lewurm/- Secret

## -
commit dfafdc594bec3d07e443148040dc32779b4d1efd
Author: Bernhard Urban <bernhard.urban@xamarin.com>
Date:   Thu Oct 12 01:51:01 2017 +0200

    [1337 hax0r] force sync racy allocate method

diff --git a/mono/mini/jit-icalls.c b/mono/mini/jit-icalls.c
index 4570a4e5c71..3358b709732 100644
--- a/mono/mini/jit-icalls.c
+++ b/mono/mini/jit-icalls.c
@@ -1646,8 +1646,11 @@ resolve_vcall (MonoVTable *vt, int slot, MonoMethod *imt_method, gpointer *out_a
 			need_unbox_tramp = TRUE;
 	}

-	if (m->iflags & METHOD_IMPL_ATTRIBUTE_SYNCHRONIZED)
+	if (m->iflags & METHOD_IMPL_ATTRIBUTE_SYNCHRONIZED) {
 		m = mono_marshal_get_synchronized_wrapper (m);
+	} else if (!strcmp (m->name, "Allocate") && !strcmp (m->klass->name, "ObjectPool`1")) {
+		g_error ("woot3");
+	}

 	// FIXME: This can throw exceptions
 	addr = compiled_method = mono_compile_method_checked (m, error);
@@ -1770,8 +1773,11 @@ mono_resolve_generic_virtual_iface_call (MonoVTable *vt, int imt_slot, MonoMetho
 	if (vt->klass->valuetype)
 		need_unbox_tramp = TRUE;

-	if (m->iflags & METHOD_IMPL_ATTRIBUTE_SYNCHRONIZED)
+	if (m->iflags & METHOD_IMPL_ATTRIBUTE_SYNCHRONIZED) {
 		m = mono_marshal_get_synchronized_wrapper (m);
+	} else if (!strcmp (m->name, "Allocate") && !strcmp (m->klass->name, "ObjectPool`1")) {
+		g_error ("woot2");
+	}

 	addr = compiled_method = mono_compile_method_checked (m, &error);
 	if (!is_ok (&error))
diff --git a/mono/mini/mini-trampolines.c b/mono/mini/mini-trampolines.c
index e0402664a96..7800736d956 100644
--- a/mono/mini/mini-trampolines.c
+++ b/mono/mini/mini-trampolines.c
@@ -706,6 +706,15 @@ common_call_trampoline (mgreg_t *regs, guint8 *code, MonoMethod *m, MonoVTable *
 	if (m->iflags & METHOD_IMPL_ATTRIBUTE_SYNCHRONIZED) {
 		m = mono_marshal_get_synchronized_wrapper (m);
 		need_rgctx_tramp = FALSE;
+	} else if (!strcmp (m->name, "Allocate") && !strcmp (m->klass->name, "ObjectPool`1")) {
+		ji = mini_jit_info_table_find (mono_domain_get (), (char*)code, NULL);
+
+		MonoMethod *caller = ji->d.method;
+		if (strcmp (m->name, caller->name) || strcmp (m->klass->name, caller->klass->name)) {
+			m = mono_marshal_get_synchronized_wrapper (m);
+			need_rgctx_tramp = FALSE;
+			// g_error ("mkay");
+		}
 	}

 	/* Calls made through delegates on platforms without delegate trampolines */
	commit dfafdc594bec3d07e443148040dc32779b4d1efd
	Author: Bernhard Urban <bernhard.urban@xamarin.com>
	Date: Thu Oct 12 01:51:01 2017 +0200

	[1337 hax0r] force sync racy allocate method

	diff --git a/mono/mini/jit-icalls.c b/mono/mini/jit-icalls.c
	index 4570a4e5c71..3358b709732 100644
	--- a/mono/mini/jit-icalls.c
	+++ b/mono/mini/jit-icalls.c
	@@ -1646,8 +1646,11 @@ resolve_vcall (MonoVTable vt, int slot, MonoMethod imt_method, gpointer *out_a
	need_unbox_tramp = TRUE;
	}

	- if (m->iflags & METHOD_IMPL_ATTRIBUTE_SYNCHRONIZED)
	+ if (m->iflags & METHOD_IMPL_ATTRIBUTE_SYNCHRONIZED) {
	m = mono_marshal_get_synchronized_wrapper (m);
	+ } else if (!strcmp (m->name, "Allocate") && !strcmp (m->klass->name, "ObjectPool`1")) {
	+ g_error ("woot3");
	+ }

	// FIXME: This can throw exceptions
	addr = compiled_method = mono_compile_method_checked (m, error);
	@@ -1770,8 +1773,11 @@ mono_resolve_generic_virtual_iface_call (MonoVTable *vt, int imt_slot, MonoMetho
	if (vt->klass->valuetype)
	need_unbox_tramp = TRUE;

	- if (m->iflags & METHOD_IMPL_ATTRIBUTE_SYNCHRONIZED)
	+ if (m->iflags & METHOD_IMPL_ATTRIBUTE_SYNCHRONIZED) {
	m = mono_marshal_get_synchronized_wrapper (m);
	+ } else if (!strcmp (m->name, "Allocate") && !strcmp (m->klass->name, "ObjectPool`1")) {
	+ g_error ("woot2");
	+ }

	addr = compiled_method = mono_compile_method_checked (m, &error);
	if (!is_ok (&error))
	diff --git a/mono/mini/mini-trampolines.c b/mono/mini/mini-trampolines.c
	index e0402664a96..7800736d956 100644
	--- a/mono/mini/mini-trampolines.c
	+++ b/mono/mini/mini-trampolines.c
	@@ -706,6 +706,15 @@ common_call_trampoline (mgreg_t regs, guint8 code, MonoMethod m, MonoVTable
	if (m->iflags & METHOD_IMPL_ATTRIBUTE_SYNCHRONIZED) {
	m = mono_marshal_get_synchronized_wrapper (m);
	need_rgctx_tramp = FALSE;
	+ } else if (!strcmp (m->name, "Allocate") && !strcmp (m->klass->name, "ObjectPool`1")) {
	+ ji = mini_jit_info_table_find (mono_domain_get (), (char*)code, NULL);
	+
	+ MonoMethod *caller = ji->d.method;
	+ if (strcmp (m->name, caller->name) \|\| strcmp (m->klass->name, caller->klass->name)) {
	+ m = mono_marshal_get_synchronized_wrapper (m);
	+ need_rgctx_tramp = FALSE;
	+ // g_error ("mkay");
	+ }
	}

	/* Calls made through delegates on platforms without delegate trampolines */