JDK-8259531 : (bf) Modify the DirectByteBuffer zero-initialized code
  • Type: Enhancement
  • Component: core-libs
  • Sub-Component: java.nio
  • Affected Version: 15
  • Priority: P4
  • Status: Closed
  • Resolution: Won't Fix
  • OS: generic
  • CPU: generic
  • Submitted: 2021-01-08
  • Updated: 2021-03-10
  • Resolved: 2021-01-12
Related Reports
Relates :  
JDK-6535542 - (bf spec) ByteBuffer.allocate{Direct}?() has undocumented zero-initialization
Description
A DESCRIPTION OF THE PROBLEM :
I have read JDK-6535542 comment, and know zero-initialized is for security reason. 
I suggest modify code at java.nio.DirectByteBuffer line 129
from:
UNSAFE.setMemory(base, size, (byte) 0);  
to
UNSAFE.setMemory(address, cap, (byte) 0);
The different is when DirectMemoryPageAligned is set, address is the start of the page, this would not touch the unused part, and it will also be zero-initialized.
As O_DIRECT is supported from java 11, I think this problem is worth to considered.
Comments
If not all the bytes allocated by Unsafe.allocateMemory() were zeroed, then presumably one could gain access to the uncleared bytes via GetDirectBufferAddress(). This is not a safe situation, hence resolving this as Won't Fix.
12-01-2021
The extra portion of unused memory is inaccessible via the API so I suppose this request is a minor performance enhancement in terms of not zeroing an extra, irrelevant portion of memory when the memory is page aligned and 'base' is not a multiple of the page size.
12-01-2021
Moved to JDK for further review.
11-01-2021