Prevent non-root accessible objects from poisoning the cache #22247
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
FYI: I'm currently pounding on this locally using the reproducer seen in #22240. |
|
Please remove the prefix "Fixes #14143 : " from the commit summary line (it should be no more than 70 characters long). The reference to that issue should go in the body of the commit message. Please also update the title of this pull request similarly. |
chrisdennis
force-pushed
the
issue-14143-reflection-cache-poisoning
branch
from
593cec8 to
e662bc1
Compare
chrisdennis
changed the title
keithc-ca
requested changes
Jul 17, 2025
chrisdennis
force-pushed
the
issue-14143-reflection-cache-poisoning
branch
2 times, most recently
from
17d34e6 to
6ecbc6c
Compare
keithc-ca
requested changes
Jul 18, 2025
chrisdennis
force-pushed
the
issue-14143-reflection-cache-poisoning
branch
from
6ecbc6c to
d8a1d57
Compare
keithc-ca
requested changes
Jul 18, 2025
chrisdennis
force-pushed
the
issue-14143-reflection-cache-poisoning
branch
from
d8a1d57 to
fee88ea
Compare
Fixes eclipse-openj9#14143 by preventing non-root accessible objects from entering the reflection caches. Allowing non-root objects in the caches will trigger failures when those objects are copied before being returned from public accessor methods. Signed-off-by: Chris Dennis <[email protected]>
chrisdennis
force-pushed
the
issue-14143-reflection-cache-poisoning
branch
from
fee88ea to
ab6a8ce
Compare
|
Jenkins test sanity plinux jdk8,jdk11,jdk21 |
keithc-ca
approved these changes
Jul 21, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Enabling the reflect cache debugging logic you can see there are numerous paths that can poison the reflection caches with non-root reflection objects. Rather than attempt to unravel all the possible paths in to this point I figured it would be easier to just extract the root instances and move on.
I'm not 100% on the preprocessor logic in use here, and whether this code is going to tolerate all the different possible target JDK version? I assume/hope that there's enough CI coverage to prove if this needs more work/polish.
Fixes #14143