Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8174790

Race adding (weak) global JNI handles and determining type of handle

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: 9
    • Fix Version/s: 11
    • Component/s: hotspot
    • Labels:

      Description

      Global JNI handles are stored in JNIHandleBlocks.

      There is a race in the code that adds handles (JNIHandles::make_global()) with code that determines whether a given handle is contained within that JNIHandleBlock, i.e. JNIHandleBlock::chain_contains().

      Because when adding a new entry to a JNIHandleBlock, the stores for updating the data structure do not have a guaranteed ordering, and the reader does not use any kind of memory barriers at all.

      This is insufficient to avoid read of random values from the JNIHandleBlock array on all supported platforms.

      JNIHandleBlock::chain_contains() is both used for asserts and also for the public jni_GetObjectRefType call.

      The issue exists with both the _global_handle as well as the _weak_global_handle array.

      I think impact is at least the possibility to make the VM crash with a JNI Fatal Error when adding and deleting the same global handle in different threads.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                kbarrett Kim Barrett
                Reporter:
                tschatzl Thomas Schatzl
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: