[jdk13u-dev] RFR: 8267235: [macos_aarch64] InterpreterRuntime::throw_pending_exception messing up LR results in crash
Alan Hayward
github.com+4146708+a74nh at openjdk.java.net
Fri May 21 11:46:53 UTC 2021
On Fri, 21 May 2021 08:06:28 GMT, Vladimir Kempik <vkempik at openjdk.org> wrote:
> This issue affects all aarch64 platforms, but to make java crash the platform need to pac-sign LR register, on the rest of aarch64 platform it effectively NO-OP
> Applies clean
How is this bug being produced? Are you building for the arm64e target? As I understood it, jdk is only built for the arm64 target.
src/hotspot/cpu/aarch64/macroAssembler_aarch64.cpp line 703:
> 701: // if it was tail-call optimized by compiler, since lr is not callee-saved
> 702: // reload it with proper value
> 703: adr(lr, l);
1. Instead of adr, using xpaclri would be better logically, and potentially faster. Plus on non-pac hardware it's just a NOP, so even better.
The AArch64 assembler does not yet have any pac instructions .... but I have already written that code. I'm happy to give you that patch, either for this PR or I can add a new PR (I hadn't done this yet because nothing would then use those instructions).
2. I'm unsure as to why the LR could be signed here. If the LR is signed, then how did the code jump back here without unsigning first? If a throw_pending_exception has been tail call optimised then it doesn't create a stack frame, and therefore shouldn't have signed the LR. Blindly stripping the value in the caller feels very wrong from a PAC standpoint - the callee should be doing both signing and unsigning.
-------------
Changes requested by a74nh at github.com (no known OpenJDK username).
PR: https://git.openjdk.java.net/jdk13u-dev/pull/226
More information about the jdk-updates-dev
mailing list