RFR: 7903686: jtreg Agent should use loopback address [v2]

[Christian Stein]

On Wed, 6 Mar 2024 06:32:18 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

>> Can I please get a review of this change which proposes to address https://bugs.openjdk.org/browse/CODETOOLS-7903686?
>> 
>> The jtreg framework when handling "agentvm" mode, creates a `java.net.ServerSocket` in the jtreg process and then launches a JVM with `com.sun.javatest.regtest.agent.AgentServer` as the main class, passing it the port to which the `ServerSocket` is bound to. The `AgentServer` is then responsible for creating a `java.net.Socket` and connecting against the jtreg process' `ServerSocket`. In its current form, the `ServerSocket` is bound to "any address" which means that it can `accept()` a connection from not just the current host on which `jtreg` is running but from any other host on the network from which this host is accessible. If such a connection is established, then such an unexpected connection then interferes with the semantics of jtreg and the AgentServer and leads to test failures. We have noticed such failures in our CI environment, when running the JDK tests.
>> 
>> The change in this PR proposes to bind the `ServerSocket` to loopback address to reduce the changes of such interference. This doesn't completely rule out interference from unexpected/rogue processes connecting from within the same host to this `ServerSocket`, but given that the processes running on the current host are much more controlled and managed, then that should not be too much of a problem.
>> 
>> A custom built jtreg was used with these changes and the JDK mainline's tier1, tier2, tier3 testing was done. All tests have passed.
>
> Jaikiran Pai has updated the pull request incrementally with one additional commit since the last revision:
> 
>   add an entry to changelog

Marked as reviewed by cstein (Committer).

-------------

PR Review: https://git.openjdk.org/jtreg/pull/185#pullrequestreview-1918869817