Disallowing the dynamic loading of agents by default

Andrew Dinn adinn at redhat.com
Fri Mar 24 17:21:15 UTC 2023


Hi Ron,

Thank you for providing a heads up on the proposed JEP. The Red Hat Java 
team have been discussing this proposal. We have reviewed the original 
discussion and also the surrounding debate which established 
requirements for adaptation of Jigsaw to incorporate the needs of agents.

As an aside, I'll note that a thorough review was necessary /even/ in my 
case, despite the fact that I was an active party, because the 
discussion occurred, and corresponding decisions were made, quite some 
time ago. I mention this because it may explain the air of surprise and 
the desire to reiterate some of the original debate on the part of some 
respondents in this thread, who perhaps were not party, or only 
tangentially party, to the discussion.

That also suggests that there may be a lot users who are not aware that 
the -XX:+EnableDynamicAgentLoading switch exists or do not really 
understand why it exists i.e. that there is a broad education issue at 
play here.

We do have some concerns about the JEP, specifically about the timing of 
its delivery. These are probably best addressed via the normal review 
process. In particular that will ensure the discussion happens in a more 
suitable and more widely subscribed forum than the Jigsaw list. However, 
I will briefly mention our concerns in this reply. Before that let me 
start with a few disclaimers:

- We acknowledge that there is little to be gained from re-iterating 
arguments made in the previous discussion (although that does not imply 
the JEP review would not benefit from new arguments, especially from 
those who were not involved in that discussion)

   - We recognize that the purpose of the -XX:+EnableDynamicAgentLoading 
switch is to offer a platform integrity guarantee and that this change 
of the default reflects a desire to prioritise integrity over the 
flexibility that agents provide

   - We recognize that the proposal is only proposing to flip a 
configuration default rather than detract from (or modify) available 
functionality

   - We recognize that changing this default will still allow (*most*) 
users to configure the behaviour they desire

   - We recognize that this advance notice has been given precisely to 
ensure that anyone wishing to deploy on jdk21 an app that relies on use 
of agents has time to plan appropriate configuration for their deployment

   - We recognize that this change of default is not being proposed for 
backport and hence that it will largely only affect the relatively small 
number of users who are currently developing for jdk21+

So, given that as a base for our comments where is the beef?

   - Our main concern is, predictably, timing. Clearly, this is a 
future, potential problem rather than a present problem - no one can be 
deploying on jdk21 yet and most developers who are currently preparing 
an app for deployment on jdk21+ will likely encounter the effect of this 
change before actual deployment and be in a position to remedy it. The 
concern is that advertising a change like this and getting users 
prepared to respond to it has always been difficult to achieve. In 
particular we expect a long tail of support problems from users who are 
trying to upgrade deployments from earlier releases to jdk21.
   So, while it is nice to have such early notice of the proposal we 
plan to review its likely impact on our users and how much time we need 
to prepare ourselves and our users to negotiate this change in 
behaviour. Any evidence we obtain to suggest a delay in targeting is 
appropriate will be brought to the JEP review.

   - A second, related concern is that flipping the default for this 
configuration in an LTS release as the first exposure to it for most 
people is more likely to derail deployment plans for users than if the 
default were flipped in a non-LTS release. If this change were deferred 
to jdk22 then that would give those planning deployment on (or upgrade 
to) jdk25 and also those planning to upgrade from jdk17 to jdk21 more 
time to discover and respond to the change.

   - A third concern, already pointed out by Volker, is that some users 
may run their Java apps via launcher apps or scripts that mask access to 
the Java command line. For such users the change of default may mean 
that they lose the option to deploy dynamic agents for important 
ancillary tasks such as observability. We are not clear how many of our 
users this affects but we will be looking into this and hope to bring 
feedback to the JEP review.
   Obviously, this problem can be remedied relatively easily by the 
supplier of the launcher enabling agent use or providing a suitable 
control switch. Our concern is not with how to solve this problem rather 
how the involvement of two parties, supplier and end user, might imply a 
need for the JEP to be targeted to a later release.

regards,


Andrew Dinn
-----------
Red Hat Distinguished Engineer
Red Hat UK Ltd
Registered in England and Wales under Company Registration No. 03798903
Directors: Michael Cunningham, Michael ("Mike") O'Neill



More information about the jigsaw-dev mailing list