RFR(XS) 8160411: SIGSEGV in frame::safe_for_sender on incomplete DeoptimizationBlob frame
Chris Plummer
chris.plummer at oracle.com
Fri Oct 21 19:19:18 UTC 2016
On 10/21/16 8:26 AM, Daniel D. Daugherty wrote:
> On 10/20/16 4:47 PM, dean.long at oracle.com wrote:
>> https://bugs.openjdk.java.net/browse/JDK-8160411
>>
>> http://cr.openjdk.java.net/~dlong/8160411/webrev/
>
> src/cpu/aarch64/vm/frame_aarch64.cpp
> No comments.
>
> src/cpu/x86/vm/frame_x86.cpp
> No comments.
>
> Thumbs up on both new sanity checks!
>
> Both you and Chris P are fixing bugs in the same functions.
> You guys need to coordinate your merges.
Doesn't look like it will be a problem. Dean is pushing first. I'll merge.
Chris
>
> Dan
>
>
>>
>> I have only observed this crash on solaris x64 so far, but I have
>> included aarch64 in the fix since it uses similar code to x64. This
>> crash happens when we call pd_get_top_frame_for_profiling() and the
>> top frame is executing in the deopt stub, but hasn't finished pushing
>> all the registers yet. If we add cb->frame_size() at this point, we
>> can end up with a sender_sp that is past the stack base. The fix is
>> to add a range check for sender_sp before using it.
>>
>> Tested by hand on linux x64 by forcing a SEGV in the deopt stub, then
>> calling pd_get_top_frame_for_profiling() and safe_for_sender() in the
>> signal handler.
>>
>> dl
>>
>>
>
More information about the hotspot-dev
mailing list