RFR(S): 8221175: Fix bad function case for controlled JVM crash on PPC64 big-endian

Gustavo Romero gromero at linux.vnet.ibm.com
Sun Mar 24 19:20:44 UTC 2019


Hi Thomas!

On 03/23/2019 05:43 PM, Thomas Stüfe wrote:
> Hi Gustavo,
> 
> looks good.

Thanks a lot for reviewing it and for your comments!


> Would be nice to cleanly factor function descriptor handling out at some point: we have various pieces, e.g. a struct FunctionDescriptor in assembler_ppc.hpp, a resolve function in os_aix.cpp, now this... also, I believe, on AIX there is a struct FunctionDescriptor in os headers, but I may remember this wrong.
> 
> But cleanup can be done in a different change.

Unfortunately I don't have access to AIX systems, so I can't test/work on AIX
(that's one of the reasons I decided to CC ppc-aix-port-dev).

I overlooked 'struct FunctionDescriptor' presence. All headers look in place, so
how about using FunctionDescritor instead of an array?

webrev v2:

http://cr.openjdk.java.net/~gromero/8221175/v2/

Cheers,
Gustavo

> Thanks for fixing!
> 
> Cheers, Thomas
> 
> 
> On Fri, Mar 22, 2019 at 5:15 PM Gustavo Romero <gromero at linux.vnet.ibm.com <mailto:gromero at linux.vnet.ibm.com>> wrote:
> 
>     Hi,
> 
>     Please, could I get reviews for the following change?
> 
>     bug   : https://bugs.openjdk.java.net/browse/JDK-8221175
>     webrev: http://cr.openjdk.java.net/~gromero/8221175/v1/ <http://cr.openjdk.java.net/%7Egromero/8221175/v1/>
> 
>     It fixes the way a function pointer is defined in order to call a bad function
>     at address 0xF (controlled crash case 13) on PPC64 big-endian machines.
> 
>     On PPC64 big-endian compiler defaults to ABI ELFv1 which mandates function
>     pointers to part of a function descriptor, at offset 0 [1].
> 
>     Currently the SIGISEGV being generated by case 13 is incorrect because if a
>     function descriptor is not use to call the bad function address the program
>     segfaults before effectively calling the function, when trying to load
>     the (bad) function pointer from offset 0 of base address 0xF, so before
>     branching to the function.
> 
>     It does not affect PPC64 little-endian machines because by default ABI ELFv2
>     is used (instead of ABI ELFv1) and for that ABI no function descriptor is
>     defined / employed.
> 
>     The fix consists in defining properly a function descriptor with a bad function
>     at offset 0 (the following offset are no important in that case) and using that
>     function descriptor to call the bad function, only on PPC64 big-endian machines.
> 
>     That issue was found when investigating the JDK-8220794 issue [2].
> 
>     Thank you.
> 
>     Best regards,
>     Gustavo
> 
>     [1] http://refspecs.linuxfoundation.org/ELF/ppc64/PPC-elf64abi.html#FUNC-DES
>     [2] https://bugs.openjdk.java.net/browse/JDK-8220794
> 



More information about the ppc-aix-port-dev mailing list