RFR: 8358537: (bf) JavaNioAccess::getBufferAddress bypasses direct buffer MemorySession state check [v2]
Jorn Vernee
jvernee at openjdk.org
Wed Jun 4 17:12:51 UTC 2025
On Wed, 4 Jun 2025 14:29:13 GMT, Brian Burkhalter <bpb at openjdk.org> wrote:
>> Add package-scope `long java.nio.Buffer::address()` to simply return the value of the `address` instance variable; use this method in `JavaNioAccess::getBufferAddress`.
>
> Brian Burkhalter has updated the pull request incrementally with one additional commit since the last revision:
>
> 8358537: Revert MemorySegments test change
Discussed this with the rest of the Panama team. The way it works currently (without this PR) is how it's intended to work.
The issue is that JDK code can take the address of a direct byte buffer and pass it to some native method, but if the buffer was backed by a shared arena, the memory can be freed in the middle of that. That's why the 'default' implementation in `DirectBuffer::address` throws an exception. Code that wants to use the address of a direct buffer backed by a shared arena first has to acquire the arena, then get the address, and after it is done using the address, release the arena again. The second step requires a way to bypass the check. i.e. the shared secrets implementation intentionally accesses the field directly.
As for heap buffers: The base object and address form an Unsafe addressing pair. i.e. these are passed to Unsafe accessor methods. For heap buffers this would be the array base offset + any offset into the array (in bytes). The implementation of e.g. `MemorySegment::ofBuffer` uses both to construct a memory segment, so again, the address needs to be accessible. But, since the implementation uses shared secrets to access the address, as long as that method keeps bypassing the `address()` accessor method, I think this will continue to work.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/25631#issuecomment-2940787082
More information about the nio-dev
mailing list