JDK-8174790 : Race adding (weak) global JNI handles and determining type of handle
  • Type: Bug
  • Component: hotspot
  • Sub-Component: runtime
  • Affected Version: 9
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2017-02-11
  • Updated: 2019-06-20
  • Resolved: 2018-02-02
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11
11Fixed
Related Reports
Duplicate :  
JDK-8174791 - Race in adding and checking (weak) global JNI handles
Relates :  
JDK-8194312 - Support parallel and concurrent JNI global handle processing
Relates :  
JDK-8174791 - Race in adding and checking (weak) global JNI handles
Description
Global JNI handles are stored in JNIHandleBlocks.

There is a race in the code that adds handles (JNIHandles::make_global()) with code that determines whether a given handle is contained within that JNIHandleBlock, i.e. JNIHandleBlock::chain_contains().

Because when adding a new entry to a JNIHandleBlock, the stores for updating the data structure do not have a guaranteed ordering, and the reader does not use any kind of memory barriers at all.

This is insufficient to avoid read of random values from the JNIHandleBlock array on all supported platforms.

JNIHandleBlock::chain_contains() is both used for asserts and also for the public jni_GetObjectRefType call.

The issue exists with both the _global_handle as well as the _weak_global_handle array.

I think impact is at least the possibility to make the VM crash with a JNI Fatal Error when adding and deleting the same global handle in different threads.
Comments
The described races were fixed by the re-implementation of global and weak global JNI handles using OopStorage; see JDK-8194312.
02-02-2018
[~coleenp] Yes. I think it is fixed in the patch set I've given you. Well, at least for the global and weak global cases. Local case can still have problems. I'd have to look at what one is permitted to do, if anything, with a local handle from some thread other than the one it is local to.
02-08-2017
[~kbarrett] is this something you've already fixed or are fixing?
02-08-2017