RFR: 8329995: Restricted access to `/proc` can cause JFR initialization to crash [v2]
David Holmes
dholmes at openjdk.org
Tue Apr 23 05:29:29 UTC 2024
On Mon, 15 Apr 2024 13:21:01 GMT, Jaroslav Bachorik <jbachorik at openjdk.org> wrote:
>> Please, review this trivial change to make using `ProcessIterator` more robust in the presence of SELinux or a similar system.
>>
>> The call to `os::opendir("/proc")` may return `nulltptr` if the `/proc` is not accessible due to restrictions placed by the SELinux. In that case the `ProcessIterator` will SIGSEG because it assumes the `_dir`, which is the variable storing the result of the `os::opendir("/proc")` call to be non-null.
>>
>> The patch is missing regression test because it is very hard to simulate `/proc` not being accessible to the test process.
>
> Jaroslav Bachorik has updated the pull request incrementally with one additional commit since the last revision:
>
> Add explanatory comment
@jbachorik - apologies I have been away a bit lately.
I can't quite convince myself that we may not have problems accessing /proc elsewhere because in a few places the path is constructed in one part of the code and then used somewhere else. But that is not the concern of this PR which is fixing a specific observed problem.
Thanks
-------------
Marked as reviewed by dholmes (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/18775#pullrequestreview-2016264553
More information about the hotspot-jfr-dev
mailing list