JDK-8261522 : [PPC64] AES intrinsics write beyond the destination array
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 11,16,17
  • Priority: P2
  • Status: Resolved
  • Resolution: Fixed
  • CPU: ppc
  • Submitted: 2021-02-10
  • Updated: 2022-04-25
  • Resolved: 2021-02-17
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 16 JDK 17
11.0.11Fixed 16.0.1Fixed 17 b11Fixed
Related Reports
Duplicate :  
JDK-8253927 - guarantee(object->mark() == markWord::INFLATING()) failed: invariant
Relates :  
JDK-8152172 - PPC64: Support AES intrinsics
Description
The stubs for aescrypt_encryptBlock / aescrypt_decryptBlock use a read-modify-write implementation to store the 16 Byte result to an unaligned address. Depending on alignment, we may read and write Bytes beyond the array. This is not safe because these Bytes can belong to another object in the Java heap which can get modified concurrently.
VM may crash: JDK-8253927
Comments
Fix Request Crashes were also observed in JDK 11 and 16 which will be fixed by this backport. Applies cleanly to 16. Applies almost cleanly to 11. It only requires to apply one hunk manually because of removal of an unused Label which was not backportet (JDK-8210676), but the new code is exactly the same: http://cr.openjdk.java.net/~mdoerr/8261522_ppc64_aes_11u/webrev.00/
18-02-2021
Changeset: 05d59556 Author: Martin Doerr <mdoerr@openjdk.org> Date: 2021-02-17 10:27:07 +0000 URL: https://git.openjdk.java.net/jdk/commit/05d59556
17-02-2021
Workarounds: -XX:-UseAES or: -XX:ObjectAlignmentInBytes=16
10-02-2021