YJIT: Probe away from the heap when requesting exec memory

I was looking at some crash reports and noticed that many have a line like the following for YJIT code memory: <addr>-<addr> r-xp 00000000 00:00 0 [heap] I guess YJIT confused the kernel into thinking this region is from sbrk(). While this seems to have no consequences beyond mislabeling, it's still a little concerning. Probe downwards instead.
author: Alan Wu <XrXr@users.noreply.github.com> 2024-11-11 13:27:28 -0500
committer: Alan Wu <XrXr@users.noreply.github.com> 2024-11-11 16:35:57 -0500
commit: 821a5b966fbc2926dc3bf88b6ba09879fa35318e (patch)
tree: 0c29a821afdec04a5bf2ab19f016e57247e62245
parent: 1d1c80e6443e21a7e10d9d4987b0deb1ef8ec374 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/yjit.c b/yjit.c
index 307c255da6..1607d2031d 100644
--- a/yjit.c
+++ b/yjit.c
@@ -294,8 +294,11 @@ rb_yjit_reserve_addr_space(uint32_t mem_size)
                 break;
             }
 
-            // +4MB
-            req_addr += 4 * 1024 * 1024;
+            // -4MiB. Downwards to probe away from the heap. (On x86/A64 Linux
+            // main_code_addr < heap_addr, and in case we are in a shared
+            // library mapped higher than the heap, downwards is still better
+            // since it's towards the end of the heap rather than the stack.)
+            req_addr -= 4 * 1024 * 1024;
         } while (req_addr < probe_region_end);
 
     // On MacOS and other platforms
author	Alan Wu <XrXr@users.noreply.github.com>	2024-11-11 13:27:28 -0500
committer	Alan Wu <XrXr@users.noreply.github.com>	2024-11-11 16:35:57 -0500
commit	821a5b966fbc2926dc3bf88b6ba09879fa35318e (patch)
tree	0c29a821afdec04a5bf2ab19f016e57247e62245
parent	1d1c80e6443e21a7e10d9d4987b0deb1ef8ec374 (diff)