Hello, I have a question regarding the AIX -bnorwexec linker flag .

I think it is related to an AIX security feature SED , see also :

When building with the additional -bnorwexec linker flag we signal the OS that we “request” the SED feature .

Please compare a patched and an unpatched java ( patched is flagged “request” while unpatched uses the “system” setting ).

bash-4.3$ sedmgr -d /patched_jdk/images/jdk/bin/java

/patched_jdk/images/images/jdk/bin/java : request

bash-4.3$ sedmgr -d /normal_jdk/images/jdk/bin/java

/normal_jdk/images/jdk/bin/java : system

System config on the example machine is "normal" (default) select :

bash-4.3$ sedmgr

Stack Execution Disable (SED) mode: select

SED configured in kernel: select

In our internal tests I noticed so far no issues when setting the -bnorwexec linker flag in OpenJDK on AIX .

Do you have any experience with it, do you see issues when setting the flag ?

The documentation of the flag is a bit short .

norwexec

Specifies that if the system's sed_config setting is not off, the process' private data areas will have non-execute permission.

Patch would be :

diff -r 0d7fb7f07134 make/autoconf/flags-ldflags.m4

--- a/make/autoconf/flags-ldflags.m4 Mon Apr 08 06:56:37 2019 +0100

+++ b/make/autoconf/flags-ldflags.m4 Mon Apr 08 10:50:07 2019 +0200

@@ -1,5 +1,5 @@

# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

# This code is free software; you can redistribute it and/or modify it

@@ -88,7 +88,7 @@

BASIC_LDFLAGS_JVM_ONLY="-library=%none -mt -z noversion"

elif test "x$TOOLCHAIN_TYPE" = xxlc; then

- BASIC_LDFLAGS="-b64 -brtl -bnolibpath -bexpall -bernotok -btextpsize:64K \

+ BASIC_LDFLAGS="-b64 -brtl -bnorwexec -bnolibpath -bexpall -bernotok -btextpsize:64K \

-bdatapsize:64K -bstackpsize:64K"

# libjvm.so has gotten too large for normal TOC size; compile with qpic=large and link with bigtoc

BASIC_LDFLAGS_JVM_ONLY="-Wl,-lC_r -bbigtoc"

Best regards, Matthias