8214583: AccessController.getContext may return wrong value after JDK-8212605
Reviewed-by: mchung, redestad
--- a/src/hotspot/share/include/jvm.h Tue Dec 18 15:18:44 2018 -0800
+++ b/src/hotspot/share/include/jvm.h Tue Dec 18 16:36:26 2018 -0800
@@ -625,6 +625,15 @@
JNIEXPORT jobject JNICALL
JVM_GetInheritedAccessControlContext(JNIEnv *env, jclass cls);
+/*
+ * Ensure that code doing a stackwalk and using javaVFrame::locals() to
+ * get the value will see a materialized value and not a scalar-replaced
+ * null value.
+ */
+#define JVM_EnsureMaterializedForStackWalk(env, value) \
+ do {} while(0) // Nothing to do. The fact that the value escaped
+ // through a native method is enough.
+
JNIEXPORT jobject JNICALL
JVM_GetStackAccessControlContext(JNIEnv *env, jclass cls);
--- a/src/hotspot/share/prims/jvm.cpp Tue Dec 18 15:18:44 2018 -0800
+++ b/src/hotspot/share/prims/jvm.cpp Tue Dec 18 16:36:26 2018 -0800
@@ -61,6 +61,7 @@
#include "runtime/handles.inline.hpp"
#include "runtime/init.hpp"
#include "runtime/interfaceSupport.inline.hpp"
+#include "runtime/deoptimization.hpp"
#include "runtime/java.hpp"
#include "runtime/javaCalls.hpp"
#include "runtime/jfieldIDWorkaround.hpp"
@@ -1245,8 +1246,12 @@
javaVFrame *priv = vfst.asJavaVFrame(); // executePrivileged
StackValueCollection* locals = priv->locals();
- privileged_context = locals->obj_at(1);
- Handle caller = locals->obj_at(2);
+ StackValue* ctx_sv = locals->at(1); // AccessControlContext context
+ StackValue* clr_sv = locals->at(2); // Class<?> caller
+ assert(!ctx_sv->obj_is_scalar_replaced(), "found scalar-replaced object");
+ assert(!clr_sv->obj_is_scalar_replaced(), "found scalar-replaced object");
+ privileged_context = ctx_sv->get_obj();
+ Handle caller = clr_sv->get_obj();
Klass *caller_klass = java_lang_Class::as_Klass(caller());
protection_domain = caller_klass->protection_domain();
--- a/src/java.base/share/classes/java/security/AccessController.java Tue Dec 18 15:18:44 2018 -0800
+++ b/src/java.base/share/classes/java/security/AccessController.java Tue Dec 18 16:36:26 2018 -0800
@@ -710,6 +710,13 @@
}
/**
+ * The value needs to be physically located in the frame, so that it
+ * can be found by a stack walk.
+ */
+ @Hidden
+ private static native void ensureMaterializedForStackWalk(Object o);
+
+ /**
* Sanity check that the caller context is indeed privileged.
*
* Used by executePrivileged to make sure the frame is properly
@@ -734,6 +741,11 @@
AccessControlContext context,
Class<?> caller)
{
+ // Ensure context has a physical value in the frame
+ if (context != null) {
+ ensureMaterializedForStackWalk(context);
+ }
+
assert isPrivileged(); // sanity check invariant
T result = action.run();
assert isPrivileged(); // sanity check invariant
@@ -742,7 +754,6 @@
// retrieved by getStackAccessControlContext().
Reference.reachabilityFence(context);
Reference.reachabilityFence(caller);
- Reference.reachabilityFence(action);
return result;
}
@@ -761,6 +772,11 @@
Class<?> caller)
throws Exception
{
+ // Ensure context has a physical value in the frame
+ if (context != null) {
+ ensureMaterializedForStackWalk(context);
+ }
+
assert isPrivileged(); // sanity check invariant
T result = action.run();
assert isPrivileged(); // sanity check invariant
@@ -769,7 +785,6 @@
// retrieved by getStackAccessControlContext().
Reference.reachabilityFence(context);
Reference.reachabilityFence(caller);
- Reference.reachabilityFence(action);
return result;
}
--- a/src/java.base/share/native/libjava/AccessController.c Tue Dec 18 15:18:44 2018 -0800
+++ b/src/java.base/share/native/libjava/AccessController.c Tue Dec 18 16:36:26 2018 -0800
@@ -59,3 +59,12 @@
{
return JVM_GetInheritedAccessControlContext(env, this);
}
+
+JNIEXPORT void JNICALL
+Java_java_security_AccessController_ensureMaterializedForStackWalk(
+ JNIEnv *env,
+ jclass cls,
+ jobject value)
+{
+ JVM_EnsureMaterializedForStackWalk(env, value);
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/java/security/AccessController/DoPriv.java Tue Dec 18 16:36:26 2018 -0800
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8214583
+ * @summary Check that getContext works after JIT compiler escape analysis.
+ */
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.DomainCombiner;
+import java.security.ProtectionDomain;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.net.URL;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+public class DoPriv {
+
+ static void go(final DomainCombiner dc0, final AccessControlContext co, final int index) throws Exception {
+ final AccessControlContext ci = new AccessControlContext(co, dc0);
+ AccessController.doPrivileged((PrivilegedExceptionAction<Integer>)() -> {
+ AccessControlContext c1 = AccessController.getContext();
+ DomainCombiner dc = c1.getDomainCombiner();
+ if (dc != dc0 || dc == null) {
+ throw new AssertionError("iteration " + index + " " + dc + " != " + dc0);
+ }
+ return 0;
+ }, ci);
+ }
+
+ public static void main(String[] args) throws Exception {
+ final DomainCombiner dc0 = new DomainCombiner() {
+ public ProtectionDomain[] combine(ProtectionDomain[] currentDomains,
+ ProtectionDomain[] assignedDomains) {
+ return null;
+ }
+ };
+
+ final AccessControlContext co = AccessController.getContext();
+
+ for (int i = 0; i < 500_000; ++i) {
+ go(dc0, co, i);
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/javax/security/auth/Subject/DoAs.java Tue Dec 18 16:36:26 2018 -0800
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8214583
+ * @summary Check that getSubject works after JIT compiler escape analysis.
+ */
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+import javax.security.auth.Subject;
+
+public class DoAs {
+
+ public static void main(String[] args) throws Exception {
+ final Set<String> outer = new HashSet<>(Arrays.asList("Outer"));
+ final Subject subject = new Subject(true, Collections.EMPTY_SET, outer, Collections.EMPTY_SET);
+
+ for (int i = 0; i < 100_000; ++i) {
+ final int index = i;
+ Subject.doAs(subject, (PrivilegedExceptionAction<Integer>)() -> {
+ AccessControlContext c1 = AccessController.getContext();
+ Subject s = Subject.getSubject(c1);
+ if (s != subject) {
+ throw new AssertionError("outer Oops! " + "iteration " + index + " " + s + " != " + subject);
+ }
+ return 0;
+ });
+ }
+ }
+}