RFR: 8345296: AArch64: VM crashes with SIGILL when prctl is disallowed [v4]
Aleksey Shipilev
shade at openjdk.org
Mon Dec 2 17:39:02 UTC 2024
> We have caught this in some prod environments, where `prctl` is forbidden by the sandboxing mechanism. This fails the JVM, because we have the following code to check for SVE vector length:
>
>
> int VM_Version::get_current_sve_vector_length() {
> assert(VM_Version::supports_sve(), "should not call this");
> return prctl(PR_SVE_GET_VL);
> }
>
>
> That code returns `-1` when `prctl` is disallowed, which JVM then blindly interprets as vector length, leading to `SIGILL`. I looked around other uses of `prctl` around Hotspot, and they all seem to handle the errors correctly.
>
> Additional testing:
> - [x] Linux AArch64 server fastdebug, with seccomp reproducer
> - [ ] Linux AArch64 server fastdebug, `all`
Aleksey Shipilev has updated the pull request incrementally with one additional commit since the last revision:
Simplify the condition: zero is handled by is_power_of_two
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/22479/files
- new: https://git.openjdk.org/jdk/pull/22479/files/5777379a..16bde2b1
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=22479&range=03
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=22479&range=02-03
Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
Patch: https://git.openjdk.org/jdk/pull/22479.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/22479/head:pull/22479
PR: https://git.openjdk.org/jdk/pull/22479
More information about the hotspot-dev
mailing list