Skip to content

Commit 84b927a

Browse files
minborgAlan Bateman
minborg
authored and
Alan Bateman
committed
8296024: Usage of DirectBuffer::address should be guarded
Reviewed-by: mcimadamore, alanb, psandoz, bpb
1 parent a9e6c62 commit 84b927a

File tree

24 files changed

+638
-433
lines changed

24 files changed

+638
-433
lines changed

src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java

Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,8 @@
2525

2626
package com.sun.crypto.provider;
2727

28+
import jdk.internal.access.JavaNioAccess;
29+
import jdk.internal.access.SharedSecrets;
2830
import jdk.internal.misc.Unsafe;
2931
import sun.nio.ch.DirectBuffer;
3032
import sun.security.jca.JCAUtil;
@@ -92,6 +94,8 @@ abstract class GaloisCounterMode extends CipherSpi {
9294

9395
static final byte[] EMPTY_BUF = new byte[0];
9496

97+
private static final JavaNioAccess NIO_ACCESS = SharedSecrets.getJavaNioAccess();
98+
9599
private boolean initialized = false;
96100

97101
SymmetricCipher blockCipher;
@@ -909,6 +913,8 @@ int doLastBlock(GCMOperation op, ByteBuffer buffer, ByteBuffer src,
909913
*/
910914
ByteBuffer overlapDetection(ByteBuffer src, ByteBuffer dst) {
911915
if (src.isDirect() && dst.isDirect()) {
916+
// The use of DirectBuffer::address below need not be guarded as
917+
// no access is made to actual memory.
912918
DirectBuffer dsrc = (DirectBuffer) src;
913919
DirectBuffer ddst = (DirectBuffer) dst;
914920

@@ -946,7 +952,6 @@ ByteBuffer overlapDetection(ByteBuffer src, ByteBuffer dst) {
946952
((DirectBuffer) dst).address() - dstaddr + dst.position()) {
947953
return dst;
948954
}
949-
950955
} else if (!src.isDirect() && !dst.isDirect()) {
951956
// if src is read only, then we need a copy
952957
if (!src.isReadOnly()) {
@@ -1585,8 +1590,13 @@ public int doFinal(ByteBuffer src, ByteBuffer dst)
15851590
int ofs = dst.arrayOffset() + dst.position();
15861591
Arrays.fill(dst.array(), ofs , ofs + len, (byte)0);
15871592
} else {
1588-
Unsafe.getUnsafe().setMemory(((DirectBuffer)dst).address(),
1589-
len + dst.position(), (byte)0);
1593+
NIO_ACCESS.acquireSession(dst);
1594+
try {
1595+
Unsafe.getUnsafe().setMemory(((DirectBuffer)dst).address(),
1596+
len + dst.position(), (byte) 0);
1597+
} finally {
1598+
NIO_ACCESS.releaseSession(dst);
1599+
}
15901600
}
15911601
throw new AEADBadTagException("Tag mismatch");
15921602
}

src/java.base/share/classes/java/nio/Buffer.java

Lines changed: 28 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@
3737

3838
import java.io.FileDescriptor;
3939
import java.lang.foreign.MemorySegment;
40+
import java.lang.ref.Reference;
4041
import java.util.Objects;
4142
import java.util.Spliterator;
4243

@@ -779,6 +780,7 @@ final void checkSession() {
779780
// setup access to this package in SharedSecrets
780781
SharedSecrets.setJavaNioAccess(
781782
new JavaNioAccess() {
783+
782784
@Override
783785
public BufferPool getDirectBufferPool() {
784786
return Bits.BUFFER_POOL;
@@ -824,16 +826,34 @@ public MemorySegment bufferSegment(Buffer buffer) {
824826
}
825827

826828
@Override
827-
public Runnable acquireSession(Buffer buffer, boolean async) {
828-
var session = buffer.session();
829-
if (session == null) {
830-
return null;
829+
public void acquireSession(Buffer buffer) {
830+
var scope = buffer.session();
831+
if (scope != null) {
832+
scope.acquire0();
831833
}
832-
if (async && session.ownerThread() != null) {
833-
throw new IllegalStateException("Confined session not supported");
834+
}
835+
836+
@Override
837+
public void releaseSession(Buffer buffer) {
838+
try {
839+
var scope = buffer.session();
840+
if (scope != null) {
841+
scope.release0();
842+
}
843+
} finally {
844+
Reference.reachabilityFence(buffer);
834845
}
835-
session.acquire0();
836-
return session::release0;
846+
}
847+
848+
@Override
849+
public boolean isThreadConfined(Buffer buffer) {
850+
var scope = buffer.session();
851+
return scope != null && scope.ownerThread() != null;
852+
}
853+
854+
@Override
855+
public boolean hasSession(Buffer buffer) {
856+
return buffer.session() != null;
837857
}
838858

839859
@Override

src/java.base/share/classes/java/util/zip/Adler32.java

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -25,11 +25,13 @@
2525

2626
package java.util.zip;
2727

28-
import java.lang.ref.Reference;
2928
import java.nio.ByteBuffer;
30-
import sun.nio.ch.DirectBuffer;
29+
3130
import jdk.internal.util.Preconditions;
3231
import jdk.internal.vm.annotation.IntrinsicCandidate;
32+
import sun.nio.ch.DirectBuffer;
33+
34+
import static java.util.zip.ZipUtils.NIO_ACCESS;
3335

3436
/**
3537
* A class that can be used to compute the Adler-32 checksum of a data
@@ -96,10 +98,11 @@ public void update(ByteBuffer buffer) {
9698
if (rem <= 0)
9799
return;
98100
if (buffer.isDirect()) {
101+
NIO_ACCESS.acquireSession(buffer);
99102
try {
100103
adler = updateByteBuffer(adler, ((DirectBuffer)buffer).address(), pos, rem);
101104
} finally {
102-
Reference.reachabilityFence(buffer);
105+
NIO_ACCESS.releaseSession(buffer);
103106
}
104107
} else if (buffer.hasArray()) {
105108
adler = updateBytes(adler, buffer.array(), pos + buffer.arrayOffset(), rem);

src/java.base/share/classes/java/util/zip/CRC32.java

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,14 +25,15 @@
2525

2626
package java.util.zip;
2727

28-
import java.lang.ref.Reference;
2928
import java.nio.ByteBuffer;
3029
import java.util.Objects;
3130

3231
import sun.nio.ch.DirectBuffer;
3332
import jdk.internal.util.Preconditions;
3433
import jdk.internal.vm.annotation.IntrinsicCandidate;
3534

35+
import static java.util.zip.ZipUtils.NIO_ACCESS;
36+
3637
/**
3738
* A class that can be used to compute the CRC-32 of a data stream.
3839
*
@@ -96,10 +97,11 @@ public void update(ByteBuffer buffer) {
9697
if (rem <= 0)
9798
return;
9899
if (buffer.isDirect()) {
100+
NIO_ACCESS.acquireSession(buffer);
99101
try {
100102
crc = updateByteBuffer(crc, ((DirectBuffer)buffer).address(), pos, rem);
101103
} finally {
102-
Reference.reachabilityFence(buffer);
104+
NIO_ACCESS.releaseSession(buffer);
103105
}
104106
} else if (buffer.hasArray()) {
105107
crc = updateBytes(crc, buffer.array(), pos + buffer.arrayOffset(), rem);

src/java.base/share/classes/java/util/zip/CRC32C.java

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,6 @@
2424
*/
2525
package java.util.zip;
2626

27-
import java.lang.ref.Reference;
2827
import java.nio.ByteBuffer;
2928
import java.nio.ByteOrder;
3029

@@ -33,6 +32,8 @@
3332
import jdk.internal.vm.annotation.IntrinsicCandidate;
3433
import sun.nio.ch.DirectBuffer;
3534

35+
import static java.util.zip.ZipUtils.NIO_ACCESS;
36+
3637
/**
3738
* A class that can be used to compute the CRC-32C of a data stream.
3839
*
@@ -171,11 +172,12 @@ public void update(ByteBuffer buffer) {
171172
}
172173

173174
if (buffer.isDirect()) {
175+
NIO_ACCESS.acquireSession(buffer);
174176
try {
175-
crc = updateDirectByteBuffer(crc, ((DirectBuffer) buffer).address(),
177+
crc = updateDirectByteBuffer(crc, ((DirectBuffer)buffer).address(),
176178
pos, limit);
177179
} finally {
178-
Reference.reachabilityFence(buffer);
180+
NIO_ACCESS.releaseSession(buffer);
179181
}
180182
} else if (buffer.hasArray()) {
181183
crc = updateBytes(crc, buffer.array(), pos + buffer.arrayOffset(),

src/java.base/share/classes/java/util/zip/Deflater.java

Lines changed: 19 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,6 @@
2626
package java.util.zip;
2727

2828
import java.lang.ref.Cleaner.Cleanable;
29-
import java.lang.ref.Reference;
3029
import java.nio.ByteBuffer;
3130
import java.nio.ReadOnlyBufferException;
3231
import java.util.Objects;
@@ -35,6 +34,8 @@
3534
import jdk.internal.util.Preconditions;
3635
import sun.nio.ch.DirectBuffer;
3736

37+
import static java.util.zip.ZipUtils.NIO_ACCESS;
38+
3839
/**
3940
* This class provides support for general purpose compression using the
4041
* popular ZLIB compression library. The ZLIB compression library was
@@ -337,11 +338,12 @@ public void setDictionary(ByteBuffer dictionary) {
337338
int remaining = Math.max(dictionary.limit() - position, 0);
338339
ensureOpen();
339340
if (dictionary.isDirect()) {
340-
long address = ((DirectBuffer) dictionary).address();
341+
NIO_ACCESS.acquireSession(dictionary);
341342
try {
343+
long address = ((DirectBuffer) dictionary).address();
342344
setDictionaryBuffer(zsRef.address(), address + position, remaining);
343345
} finally {
344-
Reference.reachabilityFence(dictionary);
346+
NIO_ACCESS.releaseSession(dictionary);
345347
}
346348
} else {
347349
byte[] array = ZipUtils.getBufferArray(dictionary);
@@ -587,14 +589,15 @@ public int deflate(byte[] output, int off, int len, int flush) {
587589
inputPos = input.position();
588590
int inputRem = Math.max(input.limit() - inputPos, 0);
589591
if (input.isDirect()) {
592+
NIO_ACCESS.acquireSession(input);
590593
try {
591594
long inputAddress = ((DirectBuffer) input).address();
592595
result = deflateBufferBytes(zsRef.address(),
593596
inputAddress + inputPos, inputRem,
594597
output, off, len,
595598
flush, params);
596599
} finally {
597-
Reference.reachabilityFence(input);
600+
NIO_ACCESS.releaseSession(input);
598601
}
599602
} else {
600603
byte[] inputArray = ZipUtils.getBufferArray(input);
@@ -709,14 +712,15 @@ public int deflate(ByteBuffer output, int flush) {
709712
if (input == null) {
710713
inputPos = this.inputPos;
711714
if (output.isDirect()) {
712-
long outputAddress = ((DirectBuffer) output).address();
715+
NIO_ACCESS.acquireSession(output);
713716
try {
717+
long outputAddress = ((DirectBuffer) output).address();
714718
result = deflateBytesBuffer(zsRef.address(),
715719
inputArray, inputPos, inputLim - inputPos,
716720
outputAddress + outputPos, outputRem,
717721
flush, params);
718722
} finally {
719-
Reference.reachabilityFence(output);
723+
NIO_ACCESS.releaseSession(output);
720724
}
721725
} else {
722726
byte[] outputArray = ZipUtils.getBufferArray(output);
@@ -730,17 +734,19 @@ public int deflate(ByteBuffer output, int flush) {
730734
inputPos = input.position();
731735
int inputRem = Math.max(input.limit() - inputPos, 0);
732736
if (input.isDirect()) {
733-
long inputAddress = ((DirectBuffer) input).address();
737+
NIO_ACCESS.acquireSession(input);
734738
try {
739+
long inputAddress = ((DirectBuffer) input).address();
735740
if (output.isDirect()) {
736-
long outputAddress = outputPos + ((DirectBuffer) output).address();
741+
NIO_ACCESS.acquireSession(output);
737742
try {
743+
long outputAddress = outputPos + ((DirectBuffer) output).address();
738744
result = deflateBufferBuffer(zsRef.address(),
739745
inputAddress + inputPos, inputRem,
740746
outputAddress, outputRem,
741747
flush, params);
742748
} finally {
743-
Reference.reachabilityFence(output);
749+
NIO_ACCESS.releaseSession(output);
744750
}
745751
} else {
746752
byte[] outputArray = ZipUtils.getBufferArray(output);
@@ -751,20 +757,21 @@ public int deflate(ByteBuffer output, int flush) {
751757
flush, params);
752758
}
753759
} finally {
754-
Reference.reachabilityFence(input);
760+
NIO_ACCESS.releaseSession(input);
755761
}
756762
} else {
757763
byte[] inputArray = ZipUtils.getBufferArray(input);
758764
int inputOffset = ZipUtils.getBufferOffset(input);
759765
if (output.isDirect()) {
760-
long outputAddress = ((DirectBuffer) output).address();
766+
NIO_ACCESS.acquireSession(output);
761767
try {
768+
long outputAddress = ((DirectBuffer) output).address();
762769
result = deflateBytesBuffer(zsRef.address(),
763770
inputArray, inputOffset + inputPos, inputRem,
764771
outputAddress + outputPos, outputRem,
765772
flush, params);
766773
} finally {
767-
Reference.reachabilityFence(output);
774+
NIO_ACCESS.releaseSession(output);
768775
}
769776
} else {
770777
byte[] outputArray = ZipUtils.getBufferArray(output);

0 commit comments

Comments
 (0)