8292158: AES-CTR cipher state corruption with AVX-512

[smita-kamath]

Hi,

This is a backport of JDK-8292158: AES-CTR cipher state corruption with AVX-512. This backport fixes a bug where cipher can become corrupted when encrypting/decrypting byte arrays with a size less than 16.
The fix is in MacroAssembler::aesctr_encrypt method.

Patch does not apply cleanly to 11u as the method has moved from src/hotspot/cpu/x86/macroAssembler_x86_aes.cpp to a new file src/hotspot/cpu/x86/stubGenerator_x86_64_aes.cpp. Also, the included regression test had to be modified.

Could you kindly review the patch?

Thanks,
Smita

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Issue

• JDK-8292158: AES-CTR cipher state corruption with AVX-512

Reviewers

• Sandhya Viswanathan (@sviswa7 - no project role)
• Vladimir Kozlov (@vnkozlov - Reviewer)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk11u-dev pull/1408/head:pull/1408
$ git checkout pull/1408

Update a local copy of the PR:
$ git checkout pull/1408
$ git pull https://git.openjdk.org/jdk11u-dev pull/1408/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 1408

View PR using the GUI difftool:
$ git pr show -t 1408

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk11u-dev/pull/1408.diff

[bridgekeeper]

👋 Welcome back svkamath! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

This backport pull request has now been updated with issue from the original commit.

[mlbridge]

Webrevs

• 00: Full (5079f734)

[GoeLin]

Hi @smita-kamath
you please need a reviewer that has a role in the jdk-updates project.
You should only label for jdk11u-fix-request if the PR is tagged "ready".
Thanks, Goetz.

[sviswa7]

@vnkozlov Could you please help review this backport patch?

[vnkozlov]

This backport looks good.

[openjdk]

@smita-kamath This change now passes all automated pre-integration checks.

After integration, the commit message for the final commit will be:

8292158: AES-CTR cipher state corruption with AVX-512

Reviewed-by: sviswanathan, kvn

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 50 new commits pushed to the master branch:

• 16a4bd3: 8288599: com/sun/management/OperatingSystemMXBean/TestTotalSwap.java: Expected total swap size ... but getTotalSwapSpaceSize returned ...
• 523ef55: 8282777: Create a Regression test for JDK-4515031
• 957a888: 8286663: Resolve IDE warnings in WTrayIconPeer and SystemTray
• e864cfc: 8282778: Create a regression test for JDK-4699544
• 74bc485: 8287091: aarch64 : guarantee(val < (1ULL << nbits)) failed: Field too big for insn
• 31d178b: 8281297: TestStressG1Humongous fails with guarantee(is_range_uncommitted)
• c064dce: 8274597: Some of the dnd tests time out and fail intermittently
• 9ffc4b3: 8284752: Zero does not build on Mac OS X due to missing os::current_thread_enable_wx implementation
• fb08d9d: 8282937: Write a regression test for JDK-4820080
• 1d9108f: 8282345: handle latest VS2022 in abstract_vm_version
• ... and 40 more: https://git.openjdk.org/jdk11u-dev/compare/0013d849ff851fe180bfb0b6aeb5e868cf042568...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

As you do not have Committer status in this project an existing Committer must agree to sponsor your change. Possible candidates are the reviewers of this PR (@vnkozlov) but any other Committer may sponsor as well.

➡️ To flag this PR as ready for integration with the above commit message, type /integrate in a new comment. (Afterwards, your sponsor types /sponsor in a new comment to perform the integration).

[GoeLin]

Hi @smita-kamath,
please also prepare the 17u backport.
I will approve that first.

[schlosna]

Is there anything I can do to help land this fix into jdk11u & jdk17u?

[smita-kamath]

/integrate

[openjdk]

@smita-kamath
Your change (at version 5079f73) is now ready to be sponsored by a Committer.

[smita-kamath]

@vnkozlov, Could you sponsor this one as well? Thank you once again.

[vnkozlov]

/sponsor

[openjdk]

Going to push as commit 8fadf3d.
Since your change was applied there have been 50 commits pushed to the master branch:

• 16a4bd3: 8288599: com/sun/management/OperatingSystemMXBean/TestTotalSwap.java: Expected total swap size ... but getTotalSwapSpaceSize returned ...
• 523ef55: 8282777: Create a Regression test for JDK-4515031
• 957a888: 8286663: Resolve IDE warnings in WTrayIconPeer and SystemTray
• e864cfc: 8282778: Create a regression test for JDK-4699544
• 74bc485: 8287091: aarch64 : guarantee(val < (1ULL << nbits)) failed: Field too big for insn
• 31d178b: 8281297: TestStressG1Humongous fails with guarantee(is_range_uncommitted)
• c064dce: 8274597: Some of the dnd tests time out and fail intermittently
• 9ffc4b3: 8284752: Zero does not build on Mac OS X due to missing os::current_thread_enable_wx implementation
• fb08d9d: 8282937: Write a regression test for JDK-4820080
• 1d9108f: 8282345: handle latest VS2022 in abstract_vm_version
• ... and 40 more: https://git.openjdk.org/jdk11u-dev/compare/0013d849ff851fe180bfb0b6aeb5e868cf042568...master

Your commit was automatically rebased without conflicts.

[openjdk]

@vnkozlov @smita-kamath Pushed as commit 8fadf3d.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.