RFR: 8004095: Add support for JMX interface to Diagnostic Framework and Commands,
Frederic Parain
frederic.parain at oracle.com
Mon Dec 17 03:26:55 PST 2012
Hi,
Please review the following change for CR 8004095.
This changeset is the JDK side of two parts project.
The goal of this feature is to allow remote invocations of
Diagnostic Commands via JMX.
Diagnostic Commands are actually invoked from the jcmd
tool, which is a local tool using the attachAPI. It was
not possible to remotely invoke these commands.
This project creates a new PlatformMBean, remotely
accessible via the Platform MBean Server, providing
access to Diagnostic Commands too.
The JDK side of this project, including the new
Platform MBean, is covered in CR 7150256.
This changeset contains the modifications in the
JVM to support the new API.
There are two types of modifications:
1 - extension of the diagnostic command framework
2 - extension of existing diagnostic commands
Modifications of the framework:
The first modification of the framework is the mechanism
to communicate with the DiagnosticCommandsMBean defined
in the JDK. Communications are performed via the jmm.h
interface. In addition to a few new entries in the
jmm structure, several data structures have been declared
to export diagnostic command meta-data to the JDK.
The second modification of the framework consists in an
export control mechanism. Diagnostic Commands are executed
inside the JVM, they have access to critical information
and can perform very disruptive operations. Even if the
DiagnosticCommandsMBean includes some security checks
using Java Permissions, it sometime better to simply
make a diagnostic command not available from the JMX
API. The export control mechanism gives to diagnostic
command developers full control on how the command will
be accessible. When a diagnostic command is registered
to the framework, a list of interfaces allowed to
export this command must be provided. The current
implementation defines three interfaces: JVM internal,
attachAPI and JMX. A diagnostic command can be
exported to any combination of these interfaces.
Modifications of existing diagnostic commands:
Because this feature allows remote invocations, it
is important to be able to control who is invoking
and what is invoked. Java Permission checks have
been introduced in the DiagnosticCommandsMBean and
are performed before a remote invocation request
is forwarded to the JVM. So, each Diagnostic Command
can require a Java Permission to be invoked remotely.
Note that invocations from inside the JVM or via the
attachAPI do not check these permissions. Invocations
from inside the JVM are considered trusted, and the
attachAPI has its own security model based on EUID/
EGID.
Some existing diagnostic commands that have been
identified as begin potentially harmful have been
extended to specify the Java Permission required
for their execution.
The webrev is here:
http://cr.openjdk.java.net/~fparain/8004095/webrev.00/
Thanks,
Fred
--
Frederic Parain - Oracle
Grenoble Engineering Center - France
Phone: +33 4 76 18 81 17
Email: Frederic.Parain at Oracle.com
More information about the hotspot-runtime-dev
mailing list