RFR: 8307526: [JFR] Better handling of tampered JFR repository [v6]

[Joakim Nordström]

On Fri, 30 Jun 2023 11:40:05 GMT, Joakim Nordström <jnordstrom at openjdk.org> wrote:

>> This change makes sure that "JFR Periodic Task" isn't interrupted by any errors. This can happen when an unfinished chunkfile is removed "in-flight", which would lead to the chunkfiles not being rotated properly, and the maxsize/maxage being ignored.
>> 
>> With this fix, when an unfinished chunkfile is detected, all of the chunkfiles in the recording are checked for existence (since one likely cause for this could be f.i. 'rm -r /tmp' being invoked, effectively deleting all chunkfiles). Upon seeing missing chunkfiles, an error is logged, and emitted to the recording to signal that some data might be missing.
>> A check to catch any missing chunkfiles is also added when dumping a recording -- this can happen if only finished chunkfiles have been removed, which is not detected in-flight.
>> 
>> Also, a check was added to the file purger to check whether the file had already been deleted to not fill the purge list with already removed files.
>
> Joakim Nordström has updated the pull request incrementally with three additional commits since the last revision:
> 
>  - Commit
>  - Commit
>  - Removed MissingChunkFileError

I've rewritten some parts of the solution.

- Removed the MissingChunkfileError to instead emit a jdk.DataLoss event for each missing chunkfile. The "amount" field contains the number of bytes missing, the "total" field of the event is set to 0, the event time is when the chunkfile was found missing.
- Moved the privileged IO into to transferChunksWithRetry method.

Please have a look again. Thanks!

-------------

PR Comment: https://git.openjdk.org/jdk/pull/14360#issuecomment-1614537515