Gentle reminder...!! Any update on this?? Regards, Rohini Sangam
On Tue, Jun 11, 2024 at 12:17 PM Rohini Sangam via lists.openembedded.org <rsangam=mvista....@lists.openembedded.org> wrote: > CVE fixed: > -CVE-2024-21094 OpenJDK: C2 compilation fails with "Exceeded _node_regs > array" (8317507) > Upstream-Status: Backport from > https://github.com/openjdk/jdk8u/commit/43cb87550865a93c559c9e8eaa59fcb071301bd3 > > Signed-off-by: Rohini Sangam <rsan...@mvista.com> > Signed-off-by: Siddharth Doshi <sdo...@mvista.com> > --- > .../openjdk/openjdk-8-release-common.inc | 1 + > .../patches-openjdk-8/CVE-2024-21094.patch | 637 ++++++++++++++++++ > 2 files changed, 638 insertions(+) > create mode 100644 > recipes-core/openjdk/patches-openjdk-8/CVE-2024-21094.patch > > diff --git a/recipes-core/openjdk/openjdk-8-release-common.inc > b/recipes-core/openjdk/openjdk-8-release-common.inc > index ff8d96e..f71eb10 100644 > --- a/recipes-core/openjdk/openjdk-8-release-common.inc > +++ b/recipes-core/openjdk/openjdk-8-release-common.inc > @@ -21,6 +21,7 @@ PATCHES_URI = "\ > file://2007-jdk-no-genx11-in-headless.patch \ > file://2008-jdk-no-unused-deps.patch \ > > file://2009-jdk-make-use-gcc-instead-of-ld-for-genSocketOptionRe.patch \ > + file://CVE-2024-21094.patch \ > " > HOTSPOT_UB_PATCH = "\ > file://1001-hotspot-fix-crash-on-JNI_CreateJavaVM.patch \ > diff --git a/recipes-core/openjdk/patches-openjdk-8/CVE-2024-21094.patch > b/recipes-core/openjdk/patches-openjdk-8/CVE-2024-21094.patch > new file mode 100644 > index 0000000..1852bd7 > --- /dev/null > +++ b/recipes-core/openjdk/patches-openjdk-8/CVE-2024-21094.patch > @@ -0,0 +1,637 @@ > +From 43cb87550865a93c559c9e8eaa59fcb071301bd3 Mon Sep 17 00:00:00 2001 > +From: Martin Balao <mba...@openjdk.org> > +Date: Wed, 27 Mar 2024 03:21:25 +0000 > +Subject: [PATCH] CVE-2024-21094: 8317507: C2 compilation fails with > "Exceeded _node_regs > + array" > + > +Upstream-Status: Backport from > https://github.com/openjdk/jdk8u/commit/43cb87550865a93c559c9e8eaa59fcb071301bd3 > +CVE: CVE-2024-21094 > + > +Signed-off-by: Rohini Sangam <rsan...@mvista.com> > +--- > + .../hotspot/src/share/vm/adlc/output_c.cpp | 2 + > + .../regalloc/TestNodeRegArrayOverflow.java | 599 ++++++++++++++++++ > + 2 files changed, 601 insertions(+) > + create mode 100644 > hotspot/test/compiler/regalloc/TestNodeRegArrayOverflow.java > + > +diff --git a/hotspot/src/share/vm/adlc/output_c.cpp > b/hotspot/src/share/vm/adlc/output_c.cpp > +index 19916904..b85123b4 100644 > +--- a/hotspot/src/share/vm/adlc/output_c.cpp > ++++ b/hotspot/src/share/vm/adlc/output_c.cpp > +@@ -3023,6 +3023,8 @@ static void define_fill_new_machnode(bool used, > FILE *fp_cpp) { > + fprintf(fp_cpp, " if( i != cisc_operand() ) \n"); > + fprintf(fp_cpp, " to[i] = _opnds[i]->clone(C);\n"); > + fprintf(fp_cpp, " }\n"); > ++ fprintf(fp_cpp, " // Do not increment node index counter, since > node reuses my index\n"); > ++ fprintf(fp_cpp, " C->set_unique(C->unique() - 1);\n"); > + fprintf(fp_cpp, "}\n"); > + } > + fprintf(fp_cpp, "\n"); > +diff --git a/hotspot/test/compiler/regalloc/TestNodeRegArrayOverflow.java > b/hotspot/test/compiler/regalloc/TestNodeRegArrayOverflow.java > +new file mode 100644 > +index 00000000..281524cc > +--- /dev/null > ++++ b/hotspot/test/compiler/regalloc/TestNodeRegArrayOverflow.java > +@@ -0,0 +1,599 @@ > ++/* > ++ * Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. > ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. > ++ * > ++ * This code is free software; you can redistribute it and/or modify it > ++ * under the terms of the GNU General Public License version 2 only, as > ++ * published by the Free Software Foundation. > ++ * > ++ * This code is distributed in the hope that it will be useful, but > WITHOUT > ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or > ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License > ++ * version 2 for more details (a copy is included in the LICENSE file > that > ++ * accompanied this code). > ++ * > ++ * You should have received a copy of the GNU General Public License > version > ++ * 2 along with this work; if not, write to the Free Software Foundation, > ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. > ++ * > ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 > USA > ++ * or visit www.oracle.com if you need additional information or have > any > ++ * questions. > ++ */ > ++ > ++package compiler.regalloc; > ++ > ++/** > ++ * @test > ++ * @bug 8317507 > ++ * @summary Test that C2's PhaseRegAlloc::_node_regs (a > post-register-allocation > ++ * mapping from machine nodes to assigned registers) does not > overflow > ++ * in the face of a program with a high-density of CISC spilling > ++ * candidate nodes. > ++ * @run main/othervm -Xcomp > -XX:CompileOnly=compiler.regalloc.TestNodeRegArrayOverflow::testWithCompilerUnrolling > ++ > > -XX:CompileCommand=dontinline,compiler.regalloc.TestNodeRegArrayOverflow::dontInline > ++ compiler.regalloc.TestNodeRegArrayOverflow compiler > ++ * @run main/othervm -Xcomp > -XX:CompileOnly=compiler.regalloc.TestNodeRegArrayOverflow::testWithManualUnrolling > ++ > > -XX:CompileCommand=dontinline,compiler.regalloc.TestNodeRegArrayOverflow::dontInline > ++ compiler.regalloc.TestNodeRegArrayOverflow manual > ++ */ > ++ > ++public class TestNodeRegArrayOverflow { > ++ > ++ static int dontInline() { > ++ return 0; > ++ } > ++ > ++ static float testWithCompilerUnrolling(float inc) { > ++ int i = 0, j = 0; > ++ // This non-inlined method call causes 'inc' to be spilled. > ++ float f = dontInline(); > ++ // This two-level reduction loop is unrolled 512 times, which is > ++ // requested by the SLP-specific unrolling analysis, but not > vectorized. > ++ // Because 'inc' is spilled, each of the unrolled AddF nodes is > ++ // CISC-spill converted (PhaseChaitin::fixup_spills()). Before > the fix, > ++ // this causes the unique node index counter (Compile::_unique) > to grow > ++ // beyond the size of the node register array > ++ // (PhaseRegAlloc::_node_regs), and leads to overflow when > accessed for > ++ // nodes that are created later (e.g. during the peephole phase). > ++ while (i++ < 128) { > ++ for (j = 0; j < 16; j++) { > ++ f += inc; > ++ } > ++ } > ++ return f; > ++ } > ++ > ++ // This test reproduces the same failure as > 'testWithCompilerUnrolling' > ++ // without relying on loop transformations. > ++ static float testWithManualUnrolling(float inc) { > ++ int i = 0, j = 0; > ++ float f = dontInline(); > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ f += inc; > ++ return f; > ++ } > ++ > ++ public static void main(String[] args) { > ++ switch (args[0]) { > ++ case "compiler": > ++ testWithCompilerUnrolling(0); > ++ break; > ++ case "manual": > ++ testWithManualUnrolling(0); > ++ break; > ++ default: > ++ throw new IllegalArgumentException("Invalid mode: " + > args[0]); > ++ } > ++ } > ++} > +-- > +2.35.7 > + > -- > 2.34.1 > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#111168): https://lists.openembedded.org/g/openembedded-devel/message/111168 Mute This Topic: https://lists.openembedded.org/mt/106609006/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
