From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tarantool-patches-bounces@dev.tarantool.org>
Received: from [87.239.111.99] (localhost [127.0.0.1])
	by dev.tarantool.org (Postfix) with ESMTP id BF813EA19EA;
	Tue,  9 Jul 2024 13:46:23 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org BF813EA19EA
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev;
	t=1720521983; bh=7/Xy57oYJc7bP/oiQ/LxcnzvTbFhMenrk1kPBdjSIY4=;
	h=To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:From;
	b=KLILdamL/glKOxPR/j4kxhT65K+cqtdz9Btb4nkpfm3Odi3JV/3U0S4LNnCHnXkKl
	 sSO1p11v08WloPPNMxWV8y/Dt9pUfhLfc3quX1kJx1paj+FEQBVMssSpRYaMuQmFX2
	 H/yoEtz52viQrtbZ1OtdUdLNjJTBU9OskJkmPm38=
Received: from mail-lj1-f169.google.com (mail-lj1-f169.google.com
 [209.85.208.169])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id 59A89EA19C0
 for <tarantool-patches@dev.tarantool.org>;
 Tue,  9 Jul 2024 13:46:22 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 59A89EA19C0
Received: by mail-lj1-f169.google.com with SMTP id
 38308e7fff4ca-2ee88c4443eso52574511fa.3
 for <tarantool-patches@dev.tarantool.org>;
 Tue, 09 Jul 2024 03:46:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1720521981; x=1721126781;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=HWtgiiKWpWQhtxHfHMbzzdyfwJI2Yw6aWT6mgWuPy8c=;
 b=BX0fqXo1d02+zwa7w4l98gxLS6sK04npUEl+dRyG0YNW794BKU5ap1pvMNfaI96wz3
 Shj2zhd7suVIjt3Jl1DHcvR7kNTT6TEMD73RjwEwpkctlhasBldnGO/76PFWHEYIEPta
 TUMU2ELpI+SEpc9IiKKsuBcZ4mr1Ol31xv9tcTkDUzCUDzFe5mNdVYAHn06JTOuk6uDD
 caDAFF3FxQnCHr3EqZvPd6SvhKz+ZIleNNssq+TB2ZBw/x+m96lXHlmvuub0oZEhSxGh
 Paz2QAiNiBzbqckMdi0sOKJiDP2BLhx9k+DR0RSVCpALwmXVtjC/ieBj8T99h71vE9jD
 O0tQ==
X-Gm-Message-State: AOJu0YzLLQ6ZnztX1p7M7tJSf8VuuJ6ND9gjI3dI7REwPjwVX6Zi71Yz
 kI/AvIdhauk537wamwzuRZhw1fllTu/iWfkX6MSKUGGiQTbWJWP86r+/tr18
X-Google-Smtp-Source: AGHT+IGOCp/klnI4FFl4L/3BP4HAihLLjYh+YyDFxgH9pF7HJ1saLyuo7VvHnpT3tYkjffuDfXqXlQ==
X-Received: by 2002:a05:651c:1306:b0:2e5:61f4:2c11 with SMTP id
 38308e7fff4ca-2eeb318dc52mr15646901fa.45.1720521980015; 
 Tue, 09 Jul 2024 03:46:20 -0700 (PDT)
Received: from pony.bronevichok.ru ([79.164.223.111])
 by smtp.gmail.com with ESMTPSA id
 38308e7fff4ca-2eeb34751cesm1712771fa.93.2024.07.09.03.46.19
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 09 Jul 2024 03:46:19 -0700 (PDT)
To: tarantool-patches@dev.tarantool.org, Sergey Kaplun <skaplun@tarantool.org>,
 Maxim Kokryashkin <m.kokryashkin@tarantool.org>
Date: Tue,  9 Jul 2024 13:45:46 +0300
Message-Id: <cover.1720521873.git.sergeyb@tarantool.org>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: [Tarantool-patches] [PATCH luajit 0/2][v2] Fix cdata finalizer table
X-BeenThere: tarantool-patches@dev.tarantool.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
From: Sergey Bronnikov via Tarantool-patches
 <tarantool-patches@dev.tarantool.org>
Reply-To: Sergey Bronnikov <estetus@gmail.com>
Errors-To: tarantool-patches-bounces@dev.tarantool.org
Sender: "Tarantool-patches" <tarantool-patches-bounces@dev.tarantool.org>

From: Sergey Bronnikov <sergeyb@tarantool.org>

Branch: https://github.com/tarantool/luajit/tree/ligurio/lj-1168-heap-use-after-free-on-access-to-CTState-finalizer-nointegration
NOTE: Jobs with Tarantool regression tests has failed because
patch "FFI: Turn FFI finalizer table into a proper GC root."
broke Tarantool build and fix (see below) must be applied before
a bump to LuaJIT version with proposed patches.

Branch with fix in Tarantool: https://github.com/ligurio/tarantool/tree/ligurio/lj-1168-heap-use-after-free-on-access-to-CTState-finalizer
Issues:
- https://github.com/luaJIT/luaJIT/issues/1168
- https://github.com/tarantool/tarantool/issues/10199

Mike Pall (2):
  FFI: Treat cdata finalizer table as a GC root.
  FFI: Turn FFI finalizer table into a proper GC root.

 src/lib_ffi.c                                 |  20 +---
 src/lj_cdata.c                                |   2 +-
 src/lj_ctype.c                                |  12 ++
 src/lj_ctype.h                                |   2 +-
 src/lj_gc.c                                   |  38 +++---
 src/lj_obj.h                                  |   3 +
 src/lj_state.c                                |   3 +
 ...free-on-access-to-CTState-finalizer.test.c | 108 ++++++++++++++++++
 ...ee-on-access-to-CTState-finalizer.test.lua |  18 +++
 9 files changed, 165 insertions(+), 41 deletions(-)
 create mode 100644 test/tarantool-c-tests/lj-1168-heap-use-after-free-on-access-to-CTState-finalizer.test.c
 create mode 100644 test/tarantool-tests/lj-1168-heap-use-after-free-on-access-to-CTState-finalizer.test.lua

-- 
2.34.1