Date: Mon, 2 Feb 2015 06:27:12 +0000 (UTC) From: Greg Lewis <glewis@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r378297 - in head/java/openjdk8: . files Message-ID: <201502020627.t126RC5H071121@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: glewis Date: Mon Feb 2 06:27:11 2015 New Revision: 378297 URL: https://svnweb.freebsd.org/changeset/ports/378297 QAT: https://qat.redports.org/buildarchive/r378297/ Log: . Update to 8u31. Added: head/java/openjdk8/files/patch-8u31-b13 (contents, props changed) Modified: head/java/openjdk8/Makefile head/java/openjdk8/files/patch-bsd head/java/openjdk8/files/patch-bsd-test Modified: head/java/openjdk8/Makefile ============================================================================== --- head/java/openjdk8/Makefile Mon Feb 2 05:14:14 2015 (r378296) +++ head/java/openjdk8/Makefile Mon Feb 2 06:27:11 2015 (r378297) @@ -2,7 +2,6 @@ PORTNAME= openjdk PORTVERSION= ${JDK_MAJOR_VERSION}.${JDK_UPDATE_VERSION}.${JDK_BUILD_NUMBER:S/^0//} -PORTREVISION= 4 CATEGORIES= java devel MASTER_SITES= http://download.java.net/openjdk/jdk${JDK_MAJOR_VERSION}/promoted/b${DIST_BUILD_NUMBER}/:jdk \ https://adopt-openjdk.ci.cloudbees.com/job/jtreg/${JTREG_JENKINS_BUILD}/artifact/:jtreg \ @@ -71,8 +70,8 @@ NO_CCACHE= yes NOPRECIOUSMAKEVARS= yes JDK_MAJOR_VERSION= 8 -JDK_UPDATE_VERSION= 25 -JDK_BUILD_NUMBER= 17 +JDK_UPDATE_VERSION= 31 +JDK_BUILD_NUMBER= 13 DIST_BUILD_NUMBER= 132 JTREG_VERSION= 4.1 JTREG_BUILD_NUMBER= b08 Added: head/java/openjdk8/files/patch-8u31-b13 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/java/openjdk8/files/patch-8u31-b13 Mon Feb 2 06:27:11 2015 (r378297) @@ -0,0 +1,35573 @@ +--- ./.hgtags Wed Sep 17 11:23:18 2014 -0700 ++++ ./.hgtags Mon Dec 08 12:28:03 2014 -0800 +@@ -314,6 +314,8 @@ + 1710841b0229403f4af85eac8b68ea5065a26c81 jdk8u20-b24 + 1710841b0229403f4af85eac8b68ea5065a26c81 jdk8u20-b25 + d1a7ea2c3e1091e0df1285963328a96f475f240d jdk8u20-b26 ++3229d7b76babcf6710b3a965a2eda3f3bb2aa972 jdk8u20-b31 ++9955a899edb359f2dc1704ea86044e9819cb805d jdk8u20-b32 + 97c6d6a8e5bb3dfc24b9a32711aa0906ea110e23 jdk8u25-b00 + c4cfb4376f5916c5d7eb1f39a0e23402de0d9818 jdk8u25-b01 + b4d29a751077e5500e766b8104dd1cb7148a550f jdk8u25-b02 +@@ -331,3 +333,19 @@ + 4429ea47ee6eca6b8a1dbda1950566ee821ba19d jdk8u25-b14 + 09eaef69f384ecf8ec0342b87a8b150740941140 jdk8u25-b15 + f0a48c214c46b7351ff8e6d6b6dc533463a4be21 jdk8u25-b16 ++d117f01bfb4f34668ac216c9837e88acead14dce jdk8u25-b17 ++efac90a2da447c2b2d43ee1b1e20c0828659f9c5 jdk8u25-b18 ++1a0b4ec68abc4e9248ca6041fff04612674a9b9f jdk8u25-b31 ++6db0898d3f90ad9eae2f017299314b88766446e3 jdk8u31-b00 ++85792859f3bdd6a2c1bdfcf2828bb2730e06ac3c jdk8u31-b01 ++4898a7460ae620ac5356cb224e1fdf3c29312533 jdk8u31-b02 ++886ace09d0934d5410572764685f13119d523823 jdk8u31-b03 ++e2d32fe85fb93ce5179c25f5bfd49750a85c9342 jdk8u31-b04 ++97de4d73edf1435c9b87d765d2ad91bb16c8d913 jdk8u31-b05 ++f1b61760d01de6ad8d360227ac6c2122765680a2 jdk8u31-b06 ++e9cbffb6c1119f3ef39c68db53c36c5e544c0d3c jdk8u31-b07 ++4cec543118e7720d6105f25b60742d25a458cab7 jdk8u31-b08 ++ea4b31ec437d74c62b844bd8b35f0bc3a27915b4 jdk8u31-b09 ++01a98532348477a84b6e3c322fdd12dfed28d96d jdk8u31-b10 ++ec85d5d0e3c05b0b6d61f4fc3f41313448ed9b05 jdk8u31-b11 ++ca98e3e9727ffdcde2c9980668d0c7f344261938 jdk8u31-b12 +--- ./common/autoconf/generated-configure.sh Wed Sep 17 11:23:18 2014 -0700 ++++ ./common/autoconf/generated-configure.sh Mon Dec 08 12:28:03 2014 -0800 +@@ -1024,6 +1024,7 @@ + with_update_version + with_user_release_suffix + with_build_number ++with_copyright_year + with_boot_jdk + with_boot_jdk_jvmargs + with_add_source_root +@@ -1774,6 +1775,7 @@ + Add a custom string to the version string if build + number isn't set.[username_builddateb00] + --with-build-number Set build number value for build [b00] ++ --with-copyright-year Set copyright year value for build [current year] + --with-boot-jdk path to Boot JDK (used to bootstrap build) [probed] + --with-boot-jdk-jvmargs specify JVM arguments to be passed to all + invocations of the Boot JDK, overriding the default +@@ -3868,7 +3870,7 @@ + #CUSTOM_AUTOCONF_INCLUDE + + # Do not change or remove the following line, it is needed for consistency checks: +-DATE_WHEN_GENERATED=1410971760 ++DATE_WHEN_GENERATED=1416326200 + + ############################################################################### + # +@@ -11280,7 +11282,19 @@ + + + +- COPYRIGHT_YEAR=`date +'%Y'` ++ ++# Check whether --with-copyright-year was given. ++if test "${with_copyright_year+set}" = set; then : ++ withval=$with_copyright_year; ++fi ++ ++ if test "x$with_copyright_year" = xyes; then ++ as_fn_error $? "Copyright year must have a value" "$LINENO" 5 ++ elif test "x$with_copyright_year" != x; then ++ COPYRIGHT_YEAR="$with_copyright_year" ++ else ++ COPYRIGHT_YEAR=`date +'%Y'` ++ fi + + + if test "x$JDK_UPDATE_VERSION" != x; then +--- ./common/autoconf/jdk-options.m4 Wed Sep 17 11:23:18 2014 -0700 ++++ ./common/autoconf/jdk-options.m4 Mon Dec 08 12:28:03 2014 -0800 +@@ -510,7 +510,15 @@ + AC_SUBST(MACOSX_BUNDLE_NAME_BASE) + AC_SUBST(MACOSX_BUNDLE_ID_BASE) + +- COPYRIGHT_YEAR=`date +'%Y'` ++ AC_ARG_WITH(copyright-year, [AS_HELP_STRING([--with-copyright-year], ++ [Set copyright year value for build @<:@current year@:>@])]) ++ if test "x$with_copyright_year" = xyes; then ++ AC_MSG_ERROR([Copyright year must have a value]) ++ elif test "x$with_copyright_year" != x; then ++ COPYRIGHT_YEAR="$with_copyright_year" ++ else ++ COPYRIGHT_YEAR=`date +'%Y'` ++ fi + AC_SUBST(COPYRIGHT_YEAR) + + if test "x$JDK_UPDATE_VERSION" != x; then +--- ./corba/.hgtags Mon Sep 08 12:34:37 2014 -0700 ++++ ./corba/.hgtags Mon Dec 08 12:28:12 2014 -0800 +@@ -312,6 +312,8 @@ + 34c930eaa6b591621afde05ca2e24571c91cdc9b jdk8u20-b24 + 34c930eaa6b591621afde05ca2e24571c91cdc9b jdk8u20-b25 + 37bde23c96f66912c44b1b893c08d4ad4cff5f4e jdk8u20-b26 ++83bebea0c36c6ee9e663b41f9103ddcf1216ef55 jdk8u20-b31 ++117f50127c27826dbe4c9e6fe1916aeab4bceef9 jdk8u20-b32 + 08aa9f55fe5bce1f04cfd2958f71e8df18643e29 jdk8u25-b00 + 31f50e3c0dcbdfa7f11a895179065e6888c2cf3c jdk8u25-b01 + 162703b7c2f16ce00d1b54a8f95d12eda9753eba jdk8u25-b02 +@@ -329,3 +331,19 @@ + 7e9a2027d0214019d66325fa7ca59cf8281fb43e jdk8u25-b14 + 5b2cb4935667cd02d7974b3b6fb6bf4092b5acae jdk8u25-b15 + 28d7f90e04e46ce8c633a2fbf0157d9e77db17c3 jdk8u25-b16 ++f46df0af2ca8c7d896de375c8edac8ce09318318 jdk8u25-b17 ++ee069d67c12df902cdb06ecf1747f8ff9d495a61 jdk8u25-b18 ++8d0faa0eac61c04c6a5bbff2e084c9da0bd5251c jdk8u25-b31 ++69793b08060c9d216fa84d679c48b9e22d2400ac jdk8u31-b00 ++fd5f8e3713803ca2d7898407a53996f3aa41521e jdk8u31-b01 ++b6e2d1b1b24585bd02512e360d842d4713afa644 jdk8u31-b02 ++1a7cc737d8081ffef73d88e94995f80d6a3dc8e0 jdk8u31-b03 ++f24241b85fc90618d243f54202904ee202c44b7e jdk8u31-b04 ++a3b616778301fe101bf3dcfa145d3bb4e8fc8941 jdk8u31-b05 ++3de6161377bf492953260c7bf756f3ec0c6e6d60 jdk8u31-b06 ++3d42c53301dd951992a32613173dd6fbb13a28a8 jdk8u31-b07 ++b47677f7c1d122a2d05e03dec70de86feaedcd4c jdk8u31-b08 ++95163f85c9e961c5bf37ceac645a0e7de505ca3e jdk8u31-b09 ++474bf60980443dfae2fe6e121fef0caea4e014b3 jdk8u31-b10 ++7e2056eba0b62247407e065f3f88a89358fc26a6 jdk8u31-b11 ++285b0e589c50e46ca7ad3434221335901a547d66 jdk8u31-b12 +--- ./hotspot/.hgtags Mon Sep 08 12:35:01 2014 -0700 ++++ ./hotspot/.hgtags Mon Dec 08 12:28:35 2014 -0800 +@@ -501,6 +501,8 @@ + 00cf2b6f51b9560b01030e8f4c28c466f0b21fe3 hs25.20-b23 + 19408d5fd31c25ce60c43dd33e92b96e8df4a4ea jdk8u20-b25 + eaa4074a7e3975cd33ec55e6b584586e2ac681bd jdk8u20-b26 ++7c9925f21c2529a88eb64b8039cc080f60b85e01 jdk8u20-b31 ++7edb04063a423e278fe34a0006d25fee198f495e jdk8u20-b32 + a4d44dfb7d30eea54bc172e4429a655454ae0bbf jdk8u25-b00 + 9a2152fbd929b0d8b2f5c326a5526214ae71731a jdk8u25-b01 + d3d5604ea0dea3812e87ba76ac199d0a8be6f49f jdk8u25-b02 +@@ -518,3 +520,19 @@ + c77d5db189422e2eef0443ee212644e497113b18 jdk8u25-b14 + e62c06b887310b5bd23be9b817a9a6f0daf0d0e1 jdk8u25-b15 + 6467bdd4d22d8b140844dc847c43b9ba7cb0bbd1 jdk8u25-b16 ++28b50d07f6f8c5a567b6a25e95a423948114a004 jdk8u25-b17 ++639abc668bfe995dba811dd35411b9ea8a9041cd jdk8u25-b18 ++c3528699fb33fe3eb1d117504184ae7ab2507aa1 jdk8u25-b31 ++5bb683bbe2c74876d585b5c3232fc3aab7b23e97 jdk8u31-b00 ++5bb686ae3b89f8aa1c74331b2d24e2a5ebd43448 jdk8u31-b01 ++087678da96603c9705b38b6cc4a6569ac7b4420a jdk8u31-b02 ++401cbaa475b4efe53153119ab87a82b217980a7f jdk8u31-b03 ++060cdf93040c1bfa5fdf580da5e9999042632cc8 jdk8u31-b04 ++6e56d7f1634f6c4cd4196e699c06e6ca2e6d6efb jdk8u31-b05 ++271a32147391d08b0f338d9353330e2b5584d580 jdk8u31-b06 ++e9f815c3f21cf2febd8e3c185917c1519aa52d9a jdk8u31-b07 ++cc74ca22516644867be3b8db6c1f8d05ab4f6c27 jdk8u31-b08 ++245d29ed5db5ad6914eb0c9fe78b9ba26122c478 jdk8u31-b09 ++d7b6bdd51abe68b16411d5b292fb830a43c5bc09 jdk8u31-b10 ++9906d432d6dbd2cda242e3f3cfde7cf6c90245bf jdk8u31-b11 ++e13839545238d1ecf17f0489bb6fb765de46719a jdk8u31-b12 +--- ./hotspot/make/hotspot_version Mon Sep 08 12:35:01 2014 -0700 ++++ ./hotspot/make/hotspot_version Mon Dec 08 12:28:35 2014 -0800 +@@ -1,5 +1,5 @@ + # +-# Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved. ++# Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved. + # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + # + # This code is free software; you can redistribute it and/or modify it +@@ -31,11 +31,11 @@ + # + + # Don't put quotes (fail windows build). +-HOTSPOT_VM_COPYRIGHT=Copyright 2014 ++HOTSPOT_VM_COPYRIGHT=Copyright 2015 + + HS_MAJOR_VER=25 +-HS_MINOR_VER=25 +-HS_BUILD_NUMBER=02 ++HS_MINOR_VER=31 ++HS_BUILD_NUMBER=07 + + JDK_MAJOR_VER=1 + JDK_MINOR_VER=8 +--- ./hotspot/src/cpu/sparc/vm/sharedRuntime_sparc.cpp Mon Sep 08 12:35:01 2014 -0700 ++++ ./hotspot/src/cpu/sparc/vm/sharedRuntime_sparc.cpp Mon Dec 08 12:28:35 2014 -0800 +@@ -1128,51 +1128,82 @@ + // Hoist any int/ptr/long's in the first 6 to int regs. + // Hoist any flt/dbl's in the first 16 dbl regs. + int j = 0; // Count of actual args, not HALVES +- for( int i=0; i<total_args_passed; i++, j++ ) { +- switch( sig_bt[i] ) { ++ VMRegPair param_array_reg; // location of the argument in the parameter array ++ for (int i = 0; i < total_args_passed; i++, j++) { ++ param_array_reg.set_bad(); ++ switch (sig_bt[i]) { + case T_BOOLEAN: + case T_BYTE: + case T_CHAR: + case T_INT: + case T_SHORT: +- regs[i].set1( int_stk_helper( j ) ); break; ++ regs[i].set1(int_stk_helper(j)); ++ break; + case T_LONG: +- assert( sig_bt[i+1] == T_VOID, "expecting half" ); ++ assert(sig_bt[i+1] == T_VOID, "expecting half"); + case T_ADDRESS: // raw pointers, like current thread, for VM calls + case T_ARRAY: + case T_OBJECT: + case T_METADATA: +- regs[i].set2( int_stk_helper( j ) ); ++ regs[i].set2(int_stk_helper(j)); + break; + case T_FLOAT: +- if ( j < 16 ) { +- // V9ism: floats go in ODD registers +- regs[i].set1(as_FloatRegister(1 + (j<<1))->as_VMReg()); +- } else { +- // V9ism: floats go in ODD stack slot +- regs[i].set1(VMRegImpl::stack2reg(1 + (j<<1))); ++ // Per SPARC Compliance Definition 2.4.1, page 3P-12 available here ++ // http://www.sparc.org/wp-content/uploads/2014/01/SCD.2.4.1.pdf.gz ++ // ++ // "When a callee prototype exists, and does not indicate variable arguments, ++ // floating-point values assigned to locations %sp+BIAS+128 through %sp+BIAS+248 ++ // will be promoted to floating-point registers" ++ // ++ // By "promoted" it means that the argument is located in two places, an unused ++ // spill slot in the "parameter array" (starts at %sp+BIAS+128), and a live ++ // float register. In most cases, there are 6 or fewer arguments of any type, ++ // and the standard parameter array slots (%sp+BIAS+128 to %sp+BIAS+176 exclusive) ++ // serve as shadow slots. Per the spec floating point registers %d6 to %d16 ++ // require slots beyond that (up to %sp+BIAS+248). ++ // ++ { ++ // V9ism: floats go in ODD registers and stack slots ++ int float_index = 1 + (j << 1); ++ param_array_reg.set1(VMRegImpl::stack2reg(float_index)); ++ if (j < 16) { ++ regs[i].set1(as_FloatRegister(float_index)->as_VMReg()); ++ } else { ++ regs[i] = param_array_reg; ++ } + } + break; + case T_DOUBLE: +- assert( sig_bt[i+1] == T_VOID, "expecting half" ); +- if ( j < 16 ) { +- // V9ism: doubles go in EVEN/ODD regs +- regs[i].set2(as_FloatRegister(j<<1)->as_VMReg()); +- } else { +- // V9ism: doubles go in EVEN/ODD stack slots +- regs[i].set2(VMRegImpl::stack2reg(j<<1)); ++ { ++ assert(sig_bt[i + 1] == T_VOID, "expecting half"); ++ // V9ism: doubles go in EVEN/ODD regs and stack slots ++ int double_index = (j << 1); ++ param_array_reg.set2(VMRegImpl::stack2reg(double_index)); ++ if (j < 16) { ++ regs[i].set2(as_FloatRegister(double_index)->as_VMReg()); ++ } else { ++ // V9ism: doubles go in EVEN/ODD stack slots ++ regs[i] = param_array_reg; ++ } + } + break; +- case T_VOID: regs[i].set_bad(); j--; break; // Do not count HALVES ++ case T_VOID: ++ regs[i].set_bad(); ++ j--; ++ break; // Do not count HALVES + default: + ShouldNotReachHere(); + } +- if (regs[i].first()->is_stack()) { +- int off = regs[i].first()->reg2stack(); ++ // Keep track of the deepest parameter array slot. ++ if (!param_array_reg.first()->is_valid()) { ++ param_array_reg = regs[i]; ++ } ++ if (param_array_reg.first()->is_stack()) { ++ int off = param_array_reg.first()->reg2stack(); + if (off > max_stack_slots) max_stack_slots = off; + } +- if (regs[i].second()->is_stack()) { +- int off = regs[i].second()->reg2stack(); ++ if (param_array_reg.second()->is_stack()) { ++ int off = param_array_reg.second()->reg2stack(); + if (off > max_stack_slots) max_stack_slots = off; + } + } +@@ -1180,8 +1211,8 @@ + #else // _LP64 + // V8 convention: first 6 things in O-regs, rest on stack. + // Alignment is willy-nilly. +- for( int i=0; i<total_args_passed; i++ ) { +- switch( sig_bt[i] ) { ++ for (int i = 0; i < total_args_passed; i++) { ++ switch (sig_bt[i]) { + case T_ADDRESS: // raw pointers, like current thread, for VM calls + case T_ARRAY: + case T_BOOLEAN: +@@ -1192,23 +1223,23 @@ + case T_OBJECT: + case T_METADATA: + case T_SHORT: +- regs[i].set1( int_stk_helper( i ) ); ++ regs[i].set1(int_stk_helper(i)); + break; + case T_DOUBLE: + case T_LONG: +- assert( sig_bt[i+1] == T_VOID, "expecting half" ); +- regs[i].set_pair( int_stk_helper( i+1 ), int_stk_helper( i ) ); ++ assert(sig_bt[i + 1] == T_VOID, "expecting half"); ++ regs[i].set_pair(int_stk_helper(i + 1), int_stk_helper(i)); + break; + case T_VOID: regs[i].set_bad(); break; + default: + ShouldNotReachHere(); + } + if (regs[i].first()->is_stack()) { +- int off = regs[i].first()->reg2stack(); ++ int off = regs[i].first()->reg2stack(); + if (off > max_stack_slots) max_stack_slots = off; + } + if (regs[i].second()->is_stack()) { +- int off = regs[i].second()->reg2stack(); ++ int off = regs[i].second()->reg2stack(); + if (off > max_stack_slots) max_stack_slots = off; + } + } +@@ -1357,11 +1388,10 @@ + const Register rOop = src.first()->as_Register(); + const Register rHandle = L5; + int oop_slot = rOop->input_number() * VMRegImpl::slots_per_word + oop_handle_offset; +- int offset = oop_slot*VMRegImpl::stack_slot_size; +- Label skip; ++ int offset = oop_slot * VMRegImpl::stack_slot_size; + __ st_ptr(rOop, SP, offset + STACK_BIAS); + if (is_receiver) { +- *receiver_offset = oop_slot * VMRegImpl::stack_slot_size; ++ *receiver_offset = offset; + } + map->set_oop(VMRegImpl::stack2reg(oop_slot)); + __ add(SP, offset + STACK_BIAS, rHandle); +--- ./hotspot/src/cpu/sparc/vm/sparc.ad Mon Sep 08 12:35:01 2014 -0700 ++++ ./hotspot/src/cpu/sparc/vm/sparc.ad Mon Dec 08 12:28:35 2014 -0800 +@@ -1989,7 +1989,7 @@ + // to implement the UseStrictFP mode. + const bool Matcher::strict_fp_requires_explicit_rounding = false; + +-// Are floats conerted to double when stored to stack during deoptimization? ++// Are floats converted to double when stored to stack during deoptimization? + // Sparc does not handle callee-save floats. + bool Matcher::float_in_double() { return false; } + +@@ -3218,7 +3218,7 @@ + // are owned by the CALLEE. Holes should not be nessecary in the + // incoming area, as the Java calling convention is completely under + // the control of the AD file. Doubles can be sorted and packed to +-// avoid holes. Holes in the outgoing arguments may be nessecary for ++// avoid holes. Holes in the outgoing arguments may be necessary for + // varargs C calling conventions. + // Note 3: Region 0-3 is even aligned, with pad2 as needed. Region 3-5 is + // even aligned with pad0 as needed. +@@ -3284,7 +3284,7 @@ + %} + + // Body of function which returns an OptoRegs array locating +- // arguments either in registers or in stack slots for callin ++ // arguments either in registers or in stack slots for calling + // C. + c_calling_convention %{ + // This is obviously always outgoing +--- ./hotspot/src/os/bsd/vm/perfMemory_bsd.cpp Mon Sep 08 12:35:01 2014 -0700 ++++ ./hotspot/src/os/bsd/vm/perfMemory_bsd.cpp Mon Dec 08 12:28:35 2014 -0800 +@@ -197,7 +197,38 @@ + } + + +-// check if the given path is considered a secure directory for ++// Check if the given statbuf is considered a secure directory for ++// the backing store files. Returns true if the directory is considered ++// a secure location. Returns false if the statbuf is a symbolic link or ++// if an error occurred. ++// ++static bool is_statbuf_secure(struct stat *statp) { ++ if (S_ISLNK(statp->st_mode) || !S_ISDIR(statp->st_mode)) { ++ // The path represents a link or some non-directory file type, ++ // which is not what we expected. Declare it insecure. ++ // ++ return false; ++ } ++ // We have an existing directory, check if the permissions are safe. ++ // ++ if ((statp->st_mode & (S_IWGRP|S_IWOTH)) != 0) { ++ // The directory is open for writing and could be subjected ++ // to a symlink or a hard link attack. Declare it insecure. ++ // ++ return false; ++ } ++ // See if the uid of the directory matches the effective uid of the process. ++ // ++ if (statp->st_uid != geteuid()) { ++ // The directory was not created by this user, declare it insecure. ++ // ++ return false; ++ } ++ return true; ++} ++ ++ ++// Check if the given path is considered a secure directory for + // the backing store files. Returns true if the directory exists + // and is considered a secure location. Returns false if the path + // is a symbolic link or if an error occurred. +@@ -211,27 +242,185 @@ + return false; + } + +- // the path exists, now check it's mode +- if (S_ISLNK(statbuf.st_mode) || !S_ISDIR(statbuf.st_mode)) { +- // the path represents a link or some non-directory file type, +- // which is not what we expected. declare it insecure. +- // ++ // The path exists, see if it is secure. ++ return is_statbuf_secure(&statbuf); ++} ++ ++ ++// Check if the given directory file descriptor is considered a secure ++// directory for the backing store files. Returns true if the directory ++// exists and is considered a secure location. Returns false if the path ++// is a symbolic link or if an error occurred. ++// ++static bool is_dirfd_secure(int dir_fd) { ++ struct stat statbuf; ++ int result = 0; ++ ++ RESTARTABLE(::fstat(dir_fd, &statbuf), result); ++ if (result == OS_ERR) { + return false; + } +- else { +- // we have an existing directory, check if the permissions are safe. +- // +- if ((statbuf.st_mode & (S_IWGRP|S_IWOTH)) != 0) { +- // the directory is open for writing and could be subjected +- // to a symlnk attack. declare it insecure. +- // +- return false; ++ ++ // The path exists, now check its mode. ++ return is_statbuf_secure(&statbuf); ++} ++ ++ ++// Check to make sure fd1 and fd2 are referencing the same file system object. ++// ++static bool is_same_fsobject(int fd1, int fd2) { ++ struct stat statbuf1; ++ struct stat statbuf2; ++ int result = 0; ++ ++ RESTARTABLE(::fstat(fd1, &statbuf1), result); ++ if (result == OS_ERR) { ++ return false; ++ } ++ RESTARTABLE(::fstat(fd2, &statbuf2), result); ++ if (result == OS_ERR) { ++ return false; ++ } ++ ++ if ((statbuf1.st_ino == statbuf2.st_ino) && ++ (statbuf1.st_dev == statbuf2.st_dev)) { ++ return true; ++ } else { ++ return false; ++ } ++} ++ ++ ++// Open the directory of the given path and validate it. ++// Return a DIR * of the open directory. ++// ++static DIR *open_directory_secure(const char* dirname) { ++ // Open the directory using open() so that it can be verified ++ // to be secure by calling is_dirfd_secure(), opendir() and then check ++ // to see if they are the same file system object. This method does not ++ // introduce a window of opportunity for the directory to be attacked that ++ // calling opendir() and is_directory_secure() does. ++ int result; ++ DIR *dirp = NULL; ++ RESTARTABLE(::open(dirname, O_RDONLY|O_NOFOLLOW), result); ++ if (result == OS_ERR) { ++ // Directory doesn't exist or is a symlink, so there is nothing to cleanup. ++ if (PrintMiscellaneous && Verbose) { ++ if (errno == ELOOP) { ++ warning("directory %s is a symlink and is not secure\n", dirname); ++ } else { ++ warning("could not open directory %s: %s\n", dirname, strerror(errno)); ++ } + } ++ return dirp; ++ } ++ int fd = result; ++ ++ // Determine if the open directory is secure. ++ if (!is_dirfd_secure(fd)) { ++ // The directory is not a secure directory. ++ os::close(fd); ++ return dirp; ++ } ++ ++ // Open the directory. ++ dirp = ::opendir(dirname); ++ if (dirp == NULL) { ++ // The directory doesn't exist, close fd and return. ++ os::close(fd); ++ return dirp; ++ } ++ ++ // Check to make sure fd and dirp are referencing the same file system object. ++ if (!is_same_fsobject(fd, dirfd(dirp))) { ++ // The directory is not secure. ++ os::close(fd); ++ os::closedir(dirp); ++ dirp = NULL; ++ return dirp; ++ } ++ ++ // Close initial open now that we know directory is secure ++ os::close(fd); ++ ++ return dirp; ++} ++ ++// NOTE: The code below uses fchdir(), open() and unlink() because ++// fdopendir(), openat() and unlinkat() are not supported on all ++// versions. Once the support for fdopendir(), openat() and unlinkat() ++// is available on all supported versions the code can be changed ++// to use these functions. ++ ++// Open the directory of the given path, validate it and set the ++// current working directory to it. ++// Return a DIR * of the open directory and the saved cwd fd. ++// ++static DIR *open_directory_secure_cwd(const char* dirname, int *saved_cwd_fd) { ++ ++ // Open the directory. ++ DIR* dirp = open_directory_secure(dirname); ++ if (dirp == NULL) { ++ // Directory doesn't exist or is insecure, so there is nothing to cleanup. ++ return dirp; ++ } ++ int fd = dirfd(dirp); ++ ++ // Open a fd to the cwd and save it off. ++ int result; ++ RESTARTABLE(::open(".", O_RDONLY), result); ++ if (result == OS_ERR) { ++ *saved_cwd_fd = -1; ++ } else { ++ *saved_cwd_fd = result; ++ } ++ ++ // Set the current directory to dirname by using the fd of the directory. ++ result = fchdir(fd); ++ ++ return dirp; ++} ++ ++// Close the directory and restore the current working directory. ++// ++static void close_directory_secure_cwd(DIR* dirp, int saved_cwd_fd) { ++ ++ int result; ++ // If we have a saved cwd change back to it and close the fd. ++ if (saved_cwd_fd != -1) { ++ result = fchdir(saved_cwd_fd); ++ ::close(saved_cwd_fd); ++ } ++ ++ // Close the directory. ++ os::closedir(dirp); ++} ++ ++// Check if the given file descriptor is considered a secure. ++// ++static bool is_file_secure(int fd, const char *filename) { ++ ++ int result; ++ struct stat statbuf; ++ ++ // Determine if the file is secure. ++ RESTARTABLE(::fstat(fd, &statbuf), result); ++ if (result == OS_ERR) { ++ if (PrintMiscellaneous && Verbose) { ++ warning("fstat failed on %s: %s\n", filename, strerror(errno)); ++ } ++ return false; ++ } ++ if (statbuf.st_nlink > 1) { ++ // A file with multiple links is not expected. ++ if (PrintMiscellaneous && Verbose) { ++ warning("file %s has multiple links\n", filename); ++ } ++ return false; + } + return true; + } + +- + // return the user name for the given user id + // + // the caller is expected to free the allocated memory. +@@ -317,9 +506,11 @@ + + const char* tmpdirname = os::get_temp_directory(); + ++ // open the temp directory + DIR* tmpdirp = os::opendir(tmpdirname); + + if (tmpdirp == NULL) { ++ // Cannot open the directory to get the user name, return. + return NULL; + } + +@@ -344,25 +535,14 @@ + strcat(usrdir_name, "/"); + strcat(usrdir_name, dentry->d_name); + +- DIR* subdirp = os::opendir(usrdir_name); ++ // open the user directory ++ DIR* subdirp = open_directory_secure(usrdir_name); + + if (subdirp == NULL) { + FREE_C_HEAP_ARRAY(char, usrdir_name, mtInternal); + continue; + } + +- // Since we don't create the backing store files in directories +- // pointed to by symbolic links, we also don't follow them when +- // looking for the files. We check for a symbolic link after the +- // call to opendir in order to eliminate a small window where the +- // symlink can be exploited. +- // +- if (!is_directory_secure(usrdir_name)) { +- FREE_C_HEAP_ARRAY(char, usrdir_name, mtInternal); +- os::closedir(subdirp); +- continue; +- } +- + struct dirent* udentry; + char* udbuf = NEW_C_HEAP_ARRAY(char, os::readdir_buf_size(usrdir_name), mtInternal); + errno = 0; +@@ -465,26 +645,6 @@ + } + + +-// remove file +-// +-// this method removes the file with the given file name in the +-// named directory. +-// +-static void remove_file(const char* dirname, const char* filename) { +- +- size_t nbytes = strlen(dirname) + strlen(filename) + 2; +- char* path = NEW_C_HEAP_ARRAY(char, nbytes, mtInternal); +- +- strcpy(path, dirname); +- strcat(path, "/"); +- strcat(path, filename); +- +- remove_file(path); +- +- FREE_C_HEAP_ARRAY(char, path, mtInternal); +-} +- +- + // cleanup stale shared memory resources + // + // This method attempts to remove all stale shared memory files in +@@ -496,16 +656,11 @@ + // + static void cleanup_sharedmem_resources(const char* dirname) { + +- // open the user temp directory +- DIR* dirp = os::opendir(dirname); +- ++ int saved_cwd_fd; ++ // open the directory and set the current working directory to it ++ DIR* dirp = open_directory_secure_cwd(dirname, &saved_cwd_fd); + if (dirp == NULL) { +- // directory doesn't exist, so there is nothing to cleanup +- return; +- } +- +- if (!is_directory_secure(dirname)) { +- // the directory is not a secure directory ++ // directory doesn't exist or is insecure, so there is nothing to cleanup + return; + } + +@@ -519,6 +674,7 @@ + // + struct dirent* entry; + char* dbuf = NEW_C_HEAP_ARRAY(char, os::readdir_buf_size(dirname), mtInternal); ++ + errno = 0; + while ((entry = os::readdir(dirp, (struct dirent *)dbuf)) != NULL) { + +@@ -529,7 +685,7 @@ + if (strcmp(entry->d_name, ".") != 0 && strcmp(entry->d_name, "..") != 0) { + + // attempt to remove all unexpected files, except "." and ".." +- remove_file(dirname, entry->d_name); ++ unlink(entry->d_name); + } + + errno = 0; +@@ -552,11 +708,14 @@ + if ((pid == os::current_process_id()) || + (kill(pid, 0) == OS_ERR && (errno == ESRCH || errno == EPERM))) { + +- remove_file(dirname, entry->d_name); ++ unlink(entry->d_name); + } + errno = 0; + } +- os::closedir(dirp); ++ ++ // close the directory and reset the current working directory ++ close_directory_secure_cwd(dirp, saved_cwd_fd); ++ + FREE_C_HEAP_ARRAY(char, dbuf, mtInternal); + } + +@@ -613,19 +772,54 @@ + return -1; + } + ++ int saved_cwd_fd; ++ // open the directory and set the current working directory to it ++ DIR* dirp = open_directory_secure_cwd(dirname, &saved_cwd_fd); ++ if (dirp == NULL) { ++ // Directory doesn't exist or is insecure, so cannot create shared ++ // memory file. ++ return -1; ++ } ++ ++ // Open the filename in the current directory. ++ // Cannot use O_TRUNC here; truncation of an existing file has to happen ++ // after the is_file_secure() check below. + int result; +- +- RESTARTABLE(::open(filename, O_RDWR|O_CREAT|O_TRUNC, S_IREAD|S_IWRITE), result); ++ RESTARTABLE(::open(filename, O_RDWR|O_CREAT|O_NOFOLLOW, S_IREAD|S_IWRITE), result); + if (result == OS_ERR) { + if (PrintMiscellaneous && Verbose) { +- warning("could not create file %s: %s\n", filename, strerror(errno)); ++ if (errno == ELOOP) { ++ warning("file %s is a symlink and is not secure\n", filename); ++ } else { ++ warning("could not create file %s: %s\n", filename, strerror(errno)); ++ } + } ++ // close the directory and reset the current working directory ++ close_directory_secure_cwd(dirp, saved_cwd_fd); ++ + return -1; + } ++ // close the directory and reset the current working directory ++ close_directory_secure_cwd(dirp, saved_cwd_fd); + + // save the file descriptor + int fd = result; + ++ // check to see if the file is secure ++ if (!is_file_secure(fd, filename)) { ++ ::close(fd); ++ return -1; ++ } ++ ++ // truncate the file to get rid of any existing data ++ RESTARTABLE(::ftruncate(fd, (off_t)0), result); ++ if (result == OS_ERR) { ++ if (PrintMiscellaneous && Verbose) { ++ warning("could not truncate shared memory file: %s\n", strerror(errno)); ++ } ++ ::close(fd); ++ return -1; ++ } + // set the file size + RESTARTABLE(::ftruncate(fd, (off_t)size), result); + if (result == OS_ERR) { +@@ -683,8 +877,15 @@ + THROW_MSG_(vmSymbols::java_io_IOException(), strerror(errno), OS_ERR); + } + } ++ int fd = result; + +- return result; ++ // check to see if the file is secure ++ if (!is_file_secure(fd, filename)) { ++ ::close(fd); ++ return -1; ++ } ++ ++ return fd; + } + + // create a named shared memory region. returns the address of the +@@ -716,13 +917,21 @@ + char* dirname = get_user_tmp_dir(user_name); + char* filename = get_sharedmem_filename(dirname, vmid); + ++ // get the short filename ++ char* short_filename = strrchr(filename, '/'); ++ if (short_filename == NULL) { ++ short_filename = filename; ++ } else { ++ short_filename++; ++ } ++ + // cleanup any stale shared memory files + cleanup_sharedmem_resources(dirname); + + assert(((size > 0) && (size % os::vm_page_size() == 0)), + "unexpected PerfMemory region size"); + +- fd = create_sharedmem_resources(dirname, filename, size); ++ fd = create_sharedmem_resources(dirname, short_filename, size); + + FREE_C_HEAP_ARRAY(char, user_name, mtInternal); + FREE_C_HEAP_ARRAY(char, dirname, mtInternal); +@@ -837,12 +1046,12 @@ + // constructs for the file and the shared memory mapping. + if (mode == PerfMemory::PERF_MODE_RO) { + mmap_prot = PROT_READ; +- file_flags = O_RDONLY; ++ file_flags = O_RDONLY | O_NOFOLLOW; + } + else if (mode == PerfMemory::PERF_MODE_RW) { + #ifdef LATER + mmap_prot = PROT_READ | PROT_WRITE; +- file_flags = O_RDWR; ++ file_flags = O_RDWR | O_NOFOLLOW; + #else + THROW_MSG(vmSymbols::java_lang_IllegalArgumentException(), + "Unsupported access mode"); +--- ./hotspot/src/os/linux/vm/perfMemory_linux.cpp Mon Sep 08 12:35:01 2014 -0700 ++++ ./hotspot/src/os/linux/vm/perfMemory_linux.cpp Mon Dec 08 12:28:35 2014 -0800 +@@ -197,7 +197,38 @@ + } + + +-// check if the given path is considered a secure directory for ++// Check if the given statbuf is considered a secure directory for ++// the backing store files. Returns true if the directory is considered ++// a secure location. Returns false if the statbuf is a symbolic link or ++// if an error occurred. ++// ++static bool is_statbuf_secure(struct stat *statp) { ++ if (S_ISLNK(statp->st_mode) || !S_ISDIR(statp->st_mode)) { ++ // The path represents a link or some non-directory file type, ++ // which is not what we expected. Declare it insecure. ++ // ++ return false; ++ } ++ // We have an existing directory, check if the permissions are safe. ++ // ++ if ((statp->st_mode & (S_IWGRP|S_IWOTH)) != 0) { ++ // The directory is open for writing and could be subjected ++ // to a symlink or a hard link attack. Declare it insecure. ++ // ++ return false; ++ } ++ // See if the uid of the directory matches the effective uid of the process. ++ // ++ if (statp->st_uid != geteuid()) { ++ // The directory was not created by this user, declare it insecure. ++ // ++ return false; ++ } ++ return true; ++} ++ ++ ++// Check if the given path is considered a secure directory for + // the backing store files. Returns true if the directory exists + // and is considered a secure location. Returns false if the path + // is a symbolic link or if an error occurred. +@@ -211,22 +242,180 @@ + return false; + } + +- // the path exists, now check it's mode +- if (S_ISLNK(statbuf.st_mode) || !S_ISDIR(statbuf.st_mode)) { +- // the path represents a link or some non-directory file type, +- // which is not what we expected. declare it insecure. +- // ++ // The path exists, see if it is secure. ++ return is_statbuf_secure(&statbuf); ++} ++ ++ ++// Check if the given directory file descriptor is considered a secure ++// directory for the backing store files. Returns true if the directory ++// exists and is considered a secure location. Returns false if the path ++// is a symbolic link or if an error occurred. ++// ++static bool is_dirfd_secure(int dir_fd) { ++ struct stat statbuf; ++ int result = 0; ++ ++ RESTARTABLE(::fstat(dir_fd, &statbuf), result); ++ if (result == OS_ERR) { + return false; + } +- else { +- // we have an existing directory, check if the permissions are safe. +- // +- if ((statbuf.st_mode & (S_IWGRP|S_IWOTH)) != 0) { +- // the directory is open for writing and could be subjected +- // to a symlnk attack. declare it insecure. +- // +- return false; ++ ++ // The path exists, now check its mode. ++ return is_statbuf_secure(&statbuf); ++} ++ ++ ++// Check to make sure fd1 and fd2 are referencing the same file system object. ++// ++static bool is_same_fsobject(int fd1, int fd2) { ++ struct stat statbuf1; ++ struct stat statbuf2; ++ int result = 0; ++ ++ RESTARTABLE(::fstat(fd1, &statbuf1), result); ++ if (result == OS_ERR) { ++ return false; ++ } ++ RESTARTABLE(::fstat(fd2, &statbuf2), result); ++ if (result == OS_ERR) { ++ return false; ++ } ++ ++ if ((statbuf1.st_ino == statbuf2.st_ino) && ++ (statbuf1.st_dev == statbuf2.st_dev)) { ++ return true; ++ } else { ++ return false; ++ } ++} ++ ++ ++// Open the directory of the given path and validate it. ++// Return a DIR * of the open directory. ++// ++static DIR *open_directory_secure(const char* dirname) { ++ // Open the directory using open() so that it can be verified ++ // to be secure by calling is_dirfd_secure(), opendir() and then check ++ // to see if they are the same file system object. This method does not ++ // introduce a window of opportunity for the directory to be attacked that ++ // calling opendir() and is_directory_secure() does. ++ int result; ++ DIR *dirp = NULL; ++ RESTARTABLE(::open(dirname, O_RDONLY|O_NOFOLLOW), result); ++ if (result == OS_ERR) { ++ if (PrintMiscellaneous && Verbose) { ++ if (errno == ELOOP) { ++ warning("directory %s is a symlink and is not secure\n", dirname); *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201502020627.t126RC5H071121>