Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8162766

Unsafe_DefineClass0 accesses raw oops while in _thread_in_native

    XMLWordPrintable

Details

    • b01
    • Not verified

    Backports

      Description

        The problem is that get_class_loader resolves handles while in native.

        If line 989 gets executed while GC is moving cls then we may get an incorrect value or even a crash if we are unlucky.
        The same goes for line 992.
        At line 993 and 994 we may read a stale value for k->class_loader() and return a JNI handle to an invalid object.

         988 static jobject get_class_loader(JNIEnv* env, jclass cls) {
         989 if (java_lang_Class::is_primitive(JNIHandles::resolve_non_null(cls))) {
         990 return NULL;
         991 }
         992 Klass* k = java_lang_Class::as_Klass(JNIHandles::resolve_non_null(cls));
         993 oop loader = k->class_loader();
         994 return JNIHandles::make_local(env, loader);
         995 }

        Suggested fix is to call get_class_loader before transitioning to native in Unsafe_DefineClass0

        See email trail at:
        http://mail.openjdk.java.net/pipermail/hotspot-dev/2016-July/024022.html

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8183637 Unsafe_DefineClass0 accesses raw oops while in _thread_in_native

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8192202 Unsafe_DefineClass0 accesses raw oops while in _thread_in_native

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8167507 Unsafe_DefineClass0 accesses raw oops while in _thread_in_native

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed
            relates to

            Enhancement - null JDK-8167372 Add code to check for getting oops while thread is in native

            • P3 - Major loss of function.
            • Resolved

            Activity

              People

                coleenp Coleen Phillimore
                mgerdin Mikael Gerdin (Inactive)
                Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: