ruby-changes:53098
From: k0kubun <ko1@a...>
Date: Tue, 23 Oct 2018 09:09:18 +0900 (JST)
Subject: [ruby-changes:53098] k0kubun:r65312 (trunk): mjit.c: prevent from accessing expired job
k0kubun 2018-10-23 09:09:10 +0900 (Tue, 23 Oct 2018) New Revision: 65312 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=65312 Log: mjit.c: prevent from accessing expired job Given that `copy_cache_from_main_thread()` breaks the loop when `stop_worker_p` is TRUE, memory of `job` allocated by `alloca` may be invalid if `stop_worker_p` is already TRUE. mjit_worker.c: explain why `copy_cache_from_main_thread()` should not stop checking `stop_worker_p`. Modified files: trunk/mjit.c trunk/mjit_worker.c Index: mjit_worker.c =================================================================== --- mjit_worker.c (revision 65311) +++ mjit_worker.c (revision 65312) @@ -1182,6 +1182,9 @@ copy_cache_from_main_thread(struct mjit_ https://github.com/ruby/ruby/blob/trunk/mjit_worker.c#L1182 return FALSE; CRITICAL_SECTION_START(3, "in MJIT copy job wait"); + /* checking `stop_worker_p` too because `RUBY_VM_CHECK_INTS(ec)` may not + lush mjit_copy_job_handler when EC_EXEC_TAG() is not TAG_NONE, and then + `stop_worker()` could dead lock with this function. */ while (!job->finish_p && !stop_worker_p) { rb_native_cond_wait(&mjit_worker_wakeup, &mjit_engine_mutex); verbose(3, "Getting wakeup from client"); Index: mjit.c =================================================================== --- mjit.c (revision 65311) +++ mjit.c (revision 65312) @@ -24,7 +24,15 @@ https://github.com/ruby/ruby/blob/trunk/mjit.c#L24 static void mjit_copy_job_handler(void *data) { - struct mjit_copy_job *job = (struct mjit_copy_job *)data; + struct mjit_copy_job *job; + if (stop_worker_p) { + /* `copy_cache_from_main_thread()` stops to wait for this job. Then job + data which is allocated by `alloca()` could be expired and we might + not be able to access that. */ + return; + } + + job = (struct mjit_copy_job *)data; if (job->cc_entries) { memcpy(job->cc_entries, job->body->cc_entries, sizeof(struct rb_call_cache) * (job->body->ci_size + job->body->ci_kw_size)); } -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/