Last Comment Bug 747322 - jemalloc crashes during malloc_init_hard on s390x
: jemalloc crashes during malloc_init_hard on s390x
Status: RESOLVED FIXED
:
Product: Core
Classification: Components
Component: Memory Allocator (show other bugs)
: Trunk
: Other Linux
: -- normal (vote)
: mozilla14
Assigned To: Nobody; OK to take it and work on it
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-20 02:17 PDT by Mike Hommey [:glandium]
Modified: 2012-04-24 23:57 PDT (History)
2 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
Fix jemalloc mmap wrapper for s390x (483 bytes, patch)
2012-04-20 02:17 PDT, Mike Hommey [:glandium]
justin.lebar+bug: review+
Details | Diff | Splinter Review

Description Mike Hommey [:glandium] 2012-04-20 02:17:44 PDT
Created attachment 616908 [details] [diff] [review]
Fix jemalloc mmap wrapper for s390x

S390 syscall interface doesn't support passing more than 5 arguments, so instead of giving the 6 arguments required for SYS_mmap, it gives one that is a pointer to a struct containing the arguments. The implementation I dif for s390 works fine on s390, but doesn't work on s390x because of expected padding: the arguments in the struct are all expected by the kernel to be 64-bits. So what happens next is that the syscall returns us a NULL pointer, and jemalloc initialization uses that pointer assuming it's not NULL, and dereferences it. Kaboom.

The patch solves the issue by using the "long" type instead of int, which happens to be the right size on both s390 and s390x. As a matter of fact, that's the type used in the kernel source itself (even for pointer members). The kernel actually uses unsigned long, but sign doesn't matter here.
Comment 1 Mike Hommey [:glandium] 2012-04-24 23:57:20 PDT
Had forgotten to update this bug:

http://hg.mozilla.org/mozilla-central/rev/bd9cdcd353e6

Note You need to log in before you can comment on or make changes to this bug.