On Sat, 27 Jun 2026 02:58:41 GMT, Yasumasa Suenaga <[email protected]> wrote:

>> src/hotspot/cpu/aarch64/vm_version_aarch64.cpp line 553:
>> 
>>> 551:     _pac_mask = (uintptr_t)pauth_strip_pointer((address)~(UINT64_C(1) 
>>> << 55));
>>> 552:   }
>>> 553: 
>> 
>> Did this code have to be moved?
>> 
>> It looks like the change here is making sure _pac_mask gets set even if the 
>> setting of UseBranchProtection indicates that PAC will not be used. Is this 
>> change needed because runtime flags are in conflict with what is in the 
>> dwarf file. In other words, dwarf says PAC is supported, but hotspot has 
>> decided not to enable it? However, this means you are masking addresses that 
>> are not PAC signed. Are. you sure this is always ok? What if you mask off 
>> bits of the actual unsigned address. It's not clear to my why SA would need 
>> _pac_mask set if PAC was disabled at runtime.
>> 
>> BTW, where is supports_paca() defined. I'm unable to find it in the source 
>> or with a web search.
>
> I need `_pac_mask` to strip PAC, so I moved to set it even if branch 
> protection is disabled.
> We have to strip PAC for native frames (e.g. glibc) even if HotSpot disables 
> branch protection. If PAC is enabled in the Kernel, all of native frames 
> would be handled PAC if PAC instructions are issued (then it should be also 
> recorded in DWARF instructions). To avoid unnecessary stripping, this PR 
> checks PAC in auxiliary vector from `getauxv()`.
> 
> Now, `_pac_mask` does not seem to be used in HotSpot (excluding vmstructs), 
> so I believe it does not produce side-effect (actually all of GHA workflows 
> succeeded).
> 
>> where is supports_paca() defined. I'm unable to find it in the source or 
>> with a web search.
> 
> It is defined in hotspot/cpu/aarch64/vm_version_aarch64.hpp via 
> `CPU_FEATURE_FLAGS` macro. The flag would be set at 
> `VM_Version::get_os_cpu_info()` in vm_version_linux_aarch64.cpp.

Yes, it looks like _pac_mask was added specifically for SA by 
[JDK-8286711](https://bugs.openjdk.org/browse/JDK-8286711).

What happens if the core was generated on a machine with PAC support but 
debugged on a machine without it. Is _pac_mask going to be setup in that case?

>> src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/debugger/linux/LinuxDebuggerLocal.java
>>  line 326:
>> 
>>> 324:               if ((debugger instanceof LinuxAARCH64DebuggerLocal d) && 
>>> d.isPACEnabled()) {
>>> 325:                  
>>> ((MachineDescriptionAArch64)d.getMachineDescription()).enablePAC();
>>> 326:               }
>> 
>> Is there a better place for this? Maybe closer to the creation of the 
>> MachienDescriptorAArch54?
>
> Yes, we can move it to near the insantiate of `MachineDescriptorAArch64` in 
> case of live attach, but I think it is better to place it in similar place 
> for core attaching for consistency. We have to get the status of PAC from 
> coredump after attaching in case of the core because we have to consider to 
> analyze coredump produced by PAC-enabled machine on PAC-disabled machine.

I was actually implying moving it for a core file attach also. This just 
doesn't seem like the proper place for CPU dependent code.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/31669#discussion_r3485191517
PR Review Comment: https://git.openjdk.org/jdk/pull/31669#discussion_r3485200462

Reply via email to