RFR: 8253795: Implementation of JEP 391: macOS/AArch64 Port [v9]

Vladimir Kempik vkempik at openjdk.java.net
Thu Feb 4 14:43:51 UTC 2021


On Thu, 4 Feb 2021 14:27:53 GMT, Andrew Haley <aph at openjdk.org> wrote:

> > > You read my mind, Andrew. Unless, of course, it's optimized to leverage the fact that it's thread-specific..
> > 
> > 
> > it's thread-specific
> > https://developer.apple.com/documentation/apple_silicon/porting_just-in-time_compilers_to_apple_silicon
> > > Because pthread_jit_write_protect_np changes only the current thread’s permissions, avoid accessing the same memory region from multiple threads. Giving multiple threads access to the same memory region opens up a potential attack vector, in which one thread has write access and another has executable access to the same region.
> 
> Umm, so how does patching work? We don't even know if other threads are executing the code we need to patch.

I thought java can handle that scenario in usual (non W^X systems) just fine, so we just believe jvm did everything right and it's safe to rewrite some code at specific moment.

-------------

PR: https://git.openjdk.java.net/jdk/pull/2200



More information about the security-dev mailing list