[wip] Refresh zend mm shadow key on fork #16765
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
arnaud-lb
force-pushed
the
shadow-key-child
branch
from
dc9808b
to
af56c6e
Compare
mvorisek
reviewed
Nov 12, 2024
| while ((next = slot->next_free_slot)) { | ||
| zend_mm_free_slot *shadow = ZEND_MM_FREE_SLOT_PTR_SHADOW(slot, i); | ||
| if (UNEXPECTED(next != zend_mm_decode_free_slot_key(old_key, shadow))) { | ||
| zend_mm_panic("zend_mm_heap corrupted"); |
There was a problem hiding this comment.
Can these corruption cases be tested with a help of zend_test easily?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The memory manager is cleaned up after each request by calling
shutdown_memory_manager(). At the same time, this prepares the manager for the next request, and the shadow key is refreshed.Unfortunately, in forking SAPIs the first request of every child process inherits the memory manager of the parent process, including the shadow key. As a result, a leak of the shadow key during the first request of one process gives away the shadow key used during the first request of other processes. This does not defeat shadow pointers, but this makes the key refresh mechanism less useful.
Here I ensure that we refresh the shadow key after a fork. The memory manager is not empty at this point (we perform allocations after
shutdown_memory_manager()), so we have to recompute any shadow pointers with the new key.I'm targeting 8.4, but this is too risky and not critical enough for the last RC. I would like to merge this in 8.4.1.
TODO: