128447 2014-02-07 23:32:19 -0800 JSLock should not "restore" stack limit values if it did not re-grab locks 2014-02-08 00:23:10 -0800 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 mark.lam mark.lam commit-queue fpizlo ggaren mhahnenberg mmirman msaboff oliver oldest_to_newest 978309 0 mark.lam 2014-02-07 23:32:19 -0800 In the existing code, if DropAllLocks is instantiate with DontAlwaysDropLocks in a thread that does not own the JSLock, then a bug will manifest where: 1. The DropAllLocks constructor will save the VM's stackPointerAtEntry, lastStackTop, and reservedZoneSize even though it will not drop the JSLock. 2. The DropAllLocks destructor will restore those 3 values to the VM even though the JSLock will not grab its internal lock for this thread. The former only causes busy work but does not impact correctness. The latter however, will corrupt those 3 VM values which belong to the thread that actually owns the JSLock. The fix is to only save the values when the JSLock will actually drop its internal lock, and only restore the values if it did re-grab the internal lock. 978311 1 223554 mark.lam 2014-02-07 23:44:12 -0800 Created attachment 223554 the patch. 978320 2 223554 ggaren 2014-02-08 00:07:00 -0800 Comment on attachment 223554 the patch. r=me 978328 3 223554 mark.lam 2014-02-08 00:19:19 -0800 Comment on attachment 223554 the patch. I'll land the patch manually so that I can move on to the next patch. 978335 4 mark.lam 2014-02-08 00:23:10 -0800 Thanks. Landed in r163700: <http://trac.webkit.org/r163700>. 223554 2014-02-07 23:44:12 -0800 2014-02-08 00:19:19 -0800 the patch. bug-128447.patch text/plain 5188 mark.lam SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTYzNjk1KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDM1IEBA CisyMDE0LTAyLTA3ICBNYXJrIExhbSAgPG1hcmsubGFtQGFwcGxlLmNvbT4KKworICAgICAgICBK U0xvY2sgc2hvdWxkIG5vdCAicmVzdG9yZSIgVk0gc3RhY2sgdmFsdWVzIGlmIGl0IGRpZCBub3Qg cmUtZ3JhYiBsb2Nrcy4KKyAgICAgICAgPGh0dHBzOi8vd2Via2l0Lm9yZy9iLzEyODQ0Nz4KKwor ICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBJbiB0aGUgZXhp c3RpbmcgY29kZSwgaWYgRHJvcEFsbExvY2tzIGlzIGluc3RhbnRpYXRlIHdpdGggRG9udEFsd2F5 c0Ryb3BMb2NrcworICAgICAgICBpbiBhIHRocmVhZCB0aGF0IGRvZXMgbm90IG93biB0aGUgSlNM b2NrLCB0aGVuIGEgYnVnIHdpbGwgbWFuaWZlc3Qgd2hlcmU6CisKKyAgICAgICAgMS4gVGhlIERy b3BBbGxMb2NrcyBjb25zdHJ1Y3RvciB3aWxsIHNhdmUgdGhlIFZNJ3Mgc3RhY2tQb2ludGVyQXRF bnRyeSwKKyAgICAgICAgICAgbGFzdFN0YWNrVG9wLCBhbmQgcmVzZXJ2ZWRab25lU2l6ZSBldmVu IHRob3VnaCBpdCB3aWxsIG5vdCBkcm9wIHRoZSBKU0xvY2suCisgICAgICAgIDIuIFRoZSBEcm9w QWxsTG9ja3MgZGVzdHJ1Y3RvciB3aWxsIHJlc3RvcmUgdGhvc2UgMyB2YWx1ZXMgdG8gdGhlIFZN IGV2ZW4KKyAgICAgICAgICAgdGhvdWdoIHRoZSBKU0xvY2sgd2lsbCBub3QgZ3JhYiBpdHMgaW50 ZXJuYWwgbG9jay4KKworICAgICAgICBUaGUgZm9ybWVyIG9ubHkgY2F1c2VzIGJ1c3kgd29yayBi dXQgZG9lcyBub3QgaW1wYWN0IGNvcnJlY3RuZXNzLiBUaGUgbGF0dGVyCisgICAgICAgIGhvd2V2 ZXIsIHdpbGwgY29ycnVwdCB0aG9zZSAzIFZNIHZhbHVlcyB3aGljaCBiZWxvbmcgdG8gdGhlIHRo cmVhZCB0aGF0CisgICAgICAgIGFjdHVhbGx5IG93bnMgdGhlIEpTTG9jay4KKworICAgICAgICBU aGUgZml4IGlzIHRvIG9ubHkgc2F2ZSB0aGUgdmFsdWVzIHdoZW4gdGhlIEpTTG9jayB3aWxsIGFj dHVhbGx5IGRyb3AgaXRzCisgICAgICAgIGludGVybmFsIGxvY2ssIGFuZCBvbmx5IHJlc3RvcmUg dGhlIHZhbHVlcyBpZiBpdCBkaWQgcmUtZ3JhYiB0aGUgaW50ZXJuYWwgbG9jay4KKworICAgICAg ICAqIHJ1bnRpbWUvSlNMb2NrLmNwcDoKKyAgICAgICAgKEpTQzo6SlNMb2NrOjpkcm9wQWxsTG9j a3MpOgorICAgICAgICAoSlNDOjpKU0xvY2s6OmRyb3BBbGxMb2Nrc1VuY29uZGl0aW9uYWxseSk6 CisgICAgICAgIChKU0M6OkpTTG9jazo6Z3JhYkFsbExvY2tzKToKKyAgICAgICAgKEpTQzo6SlNM b2NrOjpEcm9wQWxsTG9ja3M6OkRyb3BBbGxMb2Nrcyk6CisgICAgICAgIC0gTW92ZWQgdGhlIHNh dmluZyBvZiBWTSBzdGFjayB2YWx1ZXMgdG8gZHJvcEFsbExvY2tzKCkgYW5kCisgICAgICAgICAg ZHJvcEFsbExvY2tzVW5jb25kaXRpb25hbGx5KCkuCisgICAgICAgIChKU0M6OkpTTG9jazo6RHJv cEFsbExvY2tzOjp+RHJvcEFsbExvY2tzKToKKyAgICAgICAgLSBNb3ZlZCB0aGUgcmVzdG9yaW5n IG9mIFZNIHN0YWNrIHZhbHVlcyB0byBncmFiQWxsTG9ja3MoKS4KKwogMjAxNC0wMi0wNyAgRmls aXAgUGl6bG8gIDxmcGl6bG9AYXBwbGUuY29tPgogCiAgICAgICAgIERvbid0IHRocm93IGF3YXkg Y29kZSBpZiB0aGVyZSBpcyBjb2RlIG9uIHRoZSB3b3JrbGlzdHMKSW5kZXg6IFNvdXJjZS9KYXZh U2NyaXB0Q29yZS9ydW50aW1lL0pTTG9jay5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFT Y3JpcHRDb3JlL3J1bnRpbWUvSlNMb2NrLmNwcAkocmV2aXNpb24gMTYzNjk0KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvSlNMb2NrLmNwcAkod29ya2luZyBjb3B5KQpAQCAtMjIx LDYgKzIyMSwxMSBAQCB1bnNpZ25lZCBKU0xvY2s6OmRyb3BBbGxMb2NrcyhTcGluTG9jayYgCiAg ICAgaWYgKG1fbG9ja0Ryb3BEZXB0aCkKICAgICAgICAgcmV0dXJuIDA7CiAKKyAgICBXVEZUaHJl YWREYXRhJiB0aHJlYWREYXRhID0gd3RmVGhyZWFkRGF0YSgpOworICAgIHRocmVhZERhdGEuc2V0 U2F2ZWRTdGFja1BvaW50ZXJBdFZNRW50cnkobV92bS0+c3RhY2tQb2ludGVyQXRWTUVudHJ5KTsK KyAgICB0aHJlYWREYXRhLnNldFNhdmVkTGFzdFN0YWNrVG9wKG1fdm0tPmxhc3RTdGFja1RvcCgp KTsKKyAgICB0aHJlYWREYXRhLnNldFNhdmVkUmVzZXJ2ZWRab25lU2l6ZShtX3ZtLT5yZXNlcnZl ZFpvbmVTaXplKCkpOworCiAgICAgLy8gbV9sb2NrRHJvcERlcHRoIGlzIG9ubHkgaW5jcmVtZW50 ZWQgaWYgYW55IGxvY2tzIHdlcmUgZHJvcHBlZC4KICAgICArK21fbG9ja0Ryb3BEZXB0aDsKICAg ICBtX2xvY2tDb3VudCA9IDA7CkBAIC0yNDEsNiArMjQ2LDExIEBAIHVuc2lnbmVkIEpTTG9jazo6 ZHJvcEFsbExvY2tzVW5jb25kaXRpb24KICAgICBpZiAoIWxvY2tDb3VudCB8fCBtX293bmVyVGhy ZWFkICE9IFdURjo6Y3VycmVudFRocmVhZCgpKQogICAgICAgICByZXR1cm4gMDsKIAorICAgIFdU RlRocmVhZERhdGEmIHRocmVhZERhdGEgPSB3dGZUaHJlYWREYXRhKCk7CisgICAgdGhyZWFkRGF0 YS5zZXRTYXZlZFN0YWNrUG9pbnRlckF0Vk1FbnRyeShtX3ZtLT5zdGFja1BvaW50ZXJBdFZNRW50 cnkpOworICAgIHRocmVhZERhdGEuc2V0U2F2ZWRMYXN0U3RhY2tUb3AobV92bS0+bGFzdFN0YWNr VG9wKCkpOworICAgIHRocmVhZERhdGEuc2V0U2F2ZWRSZXNlcnZlZFpvbmVTaXplKG1fdm0tPnJl c2VydmVkWm9uZVNpemUoKSk7CisKICAgICAvLyBtX2xvY2tEcm9wRGVwdGggaXMgb25seSBpbmNy ZW1lbnRlZCBpZiBhbnkgbG9ja3Mgd2VyZSBkcm9wcGVkLgogICAgICsrbV9sb2NrRHJvcERlcHRo OwogICAgIG1fbG9ja0NvdW50ID0gMDsKQEAgLTI3Niw2ICsyODYsMTEgQEAgdm9pZCBKU0xvY2s6 OmdyYWJBbGxMb2Nrcyh1bnNpZ25lZCBsb2NrQwogICAgIEFTU0VSVCghbV9sb2NrQ291bnQpOwog ICAgIG1fbG9ja0NvdW50ID0gbG9ja0NvdW50OwogICAgIC0tbV9sb2NrRHJvcERlcHRoOworCisg ICAgV1RGVGhyZWFkRGF0YSYgdGhyZWFkRGF0YSA9IHd0ZlRocmVhZERhdGEoKTsKKyAgICBtX3Zt LT5zdGFja1BvaW50ZXJBdFZNRW50cnkgPSB0aHJlYWREYXRhLnNhdmVkU3RhY2tQb2ludGVyQXRW TUVudHJ5KCk7CisgICAgbV92bS0+c2V0TGFzdFN0YWNrVG9wKHRocmVhZERhdGEuc2F2ZWRMYXN0 U3RhY2tUb3AoKSk7CisgICAgbV92bS0+dXBkYXRlU3RhY2tMaW1pdFdpdGhSZXNlcnZlZFpvbmVT aXplKHRocmVhZERhdGEuc2F2ZWRSZXNlcnZlZFpvbmVTaXplKCkpOwogfQogCiBKU0xvY2s6OkRy b3BBbGxMb2Nrczo6RHJvcEFsbExvY2tzKEV4ZWNTdGF0ZSogZXhlYywgQWx3YXlzRHJvcExvY2tz VGFnIGFsd2F5c0Ryb3BMb2NrcykKQEAgLTI4NywxMiArMzAyLDYgQEAgSlNMb2NrOjpEcm9wQWxs TG9ja3M6OkRyb3BBbGxMb2NrcyhFeGVjUwogICAgIFNwaW5Mb2NrJiBzcGluTG9jayA9IG1fdm0t PmFwaUxvY2soKS5tX3NwaW5Mb2NrOwogICAgIFNwaW5Mb2NrSG9sZGVyIGhvbGRlcigmc3Bpbkxv Y2spOwogCi0gICAgV1RGVGhyZWFkRGF0YSYgdGhyZWFkRGF0YSA9IHd0ZlRocmVhZERhdGEoKTsK LSAgICAKLSAgICB0aHJlYWREYXRhLnNldFNhdmVkU3RhY2tQb2ludGVyQXRWTUVudHJ5KG1fdm0t PnN0YWNrUG9pbnRlckF0Vk1FbnRyeSk7Ci0gICAgdGhyZWFkRGF0YS5zZXRTYXZlZExhc3RTdGFj a1RvcChtX3ZtLT5sYXN0U3RhY2tUb3AoKSk7Ci0gICAgdGhyZWFkRGF0YS5zZXRTYXZlZFJlc2Vy dmVkWm9uZVNpemUobV92bS0+cmVzZXJ2ZWRab25lU2l6ZSgpKTsKLQogICAgIGlmIChhbHdheXNE cm9wTG9ja3MpCiAgICAgICAgIG1fbG9ja0NvdW50ID0gbV92bS0+YXBpTG9jaygpLmRyb3BBbGxM b2Nrc1VuY29uZGl0aW9uYWxseShzcGluTG9jayk7CiAgICAgZWxzZQpAQCAtMzA4LDEyICszMTcs NiBAQCBKU0xvY2s6OkRyb3BBbGxMb2Nrczo6RHJvcEFsbExvY2tzKFZNKiB2CiAgICAgU3Bpbkxv Y2smIHNwaW5Mb2NrID0gbV92bS0+YXBpTG9jaygpLm1fc3BpbkxvY2s7CiAgICAgU3BpbkxvY2tI b2xkZXIgaG9sZGVyKCZzcGluTG9jayk7CiAKLSAgICBXVEZUaHJlYWREYXRhJiB0aHJlYWREYXRh ID0gd3RmVGhyZWFkRGF0YSgpOwotICAgIAotICAgIHRocmVhZERhdGEuc2V0U2F2ZWRTdGFja1Bv aW50ZXJBdFZNRW50cnkobV92bS0+c3RhY2tQb2ludGVyQXRWTUVudHJ5KTsKLSAgICB0aHJlYWRE YXRhLnNldFNhdmVkTGFzdFN0YWNrVG9wKG1fdm0tPmxhc3RTdGFja1RvcCgpKTsKLSAgICB0aHJl YWREYXRhLnNldFNhdmVkUmVzZXJ2ZWRab25lU2l6ZShtX3ZtLT5yZXNlcnZlZFpvbmVTaXplKCkp OwotCiAgICAgaWYgKGFsd2F5c0Ryb3BMb2NrcykKICAgICAgICAgbV9sb2NrQ291bnQgPSBtX3Zt LT5hcGlMb2NrKCkuZHJvcEFsbExvY2tzVW5jb25kaXRpb25hbGx5KHNwaW5Mb2NrKTsKICAgICBl bHNlCkBAIC0zMjcsMTIgKzMzMCw2IEBAIEpTTG9jazo6RHJvcEFsbExvY2tzOjp+RHJvcEFsbExv Y2tzKCkKICAgICBTcGluTG9jayYgc3BpbkxvY2sgPSBtX3ZtLT5hcGlMb2NrKCkubV9zcGluTG9j azsKICAgICBTcGluTG9ja0hvbGRlciBob2xkZXIoJnNwaW5Mb2NrKTsKICAgICBtX3ZtLT5hcGlM b2NrKCkuZ3JhYkFsbExvY2tzKG1fbG9ja0NvdW50LCBzcGluTG9jayk7Ci0KLSAgICBXVEZUaHJl YWREYXRhJiB0aHJlYWREYXRhID0gd3RmVGhyZWFkRGF0YSgpOwotCi0gICAgbV92bS0+c3RhY2tQ b2ludGVyQXRWTUVudHJ5ID0gdGhyZWFkRGF0YS5zYXZlZFN0YWNrUG9pbnRlckF0Vk1FbnRyeSgp OwotICAgIG1fdm0tPnNldExhc3RTdGFja1RvcCh0aHJlYWREYXRhLnNhdmVkTGFzdFN0YWNrVG9w KCkpOwotICAgIG1fdm0tPnVwZGF0ZVN0YWNrTGltaXRXaXRoUmVzZXJ2ZWRab25lU2l6ZSh0aHJl YWREYXRhLnNhdmVkUmVzZXJ2ZWRab25lU2l6ZSgpKTsKIH0KIAogfSAvLyBuYW1lc3BhY2UgSlND Cg==