8292177: InitialSecurityProperty JFR event

[gnu-andrew]

This backport introduces the JFR security event, InitialSecurityProperty, and along with it, the caching of the initial security properties which is also used by JDK-8281658 to show the security properties with -XshowSettings.

The change was backported to the Oracle fork of 11u in 11.0.20.

The following changes were necessary for the backport:

• JavaSecurityPropertiesAccess is moved to jdk.internal.misc where SharedSecrets lives in 11u
• ensureClassInitialized in SharedSecrets is called from the unsafe instance in 11u, as with other get*Access() methods in that class
• The patch to module-info.java is not needed as jdk.jfr already has access to jdk.internal.misc in 11u. The 17u addition is to jdk.internal.access.
• There are context differences in JDKEvents.java due to events introduced in later JDK versions.
• The EventNames.java test includes a huge unrelated change to reorganise the order of the variable modifiers. This was applied manually to the names in 11u, which differ slightly from those in 17u.

All jdk.jfr.event tests passed, including the new one, with the exception of TestNative, but that seems to be a setup issue rather than a regression caused by this patch (Error. Use -nativepath to specify the location of native code)

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue
• JDK-8292177 needs maintainer approval

Issue

• JDK-8292177: InitialSecurityProperty JFR event (Enhancement - P4 - Approved)

Reviewers

• Paul Hohensee (@phohensee - Reviewer) Review applies to 5ebb24de
• Francisco Ferrari Bihurriet (@franferrax - Committer)
• Severin Gehwolf (@jerboaa - Reviewer)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk11u-dev.git pull/2827/head:pull/2827
$ git checkout pull/2827

Update a local copy of the PR:
$ git checkout pull/2827
$ git pull https://git.openjdk.org/jdk11u-dev.git pull/2827/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 2827

View PR using the GUI difftool:
$ git pr show -t 2827

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk11u-dev/pull/2827.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back andrew! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

@gnu-andrew This change now passes all automated pre-integration checks.

After integration, the commit message for the final commit will be:

8292177: InitialSecurityProperty JFR event

Reviewed-by: fferrari, sgehwolf, phh
Backport-of: 95f23f7d82c0ebfd94c72b08695f9f415587a16a

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 55 new commits pushed to the master branch:

• 5844389: 8327071: [Testbug] g-tests for cgroup leave files in /tmp on linux
• 429788c: 8298730: Refactor subsystem_file_line_contents and add docs and tests
• e2138b0: 8275843: Random crashes while the UI code is executed
• ... and 52 more: https://git.openjdk.org/jdk11u-dev/compare/463e25fb4c6ae3ba5f4d0ba6616cf92863831cff...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

[openjdk]

This backport pull request has now been updated with issue from the original commit.

[mlbridge]

Webrevs

• 02: Full - Incremental (c8b5c367)
• 01: Full - Incremental (5ebb24de)
• 00: Full (3286f459)

[gnu-andrew]

Not sure why the Mac port won't build (no error message), but I can't see a Java-only change causing this.

[gnu-andrew]

Not sure why the Mac port won't build (no error message), but I can't see a Java-only change causing this.

Ok, seems the Mac OS 11 runner image was removed on the 28th of June. We need to backport JDK-8318039

[bridgekeeper]

@gnu-andrew This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!

[bridgekeeper]

@gnu-andrew This pull request has been inactive for more than 8 weeks and will now be automatically closed. If you would like to continue working on this pull request in the future, feel free to reopen it! This can be done using the /open pull request command.

[gnu-andrew]

/open
Still waiting for review.

[openjdk]

@gnu-andrew This pull request is now open

[openjdk]

⚠️ @gnu-andrew This change is now ready for you to apply for maintainer approval. This can be done directly in each associated issue or by using the /approval command.

[bridgekeeper]

@gnu-andrew This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!

[gnu-andrew]

Keep open please.

[gnu-andrew]

/approval request This is part of a number of improvements to the visibility of security property settings and is followed by JDK-8281658 which allows them to be output from the command line. While I realise it is an enhancement being backported late in the 11u lifecycle, easy access to these security properties is often invaluable when debugging various issues. The same backport was already made to 17 during its maintenance period (17.0.7) and Oracle support this in their 11u fork from 11.0.20. Patch did not backport cleanly, but was reviewed by Paul Hohensee.

[openjdk]

@gnu-andrew
8292177: The approval request has been created successfully.

[bridgekeeper]

@gnu-andrew This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!

[bridgekeeper]

@gnu-andrew This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!

[bridgekeeper]

@gnu-andrew This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!

[bridgekeeper]

@gnu-andrew This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!

[bridgekeeper]

@gnu-andrew This pull request has been inactive for more than 8 weeks and will now be automatically closed. If you would like to continue working on this pull request in the future, feel free to reopen it! This can be done using the /open pull request command.

[jerboaa]

Please re-open, merge latest master and get a second review by either @martinuy or @franferrax. Thanks!

[jerboaa]

Hi @jerboaa, sorry for missing the March review request. I'm willing to review, but please note it won't be enough as I'm not a Reviewer.

For a second review it should be fine. Thanks!

[gnu-andrew]

/open

[openjdk]

@gnu-andrew This pull request is now open

[gnu-andrew]

Merge was clean.

[bridgekeeper]

@gnu-andrew This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply issue a /touch or /keepalive command to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!

[bridgekeeper]

@gnu-andrew This pull request has been inactive for more than 8 weeks and will now be automatically closed. If you would like to continue working on this pull request in the future, feel free to reopen it! This can be done using the /open pull request command.

[gnu-andrew]

/open

[openjdk]

@gnu-andrew This pull request is now open

[bridgekeeper]

@gnu-andrew This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply issue a /touch or /keepalive command to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!

[jerboaa]

@franferrax It would be good for you to take a look at this (even if you aren't a Reviewer in jdk-updates). Much appreciated.

[franferrax]

Hi @gnu-andrew and @jerboaa,

Sorry for the very long delay, I had postponed this review thinking it would be harder than it was.

The backport looks good to me (I only mentioned a minor extraneous empty line addition).

I did a local execution to make an independent check about the 3 modified/added tests (java/security/Security/ConfigFileTest.java, jdk/jfr/event/runtime/TestActiveSettingEvent.java and jdk/jfr/event/security/TestInitialSecurityPropertyEvent.java). They are all passing, as long as the whole jdk/jfr/event category except TestNative, which also failed for me (in the same way Andrew described). That test also fails without this pull request changes.

[franferrax]

I'm not a Reviewer, but it still looks good after the trivial change.

[jerboaa]

/approve yes

[openjdk]

@jerboaa
8292177: The approval request has been approved.

[jerboaa]

This seems OK to me.

[gnu-andrew]

/integrate

[openjdk]

Going to push as commit 66ded6a.
Since your change was applied there have been 55 commits pushed to the master branch:

• 5844389: 8327071: [Testbug] g-tests for cgroup leave files in /tmp on linux
• 429788c: 8298730: Refactor subsystem_file_line_contents and add docs and tests
• e2138b0: 8275843: Random crashes while the UI code is executed
• ... and 52 more: https://git.openjdk.org/jdk11u-dev/compare/463e25fb4c6ae3ba5f4d0ba6616cf92863831cff...master

Your commit was automatically rebased without conflicts.

[openjdk]

@gnu-andrew Pushed as commit 66ded6a.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.