Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-46724

[JDK9] Illegal reflective access from remoting

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      While exploring Jenkins 2.60.3 on Oracle Java 9 build 181 (pre-release), it reports illegal access exceptions and warns that a future release of Java 9 will forbid illegal access.

      A stack trace shows:

      WARNING: Illegal reflective access by hudson.remoting.RemoteClassLoader (file:/var/jenkins_home/war/WEB-INF/lib/remoting-3.7.jar) to method java.lang.ClassLoader.getClassLoadingLock(java.lang.String)
              at hudson.remoting.RemoteClassLoader.<clinit>(RemoteClassLoader.java:330)
              at hudson.remoting.MultiClassLoaderSerializer$Output.annotateClass(MultiClassLoaderSerializer.java:69)
              at java.base/java.io.ObjectOutputStream.writeNonProxyDesc(ObjectOutputStream.java:1291)
              at java.base/java.io.ObjectOutputStream.writeClassDesc(ObjectOutputStream.java:1232)
              at java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1428)
              at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1179)
              at java.base/java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:349)
              at hudson.remoting.UserRequest._serialize(UserRequest.java:190)
              at hudson.remoting.UserRequest.serialize(UserRequest.java:199)
              at hudson.remoting.UserRequest.<init>(UserRequest.java:64)
              at hudson.remoting.Channel.call(Channel.java:828)
              at hudson.slaves.SlaveComputer.setChannel(SlaveComputer.java:517)
              at hudson.slaves.SlaveComputer.setChannel(SlaveComputer.java:390)
              at hudson.plugins.sshslaves.SSHLauncher.startSlave(SSHLauncher.java:1074)
              at hudson.plugins.sshslaves.SSHLauncher.access$500(SSHLauncher.java:145)
              at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:818)
              at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:793)
              at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
              at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
              at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
              at java.base/java.lang.Thread.run(Thread.java:844)
      

      If it helps you to duplicate the scenario with current Jenkins environment, I have a Dockerfile configured which will run the latest Jenkins Long Term Support release.

      To duplicate the problem:

      1. Clone, build, and run the docker instance
          $ git lfs clone https://github.com/MarkEWaite/docker-lfs JENKINS-46724
          $ cd JENKINS-46724
          $ git lfs fetch origin origin/lts-jdk9-with-plugins
          $ git checkout -b lts-jdk9-with-plugins -t origin/lts-jdk9-with-plugins
          $ docker build -t  lts-jdk9-with-plugins:latest .
          $ docker run -i --rm --publish 8080:8080 lts-jdk9-with-plugins:latest
        

        Attachments

          Activity

          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          It should be easy to fix: https://github.com/jenkinsci/remoting/blob/remoting-3.7/src/main/java/hudson/remoting/RemoteClassLoader.java#L330 . Seems this code is Java 6 support remnants.

          getClassLoadingLock is protected: https://docs.oracle.com/javase/7/docs/api/java/lang/ClassLoader.html#getClassLoadingLock(java.lang.String) . Maybe it still requires some reflective logic for Remoting use-cases

          Show
          oleg_nenashev Oleg Nenashev added a comment - It should be easy to fix: https://github.com/jenkinsci/remoting/blob/remoting-3.7/src/main/java/hudson/remoting/RemoteClassLoader.java#L330 . Seems this code is Java 6 support remnants. getClassLoadingLock is protected: https://docs.oracle.com/javase/7/docs/api/java/lang/ClassLoader.html#getClassLoadingLock(java.lang.String) . Maybe it still requires some reflective logic for Remoting use-cases
          Hide
          tonho Elton Alves added a comment - - edited

          Can  you give me some tip about this issue? i`m new with java.

           

          this is a problem with reflection accessing private property, right?

          after fix, how can i test it?

           

          Show
          tonho Elton Alves added a comment - - edited Can  you give me some tip about this issue? i`m new with java.   this is a problem with reflection accessing private property, right? after fix, how can i test it?  
          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          Elton Alves the problem is with Reflection at all. I suppose the reflection calls should be replaced with new APIs offered in newer Java versions. Maybe I am wrong

          Show
          oleg_nenashev Oleg Nenashev added a comment - Elton Alves the problem is with Reflection at all. I suppose the reflection calls should be replaced with new APIs offered in newer Java versions. Maybe I am wrong
          Hide
          oleg_nenashev Oleg Nenashev added a comment -
          Show
          oleg_nenashev Oleg Nenashev added a comment - Another dangerous case: https://github.com/jenkinsci/remoting/pull/224
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          src/main/java/hudson/remoting/Launcher.java
          http://jenkins-ci.org/commit/remoting/8963035eb1f29d7d8bbe3a9f19cd73eaaaf947a8
          Log:
          JENKINS-46724 - Get rid of the illegal Reflective operation in Launcher.

          IIUC it may prevent Java Web Start agents from starting up in Java 9.
          Anyway, the reflection is not required anymore since Remoting requires Java 8

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: src/main/java/hudson/remoting/Launcher.java http://jenkins-ci.org/commit/remoting/8963035eb1f29d7d8bbe3a9f19cd73eaaaf947a8 Log: JENKINS-46724 - Get rid of the illegal Reflective operation in Launcher. IIUC it may prevent Java Web Start agents from starting up in Java 9. Anyway, the reflection is not required anymore since Remoting requires Java 8
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          src/main/java/hudson/remoting/Launcher.java
          http://jenkins-ci.org/commit/remoting/0b79eae623f8c9e354aca6b6c93d7276d5045dab
          Log:
          Merge pull request #224 from oleg-nenashev/bug/JENKINS-46724-reflective-operation-Launcher

          JENKINS-46724 - Get rid of the illegal Reflective operation in Launcher's checkTty()

          Compare: https://github.com/jenkinsci/remoting/compare/40def984ff65...0b79eae623f8

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: src/main/java/hudson/remoting/Launcher.java http://jenkins-ci.org/commit/remoting/0b79eae623f8c9e354aca6b6c93d7276d5045dab Log: Merge pull request #224 from oleg-nenashev/bug/ JENKINS-46724 -reflective-operation-Launcher JENKINS-46724 - Get rid of the illegal Reflective operation in Launcher's checkTty() Compare: https://github.com/jenkinsci/remoting/compare/40def984ff65...0b79eae623f8
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          src/main/java/hudson/remoting/RemoteClassLoader.java
          http://jenkins-ci.org/commit/remoting/085957317e4819aca3a9b66e927fe3aa641591a2
          Log:
          JENKINS-46724 - Remove obsolete ClassloadingLock reflection in RemoteClassloader.

          Remoting now required Java 8, so this Java 6 compatibility lgic is not required at all.

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: src/main/java/hudson/remoting/RemoteClassLoader.java http://jenkins-ci.org/commit/remoting/085957317e4819aca3a9b66e927fe3aa641591a2 Log: JENKINS-46724 - Remove obsolete ClassloadingLock reflection in RemoteClassloader. Remoting now required Java 8, so this Java 6 compatibility lgic is not required at all.
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          src/main/java/hudson/remoting/RemoteClassLoader.java
          http://jenkins-ci.org/commit/remoting/7efdd3f9c0ba5766346a62b988c8dc421e99d338
          Log:
          Merge pull request #223 from oleg-nenashev/bug/JENKINS-46724-reflective-operation

          JENKINS-46724 - Remove obsolete ClassloadingLock reflection in RemoteClassloader.

          Compare: https://github.com/jenkinsci/remoting/compare/0b79eae623f8...7efdd3f9c0ba

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: src/main/java/hudson/remoting/RemoteClassLoader.java http://jenkins-ci.org/commit/remoting/7efdd3f9c0ba5766346a62b988c8dc421e99d338 Log: Merge pull request #223 from oleg-nenashev/bug/ JENKINS-46724 -reflective-operation JENKINS-46724 - Remove obsolete ClassloadingLock reflection in RemoteClassloader. Compare: https://github.com/jenkinsci/remoting/compare/0b79eae623f8...7efdd3f9c0ba
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          core/src/main/java/hudson/Launcher.java
          core/src/main/java/hudson/model/Computer.java
          core/src/main/java/hudson/slaves/ChannelPinger.java
          core/src/main/java/hudson/slaves/SlaveComputer.java
          core/src/main/java/jenkins/FilePathFilter.java
          core/src/main/java/jenkins/slaves/StandardOutputSwapper.java
          pom.xml
          test/src/test/java/hudson/bugs/JnlpAccessWithSecuredHudsonTest.java
          test/src/test/java/jenkins/security/Security218CliTest.java
          http://jenkins-ci.org/commit/jenkins/cb3990a4d6094260bea4571e7079fd0e3949047f
          Log:
          Update to Remoting 3.15 and Cleanup issues in Channel#current() usages (#3145)

          Pulls in fixes for: JENKINS-48133, JENKINS-48055, JENKINS-37566, JENKINS-48309, JENKINS-47965, JENKINS-48130, JENKINS-37670, JENKINS-37566, JENKINS-46724

          This change also adds some missing null/closing channel checks in the core.
          In some cases the change prevents spawning threads if the channel is in the invalid state.

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: core/src/main/java/hudson/Launcher.java core/src/main/java/hudson/model/Computer.java core/src/main/java/hudson/slaves/ChannelPinger.java core/src/main/java/hudson/slaves/SlaveComputer.java core/src/main/java/jenkins/FilePathFilter.java core/src/main/java/jenkins/slaves/StandardOutputSwapper.java pom.xml test/src/test/java/hudson/bugs/JnlpAccessWithSecuredHudsonTest.java test/src/test/java/jenkins/security/Security218CliTest.java http://jenkins-ci.org/commit/jenkins/cb3990a4d6094260bea4571e7079fd0e3949047f Log: Update to Remoting 3.15 and Cleanup issues in Channel#current() usages (#3145) Pulls in fixes for: JENKINS-48133 , JENKINS-48055 , JENKINS-37566 , JENKINS-48309 , JENKINS-47965 , JENKINS-48130 , JENKINS-37670 , JENKINS-37566 , JENKINS-46724 This change also adds some missing null/closing channel checks in the core. In some cases the change prevents spawning threads if the channel is in the invalid state.
          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          The change has been released in Remoting 3.15 and integrated towards Jenkins 2.98

          Show
          oleg_nenashev Oleg Nenashev added a comment - The change has been released in Remoting 3.15 and integrated towards Jenkins 2.98

            People

            • Assignee:
              oleg_nenashev Oleg Nenashev
              Reporter:
              markewaite Mark Waite
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: