[meta-java,kirkstone] openjdk-8: Security fix for CVE-2024-21094

Message ID	20240611064713.33342-1-rsangam@mvista.com
State	New
Headers	show Return-Path: <rsangam@mvista.com> ip: 209.85.210.175, mailfrom: rsangam@mvista.com) From: Rohini Sangam <rsangam@mvista.com> To: openembedded-devel@lists.openembedded.org Cc: Rohini Sangam <rsangam@mvista.com>, Siddharth Doshi <sdoshi@mvista.com> Subject: [meta-java][kirkstone][PATCH] openjdk-8: Security fix for CVE-2024-21094 Date: Tue, 11 Jun 2024 12:17:13 +0530 Message-Id: <20240611064713.33342-1-rsangam@mvista.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-java,kirkstone] openjdk-8: Security fix for CVE-2024-21094 \| expand [meta-java,kirkstone] openjdk-8: Security fix for CVE-2024-21094

diff --git a/recipes-core/openjdk/openjdk-8-release-common.inc b/recipes-core/openjdk/openjdk-8-release-common.inc index ff8d96e..f71eb10 100644 --- a/recipes-core/openjdk/openjdk-8-release-common.inc +++ b/recipes-core/openjdk/openjdk-8-release-common.inc @@ -21,6 +21,7 @@ PATCHES_URI = "\ file://2007-jdk-no-genx11-in-headless.patch \ file://2008-jdk-no-unused-deps.patch \ file://2009-jdk-make-use-gcc-instead-of-ld-for-genSocketOptionRe.patch \ + file://CVE-2024-21094.patch \ " HOTSPOT_UB_PATCH = "\ file://1001-hotspot-fix-crash-on-JNI_CreateJavaVM.patch \ diff --git a/recipes-core/openjdk/patches-openjdk-8/CVE-2024-21094.patch b/recipes-core/openjdk/patches-openjdk-8/CVE-2024-21094.patch new file mode 100644 index 0000000..1852bd7 --- /dev/null +++ b/recipes-core/openjdk/patches-openjdk-8/CVE-2024-21094.patch @@ -0,0 +1,637 @@ +From 43cb87550865a93c559c9e8eaa59fcb071301bd3 Mon Sep 17 00:00:00 2001 +From: Martin Balao <mbalao@openjdk.org> +Date: Wed, 27 Mar 2024 03:21:25 +0000 +Subject: [PATCH] CVE-2024-21094: 8317507: C2 compilation fails with "Exceeded _node_regs + array" + +Upstream-Status: Backport from https://github.com/openjdk/jdk8u/commit/43cb87550865a93c559c9e8eaa59fcb071301bd3 +CVE: CVE-2024-21094 + +Signed-off-by: Rohini Sangam <rsangam@mvista.com> +--- + .../hotspot/src/share/vm/adlc/output_c.cpp | 2 + + .../regalloc/TestNodeRegArrayOverflow.java | 599 ++++++++++++++++++ + 2 files changed, 601 insertions(+) + create mode 100644 hotspot/test/compiler/regalloc/TestNodeRegArrayOverflow.java + +diff --git a/hotspot/src/share/vm/adlc/output_c.cpp b/hotspot/src/share/vm/adlc/output_c.cpp +index 19916904..b85123b4 100644 +--- a/hotspot/src/share/vm/adlc/output_c.cpp ++++ b/hotspot/src/share/vm/adlc/output_c.cpp +@@ -3023,6 +3023,8 @@ static void define_fill_new_machnode(bool used, FILE *fp_cpp) { + fprintf(fp_cpp, " if( i != cisc_operand() ) \n"); + fprintf(fp_cpp, " to[i] = _opnds[i]->clone(C);\n"); + fprintf(fp_cpp, " }\n"); ++ fprintf(fp_cpp, " // Do not increment node index counter, since node reuses my index\n"); ++ fprintf(fp_cpp, " C->set_unique(C->unique() - 1);\n"); + fprintf(fp_cpp, "}\n"); + } + fprintf(fp_cpp, "\n"); +diff --git a/hotspot/test/compiler/regalloc/TestNodeRegArrayOverflow.java b/hotspot/test/compiler/regalloc/TestNodeRegArrayOverflow.java +new file mode 100644 +index 00000000..281524cc +--- /dev/null ++++ b/hotspot/test/compiler/regalloc/TestNodeRegArrayOverflow.java +@@ -0,0 +1,599 @@ ++/* ++ * Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++package compiler.regalloc; ++ ++/** ++ * @test ++ * @bug 8317507 ++ * @summary Test that C2's PhaseRegAlloc::_node_regs (a post-register-allocation ++ * mapping from machine nodes to assigned registers) does not overflow ++ * in the face of a program with a high-density of CISC spilling ++ * candidate nodes. ++ * @run main/othervm -Xcomp -XX:CompileOnly=compiler.regalloc.TestNodeRegArrayOverflow::testWithCompilerUnrolling ++ -XX:CompileCommand=dontinline,compiler.regalloc.TestNodeRegArrayOverflow::dontInline ++ compiler.regalloc.TestNodeRegArrayOverflow compiler ++ * @run main/othervm -Xcomp -XX:CompileOnly=compiler.regalloc.TestNodeRegArrayOverflow::testWithManualUnrolling ++ -XX:CompileCommand=dontinline,compiler.regalloc.TestNodeRegArrayOverflow::dontInline ++ compiler.regalloc.TestNodeRegArrayOverflow manual ++ */ ++ ++public class TestNodeRegArrayOverflow { ++ ++ static int dontInline() { ++ return 0; ++ } ++ ++ static float testWithCompilerUnrolling(float inc) { ++ int i = 0, j = 0; ++ // This non-inlined method call causes 'inc' to be spilled. ++ float f = dontInline(); ++ // This two-level reduction loop is unrolled 512 times, which is ++ // requested by the SLP-specific unrolling analysis, but not vectorized. ++ // Because 'inc' is spilled, each of the unrolled AddF nodes is ++ // CISC-spill converted (PhaseChaitin::fixup_spills()). Before the fix, ++ // this causes the unique node index counter (Compile::_unique) to grow ++ // beyond the size of the node register array ++ // (PhaseRegAlloc::_node_regs), and leads to overflow when accessed for ++ // nodes that are created later (e.g. during the peephole phase). ++ while (i++ < 128) { ++ for (j = 0; j < 16; j++) { ++ f += inc; ++ } ++ } ++ return f; ++ } ++ ++ // This test reproduces the same failure as 'testWithCompilerUnrolling' ++ // without relying on loop transformations. ++ static float testWithManualUnrolling(float inc) { ++ int i = 0, j = 0; ++ float f = dontInline(); ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ f += inc; ++ return f; ++ } ++ ++ public static void main(String[] args) { ++ switch (args[0]) { ++ case "compiler": ++ testWithCompilerUnrolling(0); ++ break; ++ case "manual": ++ testWithManualUnrolling(0); ++ break; ++ default: ++ throw new IllegalArgumentException("Invalid mode: " + args[0]); ++ } ++ } ++} +-- +2.35.7 +

[meta-java,kirkstone] openjdk-8: Security fix for CVE-2024-21094

Commit Message

Patch