On Fri, 9 Aug 2024 18:35:55 GMT, Erik Joelsson <er...@openjdk.org> wrote:
>> Fei Gao has updated the pull request with a new target base due to a merge >> or a rebase. The incremental webrev excludes the unrelated changes brought >> in by the merge/rebase. The pull request contains three additional commits >> since the last revision: >> >> - Clean up makefile >> - Merge branch 'master' into enable-bti-runtime >> - 8337536: AArch64: Enable BTI branch protection for runtime part >> >> This patch enables BTI branch protection for runtime part on >> Linux/aarch64 platform. >> >> Motivation >> >> 1. Since Fedora 33, glibc+kernel are PAC/BTI enabled by default. >> User-level packages can gain additional hardening by compiling with the >> GCC/Clang flag `-mbranch-protection=flag`. See [1]. >> >> 2. In JDK-8277204 [2], `--enable-branch-protection` was introduced as >> one VM configure flag, which would pass `-mbranch-protection=standard` >> compilation flags to all c/c++ files. Note that `standard` turns on both >> `pac-ret` and `bti` branch protections. For more details about code >> reuse attacks and hardware-assisted branch protections on AArch64, see >> [3]. >> >> However, we checked the `.note.gnu.property` section of all the shared >> libraries under `jdk/lib` on Fedora 40, and found that only libjvm.so >> didn't set these two target feature bits: >> >> ``` >> GNU_PROPERTY_AARCH64_FEATURE_1_BTI >> GNU_PROPERTY_AARCH64_FEATURE_1_PAC >> ``` >> >> Note-1: BTI is an all or nothing property for a link unit [4]. That is, >> libjvm.so is not BTI-enabled. >> >> Note-2: PAC bit in `.note.gnu.property` section is used to protect >> `.got.plt` table. It's independent of whether the relocatable objects >> use PAC or not. >> >> Goal >> >> Hence, this patch aims to set PAC/BTI feature bits of the >> `.note.gnu.property` section for libjvm.so. >> >> Implementation >> >> Task-1: find out the problematic input objects >> >> From [5], "Static linkers processing ELF relocatable objects must set >> the feature bit in the output object or image only if all the input >> objects have the corresponding feature bit set." Hence we suspect that >> the root cause is probably that the PAC/BTI feature bits are not set >> only for some input objects of libjvm.so. >> >> In order to find out these inputs, we passed `--force-bti` linker flag >> [4] in my local test. This linker flag would warn if any input object >> does not have GNU_PROPERTY_AARCH64_FEATU... > > Build changes look good. Thanks for your review @erikj79 ------------- PR Comment: https://git.openjdk.org/jdk/pull/20491#issuecomment-2285678720
