RFR: 8287325: AArch64: fix virtual threads with -XX:UseBranchProtection=pac-ret

[Dean Long]

On Wed, 8 Jun 2022 20:26:26 GMT, Ron Pressler <rpressler at openjdk.org> wrote:

>> I don't see why we can't use the stack pointer instead of the frame pointer and get rid of the PreserveFramePointer requirement.
>
> @dean-long Which sp, though? The frame's ultimate sp? I I think interpreted frames don't know their sp when they're first constructed (and not sure about when they return). Or it could be the actual location of the return address, but I don't know what that means for the protection mechanism. On the other hand, the preserved fp is always the return address's location minus 1 anyway.
> 
> Either way, it's not the right value for Loom. We'll need to consider 1. how important is PAC for _Java_ frames, and 2. if it is important, what second value to use that is invariant under stack copying.

@pron I don't think there is any reason why interpreted frames couldn't continue to use FP while compiled frames use SP.  It's not clear how useful PAC is for Java code at dynamic locations (how would the exploit find the ROP gadgets?).  I don't think there is a useful alternative to FP/SP that is invariant under stack copying.

-------------

PR: https://git.openjdk.java.net/jdk/pull/9067