[prev in list] [next in list] [prev in thread] [next in thread]
List: openjdk-hotspot-runtime-dev
Subject: RFR: 8236489: Java heap file on daxfs should be more secure
From: Yasumasa Suenaga <suenaga () oss ! nttdata ! com>
Date: 2019-12-26 2:50:30
Message-ID: 7307d351-c051-ab50-9d2d-e453a1bb1b57 () oss ! nttdata ! com
[Download RAW message or body]
Hi all,
I filed this to JBS. Could you review?
JBS: https://bugs.openjdk.java.net/browse/JDK-8236489
webrev: http://cr.openjdk.java.net/~ysuenaga/JDK-8236489/webrev.00/
It has passed all tests on submit repo. \
(mach5-one-ysuenaga-JDK-8236489-20191226-0145-7795073)
Thanks,
Yasumasa
On 2019/12/19 14:58, Yasumasa Suenaga wrote:
> Hi all,
>
> HotSpot allocates Java heap on daxfs if we pass -XX:AllocateHeapAt.
> It performs open(2) and unlink(2) on daxfs, and it is used via mmap'ed address.
>
> mmap(2) would be called with MAP_SHARED, and it is not atomically between open(2) \
> and unlink(2). If malicious user open Java heap file before unlink(2), it might be \
> exposed.
> So I think we can use open(2) with O_TMPFILE instead of mkstemp(3) as below.
>
> http://cr.openjdk.java.net/~ysuenaga/dax/
>
> O_TMPFILE would create inode on filesystem, and it cannot be accessed from \
> out-of-process. However it cannot be provided in older Linux kernel. So I keep \
> current code as fall back.
> http://man7.org/linux/man-pages/man2/open.2.html
>
> What do you think about it? or someone is working for it?
> If it is ok, I will file it to JBS and will send review request.
>
>
> Thanks,
>
> Yasumasa
>
>
> P.S.
> I tried to use MAP_PRIVATE for it, but it was slower than MAP_SHARED.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic