Thanks ! Let's see what other AIX developers say about it .
Best regards, Matthias > -----Original Message----- > From: Erik Joelsson <erik.joels...@oracle.com> > Sent: Freitag, 12. April 2019 15:30 > To: Baesken, Matthias <matthias.baes...@sap.com>; ppc-aix-port- > d...@openjdk.java.net; 'build-dev@openjdk.java.net' <build- > d...@openjdk.java.net> > Subject: Re: AIX : -bnorwexec linker flag > > From a build point of view, the patch looks good. I cannot comment on > the validity of adding the flag though. > > /Erik > > On 2019-04-12 02:15, Baesken, Matthias wrote: > > Hello, I have a question regarding the AIX -bnorwexec linker flag . > > I think it is related to an AIX security feature SED , see also : > > > > > https://www.ibm.com/support/knowledgecenter/en/ssw_aix_71/com.ibm. > aix.security/stack_exec_disable_flags.htm > > > > When building with the additional -bnorwexec linker flag we signal the > OS that we "request" the SED feature . > > Please compare a patched and an unpatched java ( patched is flagged > "request" while unpatched uses the "system" setting ). > > > > bash-4.3$ sedmgr -d /patched_jdk/images/jdk/bin/java > > /patched_jdk/images/images/jdk/bin/java : request > > > > > > bash-4.3$ sedmgr -d /normal_jdk/images/jdk/bin/java > > /normal_jdk/images/jdk/bin/java : system > > > > > > System config on the example machine is "normal" (default) select : > > bash-4.3$ sedmgr > > Stack Execution Disable (SED) mode: select > > SED configured in kernel: select > > > > > > In our internal tests I noticed so far no issues when setting the - > bnorwexec linker flag in OpenJDK on AIX . > > Do you have any experience with it, do you see issues when setting the > flag ? > > > > > > The documentation of the flag is a bit short . > > > > > > > https://www.ibm.com/support/knowledgecenter/en/ssw_aix_72/com.ibm. > aix.cmds3/ld.htm > > > > > > norwexec > > > > Specifies that if the system's sed_config setting is not off, the process' > private data areas will have non-execute permission. > > > > > > > > > > Patch would be : > > > > diff -r 0d7fb7f07134 make/autoconf/flags-ldflags.m4 > > --- a/make/autoconf/flags-ldflags.m4 Mon Apr 08 06:56:37 2019 +0100 > > +++ b/make/autoconf/flags-ldflags.m4 Mon Apr 08 10:50:07 2019 +0200 > > @@ -1,5 +1,5 @@ > > # > > -# Copyright (c) 2011, 2018, Oracle and/or its affiliates. All rights > > reserved. > > +# Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights > > reserved. > > # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. > > # > > # This code is free software; you can redistribute it and/or modify it > > @@ -88,7 +88,7 @@ > > BASIC_LDFLAGS_JVM_ONLY="-library=%none -mt -z noversion" > > elif test "x$TOOLCHAIN_TYPE" = xxlc; then > > - BASIC_LDFLAGS="-b64 -brtl -bnolibpath -bexpall -bernotok - > btextpsize:64K \ > > + BASIC_LDFLAGS="-b64 -brtl -bnorwexec -bnolibpath -bexpall -bernotok > -btextpsize:64K \ > > -bdatapsize:64K -bstackpsize:64K" > > # libjvm.so has gotten too large for normal TOC size; compile with > qpic=large and link with bigtoc > > BASIC_LDFLAGS_JVM_ONLY="-Wl,-lC_r -bbigtoc" > > > > > > Best regards, Matthias > >