Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8162766

Unsafe_DefineClass0 accesses raw oops while in _thread_in_native

    Details

    • Subcomponent:
    • Resolved In Build:
      b01
    • Verification:
      Not verified

      Backports

        Description

        The problem is that get_class_loader resolves handles while in native.

        If line 989 gets executed while GC is moving cls then we may get an incorrect value or even a crash if we are unlucky.
        The same goes for line 992.
        At line 993 and 994 we may read a stale value for k->class_loader() and return a JNI handle to an invalid object.

         988 static jobject get_class_loader(JNIEnv* env, jclass cls) {
         989 if (java_lang_Class::is_primitive(JNIHandles::resolve_non_null(cls))) {
         990 return NULL;
         991 }
         992 Klass* k = java_lang_Class::as_Klass(JNIHandles::resolve_non_null(cls));
         993 oop loader = k->class_loader();
         994 return JNIHandles::make_local(env, loader);
         995 }

        Suggested fix is to call get_class_loader before transitioning to native in Unsafe_DefineClass0

        See email trail at:
        http://mail.openjdk.java.net/pipermail/hotspot-dev/2016-July/024022.html

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  coleenp Coleen Phillimore
                  Reporter:
                  mgerdin Mikael Gerdin (Inactive)
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  7 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: