RFR: 8254231: Implementation of Foreign Linker API (Incubator) [v15]
Jorn Vernee
jvernee at openjdk.java.net
Mon Nov 9 11:12:05 UTC 2020
On Mon, 9 Nov 2020 06:07:32 GMT, Nick Gasson <ngasson at openjdk.org> wrote:
>> Maurizio Cimadamore has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 64 commits:
>>
>> - Merge branch '8254162' into 8254231_linker
>> - Fix post-merge issues caused by 8219014
>> - Merge branch 'master' into 8254162
>> - Addess remaining feedback from @AlanBateman and @mrserb
>> - Address comments from @AlanBateman
>> - Fix typo in upcall helper for aarch64
>> - Merge branch '8254162' into 8254231_linker
>> - Merge branch 'master' into 8254162
>> - Fix issues with derived buffers and IO operations
>> - More 32-bit fixes for TestLayouts
>> - ... and 54 more: https://git.openjdk.java.net/jdk/compare/a50fdd54...b38afb3f
>
> src/hotspot/share/opto/output.cpp line 1697:
>
>> 1695: current_offset = cb->insts_size();
>> 1696:
>> 1697: assert(!is_mcall || (call_returns[block->_pre_order] == (uint) current_offset), "ret_addr_offset() did not match size of emitted code");
>
> This assertion is too strong: on AArch64 we generate additional instructions after the BLR (call) instruction for certain types of call. For example
>
>
> 0x0000ffff790f00dc: adr x9, 0x0000ffff790f00f4
> 0x0000ffff790f00e0: mov x8, #0x5714 // #22292
> 0x0000ffff790f00e4: movk x8, #0x8d3d, lsl #16
> 0x0000ffff790f00e8: movk x8, #0xffff, lsl #32
> 0x0000ffff790f00ec: stp xzr, x9, [sp, #-16]!
> 0x0000ffff790f00f0: blr x8
> 0x0000ffff790f00f4: add sp, sp, #0x10 <== ret_addr_offset() is here
> 0x0000ffff790f00f8: Address 0x0000ffff790f00f8 is out of bounds. <== current_offset is here
>
> I think the `==` should be `<=`. (Although this still fails sometimes on AArch64, but I believe it exposes a real bug. I've opened JDK-8256025 and will fix this shortly.)
Ok, that seems fine to me. IIRC the problem this was trying to catch is a ret_addr_offset that is too large, which might cause a later call's oop map to be overridden. So, using `<=` should still work. At least if the code between ret_addr_offset and current_offset is guaranteed not to contain any calls or other safepoints.
-------------
PR: https://git.openjdk.java.net/jdk/pull/634
More information about the security-dev
mailing list