Closed
      
        Bug 1240848
      
      
        Opened 9 years ago
          Closed 9 years ago
      
        
    
  
Add some additional instructions to x64 detours patcher
Categories
(Core :: General, defect)
Tracking
()
        RESOLVED
        FIXED
        
    
  
        
            mozilla47
        
    
  
People
(Reporter: bugzilla, Assigned: bugzilla)
References
Details
Attachments
(1 file, 5 obsolete files)
| 3.71 KB,
          patch         | bugzilla
:
              
              review+ | Details | Diff | Splinter Review | 
It can't handle CreateWindowExW
| Updated•9 years ago
           | 
          status-firefox45:
          --- → affected
| Comment 1•9 years ago
           | ||
[Tracking Requested - why for this release]: Merge day bustage.
          tracking-firefox45:
          --- → ?
          tracking-firefox46:
          --- → ?
| Assignee | ||
| Comment 2•9 years ago
           | ||
Also: there's a problem with the x64 detours patcher where it will clobber r11 for a jmp even if the code in the trampoline is already using r11!
eg in the CreateWindowExW case, the trampoline code is already using r11 and eax, leaving r10 as the only volatile register available for writing without harming correctness!
| Assignee | ||
| Comment 3•9 years ago
           | ||
        Attachment #8709654 -
        Flags: review?(ehsan)
| Assignee | ||
| Comment 4•9 years ago
           | ||
I opted to use a different type of jmp to prevent r11 clobbering. It was either that or add a bunch of bookkeeping to see which volatile registers had been clobbered in the trampoline.
| Comment 5•9 years ago
           | ||
Comment on attachment 8709654 [details] [diff] [review]
Patch
Review of attachment 8709654 [details] [diff] [review]:
-----------------------------------------------------------------
Thanks!  Please add a test too.
        Attachment #8709654 -
        Flags: review?(ehsan) → review+
| Assignee | ||
| Comment 6•9 years ago
           | ||
Added test as requested, carrying forward r+
        Attachment #8709654 -
        Attachment is obsolete: true
        Attachment #8709745 -
        Flags: review+
| Assignee | ||
| Comment 7•9 years ago
           | ||
Patch (r2) is for Aurora 45. This one is rebased to inbound 46. Carrying forward r+.
        Attachment #8709750 -
        Flags: review+
| Assignee | ||
| Comment 9•9 years ago
           | ||
Comment on attachment 8709745 [details] [diff] [review]
Patch (r2)
Approval Request Comment
[Feature/regressing bug #]: Windows DLL Interceptor + plugin async init
[User impact if declined]: Assertions, crashes, bad things on x64 with async init enabled
[Describe test coverage new/current, TreeHerder]: Updated regression test
[Risks and why]: Low, the patch works correctly as tested manually and with the unit test.
[String/UUID change made/needed]: None
        Attachment #8709745 -
        Flags: approval-mozilla-aurora?
|   | ||
| Comment 10•9 years ago
           | ||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla46
| Comment 11•9 years ago
           | ||
Is there any reason to keep the test specific to 64-bit? <https://hg.mozilla.org/mozilla-central/rev/a786af9186eb#l1.12>
Flags: needinfo?(aklotz)
| Assignee | ||
| Comment 12•9 years ago
           | ||
I suppose not, though on 32-bit it'll just do a nop-space patch. I can land a follow-up.
Flags: needinfo?(aklotz)
| Assignee | ||
| Comment 13•9 years ago
           | ||
Actually I should force a detour in the 32-bit test case.
| Comment 14•9 years ago
           | ||
Comment on attachment 8709745 [details] [diff] [review]
Patch (r2)
This makes RELEASE_BUILD angry. The latest Try push shows mass "application terminated with exit code 3221225477" test failures, and I can reproduce that locally when running the Try build via mozregression as well. On my end, it appeared to be a shutdown crash, though.
        Attachment #8709745 -
        Flags: feedback-
| Assignee | ||
| Comment 15•9 years ago
           | ||
(In reply to Ryan VanderMeulen [:RyanVM] from comment #14)
> Comment on attachment 8709745 [details] [diff] [review]
> Patch (r2)
> 
> This makes RELEASE_BUILD angry. The latest Try push shows mass "application
> terminated with exit code 3221225477" test failures, and I can reproduce
> that locally when running the Try build via mozregression as well. On my
> end, it appeared to be a shutdown crash, though.
Was this only on 64-bit builds, by any chance?
Flags: needinfo?(ryanvm)
| Assignee | ||
| Comment 16•9 years ago
           | ||
(In reply to Aaron Klotz [:aklotz] (please use needinfo) from comment #15)
> Was this only on 64-bit builds, by any chance?
n/m, of course it is. This is interesting -- I was experiencing the same problem briefly when I first wrote the Optimus detection patch. I'm kind of worried that something bad is happening in the interceptor's destructor.
Flags: needinfo?(ryanvm)
| Comment 17•9 years ago
           | ||
Comment on attachment 8709745 [details] [diff] [review]
Patch (r2)
Fix crashes, taking it.
        Attachment #8709745 -
        Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
| Updated•9 years ago
           | 
| Comment 18•9 years ago
           | ||
I don't think we should take this patch on Aurora until comments 14+ are addressed or we're going to have across the board Win64 permafail on Beta after Monday's uplift.
Flags: needinfo?(sledru)
| Comment 19•9 years ago
           | ||
Comment on attachment 8709745 [details] [diff] [review]
Patch (r2)
oups, sorry
Flags: needinfo?(sledru)
        Attachment #8709745 -
        Flags: approval-mozilla-aurora+ → approval-mozilla-aurora?
| Comment 20•9 years ago
           | ||
(In reply to Aaron Klotz [:aklotz] (please use needinfo) from comment #12)
> I suppose not, though on 32-bit it'll just do a nop-space patch. I can land
> a follow-up.
Yes please!
| Comment 21•9 years ago
           | ||
Backed out along with bug 1240977 under the suspicion that this was the cause of bug 1241921.
https://hg.mozilla.org/mozilla-central/rev/5f7c184ccd80
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Target Milestone: mozilla46 → ---
| Assignee | ||
| Comment 22•9 years ago
           | ||
Comment on attachment 8709745 [details] [diff] [review]
Patch (r2)
Cancelling this for now
        Attachment #8709745 -
        Flags: approval-mozilla-aurora?
| Assignee | ||
| Comment 23•9 years ago
           | ||
Resubmitting for review. The main change from the previous rev is the writing out of trampoline bytes when pJmp32 >= 0. I was using nBytes as the base index when I should have been using pJmp32 as the base index.
        Attachment #8709745 -
        Attachment is obsolete: true
        Attachment #8716088 -
        Flags: review?(ehsan)
| Assignee | ||
| Comment 24•9 years ago
           | ||
This is the try push for that patch
https://treeherder.mozilla.org/#/jobs?repo=try&revision=abcc0535e30c
| Updated•9 years ago
           | 
        Attachment #8716088 -
        Flags: review?(ehsan) → review+
| Assignee | ||
| Comment 25•9 years ago
           | ||
This patch is the same as beta but merged for inbound / aurora landing.
        Attachment #8709750 -
        Attachment is obsolete: true
        Attachment #8717085 -
        Flags: review+
| Comment 26•9 years ago
           | ||
| Assignee | ||
| Comment 27•9 years ago
           | ||
Comment on attachment 8717085 [details] [diff] [review]
Patch (for inbound and aurora)
Approval Request Comment
[Feature/regressing bug #]: Windows DLL Interceptor + plugins
[User impact if declined]: Assertions, crashes, bad things on x64
[Describe test coverage new/current, TreeHerder]: Updated regression test
[Risks and why]: Low, the patch works correctly as tested manually and with the unit test.
[String/UUID change made/needed]: None
        Attachment #8717085 -
        Flags: approval-mozilla-aurora?
| Assignee | ||
| Comment 28•9 years ago
           | ||
Comment on attachment 8716088 [details] [diff] [review]
Patch for 45 beta (r3)
Approval Request Comment
[Feature/regressing bug #]: Windows DLL Interceptor + plugins
[User impact if declined]: Assertions, crashes, bad things on x64
[Describe test coverage new/current, TreeHerder]: Updated regression test
[Risks and why]: Low, the patch works correctly as tested manually and with the unit test.
[String/UUID change made/needed]: None
        Attachment #8716088 -
        Flags: approval-mozilla-beta?
|   | ||
| Comment 29•9 years ago
           | ||
| bugherder | ||
Status: REOPENED → RESOLVED
Closed: 9 years ago → 9 years ago
          status-firefox47:
          --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla47
| Comment 30•9 years ago
           | ||
Comment on attachment 8716088 [details] [diff] [review]
Patch for 45 beta (r3)
Fix a crash, taking.
Should be in 45 beta 5.
        Attachment #8716088 -
        Flags: approval-mozilla-beta? → approval-mozilla-beta+
| Updated•9 years ago
           | 
        Attachment #8717085 -
        Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|   | ||
| Comment 31•9 years ago
           | ||
| bugherder uplift | ||
|   | ||
| Comment 32•9 years ago
           | ||
It looks like this relanding caused bug 1241921 to return on nightly.
|   | ||
| Comment 34•9 years ago
           | ||
backedout from mozilla-central and will back this also out from aurora/beta for comment #33
Status: RESOLVED → REOPENED
Flags: needinfo?(aklotz)
Resolution: FIXED → ---
|   | ||
| Comment 35•9 years ago
           | ||
backed out from beta and aurora now too
| Comment 36•9 years ago
           | ||
The aurora and beta backouts are:
https://hg.mozilla.org/releases/mozilla-aurora/rev/c4ba2ee01bf5
https://hg.mozilla.org/releases/mozilla-beta/rev/9321c2755a3a
| Comment 38•9 years ago
           | ||
I suspect my bustage today is related to this, bug 1247741.
| Comment 40•9 years ago
           | ||
Benjamin, do we care about this with async plugin=off?
Flags: needinfo?(sledru) → needinfo?(benjamin)
| Comment 41•9 years ago
           | ||
Redirecting to aklotz. My understanding was that this patch was required to get correct Flash behavior on x86-64, but he's the expect.
Flags: needinfo?(benjamin)
| Assignee | ||
| Comment 42•9 years ago
           | ||
It's less likely to be an issue with async init off, but I think to be certain we should throw some QA at it on Win64. Basically general Flash usage, making sure there aren't any hangs or stability issues.
FWIW I don't think I can just pull a solution out of a hat on this one -- these NVIDIA crashes that are induced by these changes are very tricky to debug.
Flags: needinfo?(aklotz)
| Comment 44•9 years ago
           | ||
OK, let's wontfix it for 45 & 46 then.
| Comment 45•9 years ago
           | ||
Aaron recommends that this bug block the 64-bit Firefox roll-out.
Blocks: support-win64
| Assignee | ||
| Comment 46•9 years ago
           | ||
Rebased patch, carrying forward r+.
        Attachment #8716088 -
        Attachment is obsolete: true
        Attachment #8717085 -
        Attachment is obsolete: true
        Attachment #8800896 -
        Flags: review+
| Assignee | ||
| Comment 47•9 years ago
           | ||
https://hg.mozilla.org/integration/mozilla-inbound/rev/609a153be0a59c7cdb79d06c0254dfdeb33dbaa4
Bug 1240848: Adds additional instructions to x64 detour patcher and prevents register clobbering in jmp from trampoline; r=ehsan
|   | ||
| Comment 48•9 years ago
           | ||
| bugherder | ||
Status: REOPENED → RESOLVED
Closed: 9 years ago → 9 years ago
          status-firefox52:
          --- → fixed
Resolution: --- → FIXED
          You need to log in
          before you can comment on or make changes to this bug.
        
Description
•