From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tarantool-patches-bounces@dev.tarantool.org>
Received: from [87.239.111.99] (localhost [127.0.0.1])
	by dev.tarantool.org (Postfix) with ESMTP id 3791CE3F09A;
	Mon,  8 Jul 2024 15:27:21 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 3791CE3F09A
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev;
	t=1720441641; bh=+xwgTZsCvl+/xdZ36wlixmmxh3HVuWQcoNavxSVI9zo=;
	h=To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:From;
	b=MJmXLusLPas3nBzKgbThm/xy0Jagm4NSA2Ur2EylARkVamynlrUOXh56R6E3psvfM
	 MVkBpRwP1v9RPPABqqpEY5TwuwJWnnKOQaENxdP0WjK029nV+ZJQ/8gA1ST853S0Dp
	 ZI57/qLMbFco5mJagZjCnzsotXP2NEBWKwyjGLw4=
Received: from mail-lf1-f52.google.com (mail-lf1-f52.google.com
 [209.85.167.52])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id 2047EE3F080
 for <tarantool-patches@dev.tarantool.org>;
 Mon,  8 Jul 2024 15:27:19 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 2047EE3F080
Received: by mail-lf1-f52.google.com with SMTP id
 2adb3069b0e04-52eafec1e84so141375e87.0
 for <tarantool-patches@dev.tarantool.org>;
 Mon, 08 Jul 2024 05:27:19 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1720441638; x=1721046438;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=rPkrI8bHBKZTvAe0Otv8hlKT31LKBAa3EcvfEKuYhCQ=;
 b=Qn3YJARDjTA4mW5LDrjYH23gDJB2iwqHdbZ2NzRkszu/gMeF1x/P4edCxSYC2o9OgN
 MX0NaWzIOqY5xxbDDWR2STZrYYGcR7mdgzqAxBGDEEEhSczJLZatK7702s6GemeHZmvB
 921xDcjOsXdBG6BF9NUPRvBGJq4cJyKvOo37r+LmMkg/ZTEOhy+haDsJpIqAos5egm3r
 /vVU4jqrdw41rHNP/eF/Rnm2+06u42VFrBQTXfHhBreF59S6SDGAM+AVfVzZK9CuLOuT
 fiYiUtww1RoW6VbYtixLIMdDEJTK9aAax8ykzZ7+3yoKyJcRinngA7wYUynGC/M0Ipqm
 Kz6g==
X-Gm-Message-State: AOJu0YzERTVvGX2y34CCCUnSDT6ojPCEX8mNCHa4KXg++br8pzGPcIio
 fW1cfm1LH13YfvGckAfXeg+Pxutrbc/GPoJtwZV4HEGO+yFgyiWD7N3YqNeM
X-Google-Smtp-Source: AGHT+IHL0Ehvk/rrT2EGaUDmwgPNGbdkhaorP1W4V4/465/2QdYx3h5mOHbF//B+TBF9De65ofTRdw==
X-Received: by 2002:ac2:5f9b:0:b0:52c:dbe6:f5f9 with SMTP id
 2adb3069b0e04-52ea061851amr8912379e87.12.1720441637829; 
 Mon, 08 Jul 2024 05:27:17 -0700 (PDT)
Received: from pony.mail.msk ([5.181.62.98]) by smtp.gmail.com with ESMTPSA id
 2adb3069b0e04-52eab036662sm603876e87.4.2024.07.08.05.27.16
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 08 Jul 2024 05:27:17 -0700 (PDT)
To: tarantool-patches@dev.tarantool.org, Sergey Kaplun <skaplun@tarantool.org>,
 Maxim Kokryashkin <m.kokryashkin@tarantool.org>
Date: Mon,  8 Jul 2024 15:26:11 +0300
Message-Id: <cover.1720441244.git.sergeyb@tarantool.org>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: [Tarantool-patches] [PATCH luajit 0/2] Fix cdata finalizer table
X-BeenThere: tarantool-patches@dev.tarantool.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
From: Sergey Bronnikov via Tarantool-patches
 <tarantool-patches@dev.tarantool.org>
Reply-To: Sergey Bronnikov <estetus@gmail.com>
Errors-To: tarantool-patches-bounces@dev.tarantool.org
Sender: "Tarantool-patches" <tarantool-patches-bounces@dev.tarantool.org>

From: Sergey Bronnikov <sergeyb@tarantool.org>

Branch: https://github.com/tarantool/luajit/tree/ligurio/lj-1168-heap-use-after-free-on-access-to-CTState-finalizer-nointegration
NOTE: Jobs with Tarantool regression tests has failed because
patch "FFI: Turn FFI finalizer table into a proper GC root."
broke Tarantool build and fix (see below) must be applied before
a bump to LuaJIT version with proposed patches.

Branch with fix in Tarantool: https://github.com/ligurio/tarantool/tree/ligurio/lj-1168-heap-use-after-free-on-access-to-CTState-finalizer
Issues:
- https://github.com/luaJIT/luaJIT/issues/1168
- https://github.com/tarantool/tarantool/issues/10199

Mike Pall (2):
  FFI: Treat cdata finalizer table as a GC root.
  FFI: Turn FFI finalizer table into a proper GC root.

 src/lib_ffi.c                                 |  20 +--
 src/lj_cdata.c                                |   2 +-
 src/lj_ctype.c                                |  12 ++
 src/lj_ctype.h                                |   2 +-
 src/lj_gc.c                                   |  38 ++---
 src/lj_obj.h                                  |   3 +
 src/lj_state.c                                |   3 +
 ...free-on-access-to-CTState-finalizer.test.c | 147 ++++++++++++++++++
 ...ee-on-access-to-CTState-finalizer.test.lua |  18 +++
 9 files changed, 204 insertions(+), 41 deletions(-)
 create mode 100644 test/tarantool-c-tests/lj-1168-heap-use-after-free-on-access-to-CTState-finalizer.test.c
 create mode 100644 test/tarantool-tests/lj-1168-heap-use-after-free-on-access-to-CTState-finalizer.test.lua

-- 
2.34.1