Avoid referencing ClassLoaders in ProtectionDomains

This removes a whole class of metaspace leaks caused by Thread.inheritedAccessControlContext referencing ProtectionDomains which reference older classloaders. Of course this may have impacts on how the SecurityManager behaves, but as I understand it, absolutely no part of Quarkus is ready to run with a SecurityManager enabled anyway.
yrodiere · Oct 19, 2023 · de3de09 · de3de09
1 parent 90f5da4
commit de3de09
Show file tree

Hide file tree

Showing 11 changed files with 19 additions and 22 deletions.
diff --git a/...nt-projects/bootstrap/core/src/main/java/io/quarkus/bootstrap/app/CuratedApplication.java b/...nt-projects/bootstrap/core/src/main/java/io/quarkus/bootstrap/app/CuratedApplication.java
@@ -478,8 +478,8 @@ public Set<String> getProvidedResources() {
         }
 
         @Override
-        public ProtectionDomain getProtectionDomain(ClassLoader classLoader) {
-            return delegate.getProtectionDomain(classLoader);
+        public ProtectionDomain getProtectionDomain() {
+            return delegate.getProtectionDomain();
         }
 
         @Override

diff --git a/...ects/bootstrap/core/src/main/java/io/quarkus/bootstrap/classloading/ClassPathElement.java b/...ects/bootstrap/core/src/main/java/io/quarkus/bootstrap/classloading/ClassPathElement.java
@@ -65,7 +65,7 @@ default ArtifactKey getDependencyKey() {
      *
      * @return The protection domain that should be used to define classes from this element
      */
-    ProtectionDomain getProtectionDomain(ClassLoader classLoader);
+    ProtectionDomain getProtectionDomain();
 
     Manifest getManifest();
 
@@ -115,7 +115,7 @@ public Set<String> getProvidedResources() {
         }
 
         @Override
-        public ProtectionDomain getProtectionDomain(ClassLoader classLoader) {
+        public ProtectionDomain getProtectionDomain() {
             return null;
         }
 

diff --git a/...strap/core/src/main/java/io/quarkus/bootstrap/classloading/DirectoryClassPathElement.java b/...strap/core/src/main/java/io/quarkus/bootstrap/classloading/DirectoryClassPathElement.java
@@ -160,7 +160,7 @@ public void accept(Path path) {
     }
 
     @Override
-    public ProtectionDomain getProtectionDomain(ClassLoader classLoader) {
+    public ProtectionDomain getProtectionDomain() {
         URL url = null;
         try {
             URI uri = root.toUri();
@@ -169,8 +169,7 @@ public ProtectionDomain getProtectionDomain(ClassLoader classLoader) {
             throw new RuntimeException("Unable to create protection domain for " + root, e);
         }
         CodeSource codesource = new CodeSource(url, (Certificate[]) null);
-        ProtectionDomain protectionDomain = new ProtectionDomain(codesource, null, classLoader, null);
-        return protectionDomain;
+        return new ProtectionDomain(codesource, null);
     }
 
     @Override

diff --git a/...tstrap/core/src/main/java/io/quarkus/bootstrap/classloading/FilteredClassPathElement.java b/...tstrap/core/src/main/java/io/quarkus/bootstrap/classloading/FilteredClassPathElement.java
@@ -58,8 +58,8 @@ public Set<String> getProvidedResources() {
     }
 
     @Override
-    public ProtectionDomain getProtectionDomain(ClassLoader classLoader) {
-        return delegate.getProtectionDomain(classLoader);
+    public ProtectionDomain getProtectionDomain() {
+        return delegate.getProtectionDomain();
     }
 
     @Override

diff --git a/...s/bootstrap/core/src/main/java/io/quarkus/bootstrap/classloading/JarClassPathElement.java b/...s/bootstrap/core/src/main/java/io/quarkus/bootstrap/classloading/JarClassPathElement.java
@@ -256,15 +256,15 @@ public Set<String> apply(JarFile jarFile) {
     }
 
     @Override
-    public ProtectionDomain getProtectionDomain(ClassLoader classLoader) {
+    public ProtectionDomain getProtectionDomain() {
         final URL url;
         try {
             url = jarPath.toURI().toURL();
         } catch (URISyntaxException | MalformedURLException e) {
             throw new RuntimeException("Unable to create protection domain for " + jarPath, e);
         }
         CodeSource codesource = new CodeSource(url, (Certificate[]) null);
-        return new ProtectionDomain(codesource, null, classLoader, null);
+        return new ProtectionDomain(codesource, null, null, null);
     }
 
     @Override

diff --git a/...ootstrap/core/src/main/java/io/quarkus/bootstrap/classloading/MemoryClassPathElement.java b/...ootstrap/core/src/main/java/io/quarkus/bootstrap/classloading/MemoryClassPathElement.java
@@ -111,16 +111,15 @@ public Set<String> getProvidedResources() {
     }
 
     @Override
-    public ProtectionDomain getProtectionDomain(ClassLoader classLoader) {
+    public ProtectionDomain getProtectionDomain() {
         URL url = null;
         try {
             url = new URL(null, "quarkus:/", new MemoryUrlStreamHandler("quarkus:/"));
         } catch (MalformedURLException e) {
             throw new RuntimeException("Unable to create protection domain for memory element", e);
         }
         CodeSource codesource = new CodeSource(url, (Certificate[]) null);
-        ProtectionDomain protectionDomain = new ProtectionDomain(codesource, null, classLoader, null);
-        return protectionDomain;
+        return new ProtectionDomain(codesource, null);
     }
 
     @Override

diff --git a/...tstrap/core/src/main/java/io/quarkus/bootstrap/classloading/PathTreeClassPathElement.java b/...tstrap/core/src/main/java/io/quarkus/bootstrap/classloading/PathTreeClassPathElement.java
@@ -159,7 +159,7 @@ protected Manifest readManifest() {
     }
 
     @Override
-    public ProtectionDomain getProtectionDomain(ClassLoader classLoader) {
+    public ProtectionDomain getProtectionDomain() {
         URL url = null;
         final Path root = getRoot();
         try {
@@ -168,8 +168,7 @@ public ProtectionDomain getProtectionDomain(ClassLoader classLoader) {
             throw new RuntimeException("Unable to create protection domain for " + root, e);
         }
         CodeSource codesource = new CodeSource(url, (Certificate[]) null);
-        ProtectionDomain protectionDomain = new ProtectionDomain(codesource, null, classLoader, null);
-        return protectionDomain;
+        return new ProtectionDomain(codesource, null);
     }
 
     @Override

diff --git a/...ts/bootstrap/core/src/main/java/io/quarkus/bootstrap/classloading/QuarkusClassLoader.java b/...ts/bootstrap/core/src/main/java/io/quarkus/bootstrap/classloading/QuarkusClassLoader.java
@@ -506,7 +506,7 @@ protected Class<?> loadClass(String name, boolean resolve) throws ClassNotFoundE
                         byte[] data = classPathElementResource.getData();
                         definePackage(name, classPathElement);
                         Class<?> cl = defineClass(name, data, 0, data.length,
-                                protectionDomains.computeIfAbsent(classPathElement, (ce) -> ce.getProtectionDomain(this)));
+                                protectionDomains.computeIfAbsent(classPathElement, ClassPathElement::getProtectionDomain));
                         if (Driver.class.isAssignableFrom(cl)) {
                             driverLoaded = true;
                         }

diff --git a/...ects/bootstrap/runner/src/main/java/io/quarkus/bootstrap/runner/ClassLoadingResource.java b/...ects/bootstrap/runner/src/main/java/io/quarkus/bootstrap/runner/ClassLoadingResource.java
@@ -9,7 +9,7 @@ public interface ClassLoadingResource {
      * A lifecycle hook that should be called when the ClassLoader to which this resource belongs to
      * is constructed
      */
-    void init(ClassLoader runnerClassLoader);
+    void init();
 
     byte[] getResourceData(String resource);
 

diff --git a/...dent-projects/bootstrap/runner/src/main/java/io/quarkus/bootstrap/runner/JarResource.java b/...dent-projects/bootstrap/runner/src/main/java/io/quarkus/bootstrap/runner/JarResource.java
@@ -52,7 +52,7 @@ public JarResource(ManifestInfo manifestInfo, Path jarPath) {
     }
 
     @Override
-    public void init(ClassLoader runnerClassLoader) {
+    public void init() {
         final URL url;
         try {
             String path = jarPath.toAbsolutePath().toString();
@@ -64,7 +64,7 @@ public void init(ClassLoader runnerClassLoader) {
         } catch (URISyntaxException | MalformedURLException e) {
             throw new RuntimeException("Unable to create protection domain for " + jarPath, e);
         }
-        this.protectionDomain = new ProtectionDomain(new CodeSource(url, (Certificate[]) null), null, runnerClassLoader, null);
+        this.protectionDomain = new ProtectionDomain(new CodeSource(url, (Certificate[]) null), null);
     }
 
     @Override

diff --git a/...cts/bootstrap/runner/src/main/java/io/quarkus/bootstrap/runner/SerializedApplication.java b/...cts/bootstrap/runner/src/main/java/io/quarkus/bootstrap/runner/SerializedApplication.java
@@ -162,7 +162,7 @@ public static SerializedApplication read(InputStream inputStream, Path appRoot)
                     resourceDirectoryTracker.getResult(), parentFirstPackages,
                     nonExistentResources, FULLY_INDEXED_PATHS, directlyIndexedResourcesIndexMap);
             for (ClassLoadingResource classLoadingResource : allClassLoadingResources) {
-                classLoadingResource.init(runnerClassLoader);
+                classLoadingResource.init();
             }
             return new SerializedApplication(runnerClassLoader, mainClass);
         }