RFR: 8264130: PAC-RET protection for Linux/AArch64 [v2]
Alan Hayward
duke at openjdk.java.net
Thu Nov 11 15:33:33 UTC 2021
On Thu, 11 Nov 2021 14:52:54 GMT, Andrew Dinn <adinn at openjdk.org> wrote:
> The runtime generated runtime stubs and Java method code into which this patch may insert the required PAC instructions are written into a code cache in a section which is mapped RW(X) all the time. It would be hard to map even a subset of this code cache RO because generated code includes call and data sites that need to be patched during execution.
Am I right is saying that for Macos, all generated code is remapped RO before execution?
An additional concern I have is that if the globals data was attacked then the UseROPProtection flag could be flipped, and all code after that point would be generated without ROP protection. Marking all the globals data as RO would fix that. Alternatively remove UseROPProtection and then in the macroassembler always generate PAC code, using just the subset of instructions that are NOPs on non-PAC hardware. Or alternatively only generate PAC code based on a #define set at build time. Each option has its own downsides.
-------------
PR: https://git.openjdk.java.net/jdk/pull/6334
More information about the hotspot-dev
mailing list