Skip to content

Commit

Permalink
8266310: deadlock between System.loadLibrary and JNI FindClass loadin…
Browse files Browse the repository at this point in the history
…g another class

Reviewed-by: dholmes, plevart, chegar, mchung
  • Loading branch information
Aleksei Voitylov authored and Alexander Scherbatiy committed Jul 6, 2021
1 parent 20eba35 commit e47803a
Show file tree
Hide file tree
Showing 10 changed files with 912 additions and 19 deletions.
138 changes: 119 additions & 19 deletions src/java.base/share/classes/jdk/internal/loader/NativeLibraries.java
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.locks.ReentrantLock;

/**
* Native libraries are loaded via {@link System#loadLibrary(String)},
Expand Down Expand Up @@ -185,7 +186,8 @@ private NativeLibrary loadLibrary(Class<?> fromClass, String name, boolean isBui
throw new InternalError(fromClass.getName() + " not allowed to load library");
}

synchronized (loadedLibraryNames) {
acquireNativeLibraryLock(name);
try {
// find if this library has already been loaded and registered in this NativeLibraries
NativeLibrary cached = libraries.get(name);
if (cached != null) {
Expand All @@ -202,15 +204,14 @@ private NativeLibrary loadLibrary(Class<?> fromClass, String name, boolean isBui
* When a library is being loaded, JNI_OnLoad function can cause
* another loadLibrary invocation that should succeed.
*
* We use a static stack to hold the list of libraries we are
* loading because this can happen only when called by the
* same thread because this block is synchronous.
* Each thread maintains its own stack to hold the list of
* libraries it is loading.
*
* If there is a pending load operation for the library, we
* immediately return success; otherwise, we raise
* UnsatisfiedLinkError.
* immediately return success; if the pending load is from
* a different class loader, we raise UnsatisfiedLinkError.
*/
for (NativeLibraryImpl lib : nativeLibraryContext) {
for (NativeLibraryImpl lib : NativeLibraryContext.current()) {
if (name.equals(lib.name())) {
if (loader == lib.fromClass.getClassLoader()) {
return lib;
Expand All @@ -223,7 +224,7 @@ private NativeLibrary loadLibrary(Class<?> fromClass, String name, boolean isBui

NativeLibraryImpl lib = new NativeLibraryImpl(fromClass, name, isBuiltin, isJNI);
// load the native library
nativeLibraryContext.push(lib);
NativeLibraryContext.push(lib);
try {
if (!lib.open()) {
return null; // fail to open the native library
Expand All @@ -242,12 +243,14 @@ private NativeLibrary loadLibrary(Class<?> fromClass, String name, boolean isBui
CleanerFactory.cleaner().register(loader, lib.unloader());
}
} finally {
nativeLibraryContext.pop();
NativeLibraryContext.pop();
}
// register the loaded native library
loadedLibraryNames.add(name);
libraries.put(name, lib);
return lib;
} finally {
releaseNativeLibraryLock(name);
}
}

Expand Down Expand Up @@ -295,13 +298,16 @@ public void unload(NativeLibrary lib) {
throw new UnsupportedOperationException("explicit unloading cannot be used with auto unloading");
}
Objects.requireNonNull(lib);
synchronized (loadedLibraryNames) {
acquireNativeLibraryLock(lib.name());
try {
NativeLibraryImpl nl = libraries.remove(lib.name());
if (nl != lib) {
throw new IllegalArgumentException(lib.name() + " not loaded by this NativeLibraries instance");
}
// unload the native library and also remove from the global name registry
nl.unloader().run();
} finally {
releaseNativeLibraryLock(lib.name());
}
}

Expand Down Expand Up @@ -415,17 +421,20 @@ static class Unloader implements Runnable {

@Override
public void run() {
synchronized (loadedLibraryNames) {
acquireNativeLibraryLock(name);
try {
/* remove the native library name */
if (!loadedLibraryNames.remove(name)) {
throw new IllegalStateException(name + " has already been unloaded");
}
nativeLibraryContext.push(UNLOADER);
NativeLibraryContext.push(UNLOADER);
try {
unload(name, isBuiltin, isJNI, handle);
} finally {
nativeLibraryContext.pop();
NativeLibraryContext.pop();
}
} finally {
releaseNativeLibraryLock(name);
}
}
}
Expand All @@ -443,20 +452,111 @@ static class LibraryPaths {
}

// All native libraries we've loaded.
// This also serves as the lock to obtain nativeLibraries
// and write to nativeLibraryContext.
private static final Set<String> loadedLibraryNames = new HashSet<>();
private static final Set<String> loadedLibraryNames =
ConcurrentHashMap.newKeySet();

// reentrant lock class that allows exact counting (with external synchronization)
@SuppressWarnings("serial")
private static final class CountedLock extends ReentrantLock {

private int counter = 0;

public void increment() {
if (counter == Integer.MAX_VALUE) {
// prevent overflow
throw new Error("Maximum lock count exceeded");
}
++counter;
}

public void decrement() {
--counter;
}

public int getCounter() {
return counter;
}
}

// Maps native library name to the corresponding lock object
private static final Map<String, CountedLock> nativeLibraryLockMap =
new ConcurrentHashMap<>();

private static void acquireNativeLibraryLock(String libraryName) {
nativeLibraryLockMap.compute(libraryName, (name, currentLock) -> {
if (currentLock == null) {
currentLock = new CountedLock();
}
// safe as compute lambda is executed atomically
currentLock.increment();
return currentLock;
}).lock();
}

private static void releaseNativeLibraryLock(String libraryName) {
CountedLock lock = nativeLibraryLockMap.computeIfPresent(libraryName, (name, currentLock) -> {
if (currentLock.getCounter() == 1) {
// unlock and release the object if no other threads are queued
currentLock.unlock();
// remove the element
return null;
} else {
currentLock.decrement();
return currentLock;
}
});
if (lock != null) {
lock.unlock();
}
}

// native libraries being loaded
private static Deque<NativeLibraryImpl> nativeLibraryContext = new ArrayDeque<>(8);
private static final class NativeLibraryContext {

// Maps thread object to the native library context stack, maintained by each thread
private static Map<Thread, Deque<NativeLibraryImpl>> nativeLibraryThreadContext =
new ConcurrentHashMap<>();

// returns a context associated with the current thread
private static Deque<NativeLibraryImpl> current() {
return nativeLibraryThreadContext.computeIfAbsent(
Thread.currentThread(),
t -> new ArrayDeque<>(8));
}

private static NativeLibraryImpl peek() {
return current().peek();
}

private static void push(NativeLibraryImpl lib) {
current().push(lib);
}

private static void pop() {
// this does not require synchronization since each
// thread has its own context
Deque<NativeLibraryImpl> libs = current();
libs.pop();
if (libs.isEmpty()) {
// context can be safely removed once empty
nativeLibraryThreadContext.remove(Thread.currentThread());
}
}

private static boolean isEmpty() {
Deque<NativeLibraryImpl> context =
nativeLibraryThreadContext.get(Thread.currentThread());
return (context == null || context.isEmpty());
}
}

// Invoked in the VM to determine the context class in JNI_OnLoad
// and JNI_OnUnload
private static Class<?> getFromClass() {
if (nativeLibraryContext.isEmpty()) { // only default library
if (NativeLibraryContext.isEmpty()) { // only default library
return Object.class;
}
return nativeLibraryContext.peek().fromClass;
return NativeLibraryContext.peek().fromClass;
}

// JNI FindClass expects the caller class if invoked from JNI_OnLoad
Expand Down
34 changes: 34 additions & 0 deletions test/jdk/java/lang/ClassLoader/loadLibraryDeadlock/Class1.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
/*
* Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2021, BELLSOFT. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/

/*
* Class1 loads a native library that calls ClassLoader.findClass in JNI_OnLoad.
* Class1 runs concurrently with another thread that opens a signed jar file.
*/
class Class1 {
static {
System.loadLibrary("loadLibraryDeadlock");
System.out.println("Signed jar loaded from native library.");
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
/*
* Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2021, BELLSOFT. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/

/*
* LoadLibraryDeadlock class triggers the deadlock between the two
* lock objects - ZipFile object and ClassLoader.loadedLibraryNames hashmap.
* Thread #2 loads a signed jar which leads to acquiring the lock objects in
* natural order (ZipFile then HashMap) - loading a signed jar may involve
* Providers initialization. Providers may load native libraries.
* Thread #1 acquires the locks in reverse order, first entering loadLibrary
* called from Class1, then acquiring ZipFile during the search for a class
* triggered from JNI.
*/
import java.lang.*;

public class LoadLibraryDeadlock {

public static void main(String[] args) {
Thread t1 = new Thread() {
public void run() {
try {
// an instance of unsigned class that loads a native library
Class<?> c1 = Class.forName("Class1");
Object o = c1.newInstance();
} catch (ClassNotFoundException |
InstantiationException |
IllegalAccessException e) {
System.out.println("Class Class1 not found.");
throw new RuntimeException(e);
}
}
};
Thread t2 = new Thread() {
public void run() {
try {
// load a class from a signed jar, which locks the JarFile
Class<?> c2 = Class.forName("p.Class2");
System.out.println("Signed jar loaded.");
} catch (ClassNotFoundException e) {
System.out.println("Class Class2 not found.");
throw new RuntimeException(e);
}
}
};
t2.start();
t1.start();
try {
t1.join();
t2.join();
} catch (InterruptedException ignore) {
}
}
}
Loading

1 comment on commit e47803a

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.