Bug 1632174 - [java-11-openjdk] Some libraries compiled without sufficient optimization
Summary: [java-11-openjdk] Some libraries compiled without sufficient optimization
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: java-11-openjdk
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Severin Gehwolf
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-09-24 10:05 UTC by Severin Gehwolf
Modified: 2018-11-13 18:34 UTC (History)
2 users (show)

Fixed In Version: java-11-openjdk-11.0.ea.28-8.fc27 java-11-openjdk-11.0.ea.28-8.fc28 java-11-openjdk-11.0.ea.28-8.fc29
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-10-11 22:49:07 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
openjdk bug system JDK-8210416 0 None None None 2018-09-24 10:06:39 UTC
openjdk bug system JDK-8210425 0 None None None 2018-09-24 10:08:37 UTC
openjdk bug system JDK-8210647 0 None None None 2018-09-24 10:07:23 UTC
openjdk bug system JDK-8210703 0 None None None 2018-09-24 10:09:10 UTC
openjdk bug system JDK-8210761 0 None None None 2018-09-24 10:07:57 UTC

Description Severin Gehwolf 2018-09-24 10:05:39 UTC 
Description of problem:
In Fedora rawhide a new tool, annocheck, can be used to verify whether libraries are compiled with appropriate hardening flags as specified by the redhat-rpm-config package. One distro wide flag is to compile libraries with -O2. It turns out, some JDK libs get compiled without sufficient optimization:

1. fdlibm, is being compiled with no optimization.
2. libjsig, libsaproc are being compiled without being optimized.
3. sharedRuntimeTrans.cpp and sharedRuntimeTrig.cpp (part of libjvm.so)
   are not being optimized.
4. vmStructs.cpp (part of libjvm.so) is not being optimized.

Version-Release number of selected component (if applicable):
$ rpm -q java-11-openjdk
java-11-openjdk-11.0.ea.28-6.fc30.x86_64

How reproducible:
100%

Steps to Reproduce:

1) fdlibm issue:

$ annocheck --skip-cf-protection --skip-glibcxx-assertions --skip-glibcxx-assertions --skip-stack-realign --section-size=.gnu.build.attributes /usr/lib/jvm/java-11-openjdk-11.0.ea.28-6.fc30.x86_64/lib/libjava.so

2) libjsig, libsaproc not being optimized:

$ annocheck --skip-cf-protection --skip-glibcxx-assertions --skip-glibcxx-assertions --skip-stack-realign --section-size=.gnu.build.attributes /usr/lib/jvm/java-11-openjdk-11.0.ea.28-6.fc30.x86_64/lib/libjsig.so /usr/lib/jvm/java-11-openjdk-11.0.ea.28-6.fc30.x86_64/lib/libsaproc.so

3) + 4) sharedRuntimeTrans/Trig.cpp and vmStructs.cpp not being optimized issues:

$ annocheck --skip-cf-protection --skip-glibcxx-assertions --skip-glibcxx-assertions --skip-stack-realign --section-size=.gnu.build.attributes /usr/lib/jvm/java-11-openjdk-11.0.ea.28-6.fc30.x86_64/lib/server/libjvm.so

Actual results:
1)
Hardened: libjava.so: fail: (component: jatan): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: jcos): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: jexpm1): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: jfabs): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: jlog1p): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: jsin): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: jtan): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: jtanh): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: jacos): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: jasin): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: jatan2): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: jcosh): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: jlog): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: jlog10): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: jremainder): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: jsinh): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: jsqrt): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: __j__ieee754_acos): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: __j__ieee754_asin): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: __j__ieee754_atan2): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: __j__ieee754_cosh): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: __j__ieee754_exp): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: __j__ieee754_log): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: __j__ieee754_log10): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: __j__ieee754_rem_pio2): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: __j__ieee754_remainder): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: __j__ieee754_sinh): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: __j__ieee754_sqrt): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: __j__kernel_cos): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: __j__kernel_rem_pio2): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: __j__kernel_sin): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: __j__kernel_tan): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: jfloor): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: scalbn): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: __j__ieee754_fmod): Insufficient optimization level: -O0.
Hardened: libjava.so: fail: (component: copysign): Insufficient optimization level: -O0.
Hardened: libjava.so: FAIL: Parts of the binary were compiled without sufficient optimization.
Section_Size: Section '.gnu.build.attributes' found in 1 files, total size: 0x7c80

2)
Hardened: libsaproc.so: fail: (component: throw_new_debugger_exception): Insufficient optimization level: -O0.
Hardened: libsaproc.so: fail: (component: pathmap_open): Insufficient optimization level: -O0.
Hardened: libsaproc.so: fail: (component: close_files): Insufficient optimization level: -O0.
Hardened: libsaproc.so: fail: (component: align): Insufficient optimization level: -O0.
Hardened: libsaproc.so: fail: (component: Java_sun_jvm_hotspot_asm_Disassembler_load_1library): Insufficient optimization level: -O0.
Hardened: libsaproc.so: fail: (component: read_elf_header): Insufficient optimization level: -O0.
Hardened: libsaproc.so: fail: (component: gnu_debuglink_crc32): Insufficient optimization level: -O0.
Hardened: libsaproc.so: FAIL: The binary was compiled without sufficient optimization.
Hardened: libjsig.so: fail: (component: allocate_sact): Insufficient optimization level: -O0.
Hardened: libjsig.so: FAIL: The binary was compiled without sufficient optimization.

3) + 4):
Hardened: libjvm.so: fail: (component: _ZL4highd): Insufficient optimization level: -O0.
Hardened: libjvm.so: fail: (component: _ZL4highd): Insufficient optimization level: -O0.
Hardened: libjvm.so: fail: (component: _ZN9VMStructs27localHotSpotVMStructsLengthEv): Insufficient optimization level: -O0.
Hardened: libjvm.so: FAIL: Parts of the binary were compiled without sufficient optimization.

$ echo _ZL4highd | c++filt 
high(double)

==> sharedRuntimeTrans/Trig.cpp issue

$ echo _ZN9VMStructs27localHotSpotVMStructsLengthEv | c++filt 
VMStructs::localHotSpotVMStructsLength()

==> vmStructs.cpp issue.

Expected results:
annocheck pass on all issues.

Additional info:
These upstream JDK bugs have been filed for this:
1) https://bugs.openjdk.java.net/browse/JDK-8210416
2) https://bugs.openjdk.java.net/browse/JDK-8210647 and
   https://bugs.openjdk.java.net/browse/JDK-8210761
3) https://bugs.openjdk.java.net/browse/JDK-8210425
4) https://bugs.openjdk.java.net/browse/JDK-8210703
Comment 2 Severin Gehwolf 2018-09-24 13:15:52 UTC 
Proposed fix:
https://src.fedoraproject.org/rpms/java-11-openjdk/pull-request/6
Comment 3 Severin Gehwolf 2018-09-24 13:17:53 UTC 
From a build with the fixes I see:

# rpm -q java-11-openjdk
java-11-openjdk-11.0.ea.28-7.fc30.x86_64
# annocheck --skip-cf-protection --skip-glibcxx-assertions --skip-glibcxx-assertions --skip-stack-realign --section-size=.gnu.build.attributes /usr/lib/jvm/java-11-openjdk-11.0.ea.28-7.fc30.x86_64/lib/libjava.so
annocheck: Version 8.39.
Hardened: libjava.so: PASS.
Section_Size: Section '.gnu.build.attributes' found in 1 files, total size: 0x9558
# annocheck --skip-cf-protection --skip-glibcxx-assertions --skip-glibcxx-assertions --skip-stack-realign --section-size=.gnu.build.attributes /usr/lib/jvm/java-11-openjdk-11.0.ea.28-7.fc30.x86_64/lib/libsaproc.so /usr/lib/jvm/java-11-openjdk-11.0.ea.28-7.fc30.x86_64/lib/libjsig.so
annocheck: Version 8.39.
Hardened: libjsig.so: PASS.
Hardened: libsaproc.so: PASS.
Section_Size: Section '.gnu.build.attributes' found in 2 files, total size: 0xf00
# annocheck --skip-cf-protection --skip-glibcxx-assertions --skip-glibcxx-assertions --skip-stack-realign --section-size=.gnu.build.attributes /usr/lib/jvm/java-11-openjdk-11.0.ea.28-7.fc30.x86_64/lib/server/libjvm.so 
annocheck: Version 8.39.
Hardened: libjvm.so: PASS.
Section_Size: Section '.gnu.build.attributes' found in 1 files, total size: 0xa8a320
Comment 4 Fedora Update System 2018-09-28 06:45:06 UTC 
java-11-openjdk-11.0.ea.28-8.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-f10566c2e0
Comment 5 Fedora Update System 2018-09-28 06:45:25 UTC 
java-11-openjdk-11.0.ea.28-8.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-e402b3f75c
Comment 6 Fedora Update System 2018-09-28 06:45:40 UTC 
java-11-openjdk-11.0.ea.28-8.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-c34978a9f4
Comment 7 Fedora Update System 2018-09-28 19:06:54 UTC 
java-11-openjdk-11.0.ea.28-8.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-c34978a9f4
Comment 8 Fedora Update System 2018-09-28 19:34:59 UTC 
java-11-openjdk-11.0.ea.28-8.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-f10566c2e0
Comment 9 Fedora Update System 2018-09-28 20:31:45 UTC 
java-11-openjdk-11.0.ea.28-8.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-e402b3f75c
Comment 10 Fedora Update System 2018-10-11 22:49:07 UTC 
java-11-openjdk-11.0.ea.28-8.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2018-10-11 23:49:26 UTC 
java-11-openjdk-11.0.ea.28-8.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2018-10-30 17:17:00 UTC 
java-11-openjdk-11.0.ea.28-8.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.
Comment 13 jiri vanek 2018-11-13 18:34:23 UTC 
See also https://bugzilla.redhat.com/show_bug.cgi?id=1630426
Note You need to log in before you can comment on or make changes to this bug.