4552N/A * Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved. 2796N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 2796N/A * This code is free software; you can redistribute it and/or modify it 2796N/A * under the terms of the GNU General Public License version 2 only, as 2796N/A * published by the Free Software Foundation. 2796N/A * This code is distributed in the hope that it will be useful, but WITHOUT 2796N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 2796N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 2796N/A * version 2 for more details (a copy is included in the LICENSE file that 2796N/A * You should have received a copy of the GNU General Public License version 2796N/A * 2 along with this work; if not, write to the Free Software Foundation, 2796N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2796N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2796N/A // file, if successfully created. 2796N/A// Standard Memory Implementation Details 2796N/A// create the PerfData memory region in standard memory. 2796N/A // allocate an aligned chuck of memory 2796N/A// delete the PerfData memory region 2796N/A // there are no persistent external resources to cleanup for standard 2796N/A // memory. since DestroyJavaVM does not support unloading of the JVM, 2796N/A // cleanup of the memory resource is not performed. The memory will be 2796N/A // reclaimed by the OS upon termination of the process. 2796N/A// save the specified memory region to the given file 2796N/A// Note: this function might be called from signal handler (by os::abort()), 2796N/A// don't allocate heap memory. 2796N/A// Shared Memory Implementation Details 2796N/A// Note: the solaris and bsd shared memory implementation uses the mmap 2796N/A// interface with a backing store file to implement named shared memory. 2796N/A// Using the file system as the name space for shared memory allows a 2796N/A// common name space to be supported across a variety of platforms. It 2796N/A// also provides a name space that Java applications can deal with through 2796N/A// The solaris and bsd implementations store the backing store file in 2796N/A// a user specific temporary directory located in the /tmp file system, 2796N/A// which is always a local file system and is sometimes a RAM based file 2796N/A// return the user specific temporary directory name. 2796N/A// the caller is expected to free the allocated memory. 2796N/A // construct the path name to user specific tmp directory 2796N/A// convert the given file name into a process id. if the file 2796N/A// does not meet the file naming constraints, return 0. 2796N/A // a filename that doesn't begin with a digit is not a 2796N/A // candidate for conversion. 2796N/A // check if file name can be converted to an integer without 2796N/A // any leftover characters. 2796N/A // check for left over characters. If any, then the filename is 2796N/A // not a candidate for conversion. 2796N/A // successful conversion, return the pid 2796N/A// check if the given path is considered a secure directory for 2796N/A// the backing store files. Returns true if the directory exists 2796N/A// and is considered a secure location. Returns false if the path 2796N/A// is a symbolic link or if an error occurred. 2796N/A // the path exists, now check it's mode 2796N/A // the path represents a link or some non-directory file type, 2796N/A // which is not what we expected. declare it insecure. 2796N/A // we have an existing directory, check if the permissions are safe. 2796N/A // the directory is open for writing and could be subjected 2796N/A // to a symlnk attack. declare it insecure. 2796N/A// return the user name for the given user id 2796N/A// the caller is expected to free the allocated memory. 2796N/A // determine the max pwbuf size from sysconf, and hardcode 2796N/A // a default if this not available through sysconf. 2796N/A // POSIX interface to getpwuid_r is used on LINUX 2796N/A // this check is added to protect against an observed problem 2796N/A // with getpwuid_r() on RedHat 9 where getpwuid_r returns 0, 2796N/A // indicating success, but has p == NULL. This was observed when 2796N/A // inserting a file descriptor exhaustion fault prior to the call 2796N/A // getpwuid_r() call. In this case, error is set to the appropriate 2796N/A // error condition, but this is undocumented behavior. This check 2796N/A // is safe under any condition, but the use of errno in the output 2796N/A // message may result in an erroneous message. 2796N/A // Bug Id 89052 was opened with RedHat. 2796N/A// return the name of the user that owns the process identified by vmid. 2796N/A// This method uses a slow directory search algorithm to find the backing 2796N/A// store file for the specified vmid and returns the user name, as determined 2796N/A// by the user name suffix of the hsperfdata_<username> directory name. 2796N/A// the caller is expected to free the allocated memory. 2796N/A // short circuit the directory search if the process doesn't even exist. 2796N/A // for each entry in the directory that matches the pattern hsperfdata_*, 2796N/A // open the directory and check if the file for the given vmid exists. 2796N/A // The file with the expected name and the latest creation date is used 2796N/A // to determine the user name for the process id. 2796N/A // check if the directory entry is a hsperfdata file 2796N/A // Since we don't create the backing store files in directories 2796N/A // pointed to by symbolic links, we also don't follow them when 2796N/A // looking for the files. We check for a symbolic link after the 2796N/A // call to opendir in order to eliminate a small window where the 2796N/A // symlink can be exploited. 2796N/A // don't follow symbolic links for the file 2796N/A // skip over files that are not regular files. 2796N/A // compare and save filename with latest creation time 2796N/A// return the name of the user that owns the JVM indicated by the given vmid. 2796N/A// return the file name of the backing store file for the named 2796N/A// shared memory region for the given user name and vmid. 2796N/A// the caller is expected to free the allocated memory. 2796N/A // add 2 for the file separator and a null terminator. 2796N/A// this method removes the file specified by the given path 2796N/A // if the file is a directory, the following unlink will fail. since 2796N/A // we don't expect to find directories in the user temp directory, we 2796N/A // won't try to handle this situation. even if accidentially or 2796N/A // maliciously planted, the directory's presence won't hurt anything. 2796N/A// this method removes the file with the given file name in the 2796N/A// cleanup stale shared memory resources 2796N/A// This method attempts to remove all stale shared memory files in 2796N/A// the named user temporary directory. It scans the named directory 2796N/A// for files matching the pattern ^$[0-9]*$. For each file found, the 2796N/A// process id is extracted from the file name and a test is run to 2796N/A// determine if the process is alive. If the process is not alive, 2796N/A// any stale file resources are removed. 2796N/A // open the user temp directory 2796N/A // directory doesn't exist, so there is nothing to cleanup 2796N/A // the directory is not a secure directory 2796N/A // for each entry in the directory that matches the expected file 2796N/A // name pattern, determine if the file resources are stale and if 2796N/A // so, remove the file resources. Note, instrumented HotSpot processes 2796N/A // for this user may start and/or terminate during this search and 2796N/A // remove or create new files in this directory. The behavior of this 2796N/A // loop under these conditions is dependent upon the implementation of 2796N/A // attempt to remove all unexpected files, except "." and ".." 2796N/A // we now have a file name that converts to a valid integer 2796N/A // that could represent a process id . if this process id 2796N/A // matches the current process id or the process is not running, 2796N/A // then remove the stale file resources. 2796N/A // process liveness is detected by sending signal number 0 to 2796N/A // the process id (see kill(2)). if kill determines that the 2796N/A // process does not exist, then the file resources are removed. 2796N/A // if kill determines that that we don't have permission to 2796N/A // signal the process, then the file resources are assumed to 2796N/A // be stale and are removed because the resources for such a 2796N/A // process should be in a different user specific directory. 2796N/A// make the user specific temporary directory. Returns true if 2796N/A// the directory exists and is secure upon return. Returns false 2796N/A// if the directory exists but is either a symlink, is otherwise 2796N/A// insecure, or if an error occurred. 2796N/A // create the directory with 0755 permissions. note that the directory 2796N/A // will be owned by euid::egid, which may not be the same as uid::gid. 2796N/A // The directory already exists and was probably created by another 2796N/A // JVM instance. However, this could also be the result of a 2796N/A // deliberate symlink. Verify that the existing directory is safe. 2796N/A // we encountered some other failure while attempting 2796N/A// create the shared memory file resources 2796N/A// This method creates the shared memory file with the given size 2796N/A// This method also creates the user specific temporary directory, if 2796N/A // make the user temporary directory 2796N/A // save the file descriptor 2796N/A // Verify that we have enough disk space for this file. 2796N/A // We'll get random SIGBUS crashes on memory accesses if 2796N/A// open the shared memory file for the given user and vmid. returns 2796N/A// the file descriptor for the open file or -1 if the file could not 2796N/A// create a named shared memory region. returns the address of the 2796N/A// memory region on success or NULL on failure. A return value of 2796N/A// NULL will ultimately disable the shared memory feature. 2796N/A// On Solaris and Bsd, the name space for shared memory objects 2796N/A// is the file system name space. 2796N/A// A monitoring application attaching to a JVM does not need to know 2796N/A// the file system name of the shared memory object. However, it may 2796N/A// be convenient for applications to discover the existence of newly 2796N/A// created and terminating JVMs by watching the file system name space 2796N/A// for files being created or removed. 2796N/A // cleanup any stale shared memory files 2796N/A "unexpected PerfMemory region size");
2796N/A // attempt to close the file - restart it if it was interrupted, 2796N/A // but ignore other failures 2796N/A // save the file name for use in delete_shared_memory() 2796N/A // clear the shared memory region 4064N/A // it does not go through os api, the operation has to record from here 2796N/A// release a named shared memory region 2796N/A// create the PerfData memory region in shared memory. 2796N/A // create the shared memory region. 2796N/A// delete the shared PerfData memory region 2796N/A // cleanup the persistent shared memory resources. since DestroyJavaVM does 2796N/A // not support unloading of the JVM, unmapping of the memory resource is 2796N/A // not performed. The memory will be reclaimed by the OS upon termination of 2796N/A // the process. The backing store file is deleted from the file system. 2796N/A // Don't.. Free heap memory could deadlock os::abort() if it is called 2796N/A // from signal handler. OS will reclaim the heap memory. 2796N/A // FREE_C_HEAP_ARRAY(char, backing_store_file_name); 2796N/A// return the size of the file for the given file descriptor 2796N/A// or 0 if it is not a valid size for a shared memory file 2796N/A "Could not determine PerfMemory size");
2796N/A "Invalid PerfMemory size");
2796N/A// attach to a named shared memory region. 2796N/A // map the high level access mode to the appropriate permission 2796N/A // constructs for the file and the shared memory mapping. 2796N/A "Unsupported access mode");
2796N/A "Could not map vmid to user Name");
2796N/A // since we don't follow symbolic links when creating the backing 2796N/A // store file, we don't follow them when attaching either. 2796N/A // copy heap memory to resource memory. the open_sharedmem_file 2796N/A // method below need to use the filename, but could throw an 2796N/A // exception. using a resource array prevents the leak that 2796N/A // free the c heap resources that are no longer needed 2796N/A // open the shared memory file for the give vmid 2796N/A // attempt to close the file - restart if it gets interrupted, 2796N/A // but ignore other failures 2796N/A "Could not map PerfMemory");
4064N/A // it does not go through os api, the operation has to record from here 2796N/A// create the PerfData memory region 2796N/A// This method creates the memory region used to store performance 2796N/A// data for the JVM. The memory may be created in standard or 2796N/A // do not share the memory for the performance data. 2796N/A // creation of the shared memory region failed, attempt 2796N/A // to create a contiguous, non-shared memory region instead. 2796N/A// delete the PerfData memory region 2796N/A// This method deletes the memory region used to store performance 2796N/A// data for the JVM. The memory region indicated by the <address, size> 2796N/A// tuple will be inaccessible after a call to this method. 2796N/A // If user specifies PerfDataSaveFile, it will save the performance data 2796N/A // to the specified file name no matter whether PerfDataSaveToFile is specified 2796N/A // or not. In other word, -XX:PerfDataSaveFile=.. overrides flag 2796N/A // -XX:+PerfDataSaveToFile. 2796N/A// attach to the PerfData memory region for another JVM 2796N/A// This method returns an <address, size> tuple that points to 2796N/A// a memory buffer that is kept reasonably synchronized with 2796N/A// the PerfData memory region for the indicated JVM. This 2796N/A// buffer may be kept in synchronization via shared memory 2796N/A// or some other mechanism that keeps the buffer updated. 2796N/A// If the JVM chooses not to support the attachability feature, 2796N/A// this method should throw an UnsupportedOperation exception. 2796N/A// This implementation utilizes named shared memory to map 2796N/A// the indicated process's PerfData memory region into this JVMs 2796N/A// detach from the PerfData memory region of another JVM 2796N/A// This method detaches the PerfData memory region of another 2796N/A// JVM, specified as an <address, size> tuple of a buffer 2796N/A// in this process's address space. This method may perform 2796N/A// arbitrary actions to accomplish the detachment. The memory 2796N/A// region specified by <address, size> will be inaccessible after 2796N/A// If the JVM chooses not to support the attachability feature, 2796N/A// this method should throw an UnsupportedOperation exception. 2796N/A// This implementation utilizes named shared memory to detach 2796N/A// the indicated process's PerfData memory region from this 2796N/A // prevent accidental detachment of this process's PerfMemory region