RFR (XS) JDK-8231387 "java.security.Provider.getService returns random result due to race condition with mutating methods in the same class"

Hohensee, Paul hohensee at amazon.com
Wed Sep 25 15:30:07 UTC 2019 

Thanks, Valerie. Pushed.

From: Valerie Peng <valerie.peng at oracle.com>
Organization: Oracle Corporation
Date: Tuesday, September 24, 2019 at 9:42 PM
To: "Hohensee, Paul" <hohensee at amazon.com>, "security-dev at openjdk.java.net" <security-dev at openjdk.java.net>
Subject: Re: RFR (XS) JDK-8231387 "java.security.Provider.getService returns random result due to race condition with mutating methods in the same class"


Great, the update looks good.
Thanks,
Valerie
On 9/24/2019 5:49 PM, Hohensee, Paul wrote:
Thank you, Valerie. :)

The patch needs a test, however, so I added a slightly modified version of Tianmin’s reproducer. New webrev at

http://cr.openjdk.java.net/~phh/8231387/webrev.01/

The test fails without the fix.

From: Valerie Peng <valerie.peng at oracle.com><mailto:valerie.peng at oracle.com>
Organization: Oracle Corporation
Date: Tuesday, September 24, 2019 at 3:03 PM
To: "Hohensee, Paul" <hohensee at amazon.com><mailto:hohensee at amazon.com>, "security-dev at openjdk.java.net"<mailto:security-dev at openjdk.java.net> <security-dev at openjdk.java.net><mailto:security-dev at openjdk.java.net>
Subject: Re: RFR (XS) JDK-8231387 "java.security.Provider.getService returns random result due to race condition with mutating methods in the same class"


I am the security reviewer that you need. One should be enough. ;)

Valerie
On 9/24/2019 2:37 PM, Hohensee, Paul wrote:
Yes, I’ll sponsor. Though it looks ok to me, I’m not a security expert, so do we need another security reviewer?

From: security-dev <security-dev-bounces at openjdk.java.net><mailto:security-dev-bounces at openjdk.java.net> on behalf of Valerie Peng <valerie.peng at oracle.com><mailto:valerie.peng at oracle.com>
Organization: Oracle Corporation
Date: Tuesday, September 24, 2019 at 2:17 PM
To: "security-dev at openjdk.java.net"<mailto:security-dev at openjdk.java.net> <security-dev at openjdk.java.net><mailto:security-dev at openjdk.java.net>
Subject: Re: RFR (XS) JDK-8231387 "java.security.Provider.getService returns random result due to race condition with mutating methods in the same class"




Changes look fine. I suppose Paul will help sponsoring the fix as he is listed as the RE for 8231387?
Thanks,
Valerie
On 9/24/2019 12:36 PM, Shi, Tianmin wrote:

Hi



Can someone help reviewing this fix?


Bug: https://bugs.openjdk.java.net/browse/JDK-8231387
Webrev: http://cr.openjdk.java.net/~phh/8231387/webrev.00/



Thank you,
Tianmin Shi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20190925/77174ae4/attachment.htm>

More information about the security-dev mailing list