[aarch64-port-dev ] 8219993: AArch64: Compiled CI stubs are unsafely modified

[Andrew Dinn]

On 26/03/2019 18:26, Andrew Haley wrote:
> Here's a simpler patch. All I do this time is insert an ISB between the
> call and the load instructions so that we don't have a stale instruction
> buffer.
> 
> I also took the opportunity to unify some code which was duplicated in
> C1 and compiledIC_aarch64.
> 
> Andrew Dinn, please approve this one. :-)
> 
> http://cr.openjdk.java.net/~aph/8219993.2/
That looks ok modulo one detail I don't really understand which, I
think, applies to both old and new code.

The stub target address gets updated by NativeMovConstReg::set_data
which calls pd_patch_instruction. When that is called in some patching
thread how is it guaranteed that some other reading/executing thread
does not observe partial writes of the movz+movk+movk sequence?

I understand that the patching thread will flush the icache after
completing all 3 writes and that threads executing the stub will do an
isb to update their view of the code. What stops the icache getting
flushed in mid-write for some other reason (e.g. prefetch of
instructions in the patching thread) allowing the reader -- or indeed
another thread competing to set the stub data -- to see an invalid address?

I suppose the same question applies for the write of the constant loaded
into rscratch1.

regards,


Andrew Dinn
-----------
Senior Principal Software Engineer
Red Hat UK Ltd
Registered in England and Wales under Company Registration No. 03798903
Directors: Michael Cunningham, Michael ("Mike") O'Neill, Eric Shander