> Hi all, > > I would like to propose a fix for JDK-8319589. This will allow jcmd and jps > running as root to get the complete list of JVMs running by all users, and to > attach from root to non-root JVMs. Previously, JDK-8197387 introduced the > same possibility on Linux. > > This change affects macOS, that uses "secure" per-user temporary directories. > It only affects JVMs running as root, the behavior in non-privileged JVMs > remains unchanged. > > Jcmd and jps rely on LocalVmManager to get the initial list of the local VMs. > The LocalVmManager uses sun.jvmstat.PlatformSupport to get the list of temp > directories, where it searches for user's PerfData directory such as > "hsperfdata_<username\>". In macosx the temp directories are per-user, the > temp path is returned by confstr(_CS_DARWIN_USER_TEMP_DIR). The per-user > directories are mode 700 and so they are read-protected from non-privileged > users and can be accessed by the owner and the root. > > Both jps and jcmd (HotSpotAttachProvider) create MonitoredVm objects, that > have PerfDataBuffer that performs attachment to the target. Only the > attachable VMs are listed in jcmd output. > > The proposed patch changes the list of directories returned by the > PlatformSupport#getTemporaryDirectories() in VMs running as root. The list is > later used in VirtualMachineImpl (jdk.attach). It changes also the way > mmap_attach_shared() searches for hsperfdata_<username\>/<pid\> files to map > the shared memory. Mmap_attach_shared() and VirtualMachineImpl (via > PlatformSupport) list the content of /var/folders, where the temp directories > are located, more specificly the temp directories are > /var/folders/<BUCKET\>/<ENCODED_UUID_UID\>/T as hinted in [1]. The full list > is returned by newly added PlatformSupportImpl#getTemporaryDirectories(). > > The attaching client's VirtualMachineImpl needs the target process's temp > directory to find .java<pid\> and create .attach<pid\> files. It uses the > list returned by PlatformSupportImpl#getTemporaryDirectories() and the > ProcessHandle of the target process to search for user's PerfData directory, > e.g. hsperfdata_<username\>, which is in the target process's temp directory, > exactly where it expects to see the .java<pid\> in return on sending SIGQUIT > to the target VM. > > Mmap_attach_shared() traverses the /var/folders in get_user_tmp_dir() and > looks for a hsperfdata_<username\> folder. If that folder is found in > /var/folders/*/*/T, that means the temp folder corresponds to the <username\> > and to the JVM being attached to. > > The...
Sergey Chernyshev has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains eight additional commits since the last revision: - Merge branch 'master' into JDK-8319589 - Merge branch 'master' into JDK-8319589 - Removed unused native method - addressed review comment #2 - Apply suggestions from code review Co-authored-by: David Holmes <[email protected]> - Update src/jdk.attach/macosx/classes/sun/tools/attach/VirtualMachineImpl.java Co-authored-by: Andrey Turbanov <[email protected]> - addressed review comments - 8319589: Attach from root to a user java process not supported in Mac ------------- Changes: - all: https://git.openjdk.org/jdk/pull/25824/files - new: https://git.openjdk.org/jdk/pull/25824/files/75dd6fb8..8118017f Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=25824&range=06 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=25824&range=05-06 Stats: 391287 lines in 4297 files changed: 249688 ins; 89814 del; 51785 mod Patch: https://git.openjdk.org/jdk/pull/25824.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/25824/head:pull/25824 PR: https://git.openjdk.org/jdk/pull/25824
