From 4feb7b4dab063fd7ca4b6fb9cadb7d38ee4bac82 Mon Sep 17 00:00:00 2001
From: Mikael Gerdin <mgerdin@openjdk.org>
Date: Fri, 14 Nov 2014 14:23:25 +0100
Subject: [PATCH] 8058209: Race in G1 card scanning could allow scanning of
 memory covered by PLABs

Read _top before _gc_time_stamp in saved_mark_word() with LoadLoad order to ensure we get a consistent view

Reviewed-by: brutisso, dcubed, dholmes, stefank
---
 hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp b/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp
index 3b49ff164fb..299eec5a3e6 100644
--- a/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp
+++ b/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp
@@ -1004,10 +1004,13 @@ HeapWord* G1OffsetTableContigSpace::cross_threshold(HeapWord* start,
 HeapWord* G1OffsetTableContigSpace::saved_mark_word() const {
   G1CollectedHeap* g1h = G1CollectedHeap::heap();
   assert( _gc_time_stamp <= g1h->get_gc_time_stamp(), "invariant" );
-  if (_gc_time_stamp < g1h->get_gc_time_stamp())
-    return top();
-  else
+  HeapWord* local_top = top();
+  OrderAccess::loadload();
+  if (_gc_time_stamp < g1h->get_gc_time_stamp()) {
+    return local_top;
+  } else {
     return Space::saved_mark_word();
+  }
 }
 
 void G1OffsetTableContigSpace::record_top_and_timestamp() {