Making open source more inclusive
Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.
Providing feedback on Red Hat documentation
We appreciate your feedback on our documentation. To provide feedback, you can highlight the text in a document and add comments.
This section explains how to submit feedback.
- You are logged in to the Red Hat Customer Portal.
- In the Red Hat Customer Portal, view the document in Multi-page HTML format.
To provide your feedback, perform the following steps:
Click the Feedback button in the top-right corner of the document to see existing feedback.Note
The feedback feature is enabled only in the Multi-page HTML format.
- Highlight the section of the document where you want to provide feedback.
Click the Add Feedback pop-up that appears near the highlighted text.
A text box appears in the feedback section on the right side of the page.
Enter your feedback in the text box and click Submit.
A documentation issue is created.
- To view the issue, click the issue tracker link in the feedback view.
Chapter 1. Overview of
Red Hat packages contain a mitigation for the SSB vulnerability in the form of a patch for the
java binary. This patch disables an optimization present in x86-64 (Intel and AMD) processors. Disabling that optimization reduces the risk of kernel side-channel attacks, but also reduces CPU performance.
Since the patch reduces performance, it has been removed from the
java launcher. A new binary
alt-java is now available. From the January 2021 Critical Patch Update release (1.8.0 282.b08, 126.96.36.199) onwards, the
alt-java binary is included in Red Hat build of OpenJDK 21 and Red Hat build of OpenJDK 11 GA RPM packages.
- For more information about the performance impact of SSB mitigation, see Kernel Side-Channel Attack using Speculative Store Bypass - CVE-2018-3639 on the Red Hat Customer Portal
For more information about the
javabinary patch, see RH1566890 in the Red Hat Bugzilla documentation.
Chapter 2. Differences between
Similarities exist between
java binaries, with the exception of the SSB mitigation.
Although the SBB mitigation patch exists only for x86-64 architecture, Intel and AMD, the
alt-java exists on all architectures. For non-x86 architectures, the
alt-java binary is identical to
java binary, except
alt-java has no patches.
For more information about similarities between
java, see RH1750419 in the Red Hat Bugzilla documentation.
Depending on your needs, you can use either the
alt-java binary or the
java binary to run your application’s code.
alt-java for any applications that run untrusted code. Be aware that using
alt-java is not a solution to all speculative execution vulnerabilities.
java binary for performance-critical tasks in a secure environment.
Chapter 4. Performance impact of
alt-java binary contains the SSB mitigation, so the SSB mitigation performance impact no longer exists on
alt-java might significantly reduce the performance of Java programs.
You can find detailed information of some Java performance issues that might exist with using
alt-java by selecting any of the Red Hat Bugzilla links listed in the Additional resources section.
Revised on 2023-11-14 21:11:43 UTC