From 287d1c2caae8433ee66672b075496254936b5916 Mon Sep 17 00:00:00 2001 From: Eric McCorkle Date: Fri, 26 Apr 2013 07:34:02 -0400 Subject: [PATCH 1/3] 8007154: Remove support for u4 MethodParameter flags fields Remove support for parsing class files with four-byte flags fields in MethodParameters attributes Reviewed-by: jrose, coleenp --- .../share/vm/classfile/classFileParser.cpp | 26 +++---------------- 1 file changed, 4 insertions(+), 22 deletions(-) diff --git a/hotspot/src/share/vm/classfile/classFileParser.cpp b/hotspot/src/share/vm/classfile/classFileParser.cpp index 373ca0ae8ff..c93d72de623 100644 --- a/hotspot/src/share/vm/classfile/classFileParser.cpp +++ b/hotspot/src/share/vm/classfile/classFileParser.cpp @@ -2027,7 +2027,6 @@ methodHandle ClassFileParser::parse_method(bool is_interface, u2 method_parameters_length = 0; u1* method_parameters_data = NULL; bool method_parameters_seen = false; - bool method_parameters_four_byte_flags; bool parsed_code_attribute = false; bool parsed_checked_exceptions_attribute = false; bool parsed_stackmap_attribute = false; @@ -2241,26 +2240,14 @@ methodHandle ClassFileParser::parse_method(bool is_interface, } method_parameters_seen = true; method_parameters_length = cfs->get_u1_fast(); - // Track the actual size (note: this is written for clarity; a - // decent compiler will CSE and constant-fold this into a single - // expression) - // Use the attribute length to figure out the size of flags - if (method_attribute_length == (method_parameters_length * 6u) + 1u) { - method_parameters_four_byte_flags = true; - } else if (method_attribute_length == (method_parameters_length * 4u) + 1u) { - method_parameters_four_byte_flags = false; - } else { + if (method_attribute_length != (method_parameters_length * 4u) + 1u) { classfile_parse_error( "Invalid MethodParameters method attribute length %u in class file", method_attribute_length, CHECK_(nullHandle)); } method_parameters_data = cfs->get_u1_buffer(); cfs->skip_u2_fast(method_parameters_length); - if (method_parameters_four_byte_flags) { - cfs->skip_u4_fast(method_parameters_length); - } else { - cfs->skip_u2_fast(method_parameters_length); - } + cfs->skip_u2_fast(method_parameters_length); // ignore this attribute if it cannot be reflected if (!SystemDictionary::Parameter_klass_loaded()) method_parameters_length = 0; @@ -2423,13 +2410,8 @@ methodHandle ClassFileParser::parse_method(bool is_interface, for (int i = 0; i < method_parameters_length; i++) { elem[i].name_cp_index = Bytes::get_Java_u2(method_parameters_data); method_parameters_data += 2; - if (method_parameters_four_byte_flags) { - elem[i].flags = Bytes::get_Java_u4(method_parameters_data); - method_parameters_data += 4; - } else { - elem[i].flags = Bytes::get_Java_u2(method_parameters_data); - method_parameters_data += 2; - } + elem[i].flags = Bytes::get_Java_u2(method_parameters_data); + method_parameters_data += 2; } } From 2a692f80bf57cb7816242c2f7218e0288d434a25 Mon Sep 17 00:00:00 2001 From: Harold Seigel Date: Mon, 29 Apr 2013 16:13:57 -0400 Subject: [PATCH 2/3] 8011773: Some tests on Interned String crashed JVM with OOM Instead of terminating the VM, throw OutOfMemoryError exceptions. Reviewed-by: coleenp, dholmes --- hotspot/src/share/vm/classfile/javaClasses.cpp | 12 ++++++++---- hotspot/src/share/vm/classfile/javaClasses.hpp | 2 +- hotspot/src/share/vm/classfile/symbolTable.cpp | 2 +- hotspot/src/share/vm/memory/allocation.hpp | 3 +++ hotspot/src/share/vm/oops/oop.cpp | 14 ++++++++++---- hotspot/src/share/vm/prims/whitebox.cpp | 10 +++------- 6 files changed, 26 insertions(+), 17 deletions(-) diff --git a/hotspot/src/share/vm/classfile/javaClasses.cpp b/hotspot/src/share/vm/classfile/javaClasses.cpp index 527da053af4..bb02a6d8694 100644 --- a/hotspot/src/share/vm/classfile/javaClasses.cpp +++ b/hotspot/src/share/vm/classfile/javaClasses.cpp @@ -315,14 +315,18 @@ Handle java_lang_String::char_converter(Handle java_string, jchar from_char, jch return string; } -jchar* java_lang_String::as_unicode_string(oop java_string, int& length) { +jchar* java_lang_String::as_unicode_string(oop java_string, int& length, TRAPS) { typeArrayOop value = java_lang_String::value(java_string); int offset = java_lang_String::offset(java_string); length = java_lang_String::length(java_string); - jchar* result = NEW_RESOURCE_ARRAY(jchar, length); - for (int index = 0; index < length; index++) { - result[index] = value->char_at(index + offset); + jchar* result = NEW_RESOURCE_ARRAY_RETURN_NULL(jchar, length); + if (result != NULL) { + for (int index = 0; index < length; index++) { + result[index] = value->char_at(index + offset); + } + } else { + THROW_MSG_0(vmSymbols::java_lang_OutOfMemoryError(), "could not allocate Unicode string"); } return result; } diff --git a/hotspot/src/share/vm/classfile/javaClasses.hpp b/hotspot/src/share/vm/classfile/javaClasses.hpp index 326f13e5301..8e4dd46f3e9 100644 --- a/hotspot/src/share/vm/classfile/javaClasses.hpp +++ b/hotspot/src/share/vm/classfile/javaClasses.hpp @@ -153,7 +153,7 @@ class java_lang_String : AllStatic { static char* as_utf8_string(oop java_string, char* buf, int buflen); static char* as_utf8_string(oop java_string, int start, int len); static char* as_platform_dependent_str(Handle java_string, TRAPS); - static jchar* as_unicode_string(oop java_string, int& length); + static jchar* as_unicode_string(oop java_string, int& length, TRAPS); // produce an ascii string with all other values quoted using \u#### static char* as_quoted_ascii(oop java_string); diff --git a/hotspot/src/share/vm/classfile/symbolTable.cpp b/hotspot/src/share/vm/classfile/symbolTable.cpp index 0f8da2d895e..b36432a3c10 100644 --- a/hotspot/src/share/vm/classfile/symbolTable.cpp +++ b/hotspot/src/share/vm/classfile/symbolTable.cpp @@ -735,7 +735,7 @@ oop StringTable::intern(oop string, TRAPS) ResourceMark rm(THREAD); int length; Handle h_string (THREAD, string); - jchar* chars = java_lang_String::as_unicode_string(string, length); + jchar* chars = java_lang_String::as_unicode_string(string, length, CHECK_NULL); oop result = intern(h_string, chars, length, CHECK_NULL); return result; } diff --git a/hotspot/src/share/vm/memory/allocation.hpp b/hotspot/src/share/vm/memory/allocation.hpp index 80d8d7a80a2..b65b2979c2f 100644 --- a/hotspot/src/share/vm/memory/allocation.hpp +++ b/hotspot/src/share/vm/memory/allocation.hpp @@ -539,6 +539,9 @@ class ResourceObj ALLOCATION_SUPER_CLASS_SPEC { #define NEW_RESOURCE_ARRAY(type, size)\ (type*) resource_allocate_bytes((size) * sizeof(type)) +#define NEW_RESOURCE_ARRAY_RETURN_NULL(type, size)\ + (type*) resource_allocate_bytes((size) * sizeof(type), AllocFailStrategy::RETURN_NULL) + #define NEW_RESOURCE_ARRAY_IN_THREAD(thread, type, size)\ (type*) resource_allocate_bytes(thread, (size) * sizeof(type)) diff --git a/hotspot/src/share/vm/oops/oop.cpp b/hotspot/src/share/vm/oops/oop.cpp index 43f227e4dc8..cedbbb6ac84 100644 --- a/hotspot/src/share/vm/oops/oop.cpp +++ b/hotspot/src/share/vm/oops/oop.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -103,11 +103,17 @@ intptr_t oopDesc::slow_identity_hash() { // When String table needs to rehash unsigned int oopDesc::new_hash(jint seed) { + EXCEPTION_MARK; ResourceMark rm; int length; - jchar* chars = java_lang_String::as_unicode_string(this, length); - // Use alternate hashing algorithm on the string - return AltHashing::murmur3_32(seed, chars, length); + jchar* chars = java_lang_String::as_unicode_string(this, length, THREAD); + if (chars != NULL) { + // Use alternate hashing algorithm on the string + return AltHashing::murmur3_32(seed, chars, length); + } else { + vm_exit_out_of_memory(length, "unable to create Unicode strings for String table rehash"); + return 0; + } } VerifyOopClosure VerifyOopClosure::verify_oop; diff --git a/hotspot/src/share/vm/prims/whitebox.cpp b/hotspot/src/share/vm/prims/whitebox.cpp index 412ad432654..148bd89eef9 100644 --- a/hotspot/src/share/vm/prims/whitebox.cpp +++ b/hotspot/src/share/vm/prims/whitebox.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -310,12 +310,8 @@ WB_END WB_ENTRY(jboolean, WB_IsInStringTable(JNIEnv* env, jobject o, jstring javaString)) ResourceMark rm(THREAD); int len; - jchar* name = java_lang_String::as_unicode_string(JNIHandles::resolve(javaString), len); - oop found_string = StringTable::the_table()->lookup(name, len); - if (found_string == NULL) { - return false; - } - return true; + jchar* name = java_lang_String::as_unicode_string(JNIHandles::resolve(javaString), len, CHECK_false); + return (StringTable::lookup(name, len) != NULL); WB_END From 9e8a3585b0dfb8b50e1e50c4854176794c91b578 Mon Sep 17 00:00:00 2001 From: Mikael Vidstedt Date: Mon, 29 Apr 2013 11:03:49 -0700 Subject: [PATCH 3/3] 8012015: Use PROT_NONE when reserving memory Reserved memory had PROT_READ+PROT_WRITE access on Linux/bsd, now changed to PROT_NONE. Reviewed-by: dholmes, ctornqvi --- hotspot/src/os/bsd/vm/os_bsd.cpp | 7 +- hotspot/src/os/linux/vm/os_linux.cpp | 7 +- hotspot/src/share/vm/prims/whitebox.cpp | 7 ++ .../test/runtime/memory/ReserveMemory.java | 78 +++++++++++++++++++ .../whitebox/sun/hotspot/WhiteBox.java | 3 + 5 files changed, 96 insertions(+), 6 deletions(-) create mode 100644 hotspot/test/runtime/memory/ReserveMemory.java diff --git a/hotspot/src/os/bsd/vm/os_bsd.cpp b/hotspot/src/os/bsd/vm/os_bsd.cpp index fb09dd57e83..12c3f7c0fd6 100644 --- a/hotspot/src/os/bsd/vm/os_bsd.cpp +++ b/hotspot/src/os/bsd/vm/os_bsd.cpp @@ -2080,9 +2080,10 @@ static char* anon_mmap(char* requested_addr, size_t bytes, bool fixed) { flags |= MAP_FIXED; } - // Map uncommitted pages PROT_READ and PROT_WRITE, change access - // to PROT_EXEC if executable when we commit the page. - addr = (char*)::mmap(requested_addr, bytes, PROT_READ|PROT_WRITE, + // Map reserved/uncommitted pages PROT_NONE so we fail early if we + // touch an uncommitted page. Otherwise, the read/write might + // succeed if we have enough swap space to back the physical page. + addr = (char*)::mmap(requested_addr, bytes, PROT_NONE, flags, -1, 0); if (addr != MAP_FAILED) { diff --git a/hotspot/src/os/linux/vm/os_linux.cpp b/hotspot/src/os/linux/vm/os_linux.cpp index 74b9cd2a1de..5493ff6910f 100644 --- a/hotspot/src/os/linux/vm/os_linux.cpp +++ b/hotspot/src/os/linux/vm/os_linux.cpp @@ -2906,9 +2906,10 @@ static char* anon_mmap(char* requested_addr, size_t bytes, bool fixed) { flags |= MAP_FIXED; } - // Map uncommitted pages PROT_READ and PROT_WRITE, change access - // to PROT_EXEC if executable when we commit the page. - addr = (char*)::mmap(requested_addr, bytes, PROT_READ|PROT_WRITE, + // Map reserved/uncommitted pages PROT_NONE so we fail early if we + // touch an uncommitted page. Otherwise, the read/write might + // succeed if we have enough swap space to back the physical page. + addr = (char*)::mmap(requested_addr, bytes, PROT_NONE, flags, -1, 0); if (addr != MAP_FAILED) { diff --git a/hotspot/src/share/vm/prims/whitebox.cpp b/hotspot/src/share/vm/prims/whitebox.cpp index 148bd89eef9..ab21a80d7c7 100644 --- a/hotspot/src/share/vm/prims/whitebox.cpp +++ b/hotspot/src/share/vm/prims/whitebox.cpp @@ -320,6 +320,11 @@ WB_ENTRY(void, WB_FullGC(JNIEnv* env, jobject o)) Universe::heap()->collect(GCCause::_last_ditch_collection); WB_END + +WB_ENTRY(jlong, WB_ReserveMemory(JNIEnv* env, jobject o, jlong size)) + return (jlong)os::reserve_memory(size, NULL, 0); +WB_END + //Some convenience methods to deal with objects from java int WhiteBox::offset_for_field(const char* field_name, oop object, Symbol* signature_symbol) { @@ -421,6 +426,8 @@ static JNINativeMethod methods[] = { CC"(Ljava/lang/reflect/Executable;)V", (void*)&WB_ClearMethodState}, {CC"isInStringTable", CC"(Ljava/lang/String;)Z", (void*)&WB_IsInStringTable }, {CC"fullGC", CC"()V", (void*)&WB_FullGC }, + + {CC"reserveMemory", CC"(J)J", (void*)&WB_ReserveMemory }, }; #undef CC diff --git a/hotspot/test/runtime/memory/ReserveMemory.java b/hotspot/test/runtime/memory/ReserveMemory.java new file mode 100644 index 00000000000..fbf1a413371 --- /dev/null +++ b/hotspot/test/runtime/memory/ReserveMemory.java @@ -0,0 +1,78 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @key regression + * @bug 8012015 + * @summary Make sure reserved (but uncommitted) memory is not accessible + * @library /testlibrary /testlibrary/whitebox + * @build ReserveMemory + * @run main ClassFileInstaller sun.hotspot.WhiteBox + * @run main ReserveMemory + */ + +import com.oracle.java.testlibrary.*; + +import java.lang.reflect.Field; +import sun.hotspot.WhiteBox; +import sun.misc.Unsafe; + +public class ReserveMemory { + private static Unsafe getUnsafe() throws Exception { + Field f = Unsafe.class.getDeclaredField("theUnsafe"); + f.setAccessible(true); + return (Unsafe)f.get(null); + } + + private static boolean isWindows() { + return System.getProperty("os.name").toLowerCase().startsWith("win"); + } + + public static void main(String args[]) throws Exception { + if (args.length > 0) { + long address = WhiteBox.getWhiteBox().reserveMemory(4096); + + System.out.println("Reserved memory at address: 0x" + Long.toHexString(address)); + System.out.println("Will now read from the address, expecting a crash!"); + + int x = getUnsafe().getInt(address); + + throw new Exception("Read of reserved/uncommitted memory unexpectedly succeeded, expected crash!"); + } + + ProcessBuilder pb = ProcessTools.createJavaProcessBuilder( + "-Xbootclasspath/a:.", + "-XX:+UnlockDiagnosticVMOptions", + "-XX:+WhiteBoxAPI", + "ReserveMemory", + "test"); + + OutputAnalyzer output = new OutputAnalyzer(pb.start()); + if (isWindows()) { + output.shouldContain("EXCEPTION_ACCESS_VIOLATION"); + } else { + output.shouldContain("SIGSEGV"); + } + } +} diff --git a/hotspot/test/testlibrary/whitebox/sun/hotspot/WhiteBox.java b/hotspot/test/testlibrary/whitebox/sun/hotspot/WhiteBox.java index a5b3a678038..8a827d7ba5a 100644 --- a/hotspot/test/testlibrary/whitebox/sun/hotspot/WhiteBox.java +++ b/hotspot/test/testlibrary/whitebox/sun/hotspot/WhiteBox.java @@ -111,6 +111,9 @@ public class WhiteBox { // Intered strings public native boolean isInStringTable(String str); + // Memory + public native long reserveMemory(long size); + // force Full GC public native void fullGC(); }