4736 // (https://pax.grsecurity.net/docs/mprotect.txt) prevents dynamic
4737 // code generation by disallowing a (previously) writable page to be
4738 // marked as executable. This is, of course, exactly what HotSpot does
4739 // for both JIT compiled method, as well as for stubs, adapters, etc.
4740 //
4741 // Instead of crashing "lazily" when trying to make a page executable,
4742 // this code probes for the presence of PaX and reports the failure
4743 // eagerly.
4744 static void check_pax(void) {
4745 // Zero doesn't generate code dynamically, so no need to perform the PaX check
4746 #ifndef ZERO
4747 size_t size = os::Linux::page_size();
4748
4749 void* p = ::mmap(NULL, size, PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
4750 if (p == MAP_FAILED) {
4751 vm_exit_out_of_memory(size, OOM_MMAP_ERROR, "failed to allocate memory for PaX check.");
4752 }
4753
4754 int res = ::mprotect(p, size, PROT_WRITE|PROT_EXEC);
4755 if (res == -1) {
4756 vm_exit_during_initialization("failed to mark memory page as executable",
4757 "Please check if grsecurity/PaX is enabled in your kernel.\n"
4758 "\n"
4759 "For example, you can do this by running (note: you may need root privileges):\n"
4760 "\n"
4761 " sysctl kernel.pax.softmode\n"
4762 "\n"
4763 "If PaX is included in the kernel you will see something like this:\n"
4764 "\n"
4765 " kernel.pax.softmode = 0\n"
4766 "\n"
4767 "In particular, if the value is 0 (zero), then PaX is enabled.\n"
4768 "\n"
4769 "PaX includes security functionality which interferes with the dynamic code\n"
4770 "generation the JVM relies on. Specifically, the MPROTECT functionality as\n"
4771 "described on https://pax.grsecurity.net/docs/mprotect.txt is not compatible\n"
4772 "with the JVM. If you want to allow the JVM to run you will have to disable PaX.\n"
4773 "You can do this on a per-executable basis using the paxctl tool.\n");
4774
4775 }
4776
4777 ::munmap(p, size);
4778 #endif
4779 }
4780
4781 // this is called _before_ the most of global arguments have been parsed
4782 void os::init(void) {
4783 char dummy; // used to get a guess on initial stack address
4784 // first_hrtime = gethrtime();
4785
4786 clock_tics_per_sec = sysconf(_SC_CLK_TCK);
4787
4788 init_random(1234567);
4789
4790 ThreadCritical::initialize();
4791
4792 Linux::set_page_size(sysconf(_SC_PAGESIZE));
4793 if (Linux::page_size() == -1) {
|
4736 // (https://pax.grsecurity.net/docs/mprotect.txt) prevents dynamic
4737 // code generation by disallowing a (previously) writable page to be
4738 // marked as executable. This is, of course, exactly what HotSpot does
4739 // for both JIT compiled method, as well as for stubs, adapters, etc.
4740 //
4741 // Instead of crashing "lazily" when trying to make a page executable,
4742 // this code probes for the presence of PaX and reports the failure
4743 // eagerly.
4744 static void check_pax(void) {
4745 // Zero doesn't generate code dynamically, so no need to perform the PaX check
4746 #ifndef ZERO
4747 size_t size = os::Linux::page_size();
4748
4749 void* p = ::mmap(NULL, size, PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
4750 if (p == MAP_FAILED) {
4751 vm_exit_out_of_memory(size, OOM_MMAP_ERROR, "failed to allocate memory for PaX check.");
4752 }
4753
4754 int res = ::mprotect(p, size, PROT_WRITE|PROT_EXEC);
4755 if (res == -1) {
4756 vm_exit_during_initialization("Failed to mark memory page as executable",
4757 "Please check if grsecurity/PaX is enabled in your kernel.\n"
4758 "\n"
4759 "For example, you can do this by running (note: you may need root privileges):\n"
4760 "\n"
4761 " sysctl kernel.pax.softmode\n"
4762 "\n"
4763 "If PaX is included in the kernel you will see something like this:\n"
4764 "\n"
4765 " kernel.pax.softmode = 0\n"
4766 "\n"
4767 "In particular, if the value is 0 (zero), then PaX is enabled.\n"
4768 "\n"
4769 "PaX includes security functionality which interferes with the dynamic code\n"
4770 "generation the JVM relies on. Specifically, the MPROTECT functionality as\n"
4771 "described on https://pax.grsecurity.net/docs/mprotect.txt is not compatible\n"
4772 "with the JVM. If you want to allow the JVM to run you will have to disable PaX.\n"
4773 "You can do this on a per-executable basis using the paxctl tool, for example:\n"
4774 "\n"
4775 " paxctl -cm bin/java\n"
4776 "\n"
4777 "Please note that this modifies the executable binary in-place, so may want\n"
4778 "to make a backup of it first. Also note that you have to repeat this for other\n"
4779 "executables like javac, jar, jcmd, etc.\n"
4780 );
4781
4782 }
4783
4784 ::munmap(p, size);
4785 #endif
4786 }
4787
4788 // this is called _before_ the most of global arguments have been parsed
4789 void os::init(void) {
4790 char dummy; // used to get a guess on initial stack address
4791 // first_hrtime = gethrtime();
4792
4793 clock_tics_per_sec = sysconf(_SC_CLK_TCK);
4794
4795 init_random(1234567);
4796
4797 ThreadCritical::initialize();
4798
4799 Linux::set_page_size(sysconf(_SC_PAGESIZE));
4800 if (Linux::page_size() == -1) {
|