RFR(S): 8221175: Fix bad function case for controlled JVM crash on PPC64 big-endian

Thomas Stüfe thomas.stuefe at gmail.com
Sun Mar 24 19:37:19 UTC 2019 

Hi Gustavo,

On Sun 24. Mar 2019 at 20:20, Gustavo Romero <gromero at linux.vnet.ibm.com>
wrote:

> Hi Thomas!
>
> On 03/23/2019 05:43 PM, Thomas Stüfe wrote:
> > Hi Gustavo,
> >
> > looks good.
>
> Thanks a lot for reviewing it and for your comments!
>
>
> > Would be nice to cleanly factor function descriptor handling out at some
> point: we have various pieces, e.g. a struct FunctionDescriptor in
> assembler_ppc.hpp, a resolve function in os_aix.cpp, now this... also, I
> believe, on AIX there is a struct FunctionDescriptor in os headers, but I
> may remember this wrong.
> >
> > But cleanup can be done in a different change.
>
> Unfortunately I don't have access to AIX systems, so I can't test/work on
> AIX
> (that's one of the reasons I decided to CC ppc-aix-port-dev).
>
> I overlooked 'struct FunctionDescriptor' presence. All headers look in
> place, so
> how about using FunctionDescritor instead of an array?
>
> webrev v2:
>
> http://cr.openjdk.java.net/~gromero/8221175/v2/
>

Make sure this builds with precompiled headers disabled. I am guessing you
miss inclusion of assembler_ppc.hpp here.

Otherwise looks good.

Cheers, thomas



> Cheers,
> Gustavo
>
> > Thanks for fixing!
> >
> > Cheers, Thomas
> >
> >
> > On Fri, Mar 22, 2019 at 5:15 PM Gustavo Romero <
> gromero at linux.vnet.ibm.com <mailto:gromero at linux.vnet.ibm.com>> wrote:
> >
> >     Hi,
> >
> >     Please, could I get reviews for the following change?
> >
> >     bug   : https://bugs.openjdk.java.net/browse/JDK-8221175
> >     webrev: http://cr.openjdk.java.net/~gromero/8221175/v1/ <
> http://cr.openjdk.java.net/%7Egromero/8221175/v1/>
> >
> >     It fixes the way a function pointer is defined in order to call a
> bad function
> >     at address 0xF (controlled crash case 13) on PPC64 big-endian
> machines.
> >
> >     On PPC64 big-endian compiler defaults to ABI ELFv1 which mandates
> function
> >     pointers to part of a function descriptor, at offset 0 [1].
> >
> >     Currently the SIGISEGV being generated by case 13 is incorrect
> because if a
> >     function descriptor is not use to call the bad function address the
> program
> >     segfaults before effectively calling the function, when trying to
> load
> >     the (bad) function pointer from offset 0 of base address 0xF, so
> before
> >     branching to the function.
> >
> >     It does not affect PPC64 little-endian machines because by default
> ABI ELFv2
> >     is used (instead of ABI ELFv1) and for that ABI no function
> descriptor is
> >     defined / employed.
> >
> >     The fix consists in defining properly a function descriptor with a
> bad function
> >     at offset 0 (the following offset are no important in that case) and
> using that
> >     function descriptor to call the bad function, only on PPC64
> big-endian machines.
> >
> >     That issue was found when investigating the JDK-8220794 issue [2].
> >
> >     Thank you.
> >
> >     Best regards,
> >     Gustavo
> >
> >     [1]
> http://refspecs.linuxfoundation.org/ELF/ppc64/PPC-elf64abi.html#FUNC-DES
> >     [2] https://bugs.openjdk.java.net/browse/JDK-8220794
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/ppc-aix-port-dev/attachments/20190324/607ac3f0/attachment-0001.html>

More information about the ppc-aix-port-dev mailing list