RFR: 8345296: AArch64: VM crashes with SIGILL when prctl is disallowed
Aleksey Shipilev
shade at openjdk.org
Mon Dec 2 12:42:47 UTC 2024
We have caught this in some prod environments, where `prctl` is forbidden by the sandboxing mechanism. This fails the JVM, because we have the following code to check for SVE vector length:
int VM_Version::get_current_sve_vector_length() {
assert(VM_Version::supports_sve(), "should not call this");
return prctl(PR_SVE_GET_VL);
}
That code returns `-1` when `prctl` is disallowed, which JVM then blindly interprets as vector length, leading to `SIGILL`. I looked around other uses of `prctl` around Hotspot, and they all seem to handle the errors correctly.
Additional testing:
- [x] Linux AArch64 server fastdebug, with seccomp reproducer
- [ ] Linux AArch64 server fastdebug, `all`
-------------
Commit messages:
- Do not set vector length to bad value
- Fix
Changes: https://git.openjdk.org/jdk/pull/22479/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=22479&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8345296
Stats: 7 lines in 1 file changed: 6 ins; 0 del; 1 mod
Patch: https://git.openjdk.org/jdk/pull/22479.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/22479/head:pull/22479
PR: https://git.openjdk.org/jdk/pull/22479
More information about the hotspot-dev
mailing list