Looking at ThreadsListHandle::cv_internal_thread_to_JavaThread it seems to me that function is not dealing with virtual threads.
If the passed in jthread resolves to a j.l.Thread that is a virtual thread, then even if mounted, its java_lang_Thread::thread field will be null and so the method will return false, and the outgoing JavaThread* will not be set.
Consequently the caller looks at the returned thread oop and checks if it is a virtual thread and if so gets its carrier thread directly - but that resulting JavaThread has not been checked to see if it is protected by the TLH!
We need to make ThreadsListHandle::cv_internal_thread_to_JavaThread deal with virtual threads correctly and "return" the carrier thread when dealing with a mounted virtual thread. This may change the behaviour of callsites that are already dealing with virtual threads, but those callsites are unsafe because of this issue and so need to be fixed regardless.
If the passed in jthread resolves to a j.l.Thread that is a virtual thread, then even if mounted, its java_lang_Thread::thread field will be null and so the method will return false, and the outgoing JavaThread* will not be set.
Consequently the caller looks at the returned thread oop and checks if it is a virtual thread and if so gets its carrier thread directly - but that resulting JavaThread has not been checked to see if it is protected by the TLH!
We need to make ThreadsListHandle::cv_internal_thread_to_JavaThread deal with virtual threads correctly and "return" the carrier thread when dealing with a mounted virtual thread. This may change the behaviour of callsites that are already dealing with virtual threads, but those callsites are unsafe because of this issue and so need to be fixed regardless.
- relates to
-
JDK-8361103 java_lang_Thread::async_get_stack_trace does not properly protect JavaThread
-
- Open
-
-
-
- Resolved
-