RFR: 8238566: java.security.Provider$Service.supportsParameter() is racy
Valerie Peng
valerie.peng at oracle.com
Wed Mar 11 20:31:52 UTC 2020
Anyone can help reviewing this?
I addressed this by applying the double-checked-locking pattern for lazy
initialization of instance fields.
Existing code already have most of the code structured for the pattern
but misses the second check.
Bug: https://bugs.openjdk.java.net/browse/JDK-8238566
Webrev: http://cr.openjdk.java.net/~valeriep/8238566/webrev.00/
Thanks,
Valerie
On 2/5/2020 12:49 PM, Arthur Eubanks wrote:
> Webrev: http://cr.openjdk.java.net/~aeubanks/8238566/webrev.00/
> Bug: https://bugs.openjdk.java.net/browse/JDK-8238566
>
> Found by TSAN, java.security.Provider$Service.supportsParameter() is
> racy. We haven't observed any actual bad behavior, but reasoning
> through it seems like bad behavior is possible.
>
> http://hg.openjdk.java.net/jdk/jdk/file/62b5bfef8d61/src/java.base/share/classes/java/security/Provider.java#l1927
>
> The synchronized block seems to not have any effect on correctness.
>
> Example race:
> T1 in hasKeyAttributes() writes true to hasKeyAttributes and fills out
> supportedFormats/supportedClasses.
>
> T2 in hasKeyAttributes() racily reads hasKeyAttributes as true, but
> then in supportsKeyFormat() racily reads supportedFormats as null. It
> can then improperly return false from supportsParameter().
> There is no synchronization between T1 and T2 because T2 never does
> any synchronization, so T2 can read what T1 writes in any order.
>
> Fix is to make all of hasKeyAttributes() synchronized.
More information about the security-dev
mailing list