# HG changeset patch
# User mgerdin
# Date 1415971405 -3600
# Node ID e8bf410d5e236961e0aac9736e620298c464857a
# Parent  600c44255e5f69bfbc9b6de2bf21d2be1f65568d
8058209: Race in G1 card scanning could allow scanning of memory covered by PLABs
Summary: Read _top before _gc_time_stamp in saved_mark_word() with LoadLoad order to ensure we get a consistent view
Reviewed-by: brutisso, dcubed, dholmes, stefank

diff -r 600c44255e5f -r e8bf410d5e23 src/share/vm/gc_implementation/g1/heapRegion.cpp
--- a/src/share/vm/gc_implementation/g1/heapRegion.cpp	Tue Nov 11 11:05:41 2014 +0100
+++ b/src/share/vm/gc_implementation/g1/heapRegion.cpp	Fri Nov 14 14:23:25 2014 +0100
@@ -1015,10 +1015,13 @@
 HeapWord* G1OffsetTableContigSpace::saved_mark_word() const {
   G1CollectedHeap* g1h = G1CollectedHeap::heap();
   assert( _gc_time_stamp <= g1h->get_gc_time_stamp(), "invariant" );
-  if (_gc_time_stamp < g1h->get_gc_time_stamp())
-    return top();
-  else
+  HeapWord* local_top = top();
+  OrderAccess::loadload();
+  if (_gc_time_stamp < g1h->get_gc_time_stamp()) {
+    return local_top;
+  } else {
     return Space::saved_mark_word();
+  }
 }
 
 void G1OffsetTableContigSpace::record_top_and_timestamp() {