JDK-8307990 : jspawnhelper must close its writing side of a pipe before reading from it
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.lang
  • Affected Version: 17,20
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: linux
  • Submitted: 2023-05-12
  • Updated: 2024-11-29
  • Resolved: 2023-06-01
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 17 JDK 21
17.0.11Fixed 21 b26Fixed
Related Reports
Relates :  
JDK-8311645 - Memory leak in jspawnhelper spawnChild after JDK-8307990
Relates :  
JDK-8213192 - (process) Change the Process launch mechanism default on Linux to be posix_spawn
Relates :  
JDK-8345256 - Starting process (ProcessBuilder.start()) with Mac App Sandbox hangs for minutes
Relates :  
JDK-8308350 - Increase buffer size for jspawnhelper arguments
Relates :  
JDK-8310265 - (process) jspawnhelper should not use argv[0]
Sub Tasks
JDK-8308297 :  
Release Note: Fixed Indefinite `jspawnhelper` Hangs - Resolved
Description
Since JDK13, executing commands in a sub-process defaults to the so called `POSIX_SPAWN` launching mechanism (i.e. `-Djdk.lang.Process.launchMechanism=POSIX_SPAWN`) on Linux. This works by using `posix_spawn(3)` to firstly start a tiny helper program called `jspawnhelper` in a subprocess. In a second step, `jspawnhelper` reads the command data from the parent Java process over a Unix pipe and finally executes (i.e. `execvp(3)`) the requested command.

In cases where the parent process terminates abnormally before `jspawnhelper` has read all the expected data from the pipe, `jspawnhelper` will block indefinitely on the reading end of the pipe. This is especially harmful if the parent process had open sockets, because in that case, the forked `jspawnhelper` process will inherit them and keep all the corresponding ports open effectively preventing other processes to bind to them. Notice that this is not an abstract scenario. We've observed this regularly in production with services which couldn't be restarted after a crash after migrating to JDK 17.

The fix of the issue is rather trivial. `jspawnhelper` has to close its writing end of the pipe which connects it with the parent Java process *before* starting to read from that pipe such that reads from the pipe can immediately return with EOF if the parent process terminates abnormally.
Comments
[jdk17u-fix-request] Approval Request from Volker Simonis This issue is a regression since JDK 13 which was only detected when more services started to move to JDK 17. It regularly happens in our production deployments. The original fix was integrated into JDK 21 in June which gave it enough testing and exposure.
05-12-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk17u-dev/pull/2013 Date: 2023-12-05 17:45:42 +0000
05-12-2023
Changeset: 39f6d807 Author: Volker Simonis <simonis@openjdk.org> Date: 2023-06-01 10:56:31 +0000 URL: https://git.openjdk.org/jdk/commit/39f6d807dbbe0c9ecd72fe2f76bfbc3091b43c80
01-06-2023
[~rrigs]: Why "linux"? Does MacOS not use posix_spawn too?
18-05-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/13956 Date: 2023-05-12 15:24:19 +0000
12-05-2023