8370318: AES-GCM vector intrinsic may read out of bounds (x86_64, AVX-512)

[shipilev]

See the bug for symptoms and discussion.

In short, in newly added intrinsic in JDK 24, there is a potential read out of Java heap if key array is at the edge of it, which will crash JVM. And that read is redundant for the code path in question, we only use it in the subsequent blocks that we never actually enter in the problematic case. So we never see any failures in testing: the only observable effect is SEGV on uncommitted heap access. It is somewhat similar to JDK-8330611 we have fixed in other place. But this one can be caught with the explicit range check in debug code.

I opted to keep this patch very simple, because I would backport it to 25u shortly after we integrate to mainline. It just moves the read down to the block where it is actually needed. Note that aes_192 and aes_256 labels are red herring in this code, they are unbound; you can even remove them without any bulid errors. The actual thing that drives path selection is NROUNDS -- that one is derived from the key array length -- and we are just doing the read too early.

Additional testing:

• Linux x86_64 server fastdebug, com/sun/crypto/provider/Cipher compiler/codegen/aes (fails with range check only, passes with entire patch)
• Linux x86_64 server fastdebug, all on AVX-512 machine

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Issue

• JDK-8370318: AES-GCM vector intrinsic may read out of bounds (x86_64, AVX-512) (Bug - P3)

Reviewers

• Vladimir Kozlov (@vnkozlov - Reviewer)
• Roland Westrelin (@rwestrel - Reviewer)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/27951/head:pull/27951
$ git checkout pull/27951

Update a local copy of the PR:
$ git checkout pull/27951
$ git pull https://git.openjdk.org/jdk.git pull/27951/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 27951

View PR using the GUI difftool:
$ git pr show -t 27951

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/27951.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back shade! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

@shipilev This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8370318: AES-GCM vector intrinsic may read out of bounds (x86_64, AVX-512)

Reviewed-by: kvn, roland

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 79 new commits pushed to the master branch:

• e9479b5: 8370628: Rename BigInteger::nthRoot to rootn, and similarly for nthRootAndRemainder
• f5ef01d: 8370368: Apply java.io.Serial annotations in java.security.jgss
• 3d2ce80: 8212084: G1: Implement UseGCOverheadLimit
• ... and 76 more: https://git.openjdk.org/jdk/compare/430041d366ddf450c2480c81608dde980dfa6d41...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

[openjdk]

@shipilev The following label will be automatically applied to this pull request:

• hotspot-compiler

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

[mlbridge]

Webrevs

• 00: Full (47647521)

[vnkozlov]

Looks good.

[shipilev]

Thanks! I think I need another Review before I can integrate.

[shipilev]

Friendly reminder. Thanks!

[rwestrel]

Looks good to me.

[shipilev]

Thank you! Here goes.

/integrate

[openjdk]

Going to push as commit 7bb490c.
Since your change was applied there have been 81 commits pushed to the master branch:

• 6f8d07a: 8368500: ContextClassLoader cannot be reset on threads in ForkJoinPool.commonPool()
• 91e1dcb: 8366781: Parallel: Include OS free memory in GC selection heuristics
• e9479b5: 8370628: Rename BigInteger::nthRoot to rootn, and similarly for nthRootAndRemainder
• ... and 78 more: https://git.openjdk.org/jdk/compare/430041d366ddf450c2480c81608dde980dfa6d41...master

Your commit was automatically rebased without conflicts.

[openjdk]

@shipilev Pushed as commit 7bb490c.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.