JDK-8240827 : Downport SSLSocketImpl.java from "8221882: Use fiber-friendly java.util.concurrent.locks in JSSE"
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 11.0.8
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2020-03-10
  • Updated: 2021-02-11
  • Resolved: 2020-03-18
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 Other
11.0.8 b01Fixed openjdk8u292Fixed
Related Reports
Relates :  
JDK-8219991 - New fix of the deadlock in sun.security.ssl.SSLSocketImpl
Relates :  
JDK-8221882 - Use fiber-friendly java.util.concurrent.locks in JSSE
Description
Bring SSLSocketImpl parts of 8221882 to 11.0.8 to foster downporting of JDK-8219991

"8209333: Socket reset issue for TLS 1.3 socket close" [1]
should be downported for parity with 11.0.8-oracle.

"8219991: New fix of the deadlock in
sun.security.ssl.SSLSocketImpl" [3], is a follow-up that fixes an issue
introduced by [1]. This should be brought to 11.0.8 along with [1].

[1] applies clean to jdk11u-dev.
Unfortunately, [3] does not apply at all.

In jdk13 a major rework of JSSE was done:
[2] "8221882: Use fiber-friendly java.util.concurrent.locks in JSSE"

[2] removes the synchronized keywords from a lot of functions
in JSSE and replaces them by manual locking. [3] exploits
the new control flow within these reworked functions in
SSLSocketImpl.java. It needs to be designed differently
to apply directly on top of [1].

Instead, I propose to downport the changes of [2] to the only
file touched by [3], SSLSocketImpl.java.  This is the purpose of this task.

I took the patch of [2] for SSLSocketImpl.java and patched
it on top of [1] to jdk11u-dev. It applies clean. On top
of this, [3] applies clean, too.

The SSLSocketImpl.java part of [2] uses a public lock
introduced in OutputRecord. I revoked this part of the change
as the changes to OutputRecord are not important here, so
it'd like to skip them. Here the partial webrev of the
revoked code:
http://cr.openjdk.java.net/~goetz/wr20/8240827-Downport_SSLSocketImpl_from_8221882-jdk11/01-revoked/src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java.udiff.html

I'm not opening this issue as Backport for 8221882, as it only contains a subset of this change.

The locks introduced by [2] in SSLSocketImpl.java are private,
so there is no direct dependency to them in other code.
Comments
URL: https://hg.openjdk.java.net/jdk-updates/jdk11u/rev/3153288370c6 User: goetz Date: 2020-04-29 08:51:55 +0000
29-04-2020
URL: https://hg.openjdk.java.net/jdk-updates/jdk11u-dev/rev/3153288370c6 User: goetz Date: 2020-03-15 21:33:16 +0000
18-03-2020
11u Backport RFR approval: https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2020-March/002779.html
13-03-2020
See review: http://mail.openjdk.java.net/pipermail/jdk-updates-dev/2020-March/002724.html
12-03-2020