RFR: 8371918: aarch64: Incorrect pointer dereference in TemplateInterpreterGenerator::generate_native_entry

Kurt Miller kurt at openjdk.org
Fri Nov 14 17:53:21 UTC 2025 

…rGenerator::generate_native_entry

I believe there's a incorrect pointer deference in `TemplateInterpreterGenerator::generate_native_entry()` in this part of the code:


// get native function entry point in r10
  {
    Label L;
    __ ldr(r10, Address(rmethod, Method::native_function_offset()));
    ExternalAddress unsatisfied(SharedRuntime::native_method_throw_unsatisfied_link_error_entry());
    __ lea(rscratch2, unsatisfied);
    __ ldr(rscratch2, rscratch2);
    __ cmp(r10, rscratch2);
    __ br(Assembler::NE, L);
    __ call_VM(noreg,
               CAST_FROM_FN_PTR(address,
                                InterpreterRuntime::prepare_native_call),
               rmethod);
    __ get_method(rmethod);
    __ ldr(r10, Address(rmethod, Method::native_function_offset()));
    __ bind(L);
  }


If I understand this correctly, the entry point for unsatisfied link error is loaded into `rscratch2`. The next instruction, `ldr(rscratch2, rscratch2)`, dereferences that pointer and reads from the text segment the initial instructions at the entry point into `rscratch2`. It then compares the native method entry point in `r10` with the initial instructions loaded into `rscratch2` which will never match. I believe the intent here was to compare the native method entry point with the unsatisfied link error entry point and the `ldr(rscratch2, rscratch2)` instruction should be removed.

This was found on OpenBSD/aarch64. OpenBSD has a security feature where the text segments are marked execute only and do not allow reads independent of execution. the` ldr(rscratch2, rscratch2)` instruction causes a segfault because it is reading the text segment. While this bug was found on OpenBSD I believe it applies to all OS on aaarch64.

This change removes the errant aarch64 hotspot assembly instruction that was reading from libjvm.so .text segment.

Updated comment with markdown for code.

-------------

Commit messages:
 - 8371918: aarch64: Incorrect pointer dereference in TemplateInterpreterGenerator::generate_native_entry

Changes: https://git.openjdk.org/jdk/pull/28327/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28327&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8371918
  Stats: 1 line in 1 file changed: 0 ins; 1 del; 0 mod
  Patch: https://git.openjdk.org/jdk/pull/28327.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28327/head:pull/28327

PR: https://git.openjdk.org/jdk/pull/28327

More information about the hotspot-dev mailing list