RFR: 8264130: PAC-RET protection for Linux/AArch64 [v2]
Andrew Haley
aph at openjdk.java.net
Thu Nov 11 11:59:35 UTC 2021
On Thu, 11 Nov 2021 11:52:46 GMT, Andrew Haley <aph at openjdk.org> wrote:
>> I'm thinking for references to the Arm Arm to use header titles instead of section numbers, as the titles should be more stable.
>>
>> Also probably need some description around the code in the pauth_aarch64.hpp too. But I want to make sure I'm not duplicating comments - maybe the macroassembler comments should point to the pauth_aarch64 comments.
>>
>> It didn't seen common in the code to describe instruction functionality, which is why I didn't add any. Agreed it needs something added though.
>
> Yeah. At the definitions of `authenticate_return_address()` et al you can say what you expect in the normal case and what you expect when you've been hacked, along with an overview. I realize that it was a bit tricky to make this work with HotSpot because we're synthesizing return addresses just like hackers do, so a comment where we're patching return addresses would be nice.
>
> As long as the instructions are easily findable in the docs that's good.
Just to be clear: no, don't describe instructions. describe what the macros do, and when to use them. Imagine that you, the reader can't see the contents of the macro at all, just the name and the comments.
-------------
PR: https://git.openjdk.java.net/jdk/pull/6334
More information about the build-dev
mailing list