-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
8330611: AES-CTR vector intrinsic may read out of bounds (x86_64, AVX-512) #531
base: master
Are you sure you want to change the base?
Conversation
👋 Welcome back mbalao! A progress list of the required criteria for merging this PR into |
❗ This change is not yet ready to be integrated. |
This backport pull request has now been updated with issue from the original commit. |
|
/approval request Please consider this bug fix for jdk21u, as this release is affected. The JDK main line patch applies cleanly. The scope of the change is limited to the AES-CTR intrinsic for x86_64 AVX-512. I ran all the same testing as for JDK main line, no regressions were observed in hotspot/jtreg/compiler/codegen/aes and I manually verified that the bug was fixed. |
HI @martinuy, please do the 22 backport first. Also, to me, this seems a quite risky fix to backport right after pushing to head. Could we wait for the October release? |
With the review done for the main line patch and the testing done for both main line and jdk21u, I think that the risk has been reasonably addressed. There is time until the next release for further testing if it goes in now. The other side of the story is that if the bug conditions are met, a jdk21u JVM will crash with a segmentation fault. While there is a workaround (-XX:-UseAESCTRIntrinsics), the bug does not happen consistently enough and is hard to troubleshoot. @charlesconnell you may want to give some input on how this bug affects you. |
Thanks @martinuy. At Hubspot we store most of our data in HBase. We continually replicate HBase's write-ahead-log to S3 as a backup mechanism. We also do full backups daily or weekly. All of this requires pulling all the data out of HBase/Hadoop over Kerberos connections, which we configure to use encryption with cipher suite I suspect that there are not many other organizations with this same combination of circumstances (lots of data in Hadoop, accessed frequently with Kerberos + |
Hi @Marinuy, this seems a very unlikely bug, so I think we should defer this to the October release and give it some time to proove in 22. |
@martinuy This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration! |
Hi all,
This pull request contains a backport of commit 8a8d9288 from the openjdk/jdk repository.
The commit being backported was authored by Martin Balao and Francisco Ferrari on 24 Apr 2024 and was reviewed by Andrew Haley and Sandhya Viswanathan. JDK-21 is affected by the bug JDK-8330611 as it was introduced by JDK-8233741 in JDK 14.
Thanks!
Progress
Issue
Reviewing
Using
git
Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk21u-dev.git pull/531/head:pull/531
$ git checkout pull/531
Update a local copy of the PR:
$ git checkout pull/531
$ git pull https://git.openjdk.org/jdk21u-dev.git pull/531/head
Using Skara CLI tools
Checkout this PR locally:
$ git pr checkout 531
View PR using the GUI difftool:
$ git pr show -t 531
Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk21u-dev/pull/531.diff
Webrev
Link to Webrev Comment