Skip to content

Commit bf1baeb

Browse files
LoongT4oLoongT4o
committed
Fix the JIT buffer relocation failure at the corner case
Avoid missing possible candidates due to the large address range of the free segment. Eg,  48000000-49400000 r-xs 08000000 00:0f 39322841               segment1 7ffff2ec8000-7ffff2f49000 rw-p 00000000 00:00 0              segment2 7ffff6fae000-7ffff735c000 r-xp 00200000 08:02 11538515       /usr/local/sbin/php-fpm original code will miss the opportunity between [7ffff2ec** - 7ffff2ec8000]. Fix issue #11265. Signed-off-by: Long, Tao <[email protected]> Signed-off-by: Wang, Xue <[email protected]>
1 parent 8d0345d commit bf1baeb

File tree

1 file changed

+97
-89
lines changed

1 file changed

+97
-89
lines changed

ext/opcache/shared_alloc_mmap.c

+97-89
Original file line numberDiff line numberDiff line change
@@ -52,102 +52,110 @@
5252
static void *find_prefered_mmap_base(size_t requested_size)
5353
{
5454
size_t huge_page_size = 2 * 1024 * 1024;
55-
uintptr_t last_free_addr = 0;
56-
uintptr_t last_candidate = (uintptr_t)MAP_FAILED;
57-
uintptr_t start, end, text_start = 0;
55+
uintptr_t last_free_addr = 0;
56+
uintptr_t last_candidate = (uintptr_t)MAP_FAILED;
57+
uintptr_t start, end, text_start = 0;
5858
#if defined(__linux__)
59-
FILE *f;
60-
char buffer[MAXPATHLEN];
59+
FILE *f;
60+
char buffer[MAXPATHLEN];
6161

62-
f = fopen("/proc/self/maps", "r");
63-
if (!f) {
64-
return MAP_FAILED;
65-
}
62+
f = fopen("/proc/self/maps", "r");
63+
if (!f) {
64+
return MAP_FAILED;
65+
}
6666

67-
while (fgets(buffer, MAXPATHLEN, f) && sscanf(buffer, "%lx-%lx", &start, &end) == 2) {
68-
if ((uintptr_t)execute_ex >= start) {
69-
/* the current segment lays before PHP .text segment or PHP .text segment itself */
70-
if (last_free_addr + requested_size <= start) {
71-
last_candidate = last_free_addr;
72-
}
73-
if ((uintptr_t)execute_ex < end) {
74-
/* the current segment is PHP .text segment itself */
75-
if (last_candidate != (uintptr_t)MAP_FAILED) {
76-
if (end - last_candidate < UINT32_MAX) {
77-
/* we have found a big enough hole before the text segment */
78-
break;
79-
}
80-
last_candidate = (uintptr_t)MAP_FAILED;
67+
while (fgets(buffer, MAXPATHLEN, f) && sscanf(buffer, "%lx-%lx", &start, &end) == 2) {
68+
if ((uintptr_t)execute_ex >= start) {
69+
/* the current segment lays before PHP .text segment or PHP .text segment itself */
70+
/*Search for candidates at the end of the free segment near the .text segment
71+
to prevent candidates from being missed due to large hole*/
72+
if (last_free_addr + requested_size <= start) {
73+
last_candidate = ZEND_MM_ALIGNED_SIZE_EX(start - requested_size, huge_page_size);
74+
if (last_candidate + requested_size > start) {
75+
last_candidate -= huge_page_size;
8176
}
82-
text_start = start;
83-
}
84-
} else {
85-
/* the current segment lays after PHP .text segment */
86-
if (last_free_addr + requested_size - text_start > UINT32_MAX) {
87-
/* the current segment and the following segments lay too far from PHP .text segment */
88-
break;
89-
}
90-
if (last_free_addr + requested_size <= start) {
91-
last_candidate = last_free_addr;
92-
break;
93-
}
94-
}
95-
last_free_addr = ZEND_MM_ALIGNED_SIZE_EX(end, huge_page_size);
77+
}
78+
if ((uintptr_t)execute_ex < end) {
79+
/* the current segment is PHP .text segment itself */
80+
if (last_candidate != (uintptr_t)MAP_FAILED) {
81+
if (end - last_candidate < UINT32_MAX) {
82+
/* we have found a big enough hole before the .text segment */
83+
break;
84+
}
85+
last_candidate = (uintptr_t)MAP_FAILED;
86+
}
87+
text_start = start;
88+
}
89+
} else {
90+
/* the current segment lays after PHP .text segment */
91+
if (last_free_addr + requested_size - text_start > UINT32_MAX) {
92+
/* the current segment and the following segments lay too far from PHP .text segment */
93+
break;
94+
}
95+
if (last_free_addr + requested_size <= start) {
96+
last_candidate = last_free_addr;
97+
break;
98+
}
99+
}
100+
last_free_addr = ZEND_MM_ALIGNED_SIZE_EX(end, huge_page_size);
96101

97-
}
98-
fclose(f);
102+
}
103+
fclose(f);
99104
#elif defined(__FreeBSD__)
100-
size_t s = 0;
101-
int mib[4] = {CTL_KERN, KERN_PROC, KERN_PROC_VMMAP, getpid()};
102-
if (sysctl(mib, 4, NULL, &s, NULL, 0) == 0) {
103-
s = s * 4 / 3;
104-
void *addr = mmap(NULL, s, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANON, -1, 0);
105-
if (addr != MAP_FAILED) {
106-
if (sysctl(mib, 4, addr, &s, NULL, 0) == 0) {
107-
start = (uintptr_t)addr;
108-
end = start + s;
109-
while (start < end) {
110-
struct kinfo_vmentry *entry = (struct kinfo_vmentry *)start;
111-
size_t sz = entry->kve_structsize;
112-
if (sz == 0) {
113-
break;
114-
}
115-
uintptr_t e_start = entry->kve_start;
116-
uintptr_t e_end = entry->kve_end;
117-
if ((uintptr_t)execute_ex >= e_start) {
118-
/* the current segment lays before PHP .text segment or PHP .text segment itself */
119-
if (last_free_addr + requested_size <= e_start) {
120-
last_candidate = last_free_addr;
121-
}
122-
if ((uintptr_t)execute_ex < e_end) {
123-
/* the current segment is PHP .text segment itself */
124-
if (last_candidate != (uintptr_t)MAP_FAILED) {
125-
if (e_end - last_candidate < UINT32_MAX) {
126-
/* we have found a big enough hole before the text segment */
127-
break;
128-
}
129-
last_candidate = (uintptr_t)MAP_FAILED;
105+
size_t s = 0;
106+
int mib[4] = {CTL_KERN, KERN_PROC, KERN_PROC_VMMAP, getpid()};
107+
if (sysctl(mib, 4, NULL, &s, NULL, 0) == 0) {
108+
s = s * 4 / 3;
109+
void *addr = mmap(NULL, s, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANON, -1, 0);
110+
if (addr != MAP_FAILED) {
111+
if (sysctl(mib, 4, addr, &s, NULL, 0) == 0) {
112+
start = (uintptr_t)addr;
113+
end = start + s;
114+
while (start < end) {
115+
struct kinfo_vmentry *entry = (struct kinfo_vmentry *)start;
116+
size_t sz = entry->kve_structsize;
117+
if (sz == 0) {
118+
break;
119+
}
120+
uintptr_t e_start = entry->kve_start;
121+
uintptr_t e_end = entry->kve_end;
122+
if ((uintptr_t)execute_ex >= e_start) {
123+
/* the current segment lays before PHP .text segment or PHP .text segment itself */
124+
if (last_free_addr + requested_size <= e_start) {
125+
last_candidate = ZEND_MM_ALIGNED_SIZE_EX(e_start - requested_size, huge_page_size);
126+
if (last_candidate + requested_size > e_start) {
127+
last_candidate -= huge_page_size;
130128
}
131-
text_start = e_start;
132-
}
133-
} else {
134-
/* the current segment lays after PHP .text segment */
135-
if (last_free_addr + requested_size - text_start > UINT32_MAX) {
136-
/* the current segment and the following segments lay too far from PHP .text segment */
137-
break;
138-
}
139-
if (last_free_addr + requested_size <= e_start) {
140-
last_candidate = last_free_addr;
141-
break;
142-
}
143-
}
144-
last_free_addr = ZEND_MM_ALIGNED_SIZE_EX(e_end, huge_page_size);
145-
start += sz;
146-
}
147-
}
148-
munmap(addr, s);
149-
}
150-
}
129+
}
130+
if ((uintptr_t)execute_ex < e_end) {
131+
/* the current segment is PHP .text segment itself */
132+
if (last_candidate != (uintptr_t)MAP_FAILED) {
133+
if (e_end - last_candidate < UINT32_MAX) {
134+
/* we have found a big enough hole before the text segment */
135+
break;
136+
}
137+
last_candidate = (uintptr_t)MAP_FAILED;
138+
}
139+
text_start = e_start;
140+
}
141+
} else {
142+
/* the current segment lays after PHP .text segment */
143+
if (last_free_addr + requested_size - text_start > UINT32_MAX) {
144+
/* the current segment and the following segments lay too far from PHP .text segment */
145+
break;
146+
}
147+
if (last_free_addr + requested_size <= e_start) {
148+
last_candidate = last_free_addr;
149+
break;
150+
}
151+
}
152+
last_free_addr = ZEND_MM_ALIGNED_SIZE_EX(e_end, huge_page_size);
153+
start += sz;
154+
}
155+
}
156+
munmap(addr, s);
157+
}
158+
}
151159
#endif
152160

153161
return (void*)last_candidate;

0 commit comments

Comments
 (0)