8334394: Race condition in Class::protectionDomain

Reviewed-by: liach, jpai, rriggs, alanb
This commit is contained in:
Weijun Wang 2024-07-22 13:43:55 +00:00
parent 92de2b2d5f
commit c3226aaeb8
2 changed files with 101 additions and 19 deletions
src/java.base/share/classes/java/lang
test/jdk/java/lang/Class

@ -55,7 +55,9 @@ import java.lang.reflect.TypeVariable;
import java.lang.constant.Constable;
import java.net.URL;
import java.security.AccessController;
import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@ -3220,10 +3222,6 @@ public final class Class<T> implements java.io.Serializable,
return true;
}
/** protection domain returned when the internal domain is null */
private static java.security.ProtectionDomain allPermDomain;
/**
* Returns the {@code ProtectionDomain} of this class. If there is a
* security manager installed, this method first calls the security
@ -3244,7 +3242,7 @@ public final class Class<T> implements java.io.Serializable,
* @see java.lang.RuntimePermission
* @since 1.2
*/
public java.security.ProtectionDomain getProtectionDomain() {
public ProtectionDomain getProtectionDomain() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
@ -3253,26 +3251,30 @@ public final class Class<T> implements java.io.Serializable,
return protectionDomain();
}
// package-private
java.security.ProtectionDomain protectionDomain() {
java.security.ProtectionDomain pd = getProtectionDomain0();
if (pd == null) {
if (allPermDomain == null) {
java.security.Permissions perms =
new java.security.Permissions();
perms.add(SecurityConstants.ALL_PERMISSION);
allPermDomain =
new java.security.ProtectionDomain(null, perms);
}
pd = allPermDomain;
/** Holder for the protection domain returned when the internal domain is null */
private static class Holder {
private static final ProtectionDomain allPermDomain;
static {
Permissions perms = new Permissions();
perms.add(SecurityConstants.ALL_PERMISSION);
allPermDomain = new ProtectionDomain(null, perms);
}
}
// package-private
ProtectionDomain protectionDomain() {
ProtectionDomain pd = getProtectionDomain0();
if (pd == null) {
return Holder.allPermDomain;
} else {
return pd;
}
return pd;
}
/**
* Returns the ProtectionDomain of this class.
*/
private native java.security.ProtectionDomain getProtectionDomain0();
private native ProtectionDomain getProtectionDomain0();
/*
* Return the Virtual Machine's Class object for the named

@ -0,0 +1,80 @@
/*
* Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8334394
* @summary ensure there is no race condition in Class::protectionDomain
* @run main/othervm ProtectionDomainRace
*/
import javax.security.auth.Subject;
import java.security.PrivilegedAction;
/**
* Without the code fix, this test would fail with
* java.lang.AssertionError: sun.security.util.ResourcesMgr (PD)
* at java.base/java.lang.invoke.MethodHandleImpl$BindCaller.checkInjectedInvoker(MethodHandleImpl.java:1209)
* at java.base/java.lang.invoke.MethodHandleImpl$BindCaller.makeInjectedInvoker(MethodHandleImpl.java:1110)
* at java.base/java.lang.invoke.MethodHandleImpl$BindCaller$1.computeValue(MethodHandleImpl.java:1117)
* at java.base/java.lang.invoke.MethodHandleImpl$BindCaller$1.computeValue(MethodHandleImpl.java:1114)
* at java.base/java.lang.ClassValue.getFromHashMap(ClassValue.java:229)
* at java.base/java.lang.ClassValue.getFromBackup(ClassValue.java:211)
* at java.base/java.lang.ClassValue.get(ClassValue.java:117)
* at java.base/java.lang.invoke.MethodHandleImpl$BindCaller.bindCallerWithInjectedInvoker(MethodHandleImpl.java:1089)
* at java.base/java.lang.invoke.MethodHandleImpl$BindCaller.bindCaller(MethodHandleImpl.java:1077)
* at java.base/java.lang.invoke.MethodHandleImpl.bindCaller(MethodHandleImpl.java:1032)
* at java.base/java.lang.invoke.MethodHandles$Lookup.maybeBindCaller(MethodHandles.java:4149)
* at java.base/java.lang.invoke.MethodHandles$Lookup.getDirectMethodCommon(MethodHandles.java:4133)
* at java.base/java.lang.invoke.MethodHandles$Lookup.getDirectMethodNoSecurityManager(MethodHandles.java:4077)
* at java.base/java.lang.invoke.MethodHandles$Lookup.getDirectMethodForConstant(MethodHandles.java:4326)
* at java.base/java.lang.invoke.MethodHandles$Lookup.linkMethodHandleConstant(MethodHandles.java:4274)
* at java.base/java.lang.invoke.MethodHandleNatives.linkMethodHandleConstant(MethodHandleNatives.java:628)
* at java.base/sun.security.util.ResourcesMgr.getBundle(ResourcesMgr.java:54)
* at java.base/sun.security.util.ResourcesMgr.getString(ResourcesMgr.java:40)
* at java.base/javax.security.auth.Subject.doAs(Subject.java:517)
* ...
* as the Class::protectionDomain might assign different objects to the (original) allPermDomain field.
*/
public class ProtectionDomainRace {
private static volatile Throwable failed = null;
public static void main(String[] args) throws Throwable {
PrivilegedAction<?> pa = () -> null;
Thread[] threads = new Thread[100];
for (int i = 0; i < 100; i++) {
threads[i] = new Thread(() -> {
try {
Subject.doAs(null, pa);
} catch (Throwable t) {
failed = t;
}
});
threads[i].start();
}
for (int i = 0; i < 100; i++) {
threads[i].join();
}
if (failed != null) {
throw failed;
}
}
}