diff options
| author | Thomas Mijieux <tmijieux@users.noreply.github.com> | 2022-01-03 21:57:59 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-03 21:57:59 +0300 |
| commit | 16b53fa04c9824cda209b35febdc51b4876fd1a0 (patch) | |
| tree | 48a24c8bd44eabb59b0de85c1f9089b1c179ae55 | |
| parent | 73a3a8adb2b39b0598dab3fec135b46f2bf19fc5 (diff) | |
transform sgen_get_descriptor to parallel safe version in job_major_mod_union_preclean (#21384)
fixes #21369
Related to https://github.com/xamarin/xamarin-android/issues/6546
job_major_mod_union_preclean can race with the tarjan bridge
implementation that changes the vtable pointer by settings the three
lower bits. this results in invalid loading of the vtable
(shifted by 7 bytes) which in turn give a wrong desc to the scan
functions
This change is released under the MIT license.
| -rw-r--r-- | mono/sgen/sgen-cardtable.c | 4 | ||||
| -rw-r--r-- | mono/sgen/sgen-marksweep.c | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/mono/sgen/sgen-cardtable.c b/mono/sgen/sgen-cardtable.c index 120afe0d4ea..31a25f47fd8 100644 --- a/mono/sgen/sgen-cardtable.c +++ b/mono/sgen/sgen-cardtable.c @@ -594,9 +594,9 @@ sgen_cardtable_scan_object (GCObject *obj, mword block_obj_size, guint8 *cards, HEAVY_STAT (++bloby_objects); if (cards) { if (sgen_card_table_is_range_marked (cards, (mword)obj, block_obj_size)) - ctx.ops->scan_object (obj, sgen_obj_get_descriptor (obj), ctx.queue); + ctx.ops->scan_object (obj, sgen_obj_get_descriptor_safe (obj), ctx.queue); } else if (sgen_card_table_region_begin_scanning ((mword)obj, block_obj_size)) { - ctx.ops->scan_object (obj, sgen_obj_get_descriptor (obj), ctx.queue); + ctx.ops->scan_object (obj, sgen_obj_get_descriptor_safe (obj), ctx.queue); } sgen_binary_protocol_card_scan (obj, sgen_safe_object_get_size (obj)); diff --git a/mono/sgen/sgen-marksweep.c b/mono/sgen/sgen-marksweep.c index ca01a483e9d..f767431c169 100644 --- a/mono/sgen/sgen-marksweep.c +++ b/mono/sgen/sgen-marksweep.c @@ -2661,7 +2661,7 @@ scan_card_table_for_block (MSBlockInfo *block, CardTableScanType scan_type, Scan if (small_objects) { HEAVY_STAT (++scanned_objects); - scan_func (object, sgen_obj_get_descriptor (object), queue); + scan_func (object, sgen_obj_get_descriptor_safe (object), queue); } else { size_t offset = sgen_card_table_get_card_offset (obj, block_start); sgen_cardtable_scan_object (object, block_obj_size, card_base + offset, ctx); |