RFR(S): 8221175: Fix bad function case for controlled JVM crash on PPC64 big-endian

Gustavo Romero gromero at linux.vnet.ibm.com
Fri Mar 22 16:15:14 UTC 2019


Please, could I get reviews for the following change?

bug   : https://bugs.openjdk.java.net/browse/JDK-8221175
webrev: http://cr.openjdk.java.net/~gromero/8221175/v1/

It fixes the way a function pointer is defined in order to call a bad function
at address 0xF (controlled crash case 13) on PPC64 big-endian machines.

On PPC64 big-endian compiler defaults to ABI ELFv1 which mandates function
pointers to part of a function descriptor, at offset 0 [1].

Currently the SIGISEGV being generated by case 13 is incorrect because if a
function descriptor is not use to call the bad function address the program
segfaults before effectively calling the function, when trying to load
the (bad) function pointer from offset 0 of base address 0xF, so before
branching to the function.

It does not affect PPC64 little-endian machines because by default ABI ELFv2
is used (instead of ABI ELFv1) and for that ABI no function descriptor is
defined / employed.

The fix consists in defining properly a function descriptor with a bad function
at offset 0 (the following offset are no important in that case) and using that
function descriptor to call the bad function, only on PPC64 big-endian machines.

That issue was found when investigating the JDK-8220794 issue [2].

Thank you.

Best regards,

[1] http://refspecs.linuxfoundation.org/ELF/ppc64/PPC-elf64abi.html#FUNC-DES
[2] https://bugs.openjdk.java.net/browse/JDK-8220794

More information about the hotspot-runtime-dev mailing list