java-21-openjdk/alt-java.c
Andrew Hughes ef950026e0 Patch and documentation cleanup
Update documentation (README.md)
Replace alt-java patch with a binary separate from the JDK
Drop stale patches that are of little use any more:
- * nss.cfg has been disabled since early PKCS11 work and long superseded by FIPS work
- * No accessibility subpackage to warrant RH1648242 & RH1648644 patches any more
- * No use of system libjpeg turbo to warrant RH649512 patch any more
- Replace RH1684077 pcsc-lite-libs patch with better JDK-8009550 fix being upstreamed
Adapt alt-java test to new binary where there is always a set_speculation function

Related: RHEL-45217
2024-07-25 16:30:36 +01:00

101 lines
3.0 KiB
C

/*
* Copyright (C) 2023 Red Hat, Inc.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Red Hat designates this
* particular file as subject to the "Classpath" exception as provided
* by Red Hat in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
*/
#include <errno.h>
#include <libgen.h>
#include <linux/limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/prctl.h>
#include <unistd.h>
/* Per task speculation control */
#ifndef PR_GET_SPECULATION_CTRL
# define PR_GET_SPECULATION_CTRL 52
#endif
#ifndef PR_SET_SPECULATION_CTRL
# define PR_SET_SPECULATION_CTRL 53
#endif
/* Speculation control variants */
#ifndef PR_SPEC_STORE_BYPASS
# define PR_SPEC_STORE_BYPASS 0
#endif
/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
#ifndef PR_SPEC_NOT_AFFECTED
# define PR_SPEC_NOT_AFFECTED 0
#endif
#ifndef PR_SPEC_PRCTL
# define PR_SPEC_PRCTL (1UL << 0)
#endif
#ifndef PR_SPEC_ENABLE
# define PR_SPEC_ENABLE (1UL << 1)
#endif
#ifndef PR_SPEC_DISABLE
# define PR_SPEC_DISABLE (1UL << 2)
#endif
#ifndef PR_SPEC_FORCE_DISABLE
# define PR_SPEC_FORCE_DISABLE (1UL << 3)
#endif
#ifndef PR_SPEC_DISABLE_NOEXEC
# define PR_SPEC_DISABLE_NOEXEC (1UL << 4)
#endif
static void set_speculation() {
#if defined(__linux__) && defined(__x86_64__)
// PR_SPEC_DISABLE_NOEXEC doesn't survive execve, so we can't use it
// if ( prctl(PR_SET_SPECULATION_CTRL,
// PR_SPEC_STORE_BYPASS,
// PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) {
// return;
// }
prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
#else
#warning alt-java requested but SSB mitigation not available on this platform.
#endif
}
int main(int argc, char **argv) {
set_speculation();
char our_name[PATH_MAX], java_name[PATH_MAX];
ssize_t len = readlink("/proc/self/exe", our_name, PATH_MAX - 1);
if (len < 0) {
perror("I can't find myself");
exit(2);
}
our_name[len] = '\0'; // readlink(2) doesn't append a null byte
char *path = dirname(our_name);
strncpy(java_name, path, PATH_MAX - 1);
size_t remaining_bytes = PATH_MAX - strlen(path) - 1;
strncat(java_name, "/java", remaining_bytes);
execv(java_name, argv);
fprintf(stderr, "%s failed to launch: %s\n", java_name, strerror(errno));
exit(1);
}