Using alt-java

Red Hat build of OpenJDK 17

Red Hat Customer Content Services

Abstract

Red Hat build of OpenJDK 17 is a Red Hat offering on the Red Hat Enterprise Linux platform. The Using alt-java guide provides an overview of alt-java, defines the differences between java and alt-java binaries, and explains how to use alt-java.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.

Providing feedback on Red Hat documentation

We appreciate your feedback on our documentation. To provide feedback, you can highlight the text in a document and add comments.

This section explains how to submit feedback.

Prerequisites

  • You are logged in to the Red Hat Customer Portal.
  • In the Red Hat Customer Portal, view the document in Multi-page HTML format.

Procedure

To provide your feedback, perform the following steps:

  1. Click the Feedback button in the top-right corner of the document to see existing feedback.

    Note

    The feedback feature is enabled only in the Multi-page HTML format.

  2. Highlight the section of the document where you want to provide feedback.

  3. Click the Add Feedback pop-up that appears near the highlighted text.

    A text box appears in the feedback section on the right side of the page.

  4. Enter your feedback in the text box and click Submit.

    A documentation issue is created.

  5. To view the issue, click the issue tracker link in the feedback view.

Chapter 1. Overview of alt-java

Red Hat packages contain a mitigation for the SSB vulnerability in the form of a patch for the java binary. This patch disables an optimization present in x86-64 (Intel and AMD) processors. Disabling that optimization reduces the risk of kernel side-channel attacks, but also reduces CPU performance.

Since the patch reduces performance, it has been removed from the java launcher. A new binary alt-java is now available. From the January 2021 Critical Patch Update release (1.8.0 282.b08, 11.0.10.9) onwards, the alt-java binary is included in Red Hat build of OpenJDK 17 and Red Hat build of OpenJDK 11 GA RPM packages.

Additional resources

Chapter 2. Differences between java and alt-java

Similarities exist between alt-java and java binaries, with the exception of the SSB mitigation.

Although the SBB mitigation patch exists only for x86-64 architecture, Intel and AMD, the alt-java exists on all architectures. For non-x86 architectures, the alt-java binary is identical to java binary, except alt-java has no patches.

Additional resources

  • For more information about similarities between alt-java and java, see RH1750419 in the Red Hat Bugzilla documentation.

Chapter 3. alt-java and java uses

Depending on your needs, you can use either the alt-java binary or the java binary to run your application’s code.

3.1. alt-java usage

Use alt-java for any applications that run untrusted code. Be aware that using alt-java is not a solution to all speculative execution vulnerabilities.

3.2. java usage

Use the java binary for performance-critical tasks in a secure environment.

Additional resources

Chapter 4. Performance impact of alt-java

The alt-java binary contains the SSB mitigation, so the SSB mitigation performance impact no longer exists on java.

Note

Using alt-java might significantly reduce the performance of Java programs.

You can find detailed information of some Java performance issues that might exist with using alt-java by selecting any of the Red Hat Bugzilla links listed in the Additional resources section.

Additional resources

Revised on 2023-08-15 11:41:16 UTC

Legal Notice

Copyright © 2023 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.