From: Igor Munkin <imun@tarantool.org> To: Sergey Ostanevich <sergos@tarantool.org>, Sergey Kaplun <skaplun@tarantool.org> Cc: tarantool-patches@dev.tarantool.org Subject: [Tarantool-patches] [PATCH luajit] x64: Fix __call metamethod return dispatch. Date: Fri, 4 Dec 2020 16:42:37 +0300 [thread overview] Message-ID: <a0b974caa57b980eddaf94ce26f2c7968855e95b.1607088022.git.imun@tarantool.org> (raw) From: Mike Pall <mike> After linking new cframe to the chain KBASEa still stores the address of the previous one. If the execution proceeds to <lj_vmeta_call> KBASE value (i.e. low 32 bits of the stored address) might be equal to the current BASE address value so the execution takes the invalid path. Such address clashing occurs only on x86_64 platform with disabled LJ_GC64, so 64-bit registers have to be compared in x64 build. NB: Though there is only 32-bit load to restore BASE value prior to the comparison, the high 32 bits of RDX are reset to zeros, according to x86 long mode semantics. Igor Munkin: * backported the original patch to tarantool/luajit repo * extended the original commit message with the rationale For more info and explanation see LuaJIT/LuaJIT#636. Relates to tarantool/tarantool#4518 Relates to tarantool/tarantool#4649 Signed-off-by: Igor Munkin <imun@tarantool.org> --- Issues: * https://github.com/tarantool/tarantool/issues/4518 * https://github.com/tarantool/tarantool/issues/4649 Branch: * https://github.com/tarantool/luajit/tree/imun/gh-4518-cmp-64-bit-regs-in-vmeta-call CI is kinda green, considering C6 EOL and the corresponding failures: * https://gitlab.com/tarantool/tarantool/-/pipelines/225349795 @ChangeLog: * Fixed address clashing occurring while __call metamethod dispatching (gh-4518, gh-4649). Unfortunately, there is neither test nor reproducer for this failure, so we'll know that the patch works only on production installations. src/vm_x86.dasc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/vm_x86.dasc b/src/vm_x86.dasc index 56bee14..d76fbe3 100644 --- a/src/vm_x86.dasc +++ b/src/vm_x86.dasc @@ -1374,7 +1374,11 @@ static void build_subroutines(BuildCtx *ctx) | mov LFUNC:RB, [RA-8] | add NARGS:RD, 1 | // This is fragile. L->base must not move, KBASE must always be defined. + |.if x64 + | cmp KBASEa, rdx // Continue with CALLT if flag set. + |.else | cmp KBASE, BASE // Continue with CALLT if flag set. + |.endif | je ->BC_CALLT_Z | mov BASE, RA | ins_call // Otherwise call resolved metamethod. -- 2.25.0
next reply other threads:[~2020-12-04 13:42 UTC|newest] Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-12-04 13:42 Igor Munkin [this message] 2020-12-04 14:14 ` Sergey Kaplun 2020-12-04 14:35 ` Igor Munkin 2020-12-04 15:40 ` Sergey Ostanevich 2020-12-04 16:22 ` Igor Munkin 2020-12-04 16:24 ` Igor Munkin 2020-12-04 16:46 ` Alexander V. Tikhonov 2020-12-04 17:03 ` Igor Munkin 2020-12-07 9:37 ` Kirill Yukhin
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=a0b974caa57b980eddaf94ce26f2c7968855e95b.1607088022.git.imun@tarantool.org \ --to=imun@tarantool.org \ --cc=sergos@tarantool.org \ --cc=skaplun@tarantool.org \ --cc=tarantool-patches@dev.tarantool.org \ --subject='Re: [Tarantool-patches] [PATCH luajit] x64: Fix __call metamethod return dispatch.' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox