SA does not work if executable is DSO

Yasumasa Suenaga yasuenag at gmail.com
Sun Feb 5 15:16:30 UTC 2017 

I filed it to JBS as JDK-8173941.


Yasumasa


On 2017/02/05 23:25, Yasumasa Suenaga wrote:
> Hi all,
>
> In modern Linux e.g. Fedora 25, executables are built as DSO for security [1].
> java command in OpenJDK which is provided by distribution is also DSO.
> However, SA does not work with DSO executables.
>
> I want to propose the fix as below.
>
> ------------------------
> diff -r a26b9492461b src/jdk.hotspot.agent/linux/native/libsaproc/ps_core.c
> --- a/src/jdk.hotspot.agent/linux/native/libsaproc/ps_core.c    Wed Feb 01 17:56:22 2017 -0500
> +++ b/src/jdk.hotspot.agent/linux/native/libsaproc/ps_core.c    Sun Feb 05 23:13:19 2017 +0900
> @@ -642,6 +642,9 @@
>          if (core_handle_prstatus(ph, descdata, notep->n_descsz) != true) {
>            return false;
>          }
> +      } else if (notep->n_type == NT_FILE) {
> +        // Skip "count", "page_size" in NT_FILE
> +        memcpy(&ph->core->dynamic_addr, ((long *)descdata) + 2, sizeof(long));
>        }
>        p = descdata + ROUNDUP(notep->n_descsz, 4);
>     }
> @@ -832,7 +835,11 @@
>
>      // from PT_DYNAMIC we want to read address of first link_map addr
>      case PT_DYNAMIC: {
> -      ph->core->dynamic_addr = exec_php->p_vaddr;
> +      if (exec_ehdr->e_type == ET_EXEC) {
> +        ph->core->dynamic_addr = exec_php->p_vaddr;
> +      } else { // ET_DYN
> +        ph->core->dynamic_addr += exec_php->p_offset;
> +      }
>        print_debug("address of _DYNAMIC is 0x%lx\n", ph->core->dynamic_addr);
>        break;
>      }
> @@ -1030,8 +1037,9 @@
>      goto err;
>    }
>
> -  if (read_elf_header(ph->core->exec_fd, &exec_ehdr) != true || exec_ehdr.e_type != ET_EXEC) {
> -    print_debug("executable file is not a valid ELF ET_EXEC file\n");
> +  if (read_elf_header(ph->core->exec_fd, &exec_ehdr) != true ||
> +      ((exec_ehdr.e_type != ET_EXEC) && (exec_ehdr.e_type != ET_DYN))) {
> +    print_debug("executable file is not a valid ELF file\n");
>      goto err;
>    }
>
> ------------------------
>
> Currently, OpenJDK 8 in Fedora25 is built as DSO.
> So I want to contribute this patch to JDK 8 or later release.
>
> Can I file it to JBS and can send review request?
>
>
> Thanks,
>
> Yasumasa
>
>
> [1] https://fedoraproject.org/wiki/Packaging:Guidelines#PIE

More information about the serviceability-dev mailing list