OpenJDK / jdk / jdk12

changeset 47264:8b5ed0358b3a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8187045: [linux] Not all libraries in the VM are linked with -z,noexecstack Reviewed-by: ihse, dholmes
author goetz
date Mon, 25 Sep 2017 23:42:58 -0400
parents bbbf1b1e36e9
children fae0bf9e361f
files make/autoconf/flags.m4 make/autoconf/generated-configure.sh make/autoconf/spec.gmk.in make/hotspot/lib/CompileLibjsig.gmk src/hotspot/share/prims/whitebox.cpp test/hotspot/jtreg/runtime/execstack/TestCheckJDK.java test/lib/sun/hotspot/WhiteBox.java
diffstat 7 files changed, 102 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/make/autoconf/flags.m4	Tue Sep 26 07:00:43 2017 +0530
+++ b/make/autoconf/flags.m4	Mon Sep 25 23:42:58 2017 -0400
@@ -1311,6 +1311,7 @@
   $2LDFLAGS_JDKLIB="${$2LDFLAGS_JDK}"
 
   $2LDFLAGS_JDKLIB="${$2LDFLAGS_JDKLIB} ${SHARED_LIBRARY_FLAGS}"
+  $2LDFLAGS_JDKLIB="${$2LDFLAGS_JDKLIB} ${LDFLAGS_NO_EXEC_STACK}"
   if test "x$TOOLCHAIN_TYPE" = xmicrosoft; then
     $2JAVA_BASE_LDFLAGS="${$2JAVA_BASE_LDFLAGS} \
         -libpath:${OUTPUTDIR}/support/modules_libs/java.base"
@@ -1388,6 +1389,7 @@
   AC_SUBST($2JDKEXE_LIBS)
   AC_SUBST($2LDFLAGS_CXX_JDK)
   AC_SUBST($2LDFLAGS_HASH_STYLE)
+  AC_SUBST($2LDFLAGS_NO_EXEC_STACK)
 
   AC_SUBST($2JVM_CFLAGS)
   AC_SUBST($2JVM_LDFLAGS)
--- a/make/autoconf/generated-configure.sh	Tue Sep 26 07:00:43 2017 +0530
+++ b/make/autoconf/generated-configure.sh	Mon Sep 25 23:42:58 2017 -0400
@@ -723,6 +723,7 @@
 OPENJDK_BUILD_JVM_ASFLAGS
 OPENJDK_BUILD_JVM_LDFLAGS
 OPENJDK_BUILD_JVM_CFLAGS
+OPENJDK_BUILD_LDFLAGS_NO_EXEC_STACK
 OPENJDK_BUILD_LDFLAGS_HASH_STYLE
 OPENJDK_BUILD_LDFLAGS_CXX_JDK
 OPENJDK_BUILD_JDKEXE_LIBS
@@ -738,6 +739,7 @@
 JVM_ASFLAGS
 JVM_LDFLAGS
 JVM_CFLAGS
+LDFLAGS_NO_EXEC_STACK
 LDFLAGS_HASH_STYLE
 LDFLAGS_CXX_JDK
 JDKEXE_LIBS
@@ -5115,7 +5117,7 @@
 #CUSTOM_AUTOCONF_INCLUDE
 
 # Do not change or remove the following line, it is needed for consistency checks:
-DATE_WHEN_GENERATED=1506333008
+DATE_WHEN_GENERATED=1506397140
 
 ###############################################################################
 #
@@ -52024,6 +52026,7 @@
   LDFLAGS_JDKLIB="${LDFLAGS_JDK}"
 
   LDFLAGS_JDKLIB="${LDFLAGS_JDKLIB} ${SHARED_LIBRARY_FLAGS}"
+  LDFLAGS_JDKLIB="${LDFLAGS_JDKLIB} ${LDFLAGS_NO_EXEC_STACK}"
   if test "x$TOOLCHAIN_TYPE" = xmicrosoft; then
     JAVA_BASE_LDFLAGS="${JAVA_BASE_LDFLAGS} \
         -libpath:${OUTPUTDIR}/support/modules_libs/java.base"
@@ -52109,6 +52112,7 @@
 
 
 
+
   # Special extras...
   if test "x$TOOLCHAIN_TYPE" = xsolstudio; then
     if test "x$OPENJDK_BUILD_CPU_ARCH" = "xsparc"; then
@@ -52903,6 +52907,7 @@
   OPENJDK_BUILD_LDFLAGS_JDKLIB="${OPENJDK_BUILD_LDFLAGS_JDK}"
 
   OPENJDK_BUILD_LDFLAGS_JDKLIB="${OPENJDK_BUILD_LDFLAGS_JDKLIB} ${SHARED_LIBRARY_FLAGS}"
+  OPENJDK_BUILD_LDFLAGS_JDKLIB="${OPENJDK_BUILD_LDFLAGS_JDKLIB} ${LDFLAGS_NO_EXEC_STACK}"
   if test "x$TOOLCHAIN_TYPE" = xmicrosoft; then
     OPENJDK_BUILD_JAVA_BASE_LDFLAGS="${OPENJDK_BUILD_JAVA_BASE_LDFLAGS} \
         -libpath:${OUTPUTDIR}/support/modules_libs/java.base"
@@ -52988,6 +52993,7 @@
 
 
 
+
   # Tests are only ever compiled for TARGET
   # Flags for compiling test libraries
   CFLAGS_TESTLIB="$COMMON_CCXXFLAGS_JDK $CFLAGS_JDK $PICFLAG $CFLAGS_JDKLIB_EXTRA"
--- a/make/autoconf/spec.gmk.in	Tue Sep 26 07:00:43 2017 +0530
+++ b/make/autoconf/spec.gmk.in	Mon Sep 25 23:42:58 2017 -0400
@@ -387,6 +387,7 @@
 CXXFLAGS_JDKEXE:=@CXXFLAGS_JDKEXE@
 
 LDFLAGS_HASH_STYLE := @LDFLAGS_HASH_STYLE@
+LDFLAGS_NO_EXEC_STACK := @LDFLAGS_NO_EXEC_STACK@
 
 JVM_CFLAGS := @JVM_CFLAGS@
 JVM_CFLAGS_SYMBOLS := @JVM_CFLAGS_SYMBOLS@
--- a/make/hotspot/lib/CompileLibjsig.gmk	Tue Sep 26 07:00:43 2017 +0530
+++ b/make/hotspot/lib/CompileLibjsig.gmk	Mon Sep 25 23:42:58 2017 -0400
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -36,7 +36,7 @@
   ifeq ($(STATIC_BUILD), false)
     ifeq ($(OPENJDK_TARGET_OS), linux)
       LIBJSIG_CFLAGS := -fPIC -D_GNU_SOURCE -D_REENTRANT $(EXTRA_CFLAGS)
-      LIBJSIG_LDFLAGS := $(LDFLAGS_HASH_STYLE) $(EXTRA_CFLAGS)
+      LIBJSIG_LDFLAGS := $(LDFLAGS_HASH_STYLE) ${LDFLAGS_NO_EXEC_STACK} $(EXTRA_CFLAGS)
       LIBJSIG_LIBS := $(LIBDL)
 
       # NOTE: The old build compiled this library without -soname.
--- a/src/hotspot/share/prims/whitebox.cpp	Tue Sep 26 07:00:43 2017 +0530
+++ b/src/hotspot/share/prims/whitebox.cpp	Mon Sep 25 23:42:58 2017 -0400
@@ -73,6 +73,9 @@
 #include "utilities/nativeCallStack.hpp"
 #endif // INCLUDE_NMT
 
+#ifdef LINUX
+#include "utilities/elfFile.hpp"
+#endif
 
 #define SIZE_T_MAX_VALUE ((size_t) -1)
 
@@ -1823,6 +1826,20 @@
   DirectivesStack::pop(count);
 WB_END
 
+// Checks that the library libfile has the noexecstack bit set.
+WB_ENTRY(jboolean, WB_CheckLibSpecifiesNoexecstack(JNIEnv* env, jobject o, jstring libfile))
+  jboolean ret = false;
+#ifdef LINUX
+  // Can't be in VM when we call JNI.
+  ThreadToNativeFromVM ttnfv(thread);
+  const char* lf = env->GetStringUTFChars(libfile, NULL);
+  CHECK_JNI_EXCEPTION_(env, 0);
+  ret = (jboolean) ElfFile::specifies_noexecstack(lf);
+  env->ReleaseStringUTFChars(libfile, lf);
+#endif
+  return ret;
+WB_END
+
 #define CC (char*)
 
 static JNINativeMethod methods[] = {
@@ -2027,6 +2044,8 @@
                                                       (void*)&WB_GetConcurrentGCPhases},
   {CC"requestConcurrentGCPhase0", CC"(Ljava/lang/String;)Z",
                                                       (void*)&WB_RequestConcurrentGCPhase},
+  {CC"checkLibSpecifiesNoexecstack", CC"(Ljava/lang/String;)Z",
+                                                      (void*)&WB_CheckLibSpecifiesNoexecstack},
 };
 
 #undef CC
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/hotspot/jtreg/runtime/execstack/TestCheckJDK.java	Mon Sep 25 23:42:58 2017 -0400
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test Testexecstack.java
+ * @summary Searches for all libraries in test VM and checks that they
+ *          have the noexecstack bit set.
+ * @requires (os.family == "linux")
+ * @library /test/lib
+ * @modules java.base/jdk.internal.misc
+ * @build sun.hotspot.WhiteBox
+ * @run driver ClassFileInstaller sun.hotspot.WhiteBox
+ *                                sun.hotspot.WhiteBox$WhiteBoxPermission
+ * @run main/othervm -Xbootclasspath/a:. -XX:+UnlockDiagnosticVMOptions -XX:+WhiteBoxAPI
+ *                   TestCheckJDK
+ */
+
+import jdk.test.lib.Asserts;
+import sun.hotspot.WhiteBox;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+
+public class TestCheckJDK {
+    static boolean testPassed = true;
+    private static final WhiteBox WB = WhiteBox.getWhiteBox();
+
+    static void checkExecStack(Path file) {
+        String filename = file.toString();
+        if (filename.endsWith(".so")) {
+            if (!WB.checkLibSpecifiesNoexecstack(filename)) {
+                System.out.println("Library does not have the noexecstack bit set: " + filename);
+                testPassed = false;
+            }
+        }
+    }
+
+    public static void main(String[] args) throws Throwable {
+        String vmInstallDir = System.getProperty("java.home");
+
+        Files.walk(Paths.get(vmInstallDir)).filter(Files::isRegularFile).forEach(TestCheckJDK::checkExecStack);
+
+        Asserts.assertTrue(testPassed,
+            "The tested VM contains libs that don't have the noexecstack " +
+            "bit set. They must be linked with -z,noexecstack.");
+    }
+}
--- a/test/lib/sun/hotspot/WhiteBox.java	Tue Sep 26 07:00:43 2017 +0530
+++ b/test/lib/sun/hotspot/WhiteBox.java	Mon Sep 25 23:42:58 2017 -0400
@@ -529,4 +529,7 @@
   // Compiler Directive
   public native int addCompilerDirective(String compDirect);
   public native void removeCompilerDirective(int count);
+
+  // Returns true on linux if library has the noexecstack flag set.
+  public native boolean checkLibSpecifiesNoexecstack(String libfilename);
 }
© 2007, 2021 Oracle and/or its affiliates
Terms of Use · Privacy · Trademarks