875 : "r" (fpu_cntrl) : "memory");
876 #endif // !AMD64
877 }
878
879 #ifndef PRODUCT
880 void os::verify_stack_alignment() {
881 #ifdef AMD64
882 assert(((intptr_t)os::current_stack_pointer() & (StackAlignmentInBytes-1)) == 0, "incorrect stack alignment");
883 #endif
884 }
885 #endif
886
887
888 /*
889 * IA32 only: execute code at a high address in case buggy NX emulation is present. I.e. avoid CS limit
890 * updates (JDK-8023956).
891 */
892 void os::workaround_expand_exec_shield_cs_limit() {
893 #if defined(IA32)
894 size_t page_size = os::vm_page_size();
895 /*
896 * Take the highest VA the OS will give us and exec
897 *
898 * Although using -(pagesz) as mmap hint works on newer kernel as you would
899 * think, older variants affected by this work-around don't (search forward only).
900 *
901 * On the affected distributions, we understand the memory layout to be:
902 *
903 * TASK_LIMIT= 3G, main stack base close to TASK_LIMT.
904 *
905 * A few pages south main stack will do it.
906 *
907 * If we are embedded in an app other than launcher (initial != main stack),
908 * we don't have much control or understanding of the address space, just let it slide.
909 */
910 char* hint = (char*) (Linux::initial_thread_stack_bottom() -
911 ((StackYellowPages + StackRedPages + 1) * page_size));
912 char* codebuf = os::attempt_reserve_memory_at(page_size, hint);
913 if ( (codebuf == NULL) || (!os::commit_memory(codebuf, page_size, true)) ) {
914 return; // No matter, we tried, best effort.
915 }
916 if (PrintMiscellaneous && (Verbose || WizardMode)) {
917 tty->print_cr("[CS limit NX emulation work-around, exec code at: %p]", codebuf);
918 }
919
920 // Some code to exec: the 'ret' instruction
921 codebuf[0] = 0xC3;
922
923 // Call the code in the codebuf
924 __asm__ volatile("call *%0" : : "r"(codebuf));
925
926 // keep the page mapped so CS limit isn't reduced.
927 #endif
928 }
|
875 : "r" (fpu_cntrl) : "memory");
876 #endif // !AMD64
877 }
878
879 #ifndef PRODUCT
880 void os::verify_stack_alignment() {
881 #ifdef AMD64
882 assert(((intptr_t)os::current_stack_pointer() & (StackAlignmentInBytes-1)) == 0, "incorrect stack alignment");
883 #endif
884 }
885 #endif
886
887
888 /*
889 * IA32 only: execute code at a high address in case buggy NX emulation is present. I.e. avoid CS limit
890 * updates (JDK-8023956).
891 */
892 void os::workaround_expand_exec_shield_cs_limit() {
893 #if defined(IA32)
894 size_t page_size = os::vm_page_size();
895
896 /*
897 * JDK-8197429
898 *
899 * Expand the stack mapping to the end of the initial stack before
900 * attempting to install the codebuf. This is needed because newer
901 * Linux kernels impose a distance of a megabyte between stack
902 * memory and other memory regions. If we try to install the
903 * codebuf before expanding the stack the installation will appear
904 * to succeed but we'll get a segfault later if we expand the stack
905 * in Java code.
906 *
907 */
908 if (os::is_primordial_thread()) {
909 address limit = Linux::initial_thread_stack_bottom();
910 if (! DisablePrimordialThreadGuardPages) {
911 limit += (StackYellowPages + StackRedPages) * page_size;
912 }
913 os::Linux::expand_stack_to(limit);
914 }
915
916 /*
917 * Take the highest VA the OS will give us and exec
918 *
919 * Although using -(pagesz) as mmap hint works on newer kernel as you would
920 * think, older variants affected by this work-around don't (search forward only).
921 *
922 * On the affected distributions, we understand the memory layout to be:
923 *
924 * TASK_LIMIT= 3G, main stack base close to TASK_LIMT.
925 *
926 * A few pages south main stack will do it.
927 *
928 * If we are embedded in an app other than launcher (initial != main stack),
929 * we don't have much control or understanding of the address space, just let it slide.
930 */
931 char* hint = (char*) (Linux::initial_thread_stack_bottom() -
932 ((StackYellowPages + StackRedPages + 1) * page_size));
933 char* codebuf = os::attempt_reserve_memory_at(page_size, hint);
934
935 if (codebuf == NULL) {
936 // JDK-8197429: There may be a stack gap of one megabyte between
937 // the limit of the stack and the nearest memory region: this is a
938 // Linux kernel workaround for CVE-2017-1000364. If we failed to
939 // map our codebuf, try again at an address one megabyte lower.
940 hint -= 1 * M;
941 codebuf = os::attempt_reserve_memory_at(page_size, hint);
942 }
943
944 if ( (codebuf == NULL) || (!os::commit_memory(codebuf, page_size, true)) ) {
945 return; // No matter, we tried, best effort.
946 }
947 if (PrintMiscellaneous && (Verbose || WizardMode)) {
948 tty->print_cr("[CS limit NX emulation work-around, exec code at: %p]", codebuf);
949 }
950
951 // Some code to exec: the 'ret' instruction
952 codebuf[0] = 0xC3;
953
954 // Call the code in the codebuf
955 __asm__ volatile("call *%0" : : "r"(codebuf));
956
957 // keep the page mapped so CS limit isn't reduced.
958 #endif
959 }
|