RFR(S): 8221175: Fix bad function case for controlled JVM crash on PPC64 big-endian
Gustavo Romero
gromero at linux.vnet.ibm.com
Mon Mar 25 16:14:14 UTC 2019
Hi Goetz,
On 03/25/2019 05:32 AM, Lindenmaier, Goetz wrote:
> Looks good, too.
Thanks a lot for the review.
Should I run it against submit tests before pushing? It's a change in shared
code, but it can't affect other architectures.
Best regards,
Gustavo
> Best, Goetz
>
>> -----Original Message-----
>> From: ppc-aix-port-dev <ppc-aix-port-dev-bounces at openjdk.java.net> On
>> Behalf Of Gustavo Romero
>> Sent: Sonntag, 24. März 2019 20:21
>> To: Thomas Stüfe <thomas.stuefe at gmail.com>
>> Cc: ppc-aix-port-dev at openjdk.java.net; Daniel D. Daugherty
>> <daniel.daugherty at oracle.com>; hotspot-runtime-dev at openjdk.java.net
>> Subject: Re: RFR(S): 8221175: Fix bad function case for controlled JVM crash on
>> PPC64 big-endian
>>
>> Hi Thomas!
>>
>> On 03/23/2019 05:43 PM, Thomas Stüfe wrote:
>>> Hi Gustavo,
>>>
>>> looks good.
>>
>> Thanks a lot for reviewing it and for your comments!
>>
>>
>>> Would be nice to cleanly factor function descriptor handling out at some
>> point: we have various pieces, e.g. a struct FunctionDescriptor in
>> assembler_ppc.hpp, a resolve function in os_aix.cpp, now this... also, I believe,
>> on AIX there is a struct FunctionDescriptor in os headers, but I may remember
>> this wrong.
>>>
>>> But cleanup can be done in a different change.
>>
>> Unfortunately I don't have access to AIX systems, so I can't test/work on AIX
>> (that's one of the reasons I decided to CC ppc-aix-port-dev).
>>
>> I overlooked 'struct FunctionDescriptor' presence. All headers look in place, so
>> how about using FunctionDescritor instead of an array?
>>
>> webrev v2:
>>
>> http://cr.openjdk.java.net/~gromero/8221175/v2/
>>
>> Cheers,
>> Gustavo
>>
>>> Thanks for fixing!
>>>
>>> Cheers, Thomas
>>>
>>>
>>> On Fri, Mar 22, 2019 at 5:15 PM Gustavo Romero
>> <gromero at linux.vnet.ibm.com <mailto:gromero at linux.vnet.ibm.com>>
>> wrote:
>>>
>>> Hi,
>>>
>>> Please, could I get reviews for the following change?
>>>
>>> bug : https://bugs.openjdk.java.net/browse/JDK-8221175
>>> webrev: http://cr.openjdk.java.net/~gromero/8221175/v1/
>> <http://cr.openjdk.java.net/%7Egromero/8221175/v1/>
>>>
>>> It fixes the way a function pointer is defined in order to call a bad function
>>> at address 0xF (controlled crash case 13) on PPC64 big-endian machines.
>>>
>>> On PPC64 big-endian compiler defaults to ABI ELFv1 which mandates
>> function
>>> pointers to part of a function descriptor, at offset 0 [1].
>>>
>>> Currently the SIGISEGV being generated by case 13 is incorrect because if a
>>> function descriptor is not use to call the bad function address the program
>>> segfaults before effectively calling the function, when trying to load
>>> the (bad) function pointer from offset 0 of base address 0xF, so before
>>> branching to the function.
>>>
>>> It does not affect PPC64 little-endian machines because by default ABI
>> ELFv2
>>> is used (instead of ABI ELFv1) and for that ABI no function descriptor is
>>> defined / employed.
>>>
>>> The fix consists in defining properly a function descriptor with a bad
>> function
>>> at offset 0 (the following offset are no important in that case) and using
>> that
>>> function descriptor to call the bad function, only on PPC64 big-endian
>> machines.
>>>
>>> That issue was found when investigating the JDK-8220794 issue [2].
>>>
>>> Thank you.
>>>
>>> Best regards,
>>> Gustavo
>>>
>>> [1] http://refspecs.linuxfoundation.org/ELF/ppc64/PPC-
>> elf64abi.html#FUNC-DES
>>> [2] https://bugs.openjdk.java.net/browse/JDK-8220794
>>>
>
More information about the hotspot-runtime-dev
mailing list