RFR: 8345296: AArch64: VM crashes with SIGILL when prctl is disallowed [v3]

[Evgeny Astigeevich]

On Mon, 2 Dec 2024 16:37:03 GMT, Aleksey Shipilev <shade at openjdk.org> wrote:

>> We have caught this in some prod environments, where `prctl` is forbidden by the sandboxing mechanism. This fails the JVM, because we have the following code to check for SVE vector length:
>> 
>> 
>> int VM_Version::get_current_sve_vector_length() {
>>   assert(VM_Version::supports_sve(), "should not call this");
>>   return prctl(PR_SVE_GET_VL);
>> }
>> 
>> 
>> That code returns `-1` when `prctl` is disallowed, which JVM then blindly interprets as vector length, leading to `SIGILL`. I looked around other uses of `prctl` around Hotspot, and they all seem to handle the errors correctly.
>> 
>> Additional testing:
>>  - [x] Linux AArch64 server fastdebug, with seccomp reproducer
>>  - [ ] Linux AArch64 server fastdebug, `all`
>
> Aleksey Shipilev has updated the pull request incrementally with two additional commits since the last revision:
> 
>  - Handle zero too
>  - Check get_current_sve_vector_length more comprehensively

src/hotspot/cpu/aarch64/vm_version_aarch64.cpp line 452:

> 450:               "Disabling SVE. Specify -XX:UseSVE=0 to shun this warning.");
> 451:       FLAG_SET_DEFAULT(UseSVE, 0);
> 452:     } else if (vl < FloatRegister::sve_vl_min || ((vl % FloatRegister::sve_vl_min) != 0) || !is_power_of_2(vl)) {

I think `vl < FloatRegister::sve_vl_min` is redundant.
It is covered by `vl % FloatRegister::sve_vl_min) != 0`.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/22479#discussion_r1866284225