Java heap file on daxfs should be more secure
Florian Weimer
fweimer at redhat.com
Thu Dec 19 09:08:10 UTC 2019
* Yasumasa Suenaga:
> HotSpot allocates Java heap on daxfs if we pass -XX:AllocateHeapAt.
> It performs open(2) and unlink(2) on daxfs, and it is used via mmap'ed
> address.
>
> mmap(2) would be called with MAP_SHARED, and it is not atomically
> between open(2) and unlink(2). If malicious user open Java heap file
> before unlink(2), it might be exposed.
The existing code uses mkstemp, so the content is not exposed to other
users. The same user can still access the file through /proc, with and
without O_TMPFILE.
> So I think we can use open(2) with O_TMPFILE instead of mkstemp(3) as below.
>
> http://cr.openjdk.java.net/~ysuenaga/dax/
Old systems have neither __O_TMPFILE nor O_TMPFILE, so this will result
in a compilation error there.
Thanks,
Florian
More information about the hotspot-runtime-dev
mailing list