8345286: Remove use of SecurityManager API from misc areas

[jaikiran]

Can I please get a review of this change which removes usages of SecurityManager related APIs and some leftover related to SecurityManager changes?

This addresses https://bugs.openjdk.org/browse/JDK-8345286. Most of these changes are trivial. The src/java.base/linux/classes/jdk/internal/platform/CgroupUtil.java used to expose utility methods for dealing with SecurityManager permissions and it was called from a few places. That class is no longer needed with the clean up done in this PR.

No new tests have been introduced and tier testing is currently in progress.

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Issue

• JDK-8345286: Remove use of SecurityManager API from misc areas (Enhancement - P4)

Reviewers

• Alan Bateman (@AlanBateman - Reviewer)
• Severin Gehwolf (@jerboaa - Reviewer) Review applies to 9baa279b
• Kevin Walls (@kevinjwalls - Reviewer)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/22478/head:pull/22478
$ git checkout pull/22478

Update a local copy of the PR:
$ git checkout pull/22478
$ git pull https://git.openjdk.org/jdk.git pull/22478/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 22478

View PR using the GUI difftool:
$ git pr show -t 22478

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/22478.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back jpai! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

@jaikiran This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8345286: Remove use of SecurityManager API from misc areas

Reviewed-by: alanb, kevinw, sgehwolf

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 47 new commits pushed to the master branch:

• 38927fc: 8343213: TEST_BUG: [Graal] java/lang/ref/Basic.java fails
• cf1eb58: 8344935: [ubsan]: javaThread.hpp:1241:52: runtime error: load of value 9831830, which is not a valid value for type 'freeze_result'
• 943aa03: 8345404: [ppc64le] ProblemList TestAllocOutOfMemory.java#large
• 9e2b66f: 8345178: RISC-V: Add gtests for narrow cmpxchg
• 4c33caa: 8344609: Check ResourceMark nesting when allocating a GrowableArray on an alternative ResourceArea
• 4b92816: 8345375: Improve debuggability of test/jdk/java/net/Socket/CloseAvailable.java
• e15912b: 8345248: Module name 'transitive' not accepted for requires transitive
• 521ed72: 8345357: test/jdk/javax/swing/JRadioButton/8033699/bug8033699.java fails in ubuntu22.04
• 447f8d4: 8345353: Test for JDK-8344800 W3C DTDs and XSDs in the built-in Catalog
• 43b337e: 8344304: [s390x] ubsan: negation of -2147483648 cannot be represented in type 'int'
• ... and 37 more: https://git.openjdk.org/jdk/compare/a3b58ee5cd1ec0ea78649d4128d272458b05eb13...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

[openjdk]

@jaikiran The following labels will be automatically applied to this pull request:

• core-libs
• net
• security
• serviceability

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing lists. If you would like to change these labels, use the /label pull request command.

[jaikiran]

Hello Severin @jerboaa, given your work in the cgroups area of the JDK, could you help review the updates in this PR for those classes?

[mlbridge]

Webrevs

• 08: Full (d53fe8ad)
• 07: Full (9baa279b)
• 06: Full - Incremental (5a96fa5f)
• 05: Full - Incremental (b018ef09)
• 04: Full - Incremental (26df25b2)
• 03: Full - Incremental (52a47f72)
• 02: Full - Incremental (ad62bd4c)
• 01: Full - Incremental (75511e30)
• 00: Full (e36c5207)

[AlanBateman]

Good cleanup, a few small nits spotted along the way.

[AlanBateman]

I'm half tempted to suggest leaving MethodUtil out of this change. There is further work required here and leaving the SM usage is a reminder of that.

[jaikiran]

Understood. I've now updated this PR to revert back the changes in this file.

[AlanBateman]

The formatting has got messed up here. If you create Path path = Path.of(controller.path(), param) then the try line would fit on one line and would fix the formatting issue. Maybe some future cleanup will replace this with Files.lines as this just needs to return the first line.

[jaikiran]

Fixed. I moved the Path.of() outside of the try-with-resources and the line length is now more reasonable.

[AlanBateman]

Using Path.of might be clearer here.

[jerboaa]

What Alan said.

[jaikiran]

Done, here and one other place in this file.

[AlanBateman]

An extra space crept in that at some point

[jaikiran]

Thanks for spotting that, I hadn't noticed it.

[jerboaa]

I've reviewed only the cgroups parts.

[jerboaa]

Suggested change

	try (Stream<String> lines = Files.lines(Paths.get(unified.path(), "io.stat"))) {
	try (Stream<String> lines = Files.lines(Paths.of(unified.path(), "io.stat"))) {

[jaikiran]

Done.

[jerboaa]

I think we can do this refactoring now:

Suggested change

	try (BufferedReader bufferedReader =
	Files.newBufferedReader(Paths.get(controller.path(), param))) {
	String line = bufferedReader.readLine();
	return line;
	} catch (IOException e) {
	try (Stream<String> lines =
	Files.lines(Paths.of(controller.path(), param))) {
	Optional<String> firstLine = lines.findFirst();
	return firstLine.orElse(null);
	} catch (IOException e) {

[jerboaa]

What Alan said.

[jerboaa]

cgroups changes look good. Haven't looked at the other bits.

[jerboaa]

Unused now?

[jaikiran]

Yes, it's now unused. I've removed it in the latest update to the PR and also replaced a few more Paths.get() with Path.of() in the current set of files that have been updated in this PR.

[jaikiran]

cgroups changes look good. Haven't looked at the other bits.

Thank you Severin.

[AlanBateman]

Not sure about this as it's not a significant change to the file.

[jaikiran]

Do you mean for just this file or the rest of the files in this PR as well? I am open to removing the copyright additions.

[AlanBateman]

Sean has included in this one in the changes for sun.security (pull/22418) so I think you can drop it from this PR.

[jaikiran]

Done. Removed it from this PR.

[openjdk]

@jaikiran this pull request can not be integrated into master due to one or more merge conflicts. To resolve these merge conflicts and update this pull request you can run the following commands in the local repository for your personal fork:

git checkout 8345286
git fetch https://git.openjdk.org/jdk.git master
git merge FETCH_HEAD
# resolve conflicts and follow the instructions given by git merge
git commit -m "Merge master"
git push

[jerboaa]

cgroup changes still look good.

[dfuch]

Good cleanup! Changes to logger + net look fine.

[dfuch]

you could probably just:

            return lines.findFirst().orElse(null);

unless the local variable is needed or type inference?

[jaikiran]

Hello Daniel, no syntactical reason behind this. Severin proposed this style in his review and I noticed that this area of the code has been using this style of local variable assigment and immediate return in one or two other places, so I decided to stick with it. I don't have a strong preference but am willing to update it if you or others think we should.

[dfuch]

In that case you may leave it as is - it's fine with me.

[seanjmullan]

I think you can also remove the words "has no permissions" as it no longer applies. @AlanBateman ?

[AlanBateman]

Yes, that can be removed.

[jaikiran]

Done.

[jaikiran]

Although trivial, there are some changes to files from the serviceability area. So it would be good if someone from that area could review this too.

[kevinjwalls]

Although trivial, there are some changes to files from the serviceability area. So it would be good if someone from that area could review this too.

Yes, looks good. I will update #22478 to avoid the clash!

[jaikiran]

Thank you everyone for the help in reviewing this.

[jaikiran]

/integrate

[openjdk]

Going to push as commit 3d49665.
Since your change was applied there have been 47 commits pushed to the master branch:

• 38927fc: 8343213: TEST_BUG: [Graal] java/lang/ref/Basic.java fails
• cf1eb58: 8344935: [ubsan]: javaThread.hpp:1241:52: runtime error: load of value 9831830, which is not a valid value for type 'freeze_result'
• 943aa03: 8345404: [ppc64le] ProblemList TestAllocOutOfMemory.java#large
• 9e2b66f: 8345178: RISC-V: Add gtests for narrow cmpxchg
• 4c33caa: 8344609: Check ResourceMark nesting when allocating a GrowableArray on an alternative ResourceArea
• 4b92816: 8345375: Improve debuggability of test/jdk/java/net/Socket/CloseAvailable.java
• e15912b: 8345248: Module name 'transitive' not accepted for requires transitive
• 521ed72: 8345357: test/jdk/javax/swing/JRadioButton/8033699/bug8033699.java fails in ubuntu22.04
• 447f8d4: 8345353: Test for JDK-8344800 W3C DTDs and XSDs in the built-in Catalog
• 43b337e: 8344304: [s390x] ubsan: negation of -2147483648 cannot be represented in type 'int'
• ... and 37 more: https://git.openjdk.org/jdk/compare/a3b58ee5cd1ec0ea78649d4128d272458b05eb13...master

Your commit was automatically rebased without conflicts.

[openjdk]

@jaikiran Pushed as commit 3d49665.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.