Description Vij Singh 2019-01-31 13:32:43 EST

Problem Summary:

The OpenJ9 JIT compiler incorrectly omitted a null check on the receiver object of an Unsafe call when accelerating it.

Details:

The Unsafe API is a JDK internal API used to implement primitive memory operations. Because this API can allow arbitrary memory to be read/written, access to the API is restricted. The restriction takes the form of a singleton instance - the call to obtain the instance performs the necessary security checks to ensure the requester has sufficient security permissions to be allowed access. When the OpenJ9 JIT compiler encounters a call to an Unsafe method the compiler transforms these calls into the direct memory operations they represent. In some circumstances the compiler may fail to check that the receiver of the unsafe call is non-null thus allowing unprivileged code to use Unsafe memory operations without the appropriate security check having been done.

Workaround:

Acceleration of Unsafe operations and the potential omission of the null check on the receiver can be disabled using -Xjit:disableUnsafe,disableUnsafeFastPath (note that this can have a significant impact on throughput performance on some workloads)

Problem Conclusion:

The OpenJ9 JIT compiler has been fixed to ensure it always generates a null check ahead of any Unsafe operation to ensure the user has obtained an instance of the Unsafe class before allowing the direct memory operation to be performed.