Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8236489

Java heap file on daxfs should be more secure

    XMLWordPrintable

    Details

    • Type: Enhancement
    • Status: Resolved
    • Priority: P4
    • Resolution: Fixed
    • Affects Version/s: 14
    • Fix Version/s: 15
    • Component/s: hotspot
    • Subcomponent:
    • Introduced In Version:
      10
    • Resolved In Build:
      b05

      Description

      https://mail.openjdk.java.net/pipermail/hotspot-runtime-dev/2019-December/037584.html

      HotSpot allocates Java heap on daxfs if we pass -XX:AllocateHeapAt.
      It performs open(2) and unlink(2) on daxfs, and it is used via mmap'ed address.

      mmap(2) would be called with MAP_SHARED, and it is not atomically between open(2) and unlink(2). If malicious user open Java heap file before unlink(2), it might be exposed.

      So I think we can use open(2) with O_TMPFILE instead of mkstemp(3).

      O_TMPFILE would create inode on filesystem, and it cannot be accessed from out-of-process.
      However it cannot be provided in older Linux kernel. So I keep current code as fall back.

         http://man7.org/linux/man-pages/man2/open.2.html

        Attachments

          Activity

            People

            Assignee:
            ysuenaga Yasumasa Suenaga
            Reporter:
            ysuenaga Yasumasa Suenaga
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: