PRE-RFR: 8177154: Default configuration should disallow loading agents

serguei.spitsyn at oracle.com serguei.spitsyn at oracle.com
Fri Mar 24 08:45:25 UTC 2017 

Please, pre-review the JDK 9 fix for:
   https://bugs.openjdk.java.net/browse/JDK-8177154


JDK webrev:
http://cr.openjdk.java.net/~sspitsyn/webrevs/2017/hotspot/8177154-agents.jdk0/

Hotspot webrev:
http://cr.openjdk.java.net/~sspitsyn/webrevs/2017/hotspot/8177154-agents.hs0/

Hotspot test/closed webrev:
http://cr.openjdk.java.net/~sspitsyn/webrevs/2017/hotspot/8177154-agents.nsk0/


Summary:
   Please, see the bug report of this Enhancement.

   As part of making the platform more secure by default we re-examine 
the ability to load
   arbitrary code (both native and java) into a running VM with the 
attach mechanism.
This issue tracks changing the VM side of the attach mechanism to 
disallow the "load"
   command by default. The "load" command is what the 
VirtualMachine.loadAgentXXX methods
   use to load java and JVM TI agents into the target VM.
   A non-manageable command line flag -XX:+EnableDynamicAgentLoading is 
introduced to allow
   opt-in and allow agents to be loaded.
   Note that the VM already has -XX:+DisableAttachMechanism to 
completely disable the attach mechanism
   but that disables it completely and prevents the use of the 
cooperative troubleshooting tools.

   A few notes on the proposal:
1. It should have no impact on command-line/troubleshooting tools.
2. It should have no impact on tools that start the JMX agent with the 
attach mechanism.
3. No impact on the JVM TI or java.lang.instrument specifications as 
Java SE does not specify
       the mechanism, it just allows for the possibility of agents being 
loaded in a running VM.
4. The changes to implement this are likely to be small and low-risk.
       The main thing is to make sure that the error on the attach API 
side is useful.
       A small number of existing tests will need to be updated to run 
with the new XX option.
    5. The change should only impact a small number of tools but it will 
need to be documented
       in the JDK 9 release notes.

   It will require filing a CCC and a release notes update.

   At this stage, I'd like to make sure the whole direction of the changes
   is right and nothing important is missed.


Testing:
   This was tested with the tests:
     - nsk.aod
     - nsk.jvmti AttachOnDemand
     - nsk.monitoring
     - jdk/test/com/sun/tools/attach
     - jdk/test/java/lang/management
     - jdk/test/sun/tools
     - jdk/test/closed/javax/management
     - jdk/test/closed/com/sun/jmx
     - jdk/test/closed/com/oracle/jfr

    Please, let me know if any other test suites are necessary to run.
    Q1: Have I missed any attach test suites?
    Q2: What are the best ways to run all management and jmx test?
    Q3: The same question is about the J*tools tests.


Thanks,
Serguei

More information about the hotspot-runtime-dev mailing list