[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openjdk-serviceability-dev
Subject:    RE: RFR(XS): 8057564: JVM hangs at getAgentProperties after attaching to VM with lower IntegrityLeve
From:       Mattis Castegren <mattis.castegren () oracle ! com>
Date:       2014-09-17 5:07:58
Message-ID: d0eeada0-5841-4b8a-9bfc-844da89bbab9 () default
[Download RAW message or body]

Hi

This is urgent for a customer case, so we would need the second review. Dmitry was ok \
with the fix. Sergey, you also got some additional review from someone who was not an \
official reviewer, right? Could you paste those comments?

If no one on this alias feels comfortable with reviewing this fix, any ideas on \
someone else who can do it and who is has reviewer status? Maybe someone from another \
team with a lot of Windows experience?

Kind Regards
/Mattis

-----Original Message-----
From: Sergey Gabdurakhmanov 
Sent: den 16 september 2014 12:56
To: serviceability-dev@openjdk.java.net
Subject: Re: RFR(XS): 8057564: JVM hangs at getAgentProperties after attaching to VM \
with lower IntegrityLevel

Hi,

I need a second approval for the fix integration.
Can somebody else review the patch?

BR,
Sergey

On 12.09.2014 17:34, Dmitry Samersoff wrote:
> Sergey,
> 
> Looks good for me.
> 
> -Dmitry
> 
> 
> On 2014-09-12 12:46, Sergey Gabdurakhmanov wrote:
> > Dmitry,
> > 
> > New patch:
> > http://cr.openjdk.java.net/~sgabdura/8057564/webrev.01/
> > 
> > 
> > My answers:
> > 
> > 1. You should not free lpSecurityDescriptor if it's null (ll.291)
> > 
> > I checked MSDN
> > http://msdn.microsoft.com/en-us/library/windows/desktop/aa366730%28v=vs.85%29.aspx
> >  "If the /hMem/ parameter is *NULL*, *LocalFree* ignores the parameter
> > and returns *NULL*."
> > 
> > 2. It's better to re-arrange code a bit:
> > 
> > if InitializeSecurityDescriptor or SetSecurityDescriptorDacl fails,
> > free lpSecurityDescriptor immediately and continue with
> > lpSecurityDescriptor == NULL
> > 
> > Done.
> > 
> > 
> > 3. Make sure it works on all supported platforms: this code rise minimal
> > server version to windows 2003 server.
> > 
> > In Windows 2003 server my fix will create a new security attributes.
> > If SetSecurityDescriptorDacl or InitializeSecurityDescriptor will return
> > false on Windows XP
> > then my patch will pass NULL to CreateNamedPipe and the code will use
> > default security descriptor.
> > 
> > 
> > BR,
> > Sergey
> > 
> > On 11.09.2014 16:16, Dmitry Samersoff wrote:
> > > Sergey,
> > > 
> > > 1. You should not free lpSecurityDescriptor if it's null (ll.291)
> > > 
> > > 2. It's better to re-arrange code a bit:
> > > 
> > > if InitializeSecurityDescriptor or SetSecurityDescriptorDacl fails,
> > > free lpSecurityDescriptor immediately and continue with
> > > lpSecurityDescriptor == NULL
> > > 
> > > 
> > > 3. Make sure it works on all supported platforms: this code rise minimal
> > > server version to windows 2003 server.
> > > 
> > > -Dmitry
> > > 
> > > 
> > > 
> > > On 2014-09-11 15:49, Sergey Gabdurakhmanov wrote:
> > > > Hi,
> > > > 
> > > > Could I please have a review of this small fix.
> > > > 
> > > > webrev: http://cr.openjdk.java.net/~sgabdura/8057564/webrev.00/
> > > > bug: https://jbs.oracle.com/bugs/browse/JDK-8057564
> > > > 
> > > > Problem description:
> > > > On Windows 7 with User Account Control (UAC) enabled, JVM hangs at
> > > > getAgentProperties or getSystemProperties after attaching from a "high"
> > > > IntegrityLevel JVM to a "medium" IntegrityLevel JVM, using Attach API:
> > > > attachedVM = com.sun.tools.attach.VirtualMachine.attach(pid);
> > > > final Properties systemProperties = attachedVM.getSystemProperties();
> > > > 
> > > > Root cause:
> > > > In WindowsVirtualMachine.attach  is implemented with named pipes.
> > > > If named pipe was created with default security properties then windows
> > > > will not allow process with"medium" IntegrityLevel  to be attached to a
> > > > processwith "high" IntegrityLevel.
> > > > 
> > > > Solution:
> > > > Create security properties that allow requested connection.
> > > > 
> > > > I'm going to push this fix into JDK9, 8 and 7.
> > > > BR,
> > > > Sergey
> > > > 
> 


[prev in list] [next in list] [prev in thread] [next in thread]