasc b/src/vm_x86.dasc > index 56bee14..d76fbe3 100644 > --- a/src/vm_x86.dasc > +++ b/src/vm_x86.dasc > @@ -1374,7 +1374,11 @@ static void build_subroutines(BuildCtx *ctx) > | mov LFUNC:RB, [RA-8] > | add NARGS:RD, 1 > | // This is fragile. L->base must not move, KBASE must always be = defined. > + |.if x64 > + | cmp KBASEa, rdx // Continue with CALLT if flag = set. > + |.else > | cmp KBASE, BASE // Continue with CALLT if flag = set. > + |.endif > | je ->BC_CALLT_Z > | mov BASE, RA > | ins_call // Otherwise call resolved = metamethod. > --=20 > 2.25.0 >=20