Closed Bug 1829125 Opened 1 years ago Closed 1 year ago

PHC area should be aligned to and a multiple of the jemalloc chunk size

Categories

(Core :: Memory Allocator, task)

Product:
Core
Component:
Memory Allocator
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
117 Branch
Tracking Flags:
Tracking Status
firefox117 --- fixed

People

(Reporter: pbone, Assigned: pbone)

References

(Blocks 1 open bug)

Details

Attachments

(2 files, 3 obsolete files)

Bug 1829125 - Align the PHC area to the jemalloc chunk size r=glandium
(deleted), text/x-phabricator-request
Details
Bug 1829125 - Add a PHCExhaustion test r=glandium
(deleted), text/x-phabricator-request
Details

If jemalloc tries to free an invalid pointer but one that is NOT a PHC pointer the address calculations performed by jemalloc could cause jemalloc to dereference a PHC pointer, adding PHC stacks to a crash report that could be a red herring.

If we size & align the PHC area it could reduce the chance of jemalloc or JS GC's address calculations from causing a PHC pointer to be dereferenced.

It seems far fetched but we think this has happened at least once.

Depends on D178029

Depends on D178030

Hi Glandium,

I've posted these patches for review, but I want to ask: I'm passing the pages_map and pages_umnap functions as parameters, would you prefer templates?

Flags: needinfo?(mh+mozilla)
Attachment #9333606 - Attachment is obsolete: true
Attachment #9333607 - Attachment is obsolete: true

My question is no-longer relevant.

Flags: needinfo?(mh+mozilla)

Depends on D178029

Attachment #9333605 - Attachment is obsolete: true
Depends on: 1839147

Depends on D181422

We can land this after the soft code freeze.

Pushed by pbone@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/0ad1e4859c59 Add a PHCExhaustion test r=glandium https://hg.mozilla.org/integration/autoland/rev/6308011c6366 Align the PHC area to the jemalloc chunk size r=glandium

https://hg.mozilla.org/mozilla-central/rev/0ad1e4859c59
https://hg.mozilla.org/mozilla-central/rev/6308011c6366

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
status-firefox117: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 117 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: