Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: P2
Fix Version/s: 8u152
Affects Version/s: 8u40
Component/s: hotspot
Labels:

Subcomponent:
runtime
Resolved In Build:
b01
Verification:
Not verified

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8183637	8u161	Coleen Phillimore	P2	Resolved	Fixed	b01
JDK-8192202	emb-8u161	Coleen Phillimore	P2	Resolved	Fixed	b01
JDK-8167507	7	Kevin Walls	P2	Closed	Not an Issue

The problem is that get_class_loader resolves handles while in native.

If line 989 gets executed while GC is moving cls then we may get an incorrect value or even a crash if we are unlucky.
The same goes for line 992.
At line 993 and 994 we may read a stale value for k->class_loader() and return a JNI handle to an invalid object.

988 static jobject get_class_loader(JNIEnv* env, jclass cls) {
989 if (java_lang_Class::is_primitive(JNIHandles::resolve_non_null(cls))) {
990 return NULL;
991 }
992 Klass* k = java_lang_Class::as_Klass(JNIHandles::resolve_non_null(cls));
993 oop loader = k->class_loader();
994 return JNIHandles::make_local(env, loader);
995 }

Suggested fix is to call get_class_loader before transitioning to native in Unsafe_DefineClass0

See email trail at:
http://mail.openjdk.java.net/pipermail/hotspot-dev/2016-July/024022.html

backported by

JDK-8183637 Unsafe_DefineClass0 accesses raw oops while in _thread_in_native

Resolved

JDK-8192202 Unsafe_DefineClass0 accesses raw oops while in _thread_in_native

Resolved

JDK-8167507 Unsafe_DefineClass0 accesses raw oops while in _thread_in_native

Closed

relates to

JDK-8167372 Add code to check for getting oops while thread is in native

Resolved

Assignee:: Coleen Phillimore

Reporter:: Mikael Gerdin (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2016-07-29 01:43

Updated:: 2017-11-29 05:11

Resolved:: 2016-10-11 13:49

Details

Backports

Description

Attachments

Issue Links

Activity

People

Dates