Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8329995

Restricted access to `/proc` can cause JFR initialization to crash

XMLWordPrintable

    • jfr
    • b20
    • other

        We received a bug report from one of our customers about their application crashing when they enable Datadog profiler.

        The crash stack trace is as follows:
        ---
        C [libc.so.6+0xf53cd] readdir+0x2d
        V [libjvm.so+0x6d5a20] JfrOSInterface::initialize()+0xe0
        V [libjvm.so+0x6e4a32] JfrRecorder::create_components()+0x1b2
        V [libjvm.so+0x6e4b9d] JfrRecorder::create(bool)+0x1d
        V [libjvm.so+0x6ce717] jfr_create_jfr+0x187
        j jdk.jfr.internal.JVM.createJFR(Z)Z+0
        j jdk.jfr.internal.JVM.createNativeJFR()V+3
        j jdk.jfr.internal.PlatformRecorder.<init>()V+48
        j jdk.jfr.FlightRecorder.getFlightRecorder()Ljdk/jfr/FlightRecorder;+25
        j jdk.jfr.Recording.<init>(Ljava/util/Map;)V+4
        j jdk.jfr.Recording.<init>()V+8
        ---

        The crash is not specific to our profiler - any attempt to start JFR will trigger it.
        The customer is using SELinux in a very restrictive setup. Eg. they deny access to `/proc` directory.


        The issue is that in os_perf_linux.cpp (https://github.com/openjdk/jdk/blob/bab70193ddaae66a1f9039b0f1af1a0dc0e39cf9/src/hotspot/os/linux/os_perf_linux.cpp#L848) an attempt to open `/proc` dir is made but no error is expected.
        Therefore, it that call fails, the `_dir` variable will be NULL and the subsequent call to `readdir(_dir)` (https://github.com/openjdk/jdk/blob/bab70193ddaae66a1f9039b0f1af1a0dc0e39cf9/src/hotspot/os/linux/os_perf_linux.cpp#L829) will crash.

              jbachorik Jaroslav BachorĂ­k
              jbachorik Jaroslav BachorĂ­k
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: