Skip to content

[release/9.0] Avoid signed overflow in DBG_FlushInstructionCache #106823

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Parent: [manual] Merge branch 'release/9.0' => 'release/9.0-staging'
merged 1 commit into from
Aug 22, 2024
Merged

[release/9.0] Avoid signed overflow in DBG_FlushInstructionCache #106823

merged 1 commit into from
Aug 22, 2024

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Aug 22, 2024
edited by jkotas
Loading

Backport of #105918 to release/9.0

/cc @jkotas @AndreyLalaev

Customer Impact

  • Customer reported
  • Found internally

Intermittent hang (infinite loop) on some Linux Arm32 systems.

Regression

  • Yes
  • No

Testing

Fix proposed and validated by the customer

Risk

Low

IMPORTANT: If this backport is for a servicing release, please verify that:

  • The PR target branch is release/X.0-staging, not release/X.0.

  • If the change touches code that ships in a NuGet package, you have added the necessary package authoring and gotten it explicitly reviewed.

@andrei-lalaev-AP
Avoid signed overflow in DBG_FlushInstructionCache
fc71dad 
On ARM32 Linux we can have an infinite loop because of integer overflow.
For example, if DBG_FlushInstructionCache is called with
the following parameters & locals:
  dwSize = 28
  pageSize = 4096
  begin = lpBaseAddress = 0x7ffff000
  end = begin + dwSize = 0x7ffff01c

ALIGN_UP(0x7ffff000, 4096) returns 0x80000000 which is actually a
negative number because INT_PTR is just int32_t (on ARM32). And here we
are getting an infinite loop because "begin" will never be greater or
equal than "end".

So, this issue is related to all addresses between INT32_MAX - PAGE_SIZE and
INT32_MAX because ALIGN_UP returns the address of the next page which
will be greater or equal to INT32_MAX

Signed-off-by: Andrei Lalaev <[email protected]>
@ghost ghost added the area-PAL-coreclr label Aug 22, 2024
jeffschwMSFT
jeffschwMSFT approved these changes Aug 22, 2024
View reviewed changes
Copy link
Member

@jeffschwMSFT jeffschwMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approved. we can merge when ready

@jeffschwMSFT jeffschwMSFT added the Servicing-approved Approved for servicing release label Aug 22, 2024
This was referenced Aug 22, 2024
Closed
Closed
@jkotas jkotas merged commit e90526f into release/9.0 Aug 22, 2024
@jkotas jkotas deleted the backport/pr-105918-to-release/9.0 branch August 22, 2024 22:29
@github-actions github-actions bot locked and limited conversation to collaborators Sep 22, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@jkotas jkotas jkotas approved these changes

@jeffschwMSFT jeffschwMSFT jeffschwMSFT approved these changes

Assignees

No one assigned

Labels

area-PAL-coreclr Servicing-approved Approved for servicing release

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jkotas @jeffschwMSFT @andrei-lalaev-AP