Re: RFR: 8194154 patch for crash at File.getCanonicalPath()
Yumin, As for the test options you would need to make this change: --- a/test/jdk/java/io/File/ParseCanonicalPath.java +++ b/test/jdk/java/io/File/ParseCanonicalPath.java @@ -25,7 +25,7 @@ (os.family == "solaris") | (os.family == "aix") @bug 8194154 @summary Test parsing path with double slashes on unix like platforms. - @run -ea main ParseCanonicalPath + @run main/othervm -ea ParseCanonicalPath */ A better alternative might be to throw a RuntimeException instead of using assert. Thanks, Brian On Feb 14, 2018, at 2:36 PM, yumin qi wrote: > Updated again in same link. > I could not run jtreg so please have a look if the options are good for @run
Re: RFR: 8194154 patch for crash at File.getCanonicalPath()
HI, Roger and Brian Updated again in same link. I could not run jtreg so please have a look if the options are good for @run Thanks Yumin On Wed, Feb 14, 2018 at 11:13 AM, Roger Riggs wrote: > Hi, > > In the test, the message can be improved; though the exception should > never occur > it will be misleading if it does. > Instead: > "Changing property user.dir should have no effect on the > getCanonicalPath" > > It is cleaner to throw AssertionError for the test failure. > Throwing FileSystemException makes it look like it came from inside the > file system implementation. > > Regards, Roger > > > On 2/13/2018 6:45 PM, yumin qi wrote: > >> Alan, >> >>In fact, if property "user.dir" is cached, the problem will go away >> without any changes to native or UnixFileSystem.java, since it won't >> canonicalize the string supplied from user. The output will be >>getProperty("user.dir") + "/" + file. (The result is not as expected, >> user can not change the property, means user has to work around the >> problem >> to reach their targeted directory to do things like loading classes) >> >>Any change to "user.dir" in java program does not have any effect. >>For Windows: >> >> --- a/src/java.base/windows/classes/java/io/WinNTFileSystem.java Fri Feb >> 02 >> 10:32:59 2018 -0800 >> +++ b/src/java.base/windows/classes/java/io/WinNTFileSystem.java Tue Feb >> 13 >> 23:40:21 2018 + >> @@ -43,12 +43,14 @@ >> private final char slash; >> private final char altSlash; >> private final char semicolon; >> +private final String userDir; >> >> public WinNTFileSystem() { >> Properties props = GetPropertyAction.privilegedGetProperties(); >> slash = props.getProperty("file.separator").charAt(0); >> semicolon = props.getProperty("path.separator").charAt(0); >> altSlash = (this.slash == '\\') ? '/' : '\\'; >> +userDir = props.getProperty("user.dir"); >> } >> >> private boolean isSlash(char c) { >> @@ -347,7 +349,7 @@ >> private String getUserPath() { >> /* For both compatibility and security, >> we must look this up every time */ >> -return normalize(System.getProperty("user.dir")); >> +return normalize(userDir); >> } >> >> private String getDrive(String path) { >> >>Does it need normalize(userDir) in getUserPath()? I think we need here. >> >>I will update the webrev and send for another round of review: the >> change >> in native will be reverted, and made changes to UnixFileSystem.java. >> >> >> Thanks >> Yumin >> >> >> On Mon, Feb 12, 2018 at 3:09 AM, Alan Bateman >> wrote: >> >> On 09/02/2018 18:01, Alan Bateman wrote: >>> >>> : I'll study the patch you have but I think we also need to create issues to get us to the point where changing this system property in a running VM doesn't impact running code. Looking at it again, I think we should change java.io.UnixFileSystem >>> (and >>> the Windows equivalent) to cache the value of user.dir to avoid difficult >>> to diagnose issues with bad code changing the value of this property in a >>> running VM. This should reduce the issue down to cases where user.dir is >>> changed on the command line (never supported either of course) to a value >>> that is not "/" but has trailing or duplicate slashes. >>> >>> When reduced down then the alternatives are to change the native >>> canonicalize method as you have done or alternatively do it once at >>> UnixFileSystem initialization time so that canonicalize does not have to >>> deal with this case. The former would require changing the description of >>> the function (it currently reads "The input path is assumed to contain no >>> duplicate slashes"), the latter avoids any changes to the native >>> implementation. >>> >>> -Alan >>> >>> >>> diff -r 0937e5f799df src/java.base/unix/classes/jav >>> a/io/UnixFileSystem.java >>> --- a/src/java.base/unix/classes/java/io/UnixFileSystem.javaSat Feb >>> 10 07:06:16 2018 -0500 >>> +++ b/src/java.base/unix/classes/java/io/UnixFileSystem.javaMon Feb >>> 12 10:49:40 2018 + >>> @@ -34,12 +34,14 @@ >>> private final char slash; >>> private final char colon; >>> private final String javaHome; >>> +private final String userDir; >>> >>> public UnixFileSystem() { >>> Properties props = GetPropertyAction.privilegedGe >>> tProperties(); >>> slash = props.getProperty("file.separator").charAt(0); >>> colon = props.getProperty("path.separator").charAt(0); >>> javaHome = props.getProperty("java.home"); >>> +userDir = props.getProperty("user.dir"); >>> } >>> >>> >>> @@ -128,7 +130,11 @@ >>> >>> public String resolve(File f) { >>> if (isAbsolute(f)) return f.getPath(); >>> -return resolve(System.getProperty("user.dir"), f.getPath()); >>> +SecurityManager sm = System.getSecurityManager(
Re: RFR: 8194154 patch for crash at File.getCanonicalPath()
Hi, In the test, the message can be improved; though the exception should never occur it will be misleading if it does. Instead: "Changing property user.dir should have no effect on the getCanonicalPath" It is cleaner to throw AssertionError for the test failure. Throwing FileSystemException makes it look like it came from inside the file system implementation. Regards, Roger On 2/13/2018 6:45 PM, yumin qi wrote: Alan, In fact, if property "user.dir" is cached, the problem will go away without any changes to native or UnixFileSystem.java, since it won't canonicalize the string supplied from user. The output will be getProperty("user.dir") + "/" + file. (The result is not as expected, user can not change the property, means user has to work around the problem to reach their targeted directory to do things like loading classes) Any change to "user.dir" in java program does not have any effect. For Windows: --- a/src/java.base/windows/classes/java/io/WinNTFileSystem.java Fri Feb 02 10:32:59 2018 -0800 +++ b/src/java.base/windows/classes/java/io/WinNTFileSystem.java Tue Feb 13 23:40:21 2018 + @@ -43,12 +43,14 @@ private final char slash; private final char altSlash; private final char semicolon; +private final String userDir; public WinNTFileSystem() { Properties props = GetPropertyAction.privilegedGetProperties(); slash = props.getProperty("file.separator").charAt(0); semicolon = props.getProperty("path.separator").charAt(0); altSlash = (this.slash == '\\') ? '/' : '\\'; +userDir = props.getProperty("user.dir"); } private boolean isSlash(char c) { @@ -347,7 +349,7 @@ private String getUserPath() { /* For both compatibility and security, we must look this up every time */ -return normalize(System.getProperty("user.dir")); +return normalize(userDir); } private String getDrive(String path) { Does it need normalize(userDir) in getUserPath()? I think we need here. I will update the webrev and send for another round of review: the change in native will be reverted, and made changes to UnixFileSystem.java. Thanks Yumin On Mon, Feb 12, 2018 at 3:09 AM, Alan Bateman wrote: On 09/02/2018 18:01, Alan Bateman wrote: : I'll study the patch you have but I think we also need to create issues to get us to the point where changing this system property in a running VM doesn't impact running code. Looking at it again, I think we should change java.io.UnixFileSystem (and the Windows equivalent) to cache the value of user.dir to avoid difficult to diagnose issues with bad code changing the value of this property in a running VM. This should reduce the issue down to cases where user.dir is changed on the command line (never supported either of course) to a value that is not "/" but has trailing or duplicate slashes. When reduced down then the alternatives are to change the native canonicalize method as you have done or alternatively do it once at UnixFileSystem initialization time so that canonicalize does not have to deal with this case. The former would require changing the description of the function (it currently reads "The input path is assumed to contain no duplicate slashes"), the latter avoids any changes to the native implementation. -Alan diff -r 0937e5f799df src/java.base/unix/classes/jav a/io/UnixFileSystem.java --- a/src/java.base/unix/classes/java/io/UnixFileSystem.javaSat Feb 10 07:06:16 2018 -0500 +++ b/src/java.base/unix/classes/java/io/UnixFileSystem.javaMon Feb 12 10:49:40 2018 + @@ -34,12 +34,14 @@ private final char slash; private final char colon; private final String javaHome; +private final String userDir; public UnixFileSystem() { Properties props = GetPropertyAction.privilegedGetProperties(); slash = props.getProperty("file.separator").charAt(0); colon = props.getProperty("path.separator").charAt(0); javaHome = props.getProperty("java.home"); +userDir = props.getProperty("user.dir"); } @@ -128,7 +130,11 @@ public String resolve(File f) { if (isAbsolute(f)) return f.getPath(); -return resolve(System.getProperty("user.dir"), f.getPath()); +SecurityManager sm = System.getSecurityManager(); +if (sm != null) { +sm.checkPropertyAccess("user.dir"); +} +return resolve(userDir, f.getPath()); } // Caches for canonicalization results to improve startup performance.
Re: RFR: 8194154 patch for crash at File.getCanonicalPath()
Alan, In fact, if property "user.dir" is cached, the problem will go away without any changes to native or UnixFileSystem.java, since it won't canonicalize the string supplied from user. The output will be getProperty("user.dir") + "/" + file. (The result is not as expected, user can not change the property, means user has to work around the problem to reach their targeted directory to do things like loading classes) Any change to "user.dir" in java program does not have any effect. For Windows: --- a/src/java.base/windows/classes/java/io/WinNTFileSystem.java Fri Feb 02 10:32:59 2018 -0800 +++ b/src/java.base/windows/classes/java/io/WinNTFileSystem.java Tue Feb 13 23:40:21 2018 + @@ -43,12 +43,14 @@ private final char slash; private final char altSlash; private final char semicolon; +private final String userDir; public WinNTFileSystem() { Properties props = GetPropertyAction.privilegedGetProperties(); slash = props.getProperty("file.separator").charAt(0); semicolon = props.getProperty("path.separator").charAt(0); altSlash = (this.slash == '\\') ? '/' : '\\'; +userDir = props.getProperty("user.dir"); } private boolean isSlash(char c) { @@ -347,7 +349,7 @@ private String getUserPath() { /* For both compatibility and security, we must look this up every time */ -return normalize(System.getProperty("user.dir")); +return normalize(userDir); } private String getDrive(String path) { Does it need normalize(userDir) in getUserPath()? I think we need here. I will update the webrev and send for another round of review: the change in native will be reverted, and made changes to UnixFileSystem.java. Thanks Yumin On Mon, Feb 12, 2018 at 3:09 AM, Alan Bateman wrote: > On 09/02/2018 18:01, Alan Bateman wrote: > >> : >> >> I'll study the patch you have but I think we also need to create issues >> to get us to the point where changing this system property in a running VM >> doesn't impact running code. >> > Looking at it again, I think we should change java.io.UnixFileSystem (and > the Windows equivalent) to cache the value of user.dir to avoid difficult > to diagnose issues with bad code changing the value of this property in a > running VM. This should reduce the issue down to cases where user.dir is > changed on the command line (never supported either of course) to a value > that is not "/" but has trailing or duplicate slashes. > > When reduced down then the alternatives are to change the native > canonicalize method as you have done or alternatively do it once at > UnixFileSystem initialization time so that canonicalize does not have to > deal with this case. The former would require changing the description of > the function (it currently reads "The input path is assumed to contain no > duplicate slashes"), the latter avoids any changes to the native > implementation. > > -Alan > > > diff -r 0937e5f799df src/java.base/unix/classes/jav > a/io/UnixFileSystem.java > --- a/src/java.base/unix/classes/java/io/UnixFileSystem.javaSat Feb > 10 07:06:16 2018 -0500 > +++ b/src/java.base/unix/classes/java/io/UnixFileSystem.javaMon Feb > 12 10:49:40 2018 + > @@ -34,12 +34,14 @@ > private final char slash; > private final char colon; > private final String javaHome; > +private final String userDir; > > public UnixFileSystem() { > Properties props = GetPropertyAction.privilegedGetProperties(); > slash = props.getProperty("file.separator").charAt(0); > colon = props.getProperty("path.separator").charAt(0); > javaHome = props.getProperty("java.home"); > +userDir = props.getProperty("user.dir"); > } > > > @@ -128,7 +130,11 @@ > > public String resolve(File f) { > if (isAbsolute(f)) return f.getPath(); > -return resolve(System.getProperty("user.dir"), f.getPath()); > +SecurityManager sm = System.getSecurityManager(); > +if (sm != null) { > +sm.checkPropertyAccess("user.dir"); > +} > +return resolve(userDir, f.getPath()); > } > > // Caches for canonicalization results to improve startup performance. > >
Re: RFR: 8194154 patch for crash at File.getCanonicalPath()
On 09/02/2018 18:01, Alan Bateman wrote: : I'll study the patch you have but I think we also need to create issues to get us to the point where changing this system property in a running VM doesn't impact running code. Looking at it again, I think we should change java.io.UnixFileSystem (and the Windows equivalent) to cache the value of user.dir to avoid difficult to diagnose issues with bad code changing the value of this property in a running VM. This should reduce the issue down to cases where user.dir is changed on the command line (never supported either of course) to a value that is not "/" but has trailing or duplicate slashes. When reduced down then the alternatives are to change the native canonicalize method as you have done or alternatively do it once at UnixFileSystem initialization time so that canonicalize does not have to deal with this case. The former would require changing the description of the function (it currently reads "The input path is assumed to contain no duplicate slashes"), the latter avoids any changes to the native implementation. -Alan diff -r 0937e5f799df src/java.base/unix/classes/java/io/UnixFileSystem.java --- a/src/java.base/unix/classes/java/io/UnixFileSystem.java Sat Feb 10 07:06:16 2018 -0500 +++ b/src/java.base/unix/classes/java/io/UnixFileSystem.java Mon Feb 12 10:49:40 2018 + @@ -34,12 +34,14 @@ private final char slash; private final char colon; private final String javaHome; + private final String userDir; public UnixFileSystem() { Properties props = GetPropertyAction.privilegedGetProperties(); slash = props.getProperty("file.separator").charAt(0); colon = props.getProperty("path.separator").charAt(0); javaHome = props.getProperty("java.home"); + userDir = props.getProperty("user.dir"); } @@ -128,7 +130,11 @@ public String resolve(File f) { if (isAbsolute(f)) return f.getPath(); - return resolve(System.getProperty("user.dir"), f.getPath()); + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + sm.checkPropertyAccess("user.dir"); + } + return resolve(userDir, f.getPath()); } // Caches for canonicalization results to improve startup performance.
Re: RFR: 8194154 patch for crash at File.getCanonicalPath()
On 08/02/2018 17:35, yumin qi wrote: HI, Alan As in your email to RFR of 8194154 which now has a new fix in canonicalize_md.c, switch back to discuss solution here again. The current fix is not in java, instead, I put it in C function. In the function before the fix, it assumes no more "//" pattern in the string so failed to get correct substrings with the case as the test case. The fix should not cause other problem since it does double check if double or more slashes in sequential. The APIs indicates 'user.dir' etc system property should not be rewritten, but did not prevent modifying them in practise. Sure, but it's really hairy for anything to be depend on that. We can improve the reliability by changing java.io.UnixFileSystem to read the system property at most once. Second/subsequent usages should only need to do a permission check (for the security manager case). Going further then we need to get to the point where the APIs never read a modified property, this goes for java.home and several others too. I'll study the patch you have but I think we also need to create issues to get us to the point where changing this system property in a running VM doesn't impact running code. -Alan
Re: RFR: 8194154 patch for crash at File.getCanonicalPath()
HI, Alan As in your email to RFR of 8194154 which now has a new fix in canonicalize_md.c, switch back to discuss solution here again. The current fix is not in java, instead, I put it in C function. In the function before the fix, it assumes no more "//" pattern in the string so failed to get correct substrings with the case as the test case. The fix should not cause other problem since it does double check if double or more slashes in sequential. The APIs indicates 'user.dir' etc system property should not be rewritten, but did not prevent modifying them in practise. Thanks Yumin On Tue, Jan 2, 2018 at 6:09 PM, Wenqian Pei wrote: > > Can you please review this patch? > > Thanks in advance! > > Wenqian Pei > --发件人:Alan > Bateman 发送时间:2018年1月3日(星期三) 01:30收件人:裴文谦(右席) < > wenqian.pe...@alibaba-inc.com>; core-libs-dev net>抄 送:陆传胜(传胜) ; 李三红(三红) < > sanhong....@alibaba-inc.com>主 题:Re: RFR: 8194154 patch for crash at > File.getCanonicalPath() > On 25/12/2017 09:40, Wenqian Pei wrote: > > Hi: > > > > Bug: https://bugs.openjdk.java.net/browse/JDK-8194154 > > > > We found that if user defines -Duser.dir like "/ > home/a/b/c/", jvm will crash at File.getCanonicalPath() in > java process bootstrap (before invoking user's java code). The native > implematation of canonicalize_md.c:collapsible(char *names) > has problem in processing double '/', parameter 'names' > need normalized before JNI_CALL. > > > user.dir is a "read-only" property and should never be changed on the > command-line or in a running VM (it breaks APIs in other areas to have > user.dir be different to the actual working directory). Someday we need > to figure out how to enforce this. > > In the mean-time, the runtime shouldn't crash so I agree it > should be fixed. > > -Alan. >
Re: RFR: 8194154 patch for crash at File.getCanonicalPath()
On 25/12/2017 09:40, Wenqian Pei wrote: Hi: Bug: https://bugs.openjdk.java.net/browse/JDK-8194154 We found that if user defines -Duser.dir like "/home/a/b/c/", jvm will crash at File.getCanonicalPath() in java process bootstrap (before invoking user's java code). The native implematation of canonicalize_md.c:collapsible(char *names) has problem in processing double '/', parameter 'names' need normalized before JNI_CALL. user.dir is a "read-only" property and should never be changed on the command-line or in a running VM (it breaks APIs in other areas to have user.dir be different to the actual working directory). Someday we need to figure out how to enforce this. In the mean-time, the runtime shouldn't crash so I agree it should be fixed. -Alan.
Re: RFR: 8194154 patch for crash at File.getCanonicalPath()
Hi, Attachments get stripped (usually). You'll need to include it inline. Cheers, David On 25/12/2017 7:40 PM, Wenqian Pei wrote: Hi: Bug: https://bugs.openjdk.java.net/browse/JDK-8194154 We found that if user defines -Duser.dir like "/home/a/b/c/", jvm will crash at File.getCanonicalPath() in java process bootstrap (before invoking user's java code). The native implematation of canonicalize_md.c:collapsible(char *names) has problem in processing double '/', parameter 'names' need normalized before JNI_CALL. This patch normalize parameters before call canonicalize0() in this call path Patch and test are in mailbox attachments. Can I please have a review for this patch? Thanks Wenqian Pei