[14] RFR: 8238196: tests that use SA Attach should not be allowed to run against signed binaries on Mac OS X 10.14.5 and later
Chris Plummer
chris.plummer at oracle.com
Fri Jan 31 06:10:19 UTC 2020
Hello,
Please review the following fix for some SA tests that are failing on
Mac OS X 10.14.5 and later:
https://bugs.openjdk.java.net/browse/JDK-8238196
http://cr.openjdk.java.net/~cjplummer/8236913/webrev.00
The issue is that SA can't attach to a signed binary starting with
10.14.5. There is no workaround for this, so these tests are being
disabled when it is detected that the binary is signed and we are
running on 10.14 or later (I chose all 10.14 releases to simplify the
check).
Some background may help explain the fix. In order for SA to attach to a
live process (not a core file) on OSX, either the attaching process (ie.
the test) has to be run as root, or sudo needs to be supported. However,
the only tests that make the sudo check are the 20 or so that use
ClhsdbLauncher. The rest all rely on "@requires vm.hasSAandCanAttach" to
filter out tests that use SA attach. vm.hasSAandCanAttach only checks if
the test is being run as root. Thus all our non-ClhsdbLauncher tests
that SA attach to a live process are currently not run unless they are
run as root. 8238268 [1] has been filed to address this, making it so
all the tests will attempt to use sudo if not run as root.
Because of the difference in how ClhsdbLauncher tests and "@requires
vm.hasSAandCanAttach" tests check to see if they are runnable, this fix
needs to address both types of checks. The common code for both these
cases is Platform.shouldSAAttach(), which on OSX basically equates to
check to see if we are running as root. I changed it to also return
false if running on signed binary with 10.14 or later. However, this
confused the ClhsdbLauncher use of Platform.shouldSAAttach() somewhat,
since it assumed a false result only happens because you are not running
as root (in which case it would then check if sudo will work). So
ClhsdbLauncher now has double check that the false result was not
because of running a signed binary. If it is signed, it won't do the
sudo check. This will get cleaned up with 8238268 [1], which will move
the sudo check into Platform.shouldSAAttach().
thanks,
Chris
[1] https://bugs.openjdk.java.net/browse/JDK-8238268
More information about the serviceability-dev
mailing list