/*
* Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.oracle.svm.core.posix;
import java.io.Closeable;
import java.io.FilterInputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SecureRandom;
import org.graalvm.nativeimage.Platform;
import org.graalvm.nativeimage.Platforms;
import org.graalvm.nativeimage.hosted.Feature;
import com.oracle.svm.core.SubstrateUtil;
import com.oracle.svm.core.annotate.Alias;
import com.oracle.svm.core.annotate.AutomaticFeature;
import com.oracle.svm.core.annotate.TargetClass;
import com.oracle.svm.core.jdk.RuntimeSupport;
The NativePRNG
backend for SecureRandom
on Linux and Darwin opens file handles for /dev/random
and /dev/urandom
without ever closing them. This leak can cause a native image to hit the open files limit when it repeatedly spawns isolates, so we close these handles on isolate tear-down. As of Java 11, there is only a dummy implementation of NativePRNG
on Windows which does not open file descriptors that would need to be closed. /**
* The {@code NativePRNG} backend for {@link SecureRandom} on Linux and Darwin opens file handles
* for {@code /dev/random} and {@code /dev/urandom} without ever closing them. This leak can cause a
* native image to hit the open files limit when it repeatedly spawns isolates, so we close these
* handles on isolate tear-down.
*
* As of Java 11, there is only a dummy implementation of {@code NativePRNG} on Windows which does
* not open file descriptors that would need to be closed.
*/
@AutomaticFeature
@Platforms({Platform.LINUX.class, Platform.DARWIN.class})
class NativeSecureRandomFilesCloser implements Feature {
@Override
public void beforeAnalysis(BeforeAnalysisAccess access) {
access.registerReachabilityHandler(NativeSecureRandomFilesCloser::registerShutdownHook, Target_sun_security_provider_NativePRNG.class);
}
private static void registerShutdownHook(@SuppressWarnings("unused") DuringAnalysisAccess access) {
RuntimeSupport.getRuntimeSupport().addTearDownHook(new Runnable() {
@Override
public void run() {
Target_sun_security_provider_NativePRNG_RandomIO instance = Target_sun_security_provider_NativePRNG.INSTANCE;
if (instance != null) {
close(instance.nextIn);
close(instance.seedIn);
close(instance.seedOut);
}
}
private void close(Closeable stream) {
if (stream != null) {
Closeable c = stream;
if (stream instanceof FilterInputStream) {
// Java 11 wraps RandomIO InputStreams so that they cannot be closed and
// puts them in a pool for reuse, access the inner stream to close
Target_java_io_FilterInputStream outer = SubstrateUtil.cast(c, Target_java_io_FilterInputStream.class);
c = outer.in;
}
try {
c.close();
} catch (Throwable ignored) {
}
}
}
});
}
}
@TargetClass(className = "sun.security.provider.NativePRNG")
@Platforms({Platform.LINUX.class, Platform.DARWIN.class})
final class Target_sun_security_provider_NativePRNG {
@Alias static Target_sun_security_provider_NativePRNG_RandomIO INSTANCE;
}
@TargetClass(className = "sun.security.provider.NativePRNG", innerClass = "RandomIO")
@Platforms({Platform.LINUX.class, Platform.DARWIN.class})
final class Target_sun_security_provider_NativePRNG_RandomIO {
@Alias InputStream seedIn;
@Alias InputStream nextIn;
@Alias OutputStream seedOut;
}
@TargetClass(FilterInputStream.class)
final class Target_java_io_FilterInputStream {
@Alias InputStream in;
}
public final class PosixSunSecuritySubstitutions {
private PosixSunSecuritySubstitutions() {
}
}