Details
-
Enhancement
-
Status: Resolved
-
P4
-
Resolution: Fixed
-
14
Description
https://mail.openjdk.java.net/pipermail/hotspot-runtime-dev/2019-December/037584.html
HotSpot allocates Java heap on daxfs if we pass -XX:AllocateHeapAt.
It performs open(2) and unlink(2) on daxfs, and it is used via mmap'ed address.
mmap(2) would be called with MAP_SHARED, and it is not atomically between open(2) and unlink(2). If malicious user open Java heap file before unlink(2), it might be exposed.
So I think we can use open(2) with O_TMPFILE instead of mkstemp(3).
O_TMPFILE would create inode on filesystem, and it cannot be accessed from out-of-process.
However it cannot be provided in older Linux kernel. So I keep current code as fall back.
http://man7.org/linux/man-pages/man2/open.2.html
HotSpot allocates Java heap on daxfs if we pass -XX:AllocateHeapAt.
It performs open(2) and unlink(2) on daxfs, and it is used via mmap'ed address.
mmap(2) would be called with MAP_SHARED, and it is not atomically between open(2) and unlink(2). If malicious user open Java heap file before unlink(2), it might be exposed.
So I think we can use open(2) with O_TMPFILE instead of mkstemp(3).
O_TMPFILE would create inode on filesystem, and it cannot be accessed from out-of-process.
However it cannot be provided in older Linux kernel. So I keep current code as fall back.
http://man7.org/linux/man-pages/man2/open.2.html