-
Bug
-
Resolution: Fixed
-
P3
-
11, 13
-
b22
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8230100 | 11.0.6-oracle | Harold Seigel | P3 | Resolved | Fixed | b01 |
| JDK-8227511 | 11.0.5 | Richard Reingruber | P3 | Resolved | Fixed | b01 |
A java thread T potentially continues execution after it was suspended by a JVMTI agent during the
attempt to process a handshake operation. This can lead to undefined behaviour and crashes.
Problematic execution sequence:
- Handshake operation H is executed for java thread T
- T calls ThreadSafepointState::handle_polling_page_exception()
- T arrives in HandshakeState::process_self_inner()
- T transitions from _thread_in_Java to _thread_in_vm
- but too late: the VM thread already claimed H
- T calls _semaphore.wait_with_safepoint_check()
- T transitions from _thread_in_vm to _thread_blocked
- The VM thread completes H and calls _semaphore.signal()
- Before T can transition back to _thread_in_vm, the VM thread schedules another safepoint and
executes VM_ThreadSuspend on behalf of a JVMTI agent that wants to suspend T
- After the safepoint T transitions back to _thread_in_vm and then to _thread_in_Java.
- T continues executing an undefined number of bytecodes ...
Similar if T returns from a native method call.
The VM could crash because of this, e.g. because T's stack is not walkable after the suspend.
attempt to process a handshake operation. This can lead to undefined behaviour and crashes.
Problematic execution sequence:
- Handshake operation H is executed for java thread T
- T calls ThreadSafepointState::handle_polling_page_exception()
- T arrives in HandshakeState::process_self_inner()
- T transitions from _thread_in_Java to _thread_in_vm
- but too late: the VM thread already claimed H
- T calls _semaphore.wait_with_safepoint_check()
- T transitions from _thread_in_vm to _thread_blocked
- The VM thread completes H and calls _semaphore.signal()
- Before T can transition back to _thread_in_vm, the VM thread schedules another safepoint and
executes VM_ThreadSuspend on behalf of a JVMTI agent that wants to suspend T
- After the safepoint T transitions back to _thread_in_vm and then to _thread_in_Java.
- T continues executing an undefined number of bytecodes ...
Similar if T returns from a native method call.
The VM could crash because of this, e.g. because T's stack is not walkable after the suspend.
- backported by
-
JDK-8227511 ~ThreadInVMForHandshake() should call handle_special_runtime_exit_condition()
-
- Resolved
-
-
-
- Resolved
-
- relates to
-
JDK-8254263 Remove special_runtime_exit_condition() check from ~ThreadInVMForHandshake()
-
- Resolved
-