From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 496B513D3EFD; Tue, 10 Jun 2025 19:03:47 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 496B513D3EFD DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1749571427; bh=WRXoHYclKKeNfGqEyGQYHqB4ZMjviNFP4cRtgrOp7GU=; h=Date:To:Cc:References:In-Reply-To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=XXutzcXxhcxOx16epIQz+C/ZgBH50l1J/mJAL2GdMwsqFPEM/q4Ureq0rf61srR/g Y0xb6AmCwxBk098N1S6cOBbrY3t5NrBzpllK569toy2aMsv3AhnxL1th7upa16D2JV pmRZj95/Wd6ssPM6OQLdF4C37vPSo7duk4+K+U2s= Received: from send103.i.mail.ru (send103.i.mail.ru [89.221.237.198]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 0C98013D3EFD for ; Tue, 10 Jun 2025 19:03:46 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 0C98013D3EFD Received: by exim-smtp-85b97957d7-w9h5v with esmtpa (envelope-from ) id 1uP1Rx-000000005Xg-00Wx; Tue, 10 Jun 2025 19:03:45 +0300 Date: Tue, 10 Jun 2025 19:03:49 +0300 To: Sergey Bronnikov Cc: tarantool-patches@dev.tarantool.org Message-ID: References: <7644f7c143f38426718039d1fefb6626335bf10b.1749550966.git.skaplun@tarantool.org> <17a7c30a-246b-40f1-a63c-a6e09beffdc6@tarantool.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <17a7c30a-246b-40f1-a63c-a6e09beffdc6@tarantool.org> X-Mailru-Src: smtp X-4EC0790: 10 X-7564579A: EEAE043A70213CC8 X-77F55803: 4F1203BC0FB41BD9186843A488DB0002F5E220F3556F92296BF3943151A02FCB1313CFAB8367EF908E2BE116634AD74DB0C11903209C8E26D27678DDAA806314187462F553422AA1D93F51113960BA018472923344694FB0 X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE7922E451CE6E839B1EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637AC83A81C8FD4AD23D82A6BABE6F325AC2E85FA5F3EDFCBAA7353EFBB553375668906014A252870FC2BAC5D17EAB814288BC31E284B50B00ECC61FD6DA94DBE0E389733CBF5DBD5E913377AFFFEAFD269176DF2183F8FC7C0A3E989B1926288338941B15DA834481FCF19DD082D7633A0EF3E4896CB9E6436389733CBF5DBD5E9D5E8D9A59859A8B6D52CD31C43BF465FCC7F00164DA146DA6F5DAA56C3B73B237318B6A418E8EAB86D1867E19FE14079C09775C1D3CA48CF3D321E7403792E342EB15956EA79C166A417C69337E82CC275ECD9A6C639B01B78DA827A17800CE7B2B7C64F398C7410731C566533BA786AA5CC5B56E945C8DA X-C1DE0DAB: 0D63561A33F958A5C439C5036AC36D0F5002B1117B3ED696FDD0A06D0522D8C84A0A47EBA01A636A823CB91A9FED034534781492E4B8EEAD3CCD70CEBBF18A22BDAD6C7F3747799A X-C8649E89: 1C3962B70DF3F0ADBF74143AD284FC7177DD89D51EBB7742424CF958EAFF5D571004E42C50DC4CA955A7F0CF078B5EC49A30900B95165D3467D08F30473A5842CE7F540BAF374C042B457290A5FF42680DE51FB425BEF7D0F0024DDF4B3B02AB1D7E09C32AA3244C5B49F5139B50708377DD89D51EBB77421A46D4768FE3E17FEA455F16B58544A2E30DDF7C44BCB90DA5AE236DF995FB59829709634694AABAED6A17656DB59BCAD427812AF56FC65B X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu53w8ahmwBjZKM/YPHZyZHvz5uv+WouB9+ObcCpyrx6l7KImUglyhkEat/+ysWwi0gdhEs0JGjl6ggRWTy1haxBpVdbIX1nthFXMZebaIdHP2ghjoIc/363UZI6Kf1ptIMVSykAyseJQ6/On3K8LIj2MI= X-DA7885C5: F1F0164B9CFDD0CCF255D290C0D534F944B758A743A15DD79AB2DF6E6CB894733043426CEF6F3B765B1A4C17EAA7BC4BEF2421ABFA55128DAF83EF9164C44C7E X-Mailru-Sender: 689FA8AB762F7393FE9E42A757851DB602DDC3965684CB4793BD25662E7F3F3B4C1912B1B9C847ABE49D44BB4BD9522A059A1ED8796F048DB274557F927329BE89D5A3BC2B10C37545BD1C3CC395C826B4A721A3011E896F X-Mras: Ok Subject: Re: [Tarantool-patches] [PATCH luajit 1/2] Handle partial snapshot restore due to stack overflow. X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Sergey Kaplun via Tarantool-patches Reply-To: Sergey Kaplun Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" Hi, Sergey! Thanks for the review! Fixed your comment and force-pushed the branch. On 10.06.25, Sergey Bronnikov wrote: > Hello, Sergey! > > Thanks for the patch! LGTM with a minor below. > > Sergey > > On 6/10/25 13:28, Sergey Kaplun wrote: > > From: Mike Pall > > > > Reported by pwnhacker0x18. Fixed by Peter Cawley. > > > > (cherry picked from commit 811c5322c8ab6bdbb6784cd43aa57041a1cc9360) > > > > `lj_snap_restore()` restores the PC for the inner cframe, but not the > > outer (before the protected call to the `trace_exit_cp()`). If the stack > > overflow is observed during the further snapshot restoration, it doesn't > > fix up the outer cframe's PC. After that, in the following error > > rethrowing from the right C frame, in case of error handler set, the > > stack overflow error may be raised again, and with an incorrect value of > > the PC for that frame, it leads to the crash in the `debug_framepc()`. > > > > This patch prevents it by inserting the special pseudo-valid value `L`. > > Unfortunately, this leads to the uninitialized reads by the > > `debug_framepc()` (by the address `L - 4`), if the error handler > > observes the resulted PC. This will be fixed in the next patch. > > > > Sergey Kaplun: > > * added the description and the test for the problem > > > > Part of tarantool/tarantool#11278 > > --- > > +-- This function starts the first trace. > > +local function recursive_f() > > + -- Function with the single result to cause the trace stitching. > > + tonumber('') > > + -- Prereserved stack space before the call. > > + -- luacheck: no unused > > + local _, _, _, _, _, _, _, _, _, _, _ > > + -- Link from the stitched trace to the parent one. > > + recursive_f() > > + -- Additional stack required for the snapshot restoration. > /stack/stack space/? Rephrased: =================================================================== diff --git a/test/tarantool-tests/lj-1196-partial-snap-restore.test.lua b/test/tarantool-tests/lj-1196-partial-snap-restore.test.lua index 8ee8f673..4ab78d31 100644 --- a/test/tarantool-tests/lj-1196-partial-snap-restore.test.lua +++ b/test/tarantool-tests/lj-1196-partial-snap-restore.test.lua @@ -31,7 +31,7 @@ local function recursive_f() local _, _, _, _, _, _, _, _, _, _, _ -- Link from the stitched trace to the parent one. recursive_f() - -- Additional stack required for the snapshot restoration. + -- Additional stack space required for the snapshot restoration. -- luacheck: no unused local _, _, _ end =================================================================== > > + -- luacheck: no unused > > + local _, _, _ > > +end > > + > > +-- Use coroutine wrap for the fixed stack size at the start. > > +coroutine.wrap(function() > > + -- XXX: Special stack slot offset. > > + -- luacheck: no unused > > + local _, _, _, _, _, _, _, _, _, _ > > + -- The error is observed only if we have the error handler set, > > + -- since we try to resize stack for its call. > > + xpcall(recursive_f, function() end) > > +end)() > > + > > +test:ok(true, 'no crash during snapshot restoring') > > + > > +test:done(true) -- Best regards, Sergey Kaplun