svn commit: r378297 - in head/java/openjdk8: . files
Greg Lewis
glewis at FreeBSD.org
Mon Feb 2 06:27:13 UTC 2015
Author: glewis
Date: Mon Feb 2 06:27:11 2015
New Revision: 378297
URL: https://svnweb.freebsd.org/changeset/ports/378297
QAT: https://qat.redports.org/buildarchive/r378297/
Log:
. Update to 8u31.
Added:
head/java/openjdk8/files/patch-8u31-b13 (contents, props changed)
Modified:
head/java/openjdk8/Makefile
head/java/openjdk8/files/patch-bsd
head/java/openjdk8/files/patch-bsd-test
Modified: head/java/openjdk8/Makefile
==============================================================================
--- head/java/openjdk8/Makefile Mon Feb 2 05:14:14 2015 (r378296)
+++ head/java/openjdk8/Makefile Mon Feb 2 06:27:11 2015 (r378297)
@@ -2,7 +2,6 @@
PORTNAME= openjdk
PORTVERSION= ${JDK_MAJOR_VERSION}.${JDK_UPDATE_VERSION}.${JDK_BUILD_NUMBER:S/^0//}
-PORTREVISION= 4
CATEGORIES= java devel
MASTER_SITES= http://download.java.net/openjdk/jdk${JDK_MAJOR_VERSION}/promoted/b${DIST_BUILD_NUMBER}/:jdk \
https://adopt-openjdk.ci.cloudbees.com/job/jtreg/${JTREG_JENKINS_BUILD}/artifact/:jtreg \
@@ -71,8 +70,8 @@ NO_CCACHE= yes
NOPRECIOUSMAKEVARS= yes
JDK_MAJOR_VERSION= 8
-JDK_UPDATE_VERSION= 25
-JDK_BUILD_NUMBER= 17
+JDK_UPDATE_VERSION= 31
+JDK_BUILD_NUMBER= 13
DIST_BUILD_NUMBER= 132
JTREG_VERSION= 4.1
JTREG_BUILD_NUMBER= b08
Added: head/java/openjdk8/files/patch-8u31-b13
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/java/openjdk8/files/patch-8u31-b13 Mon Feb 2 06:27:11 2015 (r378297)
@@ -0,0 +1,35573 @@
+--- ./.hgtags Wed Sep 17 11:23:18 2014 -0700
++++ ./.hgtags Mon Dec 08 12:28:03 2014 -0800
+@@ -314,6 +314,8 @@
+ 1710841b0229403f4af85eac8b68ea5065a26c81 jdk8u20-b24
+ 1710841b0229403f4af85eac8b68ea5065a26c81 jdk8u20-b25
+ d1a7ea2c3e1091e0df1285963328a96f475f240d jdk8u20-b26
++3229d7b76babcf6710b3a965a2eda3f3bb2aa972 jdk8u20-b31
++9955a899edb359f2dc1704ea86044e9819cb805d jdk8u20-b32
+ 97c6d6a8e5bb3dfc24b9a32711aa0906ea110e23 jdk8u25-b00
+ c4cfb4376f5916c5d7eb1f39a0e23402de0d9818 jdk8u25-b01
+ b4d29a751077e5500e766b8104dd1cb7148a550f jdk8u25-b02
+@@ -331,3 +333,19 @@
+ 4429ea47ee6eca6b8a1dbda1950566ee821ba19d jdk8u25-b14
+ 09eaef69f384ecf8ec0342b87a8b150740941140 jdk8u25-b15
+ f0a48c214c46b7351ff8e6d6b6dc533463a4be21 jdk8u25-b16
++d117f01bfb4f34668ac216c9837e88acead14dce jdk8u25-b17
++efac90a2da447c2b2d43ee1b1e20c0828659f9c5 jdk8u25-b18
++1a0b4ec68abc4e9248ca6041fff04612674a9b9f jdk8u25-b31
++6db0898d3f90ad9eae2f017299314b88766446e3 jdk8u31-b00
++85792859f3bdd6a2c1bdfcf2828bb2730e06ac3c jdk8u31-b01
++4898a7460ae620ac5356cb224e1fdf3c29312533 jdk8u31-b02
++886ace09d0934d5410572764685f13119d523823 jdk8u31-b03
++e2d32fe85fb93ce5179c25f5bfd49750a85c9342 jdk8u31-b04
++97de4d73edf1435c9b87d765d2ad91bb16c8d913 jdk8u31-b05
++f1b61760d01de6ad8d360227ac6c2122765680a2 jdk8u31-b06
++e9cbffb6c1119f3ef39c68db53c36c5e544c0d3c jdk8u31-b07
++4cec543118e7720d6105f25b60742d25a458cab7 jdk8u31-b08
++ea4b31ec437d74c62b844bd8b35f0bc3a27915b4 jdk8u31-b09
++01a98532348477a84b6e3c322fdd12dfed28d96d jdk8u31-b10
++ec85d5d0e3c05b0b6d61f4fc3f41313448ed9b05 jdk8u31-b11
++ca98e3e9727ffdcde2c9980668d0c7f344261938 jdk8u31-b12
+--- ./common/autoconf/generated-configure.sh Wed Sep 17 11:23:18 2014 -0700
++++ ./common/autoconf/generated-configure.sh Mon Dec 08 12:28:03 2014 -0800
+@@ -1024,6 +1024,7 @@
+ with_update_version
+ with_user_release_suffix
+ with_build_number
++with_copyright_year
+ with_boot_jdk
+ with_boot_jdk_jvmargs
+ with_add_source_root
+@@ -1774,6 +1775,7 @@
+ Add a custom string to the version string if build
+ number isn't set.[username_builddateb00]
+ --with-build-number Set build number value for build [b00]
++ --with-copyright-year Set copyright year value for build [current year]
+ --with-boot-jdk path to Boot JDK (used to bootstrap build) [probed]
+ --with-boot-jdk-jvmargs specify JVM arguments to be passed to all
+ invocations of the Boot JDK, overriding the default
+@@ -3868,7 +3870,7 @@
+ #CUSTOM_AUTOCONF_INCLUDE
+
+ # Do not change or remove the following line, it is needed for consistency checks:
+-DATE_WHEN_GENERATED=1410971760
++DATE_WHEN_GENERATED=1416326200
+
+ ###############################################################################
+ #
+@@ -11280,7 +11282,19 @@
+
+
+
+- COPYRIGHT_YEAR=`date +'%Y'`
++
++# Check whether --with-copyright-year was given.
++if test "${with_copyright_year+set}" = set; then :
++ withval=$with_copyright_year;
++fi
++
++ if test "x$with_copyright_year" = xyes; then
++ as_fn_error $? "Copyright year must have a value" "$LINENO" 5
++ elif test "x$with_copyright_year" != x; then
++ COPYRIGHT_YEAR="$with_copyright_year"
++ else
++ COPYRIGHT_YEAR=`date +'%Y'`
++ fi
+
+
+ if test "x$JDK_UPDATE_VERSION" != x; then
+--- ./common/autoconf/jdk-options.m4 Wed Sep 17 11:23:18 2014 -0700
++++ ./common/autoconf/jdk-options.m4 Mon Dec 08 12:28:03 2014 -0800
+@@ -510,7 +510,15 @@
+ AC_SUBST(MACOSX_BUNDLE_NAME_BASE)
+ AC_SUBST(MACOSX_BUNDLE_ID_BASE)
+
+- COPYRIGHT_YEAR=`date +'%Y'`
++ AC_ARG_WITH(copyright-year, [AS_HELP_STRING([--with-copyright-year],
++ [Set copyright year value for build @<:@current year@:>@])])
++ if test "x$with_copyright_year" = xyes; then
++ AC_MSG_ERROR([Copyright year must have a value])
++ elif test "x$with_copyright_year" != x; then
++ COPYRIGHT_YEAR="$with_copyright_year"
++ else
++ COPYRIGHT_YEAR=`date +'%Y'`
++ fi
+ AC_SUBST(COPYRIGHT_YEAR)
+
+ if test "x$JDK_UPDATE_VERSION" != x; then
+--- ./corba/.hgtags Mon Sep 08 12:34:37 2014 -0700
++++ ./corba/.hgtags Mon Dec 08 12:28:12 2014 -0800
+@@ -312,6 +312,8 @@
+ 34c930eaa6b591621afde05ca2e24571c91cdc9b jdk8u20-b24
+ 34c930eaa6b591621afde05ca2e24571c91cdc9b jdk8u20-b25
+ 37bde23c96f66912c44b1b893c08d4ad4cff5f4e jdk8u20-b26
++83bebea0c36c6ee9e663b41f9103ddcf1216ef55 jdk8u20-b31
++117f50127c27826dbe4c9e6fe1916aeab4bceef9 jdk8u20-b32
+ 08aa9f55fe5bce1f04cfd2958f71e8df18643e29 jdk8u25-b00
+ 31f50e3c0dcbdfa7f11a895179065e6888c2cf3c jdk8u25-b01
+ 162703b7c2f16ce00d1b54a8f95d12eda9753eba jdk8u25-b02
+@@ -329,3 +331,19 @@
+ 7e9a2027d0214019d66325fa7ca59cf8281fb43e jdk8u25-b14
+ 5b2cb4935667cd02d7974b3b6fb6bf4092b5acae jdk8u25-b15
+ 28d7f90e04e46ce8c633a2fbf0157d9e77db17c3 jdk8u25-b16
++f46df0af2ca8c7d896de375c8edac8ce09318318 jdk8u25-b17
++ee069d67c12df902cdb06ecf1747f8ff9d495a61 jdk8u25-b18
++8d0faa0eac61c04c6a5bbff2e084c9da0bd5251c jdk8u25-b31
++69793b08060c9d216fa84d679c48b9e22d2400ac jdk8u31-b00
++fd5f8e3713803ca2d7898407a53996f3aa41521e jdk8u31-b01
++b6e2d1b1b24585bd02512e360d842d4713afa644 jdk8u31-b02
++1a7cc737d8081ffef73d88e94995f80d6a3dc8e0 jdk8u31-b03
++f24241b85fc90618d243f54202904ee202c44b7e jdk8u31-b04
++a3b616778301fe101bf3dcfa145d3bb4e8fc8941 jdk8u31-b05
++3de6161377bf492953260c7bf756f3ec0c6e6d60 jdk8u31-b06
++3d42c53301dd951992a32613173dd6fbb13a28a8 jdk8u31-b07
++b47677f7c1d122a2d05e03dec70de86feaedcd4c jdk8u31-b08
++95163f85c9e961c5bf37ceac645a0e7de505ca3e jdk8u31-b09
++474bf60980443dfae2fe6e121fef0caea4e014b3 jdk8u31-b10
++7e2056eba0b62247407e065f3f88a89358fc26a6 jdk8u31-b11
++285b0e589c50e46ca7ad3434221335901a547d66 jdk8u31-b12
+--- ./hotspot/.hgtags Mon Sep 08 12:35:01 2014 -0700
++++ ./hotspot/.hgtags Mon Dec 08 12:28:35 2014 -0800
+@@ -501,6 +501,8 @@
+ 00cf2b6f51b9560b01030e8f4c28c466f0b21fe3 hs25.20-b23
+ 19408d5fd31c25ce60c43dd33e92b96e8df4a4ea jdk8u20-b25
+ eaa4074a7e3975cd33ec55e6b584586e2ac681bd jdk8u20-b26
++7c9925f21c2529a88eb64b8039cc080f60b85e01 jdk8u20-b31
++7edb04063a423e278fe34a0006d25fee198f495e jdk8u20-b32
+ a4d44dfb7d30eea54bc172e4429a655454ae0bbf jdk8u25-b00
+ 9a2152fbd929b0d8b2f5c326a5526214ae71731a jdk8u25-b01
+ d3d5604ea0dea3812e87ba76ac199d0a8be6f49f jdk8u25-b02
+@@ -518,3 +520,19 @@
+ c77d5db189422e2eef0443ee212644e497113b18 jdk8u25-b14
+ e62c06b887310b5bd23be9b817a9a6f0daf0d0e1 jdk8u25-b15
+ 6467bdd4d22d8b140844dc847c43b9ba7cb0bbd1 jdk8u25-b16
++28b50d07f6f8c5a567b6a25e95a423948114a004 jdk8u25-b17
++639abc668bfe995dba811dd35411b9ea8a9041cd jdk8u25-b18
++c3528699fb33fe3eb1d117504184ae7ab2507aa1 jdk8u25-b31
++5bb683bbe2c74876d585b5c3232fc3aab7b23e97 jdk8u31-b00
++5bb686ae3b89f8aa1c74331b2d24e2a5ebd43448 jdk8u31-b01
++087678da96603c9705b38b6cc4a6569ac7b4420a jdk8u31-b02
++401cbaa475b4efe53153119ab87a82b217980a7f jdk8u31-b03
++060cdf93040c1bfa5fdf580da5e9999042632cc8 jdk8u31-b04
++6e56d7f1634f6c4cd4196e699c06e6ca2e6d6efb jdk8u31-b05
++271a32147391d08b0f338d9353330e2b5584d580 jdk8u31-b06
++e9f815c3f21cf2febd8e3c185917c1519aa52d9a jdk8u31-b07
++cc74ca22516644867be3b8db6c1f8d05ab4f6c27 jdk8u31-b08
++245d29ed5db5ad6914eb0c9fe78b9ba26122c478 jdk8u31-b09
++d7b6bdd51abe68b16411d5b292fb830a43c5bc09 jdk8u31-b10
++9906d432d6dbd2cda242e3f3cfde7cf6c90245bf jdk8u31-b11
++e13839545238d1ecf17f0489bb6fb765de46719a jdk8u31-b12
+--- ./hotspot/make/hotspot_version Mon Sep 08 12:35:01 2014 -0700
++++ ./hotspot/make/hotspot_version Mon Dec 08 12:28:35 2014 -0800
+@@ -1,5 +1,5 @@
+ #
+-# Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved.
++# Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved.
+ # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ #
+ # This code is free software; you can redistribute it and/or modify it
+@@ -31,11 +31,11 @@
+ #
+
+ # Don't put quotes (fail windows build).
+-HOTSPOT_VM_COPYRIGHT=Copyright 2014
++HOTSPOT_VM_COPYRIGHT=Copyright 2015
+
+ HS_MAJOR_VER=25
+-HS_MINOR_VER=25
+-HS_BUILD_NUMBER=02
++HS_MINOR_VER=31
++HS_BUILD_NUMBER=07
+
+ JDK_MAJOR_VER=1
+ JDK_MINOR_VER=8
+--- ./hotspot/src/cpu/sparc/vm/sharedRuntime_sparc.cpp Mon Sep 08 12:35:01 2014 -0700
++++ ./hotspot/src/cpu/sparc/vm/sharedRuntime_sparc.cpp Mon Dec 08 12:28:35 2014 -0800
+@@ -1128,51 +1128,82 @@
+ // Hoist any int/ptr/long's in the first 6 to int regs.
+ // Hoist any flt/dbl's in the first 16 dbl regs.
+ int j = 0; // Count of actual args, not HALVES
+- for( int i=0; i<total_args_passed; i++, j++ ) {
+- switch( sig_bt[i] ) {
++ VMRegPair param_array_reg; // location of the argument in the parameter array
++ for (int i = 0; i < total_args_passed; i++, j++) {
++ param_array_reg.set_bad();
++ switch (sig_bt[i]) {
+ case T_BOOLEAN:
+ case T_BYTE:
+ case T_CHAR:
+ case T_INT:
+ case T_SHORT:
+- regs[i].set1( int_stk_helper( j ) ); break;
++ regs[i].set1(int_stk_helper(j));
++ break;
+ case T_LONG:
+- assert( sig_bt[i+1] == T_VOID, "expecting half" );
++ assert(sig_bt[i+1] == T_VOID, "expecting half");
+ case T_ADDRESS: // raw pointers, like current thread, for VM calls
+ case T_ARRAY:
+ case T_OBJECT:
+ case T_METADATA:
+- regs[i].set2( int_stk_helper( j ) );
++ regs[i].set2(int_stk_helper(j));
+ break;
+ case T_FLOAT:
+- if ( j < 16 ) {
+- // V9ism: floats go in ODD registers
+- regs[i].set1(as_FloatRegister(1 + (j<<1))->as_VMReg());
+- } else {
+- // V9ism: floats go in ODD stack slot
+- regs[i].set1(VMRegImpl::stack2reg(1 + (j<<1)));
++ // Per SPARC Compliance Definition 2.4.1, page 3P-12 available here
++ // http://www.sparc.org/wp-content/uploads/2014/01/SCD.2.4.1.pdf.gz
++ //
++ // "When a callee prototype exists, and does not indicate variable arguments,
++ // floating-point values assigned to locations %sp+BIAS+128 through %sp+BIAS+248
++ // will be promoted to floating-point registers"
++ //
++ // By "promoted" it means that the argument is located in two places, an unused
++ // spill slot in the "parameter array" (starts at %sp+BIAS+128), and a live
++ // float register. In most cases, there are 6 or fewer arguments of any type,
++ // and the standard parameter array slots (%sp+BIAS+128 to %sp+BIAS+176 exclusive)
++ // serve as shadow slots. Per the spec floating point registers %d6 to %d16
++ // require slots beyond that (up to %sp+BIAS+248).
++ //
++ {
++ // V9ism: floats go in ODD registers and stack slots
++ int float_index = 1 + (j << 1);
++ param_array_reg.set1(VMRegImpl::stack2reg(float_index));
++ if (j < 16) {
++ regs[i].set1(as_FloatRegister(float_index)->as_VMReg());
++ } else {
++ regs[i] = param_array_reg;
++ }
+ }
+ break;
+ case T_DOUBLE:
+- assert( sig_bt[i+1] == T_VOID, "expecting half" );
+- if ( j < 16 ) {
+- // V9ism: doubles go in EVEN/ODD regs
+- regs[i].set2(as_FloatRegister(j<<1)->as_VMReg());
+- } else {
+- // V9ism: doubles go in EVEN/ODD stack slots
+- regs[i].set2(VMRegImpl::stack2reg(j<<1));
++ {
++ assert(sig_bt[i + 1] == T_VOID, "expecting half");
++ // V9ism: doubles go in EVEN/ODD regs and stack slots
++ int double_index = (j << 1);
++ param_array_reg.set2(VMRegImpl::stack2reg(double_index));
++ if (j < 16) {
++ regs[i].set2(as_FloatRegister(double_index)->as_VMReg());
++ } else {
++ // V9ism: doubles go in EVEN/ODD stack slots
++ regs[i] = param_array_reg;
++ }
+ }
+ break;
+- case T_VOID: regs[i].set_bad(); j--; break; // Do not count HALVES
++ case T_VOID:
++ regs[i].set_bad();
++ j--;
++ break; // Do not count HALVES
+ default:
+ ShouldNotReachHere();
+ }
+- if (regs[i].first()->is_stack()) {
+- int off = regs[i].first()->reg2stack();
++ // Keep track of the deepest parameter array slot.
++ if (!param_array_reg.first()->is_valid()) {
++ param_array_reg = regs[i];
++ }
++ if (param_array_reg.first()->is_stack()) {
++ int off = param_array_reg.first()->reg2stack();
+ if (off > max_stack_slots) max_stack_slots = off;
+ }
+- if (regs[i].second()->is_stack()) {
+- int off = regs[i].second()->reg2stack();
++ if (param_array_reg.second()->is_stack()) {
++ int off = param_array_reg.second()->reg2stack();
+ if (off > max_stack_slots) max_stack_slots = off;
+ }
+ }
+@@ -1180,8 +1211,8 @@
+ #else // _LP64
+ // V8 convention: first 6 things in O-regs, rest on stack.
+ // Alignment is willy-nilly.
+- for( int i=0; i<total_args_passed; i++ ) {
+- switch( sig_bt[i] ) {
++ for (int i = 0; i < total_args_passed; i++) {
++ switch (sig_bt[i]) {
+ case T_ADDRESS: // raw pointers, like current thread, for VM calls
+ case T_ARRAY:
+ case T_BOOLEAN:
+@@ -1192,23 +1223,23 @@
+ case T_OBJECT:
+ case T_METADATA:
+ case T_SHORT:
+- regs[i].set1( int_stk_helper( i ) );
++ regs[i].set1(int_stk_helper(i));
+ break;
+ case T_DOUBLE:
+ case T_LONG:
+- assert( sig_bt[i+1] == T_VOID, "expecting half" );
+- regs[i].set_pair( int_stk_helper( i+1 ), int_stk_helper( i ) );
++ assert(sig_bt[i + 1] == T_VOID, "expecting half");
++ regs[i].set_pair(int_stk_helper(i + 1), int_stk_helper(i));
+ break;
+ case T_VOID: regs[i].set_bad(); break;
+ default:
+ ShouldNotReachHere();
+ }
+ if (regs[i].first()->is_stack()) {
+- int off = regs[i].first()->reg2stack();
++ int off = regs[i].first()->reg2stack();
+ if (off > max_stack_slots) max_stack_slots = off;
+ }
+ if (regs[i].second()->is_stack()) {
+- int off = regs[i].second()->reg2stack();
++ int off = regs[i].second()->reg2stack();
+ if (off > max_stack_slots) max_stack_slots = off;
+ }
+ }
+@@ -1357,11 +1388,10 @@
+ const Register rOop = src.first()->as_Register();
+ const Register rHandle = L5;
+ int oop_slot = rOop->input_number() * VMRegImpl::slots_per_word + oop_handle_offset;
+- int offset = oop_slot*VMRegImpl::stack_slot_size;
+- Label skip;
++ int offset = oop_slot * VMRegImpl::stack_slot_size;
+ __ st_ptr(rOop, SP, offset + STACK_BIAS);
+ if (is_receiver) {
+- *receiver_offset = oop_slot * VMRegImpl::stack_slot_size;
++ *receiver_offset = offset;
+ }
+ map->set_oop(VMRegImpl::stack2reg(oop_slot));
+ __ add(SP, offset + STACK_BIAS, rHandle);
+--- ./hotspot/src/cpu/sparc/vm/sparc.ad Mon Sep 08 12:35:01 2014 -0700
++++ ./hotspot/src/cpu/sparc/vm/sparc.ad Mon Dec 08 12:28:35 2014 -0800
+@@ -1989,7 +1989,7 @@
+ // to implement the UseStrictFP mode.
+ const bool Matcher::strict_fp_requires_explicit_rounding = false;
+
+-// Are floats conerted to double when stored to stack during deoptimization?
++// Are floats converted to double when stored to stack during deoptimization?
+ // Sparc does not handle callee-save floats.
+ bool Matcher::float_in_double() { return false; }
+
+@@ -3218,7 +3218,7 @@
+ // are owned by the CALLEE. Holes should not be nessecary in the
+ // incoming area, as the Java calling convention is completely under
+ // the control of the AD file. Doubles can be sorted and packed to
+-// avoid holes. Holes in the outgoing arguments may be nessecary for
++// avoid holes. Holes in the outgoing arguments may be necessary for
+ // varargs C calling conventions.
+ // Note 3: Region 0-3 is even aligned, with pad2 as needed. Region 3-5 is
+ // even aligned with pad0 as needed.
+@@ -3284,7 +3284,7 @@
+ %}
+
+ // Body of function which returns an OptoRegs array locating
+- // arguments either in registers or in stack slots for callin
++ // arguments either in registers or in stack slots for calling
+ // C.
+ c_calling_convention %{
+ // This is obviously always outgoing
+--- ./hotspot/src/os/bsd/vm/perfMemory_bsd.cpp Mon Sep 08 12:35:01 2014 -0700
++++ ./hotspot/src/os/bsd/vm/perfMemory_bsd.cpp Mon Dec 08 12:28:35 2014 -0800
+@@ -197,7 +197,38 @@
+ }
+
+
+-// check if the given path is considered a secure directory for
++// Check if the given statbuf is considered a secure directory for
++// the backing store files. Returns true if the directory is considered
++// a secure location. Returns false if the statbuf is a symbolic link or
++// if an error occurred.
++//
++static bool is_statbuf_secure(struct stat *statp) {
++ if (S_ISLNK(statp->st_mode) || !S_ISDIR(statp->st_mode)) {
++ // The path represents a link or some non-directory file type,
++ // which is not what we expected. Declare it insecure.
++ //
++ return false;
++ }
++ // We have an existing directory, check if the permissions are safe.
++ //
++ if ((statp->st_mode & (S_IWGRP|S_IWOTH)) != 0) {
++ // The directory is open for writing and could be subjected
++ // to a symlink or a hard link attack. Declare it insecure.
++ //
++ return false;
++ }
++ // See if the uid of the directory matches the effective uid of the process.
++ //
++ if (statp->st_uid != geteuid()) {
++ // The directory was not created by this user, declare it insecure.
++ //
++ return false;
++ }
++ return true;
++}
++
++
++// Check if the given path is considered a secure directory for
+ // the backing store files. Returns true if the directory exists
+ // and is considered a secure location. Returns false if the path
+ // is a symbolic link or if an error occurred.
+@@ -211,27 +242,185 @@
+ return false;
+ }
+
+- // the path exists, now check it's mode
+- if (S_ISLNK(statbuf.st_mode) || !S_ISDIR(statbuf.st_mode)) {
+- // the path represents a link or some non-directory file type,
+- // which is not what we expected. declare it insecure.
+- //
++ // The path exists, see if it is secure.
++ return is_statbuf_secure(&statbuf);
++}
++
++
++// Check if the given directory file descriptor is considered a secure
++// directory for the backing store files. Returns true if the directory
++// exists and is considered a secure location. Returns false if the path
++// is a symbolic link or if an error occurred.
++//
++static bool is_dirfd_secure(int dir_fd) {
++ struct stat statbuf;
++ int result = 0;
++
++ RESTARTABLE(::fstat(dir_fd, &statbuf), result);
++ if (result == OS_ERR) {
+ return false;
+ }
+- else {
+- // we have an existing directory, check if the permissions are safe.
+- //
+- if ((statbuf.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
+- // the directory is open for writing and could be subjected
+- // to a symlnk attack. declare it insecure.
+- //
+- return false;
++
++ // The path exists, now check its mode.
++ return is_statbuf_secure(&statbuf);
++}
++
++
++// Check to make sure fd1 and fd2 are referencing the same file system object.
++//
++static bool is_same_fsobject(int fd1, int fd2) {
++ struct stat statbuf1;
++ struct stat statbuf2;
++ int result = 0;
++
++ RESTARTABLE(::fstat(fd1, &statbuf1), result);
++ if (result == OS_ERR) {
++ return false;
++ }
++ RESTARTABLE(::fstat(fd2, &statbuf2), result);
++ if (result == OS_ERR) {
++ return false;
++ }
++
++ if ((statbuf1.st_ino == statbuf2.st_ino) &&
++ (statbuf1.st_dev == statbuf2.st_dev)) {
++ return true;
++ } else {
++ return false;
++ }
++}
++
++
++// Open the directory of the given path and validate it.
++// Return a DIR * of the open directory.
++//
++static DIR *open_directory_secure(const char* dirname) {
++ // Open the directory using open() so that it can be verified
++ // to be secure by calling is_dirfd_secure(), opendir() and then check
++ // to see if they are the same file system object. This method does not
++ // introduce a window of opportunity for the directory to be attacked that
++ // calling opendir() and is_directory_secure() does.
++ int result;
++ DIR *dirp = NULL;
++ RESTARTABLE(::open(dirname, O_RDONLY|O_NOFOLLOW), result);
++ if (result == OS_ERR) {
++ // Directory doesn't exist or is a symlink, so there is nothing to cleanup.
++ if (PrintMiscellaneous && Verbose) {
++ if (errno == ELOOP) {
++ warning("directory %s is a symlink and is not secure\n", dirname);
++ } else {
++ warning("could not open directory %s: %s\n", dirname, strerror(errno));
++ }
+ }
++ return dirp;
++ }
++ int fd = result;
++
++ // Determine if the open directory is secure.
++ if (!is_dirfd_secure(fd)) {
++ // The directory is not a secure directory.
++ os::close(fd);
++ return dirp;
++ }
++
++ // Open the directory.
++ dirp = ::opendir(dirname);
++ if (dirp == NULL) {
++ // The directory doesn't exist, close fd and return.
++ os::close(fd);
++ return dirp;
++ }
++
++ // Check to make sure fd and dirp are referencing the same file system object.
++ if (!is_same_fsobject(fd, dirfd(dirp))) {
++ // The directory is not secure.
++ os::close(fd);
++ os::closedir(dirp);
++ dirp = NULL;
++ return dirp;
++ }
++
++ // Close initial open now that we know directory is secure
++ os::close(fd);
++
++ return dirp;
++}
++
++// NOTE: The code below uses fchdir(), open() and unlink() because
++// fdopendir(), openat() and unlinkat() are not supported on all
++// versions. Once the support for fdopendir(), openat() and unlinkat()
++// is available on all supported versions the code can be changed
++// to use these functions.
++
++// Open the directory of the given path, validate it and set the
++// current working directory to it.
++// Return a DIR * of the open directory and the saved cwd fd.
++//
++static DIR *open_directory_secure_cwd(const char* dirname, int *saved_cwd_fd) {
++
++ // Open the directory.
++ DIR* dirp = open_directory_secure(dirname);
++ if (dirp == NULL) {
++ // Directory doesn't exist or is insecure, so there is nothing to cleanup.
++ return dirp;
++ }
++ int fd = dirfd(dirp);
++
++ // Open a fd to the cwd and save it off.
++ int result;
++ RESTARTABLE(::open(".", O_RDONLY), result);
++ if (result == OS_ERR) {
++ *saved_cwd_fd = -1;
++ } else {
++ *saved_cwd_fd = result;
++ }
++
++ // Set the current directory to dirname by using the fd of the directory.
++ result = fchdir(fd);
++
++ return dirp;
++}
++
++// Close the directory and restore the current working directory.
++//
++static void close_directory_secure_cwd(DIR* dirp, int saved_cwd_fd) {
++
++ int result;
++ // If we have a saved cwd change back to it and close the fd.
++ if (saved_cwd_fd != -1) {
++ result = fchdir(saved_cwd_fd);
++ ::close(saved_cwd_fd);
++ }
++
++ // Close the directory.
++ os::closedir(dirp);
++}
++
++// Check if the given file descriptor is considered a secure.
++//
++static bool is_file_secure(int fd, const char *filename) {
++
++ int result;
++ struct stat statbuf;
++
++ // Determine if the file is secure.
++ RESTARTABLE(::fstat(fd, &statbuf), result);
++ if (result == OS_ERR) {
++ if (PrintMiscellaneous && Verbose) {
++ warning("fstat failed on %s: %s\n", filename, strerror(errno));
++ }
++ return false;
++ }
++ if (statbuf.st_nlink > 1) {
++ // A file with multiple links is not expected.
++ if (PrintMiscellaneous && Verbose) {
++ warning("file %s has multiple links\n", filename);
++ }
++ return false;
+ }
+ return true;
+ }
+
+-
+ // return the user name for the given user id
+ //
+ // the caller is expected to free the allocated memory.
+@@ -317,9 +506,11 @@
+
+ const char* tmpdirname = os::get_temp_directory();
+
++ // open the temp directory
+ DIR* tmpdirp = os::opendir(tmpdirname);
+
+ if (tmpdirp == NULL) {
++ // Cannot open the directory to get the user name, return.
+ return NULL;
+ }
+
+@@ -344,25 +535,14 @@
+ strcat(usrdir_name, "/");
+ strcat(usrdir_name, dentry->d_name);
+
+- DIR* subdirp = os::opendir(usrdir_name);
++ // open the user directory
++ DIR* subdirp = open_directory_secure(usrdir_name);
+
+ if (subdirp == NULL) {
+ FREE_C_HEAP_ARRAY(char, usrdir_name, mtInternal);
+ continue;
+ }
+
+- // Since we don't create the backing store files in directories
+- // pointed to by symbolic links, we also don't follow them when
+- // looking for the files. We check for a symbolic link after the
+- // call to opendir in order to eliminate a small window where the
+- // symlink can be exploited.
+- //
+- if (!is_directory_secure(usrdir_name)) {
+- FREE_C_HEAP_ARRAY(char, usrdir_name, mtInternal);
+- os::closedir(subdirp);
+- continue;
+- }
+-
+ struct dirent* udentry;
+ char* udbuf = NEW_C_HEAP_ARRAY(char, os::readdir_buf_size(usrdir_name), mtInternal);
+ errno = 0;
+@@ -465,26 +645,6 @@
+ }
+
+
+-// remove file
+-//
+-// this method removes the file with the given file name in the
+-// named directory.
+-//
+-static void remove_file(const char* dirname, const char* filename) {
+-
+- size_t nbytes = strlen(dirname) + strlen(filename) + 2;
+- char* path = NEW_C_HEAP_ARRAY(char, nbytes, mtInternal);
+-
+- strcpy(path, dirname);
+- strcat(path, "/");
+- strcat(path, filename);
+-
+- remove_file(path);
+-
+- FREE_C_HEAP_ARRAY(char, path, mtInternal);
+-}
+-
+-
+ // cleanup stale shared memory resources
+ //
+ // This method attempts to remove all stale shared memory files in
+@@ -496,16 +656,11 @@
+ //
+ static void cleanup_sharedmem_resources(const char* dirname) {
+
+- // open the user temp directory
+- DIR* dirp = os::opendir(dirname);
+-
++ int saved_cwd_fd;
++ // open the directory and set the current working directory to it
++ DIR* dirp = open_directory_secure_cwd(dirname, &saved_cwd_fd);
+ if (dirp == NULL) {
+- // directory doesn't exist, so there is nothing to cleanup
+- return;
+- }
+-
+- if (!is_directory_secure(dirname)) {
+- // the directory is not a secure directory
++ // directory doesn't exist or is insecure, so there is nothing to cleanup
+ return;
+ }
+
+@@ -519,6 +674,7 @@
+ //
+ struct dirent* entry;
+ char* dbuf = NEW_C_HEAP_ARRAY(char, os::readdir_buf_size(dirname), mtInternal);
++
+ errno = 0;
+ while ((entry = os::readdir(dirp, (struct dirent *)dbuf)) != NULL) {
+
+@@ -529,7 +685,7 @@
+ if (strcmp(entry->d_name, ".") != 0 && strcmp(entry->d_name, "..") != 0) {
+
+ // attempt to remove all unexpected files, except "." and ".."
+- remove_file(dirname, entry->d_name);
++ unlink(entry->d_name);
+ }
+
+ errno = 0;
+@@ -552,11 +708,14 @@
+ if ((pid == os::current_process_id()) ||
+ (kill(pid, 0) == OS_ERR && (errno == ESRCH || errno == EPERM))) {
+
+- remove_file(dirname, entry->d_name);
++ unlink(entry->d_name);
+ }
+ errno = 0;
+ }
+- os::closedir(dirp);
++
++ // close the directory and reset the current working directory
++ close_directory_secure_cwd(dirp, saved_cwd_fd);
++
+ FREE_C_HEAP_ARRAY(char, dbuf, mtInternal);
+ }
+
+@@ -613,19 +772,54 @@
+ return -1;
+ }
+
++ int saved_cwd_fd;
++ // open the directory and set the current working directory to it
++ DIR* dirp = open_directory_secure_cwd(dirname, &saved_cwd_fd);
++ if (dirp == NULL) {
++ // Directory doesn't exist or is insecure, so cannot create shared
++ // memory file.
++ return -1;
++ }
++
++ // Open the filename in the current directory.
++ // Cannot use O_TRUNC here; truncation of an existing file has to happen
++ // after the is_file_secure() check below.
+ int result;
+-
+- RESTARTABLE(::open(filename, O_RDWR|O_CREAT|O_TRUNC, S_IREAD|S_IWRITE), result);
++ RESTARTABLE(::open(filename, O_RDWR|O_CREAT|O_NOFOLLOW, S_IREAD|S_IWRITE), result);
+ if (result == OS_ERR) {
+ if (PrintMiscellaneous && Verbose) {
+- warning("could not create file %s: %s\n", filename, strerror(errno));
++ if (errno == ELOOP) {
++ warning("file %s is a symlink and is not secure\n", filename);
++ } else {
++ warning("could not create file %s: %s\n", filename, strerror(errno));
++ }
+ }
++ // close the directory and reset the current working directory
++ close_directory_secure_cwd(dirp, saved_cwd_fd);
++
+ return -1;
+ }
++ // close the directory and reset the current working directory
++ close_directory_secure_cwd(dirp, saved_cwd_fd);
+
+ // save the file descriptor
+ int fd = result;
+
++ // check to see if the file is secure
++ if (!is_file_secure(fd, filename)) {
++ ::close(fd);
++ return -1;
++ }
++
++ // truncate the file to get rid of any existing data
++ RESTARTABLE(::ftruncate(fd, (off_t)0), result);
++ if (result == OS_ERR) {
++ if (PrintMiscellaneous && Verbose) {
++ warning("could not truncate shared memory file: %s\n", strerror(errno));
++ }
++ ::close(fd);
++ return -1;
++ }
+ // set the file size
+ RESTARTABLE(::ftruncate(fd, (off_t)size), result);
+ if (result == OS_ERR) {
+@@ -683,8 +877,15 @@
+ THROW_MSG_(vmSymbols::java_io_IOException(), strerror(errno), OS_ERR);
+ }
+ }
++ int fd = result;
+
+- return result;
++ // check to see if the file is secure
++ if (!is_file_secure(fd, filename)) {
++ ::close(fd);
++ return -1;
++ }
++
++ return fd;
+ }
+
+ // create a named shared memory region. returns the address of the
+@@ -716,13 +917,21 @@
+ char* dirname = get_user_tmp_dir(user_name);
+ char* filename = get_sharedmem_filename(dirname, vmid);
+
++ // get the short filename
++ char* short_filename = strrchr(filename, '/');
++ if (short_filename == NULL) {
++ short_filename = filename;
++ } else {
++ short_filename++;
++ }
++
+ // cleanup any stale shared memory files
+ cleanup_sharedmem_resources(dirname);
+
+ assert(((size > 0) && (size % os::vm_page_size() == 0)),
+ "unexpected PerfMemory region size");
+
+- fd = create_sharedmem_resources(dirname, filename, size);
++ fd = create_sharedmem_resources(dirname, short_filename, size);
+
+ FREE_C_HEAP_ARRAY(char, user_name, mtInternal);
+ FREE_C_HEAP_ARRAY(char, dirname, mtInternal);
+@@ -837,12 +1046,12 @@
+ // constructs for the file and the shared memory mapping.
+ if (mode == PerfMemory::PERF_MODE_RO) {
+ mmap_prot = PROT_READ;
+- file_flags = O_RDONLY;
++ file_flags = O_RDONLY | O_NOFOLLOW;
+ }
+ else if (mode == PerfMemory::PERF_MODE_RW) {
+ #ifdef LATER
+ mmap_prot = PROT_READ | PROT_WRITE;
+- file_flags = O_RDWR;
++ file_flags = O_RDWR | O_NOFOLLOW;
+ #else
+ THROW_MSG(vmSymbols::java_lang_IllegalArgumentException(),
+ "Unsupported access mode");
+--- ./hotspot/src/os/linux/vm/perfMemory_linux.cpp Mon Sep 08 12:35:01 2014 -0700
++++ ./hotspot/src/os/linux/vm/perfMemory_linux.cpp Mon Dec 08 12:28:35 2014 -0800
+@@ -197,7 +197,38 @@
+ }
+
+
+-// check if the given path is considered a secure directory for
++// Check if the given statbuf is considered a secure directory for
++// the backing store files. Returns true if the directory is considered
++// a secure location. Returns false if the statbuf is a symbolic link or
++// if an error occurred.
++//
++static bool is_statbuf_secure(struct stat *statp) {
++ if (S_ISLNK(statp->st_mode) || !S_ISDIR(statp->st_mode)) {
++ // The path represents a link or some non-directory file type,
++ // which is not what we expected. Declare it insecure.
++ //
++ return false;
++ }
++ // We have an existing directory, check if the permissions are safe.
++ //
++ if ((statp->st_mode & (S_IWGRP|S_IWOTH)) != 0) {
++ // The directory is open for writing and could be subjected
++ // to a symlink or a hard link attack. Declare it insecure.
++ //
++ return false;
++ }
++ // See if the uid of the directory matches the effective uid of the process.
++ //
++ if (statp->st_uid != geteuid()) {
++ // The directory was not created by this user, declare it insecure.
++ //
++ return false;
++ }
++ return true;
++}
++
++
++// Check if the given path is considered a secure directory for
+ // the backing store files. Returns true if the directory exists
+ // and is considered a secure location. Returns false if the path
+ // is a symbolic link or if an error occurred.
+@@ -211,22 +242,180 @@
+ return false;
+ }
+
+- // the path exists, now check it's mode
+- if (S_ISLNK(statbuf.st_mode) || !S_ISDIR(statbuf.st_mode)) {
+- // the path represents a link or some non-directory file type,
+- // which is not what we expected. declare it insecure.
+- //
++ // The path exists, see if it is secure.
++ return is_statbuf_secure(&statbuf);
++}
++
++
++// Check if the given directory file descriptor is considered a secure
++// directory for the backing store files. Returns true if the directory
++// exists and is considered a secure location. Returns false if the path
++// is a symbolic link or if an error occurred.
++//
++static bool is_dirfd_secure(int dir_fd) {
++ struct stat statbuf;
++ int result = 0;
++
++ RESTARTABLE(::fstat(dir_fd, &statbuf), result);
++ if (result == OS_ERR) {
+ return false;
+ }
+- else {
+- // we have an existing directory, check if the permissions are safe.
+- //
+- if ((statbuf.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
+- // the directory is open for writing and could be subjected
+- // to a symlnk attack. declare it insecure.
+- //
+- return false;
++
++ // The path exists, now check its mode.
++ return is_statbuf_secure(&statbuf);
++}
++
++
++// Check to make sure fd1 and fd2 are referencing the same file system object.
++//
++static bool is_same_fsobject(int fd1, int fd2) {
++ struct stat statbuf1;
++ struct stat statbuf2;
++ int result = 0;
++
++ RESTARTABLE(::fstat(fd1, &statbuf1), result);
++ if (result == OS_ERR) {
++ return false;
++ }
++ RESTARTABLE(::fstat(fd2, &statbuf2), result);
++ if (result == OS_ERR) {
++ return false;
++ }
++
++ if ((statbuf1.st_ino == statbuf2.st_ino) &&
++ (statbuf1.st_dev == statbuf2.st_dev)) {
++ return true;
++ } else {
++ return false;
++ }
++}
++
++
++// Open the directory of the given path and validate it.
++// Return a DIR * of the open directory.
++//
++static DIR *open_directory_secure(const char* dirname) {
++ // Open the directory using open() so that it can be verified
++ // to be secure by calling is_dirfd_secure(), opendir() and then check
++ // to see if they are the same file system object. This method does not
++ // introduce a window of opportunity for the directory to be attacked that
++ // calling opendir() and is_directory_secure() does.
++ int result;
++ DIR *dirp = NULL;
++ RESTARTABLE(::open(dirname, O_RDONLY|O_NOFOLLOW), result);
++ if (result == OS_ERR) {
++ if (PrintMiscellaneous && Verbose) {
++ if (errno == ELOOP) {
++ warning("directory %s is a symlink and is not secure\n", dirname);
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-ports-all
mailing list