Protecting the JVM from segfaults
Samuel Audet
samuel.audet at gmail.com
Wed Apr 7 11:15:30 UTC 2021
I was curious about that myself recently, and I've found interesting new
features in today's CPU known as "memory protection keys" that could
allow us to introduce that kind of protection from segfaults,
essentially isolating the JVM from other code in the same process, with
very low overhead:
ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK)
https://www.usenix.org/system/files/sec19-vahldiek-oberwagner_0.pdf
Samuel
On 4/7/21 7:33 PM, Michael Böckling wrote:
> In JEP 191, it says:
>
>
> "Optionally, this JEP will build additional support for the above features
> via: JVM-level awareness of FFI downcalls. This could include: JIT
> optimization of those calls, JVM/GC-level awareness of native memory,
> protection against illegal native memory accesses (SEGV faults), and
> mechanisms to opt out of JNI safeguards known to be unnecessary in specific
> cases (safepoint boundaries, blocking call guarantees, object lifecycle
> management, etc.)."
>
>
> Are there any plans to implement "protection against illegal native memory
> accesses (SEGV faults)"somehow? I cannot imagine how that would work
> in practice, but it would certainly be very welcome. Having a try/catch
> block to intercept a segfault in native code would be fantastic.
>
>
> Best regards,
>
> Michael
>
More information about the panama-dev
mailing list