- Generate the file:
$ awk 'BEGIN { for(c=0;c<10000000;c++) printf "<p>LOL</p>" }' > 100M.html
$ (for I in `seq 1 100`; do cat 100M.html; done) | pv | gzip -9 > 10G.boomgz
- Check it is indeed good:
Aleksey Shipilëv shipilev
shipilev
/ jndi-response.md
Last active
February 6, 2022 17:12
shipilev
/ gist:cfbe09a31ac32f0cc51078db7898c797
Last active
December 20, 2021 18:23
Log4J, JNDI, LDAP: JDK Changes Archeology
DISCLAIMER #1: THIS GIST IS INFORMATIONAL ONLY AND NOT A COMPLETE SECURITY GUIDANCE. Use this data with care, and please recheck the commits if you want to cite them as the source.
DISCLAIMER #2: JDK MITIGATIONS ARE NOT THE WHOLE STORY. THE REAL FIX IS IN LOG4J, UPGRADE TO AT LEAST 2.15.0 OR SET log4j2.formatMsgNoLookups=true.
There might be more vectors than these mitigations cover. JDK mitigations shrink the attack surface, but they are not guaranteed to solve everything. I only checked this mitigates a few simple proof-of-concepts.
*TL;DR: Use JDK update releases that are less than 3 years old, and all known mitigations are there.
shipilev
/ gist:f97844d486056ec93252a747d647ce2e
Created
November 4, 2020 13:41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # A fatal error has been detected by the Java Runtime Environment: | |
| # | |
| # SIGSEGV (0xb) at pc=0x000000011c31e16d, pid=61939, tid=9987 | |
| # | |
| # JRE version: OpenJDK Runtime Environment (16.0) (fastdebug build 16-internal+0-adhoc.user924655.jdk) | |
| # Java VM: OpenJDK 64-Bit Server VM (fastdebug 16-internal+0-adhoc.user924655.jdk, mixed mode, sharing, tiered, compressed oops, shenandoah gc, bsd-amd64) | |
| # Problematic frame: | |
| # j java.lang.Class.getClassLoader0()Ljava/lang/ClassLoader;+0 java.base | |
| # |
shipilev
/ gist:0ba1490d64c14645ee903fc695e931b5
Created
March 25, 2020 10:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.lang.reflect.AccessibleObject; | |
| import java.lang.reflect.Field; | |
| public class Play { | |
| public static void main(String[] args) throws Exception { | |
| AddressExtractor ae = new AddressExtractor(); | |
| Field pvField = AddressExtractor.class.getDeclaredField("pointerValue"); | |
| Field type = Field.class.getDeclaredField("type"); | |
| type.setAccessible(true); | |
| type.set(pvField, Object.class); |
shipilev
/ gist:2cecfb1a44cdf0910103ad0d4319b3e5
Created
February 12, 2020 16:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ cat Test.java | |
| public class Test { | |
| int t1() { | |
| int i1 = 1; | |
| int i2 = 1; | |
| return i1 + i2; | |
| } | |
| int t2() { | |
| final int i1 = 1; | |
| final int i2 = 1; |
shipilev
/ gist:c13965a4708dcffc95e580d8e925226e
Created
June 3, 2019 18:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| === x86_64: | |
| Linux reported RSS: 246.596 KB | |
| Total: reserved=1838633KB, committed=184453KB | |
| - Java Heap (reserved=524288KB, committed=25856KB) | |
| (mmap: reserved=524288KB, committed=25856KB) | |
| - Class (reserved=1113965KB, committed=73513KB) | |
| (classes #11360) | |
| ( instance classes #10643, array classes #717) |
shipilev
/ gist:43dc2ce3259481b32a41f83cd3c69afa
Created
May 10, 2019 18:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| void ShenandoahBarrierSetAssembler::resolve_forward_pointer_not_null(MacroAssembler* masm, Register dst, Register tmp) { | |
| assert(ShenandoahCASBarrier || ShenandoahLoadRefBarrier, "should be enabled"); | |
| // The below loads the mark word, checks if the lowest two bits are | |
| // set, and if so, clear the lowest two bits and copy the result | |
| // to dst. Otherwise it leaves dst alone. | |
| // Implementing this is surprisingly awkward. I do it here by: | |
| // - Inverting the mark word | |
| // - Test lowest two bits == 0 | |
| // - If so, set the lowest two bits | |
| // - Invert the result back, and copy to dst |
shipilev
/ gist:76613e67404fa29e9b1da2e5291562cd
Created
February 25, 2019 11:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Compiling 9228 files for BUILD_JDK | |
| c:\Work\jdk8u-jdk8u-dev\jdk\src\windows\classes\sun\awt\windows\WToolkit.java:843: error: cannot find symbol | |
| if (lge instanceof DisplayChangedListener) { | |
| ^ | |
| symbol: class DisplayChangedListener | |
| location: class WToolkit | |
| c:\Work\jdk8u-jdk8u-dev\jdk\src\windows\classes\sun\awt\windows\WToolkit.java:844: error: cannot find symbol | |
| ((DisplayChangedListener) lge).displayChanged(); | |
| ^ | |
| symbol: class DisplayChangedListener |
shipilev
/ gist:8038826
Last active
August 13, 2018 19:35
How to stop tweeting and investigate HotSpot
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *** Figuring out what "no vm operation" means here in -XX:+PrintSafepointStatistics: | |
| vmop [threads: total initially_running wait_to_block] [time: spin block sync cleanup vmop] page_trap_count | |
| 0.320: Deoptimize [ 7 0 0 ] [ 0 0 0 0 0 ] 0 | |
| 1.320: no vm operation [ 8 1 1 ] [ 0 0 0 0 0 ] 1 | |
| 4.061: EnableBiasedLocking [ 8 1 1 ] [ 0 0 0 0 0 ] 1 | |
| 5.222: RevokeBias [ 8 0 1 ] [ 0 0 0 0 0 ] 0 | |
| 5.831: RevokeBias [ 8 0 0 ] [ 0 0 0 0 0 ] 0 | |
| 6.440: RevokeBias [ 8 0 0 ] [ 0 0 0 0 0 ] 0 | |
| 7.049: RevokeBias |
shipilev
/ gist:3be34bb58febcaa0dbb1d86b5a6cfdca
Last active
March 8, 2017 13:28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From: <random Facebook person> | |
| Subject: Java sucks | |
| Hey, try to put 100M objects into arraylist, and see Java freezes for seconds! | |
| Q.E.D. | |
| Love and kisses, | |
| <random person you never knew> |
NewerOlder