On Thu, 11 Nov 2021 14:52:54 GMT, Andrew Dinn <ad...@openjdk.org> wrote:
> The runtime generated runtime stubs and Java method code into which this > patch may insert the required PAC instructions are written into a code cache > in a section which is mapped RW(X) all the time. It would be hard to map even > a subset of this code cache RO because generated code includes call and data > sites that need to be patched during execution. Am I right is saying that for Macos, all generated code is remapped RO before execution? An additional concern I have is that if the globals data was attacked then the UseROPProtection flag could be flipped, and all code after that point would be generated without ROP protection. Marking all the globals data as RO would fix that. Alternatively remove UseROPProtection and then in the macroassembler always generate PAC code, using just the subset of instructions that are NOPs on non-PAC hardware. Or alternatively only generate PAC code based on a #define set at build time. Each option has its own downsides. ------------- PR: https://git.openjdk.java.net/jdk/pull/6334
