RFR: 8264130: PAC-RET protection for Linux/AArch64 [v2]
Andrew Dinn
adinn at openjdk.java.net
Thu Nov 11 14:56:46 UTC 2021
On Thu, 11 Nov 2021 14:20:33 GMT, Florian Weimer <fweimer at openjdk.org> wrote:
> Is the code still mapped read-write all the time?
That depends on what code you mean. The JVM code compiled from C++ sources is mapped RO(X) in the text section like any compiled C/C++ code. Protection of that code is covered by the changes to the build system.
The runtime generated runtime stubs and Java method code into which this patch may insert the required PAC instructions are written into a code cache in a section which is mapped RW(X) all the time. It would be hard to map even a subset of this code cache RO because generated code includes call and data sites that need to be patched during execution.
-------------
PR: https://git.openjdk.java.net/jdk/pull/6334
More information about the build-dev
mailing list