From aa2fac59de9a77b026139755c77d0f89a671a3cc Mon Sep 17 00:00:00 2001
From: Jiri Vanek <jvanek@redhat.com>
Date: Thu, 17 Dec 2020 15:49:22 +0100
Subject: [PATCH] Added checks and restrictions around alt-java

---
 java-1.8.0-openjdk.spec         | 20 +++++++++++++++++++-
 rh1750419-redhat_alt_java.patch | 11 ++++++++---
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index a96e6b3..4e4cbfc 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -80,6 +80,8 @@
 %global jit_arches      %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64}
 %global sa_arches       %{ix86} x86_64 sparcv9 sparc64 %{aarch64}
 %global jfr_arches      x86_64 sparcv9 sparc64 %{aarch64} %{power64}
+# Set of architectures for which alt-java has SSB mitigation
+%global ssbd_arches x86_64
 
 # By default, we build a debug build during main build on JIT architectures
 %if %{with slowdebug}
@@ -260,7 +262,7 @@
 %global updatever       %(VERSION=%{whole_update}; echo ${VERSION##*u})
 # eg jdk8u60-b27 -> b27
 %global buildver        %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease      2
+%global rpmrelease      3
 # Define milestone (EA for pre-releases, GA ("fcs") for releases)
 # Release will be (where N is usually a number starting at 1):
 # - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1967,6 +1969,17 @@ $JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")
 $JAVA_HOME/bin/javac -d . %{SOURCE15}
 $JAVA_HOME/bin/java -Djava.security.disableSystemPropertiesFile=true $(echo $(basename %{SOURCE15})|sed "s|\.java||")
 
+# Check java launcher has no SSB mitigation
+if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi
+
+# Check alt-java launcher has SSB mitigation on supported architectures
+%ifarch %{ssbd_arches}
+nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation
+%else
+if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi
+%endif
+
+
 # Check debug symbols are present and can identify code
 find "$JAVA_HOME" -iname '*.so' -print0 | while read -d $'\0' lib
 do
@@ -2420,6 +2433,11 @@ require "copy_jdk_configs.lua"
 %endif
 
 %changelog
+* Thu Dec 17 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.275.b01-3
+- introduced nm based check to verify alt-java on x86_64 is patched, and no other alt-java or java is patched
+- patch600 rh1750419-redhat_alt_java.patch amended to die, if it is used wrongly
+- introduced ssbd_arches with currently only valid arch of x86_64 to separate real alt-java architectures
+
 * Fri Nov 27 2020 Jiri Vanek <jvanek@redhat.com> - 1:1.8.0.275.b01-2
 - added patch600, rh1750419-redhat_alt_java.patch 
 - Replaced alt-java palceholder by real pathced alt-java
diff --git a/rh1750419-redhat_alt_java.patch b/rh1750419-redhat_alt_java.patch
index d7accf1..b3cbff8 100644
--- a/rh1750419-redhat_alt_java.patch
+++ b/rh1750419-redhat_alt_java.patch
@@ -1,12 +1,13 @@
 diff -r 25e94aa812b2 make/CompileLaunchers.gmk
 --- openjdk/jdk/make/CompileLaunchers.gmk	Wed Feb 05 12:20:36 2020 -0300
 +++ openjdk/jdk/make/CompileLaunchers.gmk	Tue Jun 02 17:15:28 2020 +0100
-@@ -234,6 +234,20 @@
+@@ -234,6 +234,21 @@
  
  BUILD_LAUNCHERS += $(JDK_OUTPUTDIR)/bin$(OUTPUT_SUBDIR)/java$(EXE_SUFFIX)
  
++#Wno-error=cpp is present to allow commented warning in ifdef part of main.c
 +$(eval $(call SetupLauncher,alt-java, \
-+    -DEXPAND_CLASSPATH_WILDCARDS -DREDHAT_ALT_JAVA,,,user32.lib comctl32.lib, \
++    -DEXPAND_CLASSPATH_WILDCARDS -DREDHAT_ALT_JAVA -Wno-error=cpp,,,user32.lib comctl32.lib, \
 +    $(JDK_OUTPUTDIR)/objs/jli_static.lib, $(JAVA_RC_FLAGS), \
 +    $(JDK_TOPDIR)/src/windows/resource/java.rc, $(JDK_OUTPUTDIR)/objs/java_objs,true))
 +
@@ -102,12 +103,16 @@ diff -r 25e94aa812b2 src/share/bin/alt_main.h
 diff -r 25e94aa812b2 src/share/bin/main.c
 --- openjdk/jdk/src/share/bin/main.c	Wed Feb 05 12:20:36 2020 -0300
 +++ openjdk/jdk/src/share/bin/main.c	Tue Jun 02 17:15:28 2020 +0100
-@@ -32,6 +32,10 @@
+@@ -32,6 +32,14 @@
  
  #include "defines.h"
  
++#ifdef REDHAT_ALT_JAVA
 +#if defined(__linux__) && defined(__x86_64__)
 +#include "alt_main.h"
++#else
++#warning alt-java requested but SSB mitigation not available on this platform.
++#endif
 +#endif
 +
  #ifdef _MSC_VER