-
Enhancement
-
Resolution: Fixed
-
P4
-
None
-
master
-
aarch64
-
linux
1. Since Fedora 33, glibc+kernel are PAC/BTI enabled by default.
User-level packages can gain additional hardening by compiling with the
GCC/Clang flag `-mbranch-protection=flag`. See [1].
2. InJDK-8277204, `--enable-branch-protection` was introduced as
one VM configure flag, which would pass `-mbranch-protection=standard`
compilation flags to all c/c++ files. Note that `standard` turns on both
`pac-ret` and `bti` branch protections. For more details about code
reuse attacks and hardware-assisted branch protections on AArch64, see
[2].
However, we checked the `.note.gnu.property` section of all the shared
libraries under `jdk/lib` on Fedora 38, and found that only libjvm.so is
problematic. The issue is that the following two target feature bits are
not set:
```
GNU_PROPERTY_AARCH64_FEATURE_1_BTI
GNU_PROPERTY_AARCH64_FEATURE_1_PAC
```
Note-1: BTI is an all or nothing property for a link unit[3]. That is,
libjvm.so is not BTI-enabled.
Note-2: PAC bit in `.note.gnu.property` section is used to protect
`.got.plt` table. It's independent of whether the relocatable objects
use PAC or not.
Hence, this task aims to set PAC/BTI feature bits of the
`.note.gnu.property` section for libjvm.so.
[1] https://fedoraproject.org/wiki/Changes/Aarch64_PointerAuthentication
[2] https://community.arm.com/arm-community-blogs/b/tools-software-ides-blog/posts/code-reuse-attacks-the-compiler-story
[3] https://reviews.llvm.org/D62609
User-level packages can gain additional hardening by compiling with the
GCC/Clang flag `-mbranch-protection=flag`. See [1].
2. In
one VM configure flag, which would pass `-mbranch-protection=standard`
compilation flags to all c/c++ files. Note that `standard` turns on both
`pac-ret` and `bti` branch protections. For more details about code
reuse attacks and hardware-assisted branch protections on AArch64, see
[2].
However, we checked the `.note.gnu.property` section of all the shared
libraries under `jdk/lib` on Fedora 38, and found that only libjvm.so is
problematic. The issue is that the following two target feature bits are
not set:
```
GNU_PROPERTY_AARCH64_FEATURE_1_BTI
GNU_PROPERTY_AARCH64_FEATURE_1_PAC
```
Note-1: BTI is an all or nothing property for a link unit[3]. That is,
libjvm.so is not BTI-enabled.
Note-2: PAC bit in `.note.gnu.property` section is used to protect
`.got.plt` table. It's independent of whether the relocatable objects
use PAC or not.
Hence, this task aims to set PAC/BTI feature bits of the
`.note.gnu.property` section for libjvm.so.
[1] https://fedoraproject.org/wiki/Changes/Aarch64_PointerAuthentication
[2] https://community.arm.com/arm-community-blogs/b/tools-software-ides-blog/posts/code-reuse-attacks-the-compiler-story
[3] https://reviews.llvm.org/D62609
- links to
-
Commit(master)
openjdk/jdk/4dcc7f3f
-
Review(master)
openjdk/jdk/20491