Mailing-List: contact derby-commits-help@db.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Derby Development" <derby-dev@db.apache.org>
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r675956 - in /db/derby/code/trunk/java:
 engine/org/apache/derby/iapi/util/ engine/org/apache/derby/impl/services/jmx/
 engine/org/apache/derby/impl/services/monitor/
 engine/org/apache/derby/impl/services/timer/
 testing/org/apache/derbyTestin...
Date: Fri, 11 Jul 2008 14:07:52 -0000
To: derby-commits@db.apache.org
From: kmarsden@apache.org
Message-Id: <20080711140752.D310C2388A0C@eris.apache.org>

Author: kmarsden
Date: Fri Jul 11 07:07:51 2008
New Revision: 675956

URL: http://svn.apache.org/viewvc?rev=675956&view=rev
Log:
DERBY-3745 Derby can leak classloaders in an app server environment


Added:
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/PrivilegedThreadOps.java
      - copied unchanged from r675648, db/derby/code/branches/10.3/java/engine/org/apache/derby/iapi/util/PrivilegedThreadOps.java
Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/impl/services/jmx/JMXManagementService.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/BaseMonitor.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/services/timer/SingletonTimerFactory.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/services/jmx/JMXManagementService.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/services/jmx/JMXManagementService.java?rev=675956&r1=675955&r2=675956&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/services/jmx/JMXManagementService.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/services/jmx/JMXManagementService.java Fri Jul 11 07:07:51 2008
@@ -41,6 +41,7 @@
 import org.apache.derby.iapi.services.monitor.ModuleControl;
 import org.apache.derby.iapi.services.monitor.Monitor;
 import org.apache.derby.iapi.services.property.PropertyUtil;
+import org.apache.derby.iapi.util.PrivilegedThreadOps;
 import org.apache.derby.mbeans.ManagementMBean;
 import org.apache.derby.mbeans.VersionMBean;
 import org.apache.derby.security.SystemPermission;
@@ -163,7 +164,24 @@
      * can be enabled on the fly.
      */
     private synchronized void findServer() {
-        
+        //DERBY-3745 We want to avoid the timer leaking class loaders, so we make
+        // sure the context class loader is null before we start the MBean
+        // server which will create threads that we want to have a null context
+        // class loader
+        ClassLoader savecl = null;
+        boolean hasGetClassLoaderPerms=false;
+        try {
+            savecl = PrivilegedThreadOps.getContextClassLoader(Thread.currentThread());
+            hasGetClassLoaderPerms = true;
+        } catch (SecurityException se) {
+           // ignore security exception.  Earlier versions of Derby, before the 
+           // DERBY-3745 fix did not require getClassloader permissions.
+           // We may leak class loaders if we are not able to get this, but 
+           // cannot just fail.        
+        }
+        if (hasGetClassLoaderPerms)
+            PrivilegedThreadOps.setContextClassLoaderIfPrivileged(Thread.
+                          currentThread(), null);
         try {
             mbeanServer = AccessController
                     .doPrivileged(new PrivilegedAction<MBeanServer>() {
@@ -180,6 +198,9 @@
             // them registered with JMX if someone else
             // starts the MBean server.
         }
+        if (hasGetClassLoaderPerms)
+            PrivilegedThreadOps.setContextClassLoaderIfPrivileged(Thread.currentThread(),
+                    savecl);
     }
 
     /**

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/BaseMonitor.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/BaseMonitor.java?rev=675956&r1=675955&r2=675956&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/BaseMonitor.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/BaseMonitor.java Fri Jul 11 07:07:51 2008
@@ -56,6 +56,7 @@
 import org.apache.derby.iapi.services.loader.InstanceGetter;
 import org.apache.derby.iapi.services.io.FormatableInstanceGetter;
 import org.apache.derby.iapi.error.ExceptionSeverity;
+import org.apache.derby.iapi.util.PrivilegedThreadOps;
 
 import  org.apache.derby.io.StorageFactory;
 
@@ -2078,8 +2079,30 @@
 	}
 
 	public Thread getDaemonThread(Runnable task, String name, boolean setMinPriority) {
+		// DERBY-3745 We want to avoid the thread leaking class loaders,
+		// so we make the context class loader null before we create the
+		// thread.
+		ClassLoader savecl = null;
+		boolean hasGetClassLoaderPerms = false;
+		try {
+			savecl = PrivilegedThreadOps.getContextClassLoader(Thread.currentThread());
+			hasGetClassLoaderPerms = true;
+		}  catch (SecurityException se) {
+			// ignore security exception. Earlier versions of Derby, before
+			// the DERBY-3745 fix did not require getClassLoader permissions.
+			// We may leak class loaders if we are not able to get the 
+			// class loader, but we cannot just fail.
+		}
+		if (hasGetClassLoaderPerms)
+			PrivilegedThreadOps.setContextClassLoaderIfPrivileged(
+								 Thread.currentThread(), null);
 		Thread t =  new Thread(daemonGroup, task, "derby.".concat(name));
+		if (hasGetClassLoaderPerms)
+			PrivilegedThreadOps.setContextClassLoaderIfPrivileged(
+							  Thread.currentThread(), savecl);
+
 		t.setDaemon(true);
+
 		if (setMinPriority) {
 			t.setPriority(Thread.MIN_PRIORITY);
 		}

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/services/timer/SingletonTimerFactory.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/services/timer/SingletonTimerFactory.java?rev=675956&r1=675955&r2=675956&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/services/timer/SingletonTimerFactory.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/services/timer/SingletonTimerFactory.java Fri Jul 11 07:07:51 2008
@@ -23,7 +23,7 @@
 
 import org.apache.derby.iapi.services.timer.TimerFactory;
 import org.apache.derby.iapi.services.monitor.ModuleControl;
-
+import org.apache.derby.iapi.util.PrivilegedThreadOps;
 import org.apache.derby.iapi.error.StandardException;
 
 import java.util.Timer;
@@ -61,7 +61,28 @@
          * a) We avoid synchronizing access to singletonTimer later
          * b) We don't need any properties
          */
+         // DERBY-3745 We want to avoid leaking class loaders, so 
+         // we make sure the context class loader is null before
+         // creating the thread
+        ClassLoader savecl = null;
+        boolean hasGetClassLoaderPerms = false;
+        try {
+            savecl = PrivilegedThreadOps.getContextClassLoader(
+                    Thread.currentThread());
+            hasGetClassLoaderPerms = true;
+        } catch (SecurityException se) {
+            // Ignore security exception. Versions of Derby before
+            // the DERBY-3745 fix did not require getClassLoader 
+            // privs.  We may leak class loaders if we are not
+            // able to do this but we can't just fail.
+        }
+        if (hasGetClassLoaderPerms)
+            PrivilegedThreadOps.setContextClassLoaderIfPrivileged(
+                    Thread.currentThread(), null);
         singletonTimer = new Timer(true); // Run as daemon
+        if (hasGetClassLoaderPerms)
+            PrivilegedThreadOps.setContextClassLoaderIfPrivileged(
+                    Thread.currentThread(), savecl);
     }
 
     /**

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy?rev=675956&r1=675955&r2=675956&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy Fri Jul 11 07:07:51 2008
@@ -56,6 +56,13 @@
   permission java.util.PropertyPermission "derbyTesting.unittest.*", "write";
 
   permission java.lang.RuntimePermission "createClassLoader";
+
+  // permissions so that we can set the context class loader to
+  // null for daemon threads to avoid class loader leak.
+  // DERBY-3745
+  permission java.lang.RuntimePermission "getClassLoader";
+  permission java.lang.RuntimePermission "setContextClassLoader";
+
   permission java.security.SecurityPermission "getPolicy";
   
   permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
@@ -233,6 +240,13 @@
   
   permission java.util.PropertyPermission "derby.*", "read";
   permission java.lang.RuntimePermission "createClassLoader";
+
+  // permissions so that we can set the context class loader to
+  // null for daemon threads to avoid class loader leak.
+  // DERBY-3745
+  permission java.lang.RuntimePermission "getClassLoader";
+  permission java.lang.RuntimePermission "setContextClassLoader";
+
   permission java.security.SecurityPermission "getPolicy";
    
   permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";