On Mon, 6 Jul 2026 17:52:58 GMT, Ashay Rane <[email protected]> wrote:
> This patch adds MSVC's "/guard:signret" flag to the C/C++ compilation
> flags so that the VM code includes signing and authentication
> instructions to ensure that the return address is not tampered by any
> callee. Specifically, MSVC chooses signing using the B key, so every
> non-leaf function starts with the `pacibsp` instruction (for signining
> the return address) and ends with the `autibsp` instruction (for
> authenticating the return address). Both `pacibsp` and `autibsp`
> instructions are in the NOP space, so older AArch64 processors that do
> not support these instructions shouldn't be impacted by these
> instructions.
>
> As a matter of slight detail, this patch adds the "/guard:signret" flag
> only when the OpenJDK build is passed the "--enable-branch-protection"
> flag, which is off by default. Consequently, this change will not
> impact ordinary builds of OpenJDK.
>
> I've validated this patch by running the test/jdk:tier{1,2,3},
> test/hotspot/jtreg:tier{1,2,3}, test/langtools:tier{1,2,3}, and
> test/lib-test:tier1 tests with branch protection enabled. This patch
> does not introduce any new failures.
>
> ---------
> - [x] I confirm that I make this contribution in accordance with the [OpenJDK
> Interim AI Policy](https://openjdk.org/legal/ai).
Thanks David for taking a look! I will incorporate the suggestions soon.
Just as a heads up, I discovered that this patch breaks the
`os::win32::platform_print_native_stack()` function, since the pointer
signature now needs to be dropped when walking the stack. It seems like the
fix should be small (I just need to invoke the `XPACLRI` instruction along with
some plumbing).
Sorry about any confusion that this causes, but I wanted to let you know
there's an additional (small) change required to this patch. I'll post an
update after I run through all tests again.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/31795#issuecomment-4905923037