RFR: 8329995: Restricted access to `/proc` can cause JFR initialization to crash
David Holmes
dholmes at openjdk.org
Mon Apr 15 09:02:48 UTC 2024
On Sun, 14 Apr 2024 08:53:05 GMT, Jaroslav Bachorik <jbachorik at openjdk.org> wrote:
> Please, review this trivial change to make using `ProcessIterator` more robust in the presence of SELinux or a similar system.
>
> The call to `os::opendir("/proc")` may return `nulltptr` if the `/proc` is not accessible due to restrictions placed by the SELinux. In that case the `ProcessIterator` will SIGSEG because it assumes the `_dir`, which is the variable storing the result of the `os::opendir("/proc")` call to be non-null.
>
> The patch is missing regression test because it is very hard to simulate `/proc` not being accessible to the test process.
This change doesn't seem sufficient as many of the ProcessIterator functions access something under /proc without checking is_valid. Is it just direct access to /proc that fails rather than specific entries?
src/hotspot/os/linux/os_perf_linux.cpp line 851:
> 849: _entry = nullptr;
> 850: _valid = _dir != nullptr;
> 851: next_process();
A comment on the opendir would be useful e.g.
_dir = os::opendir("/proc"); // May be null if /proc is not accessible.
-------------
PR Review: https://git.openjdk.org/jdk/pull/18775#pullrequestreview-2000373079
PR Review Comment: https://git.openjdk.org/jdk/pull/18775#discussion_r1565398444
More information about the hotspot-jfr-dev
mailing list