[foreign-memaccess+abi] RFR: 8307461: Linker::nativeLinker should not be restricted [v2]

ExE Boss duke at openjdk.org
Sat May 6 08:04:36 UTC 2023 

On Fri, 5 May 2023 12:25:55 GMT, Maurizio Cimadamore <mcimadamore at openjdk.org> wrote:

>> Since `Linker` is a sealed interface, we can now move restricted-ness from the static linker factory, down to the methods which are really problematic, namely `Linker::downcallHandle` and `Linker::upcallStub`.
>> 
>> With this change, the list of restricted method looks as follows:
>> 
>> * Linker::downcallHandle
>> * Linker::upcallStub
>> * MemorySegment::reinterpret
>> * SymbolLookup::libraryLookup
>> 
>> That is, crucially, restricted methods are methods that have a true risk of compromising the integrity of the Java platform. Making Linker::nativeLinker restricted casts too broad of a net, as obtaining the linker is not, per se, a dangerous or unsafe operation.
>
> Maurizio Cimadamore has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains two commits:
> 
>  - Merge branch 'foreign-memaccess+abi' into restricted_linker
>  - Initial push

src/java.base/share/classes/jdk/internal/foreign/abi/AbstractLinker.java line 83:

> 81:     @CallerSensitive
> 82:     public final MethodHandle downcallHandle(FunctionDescriptor function, Option... options) {
> 83:         Reflection.ensureNativeAccess(Reflection.getCallerClass(), Linker.class, "downcallHandle");

This needs to use `downcallHandle0` so as to not perform 2 consecutive `Reflection::ensureNativeAccess` calls with the second having a caller class parameter value of `jdk.internal.foreign.abi.AbstractLinker`.
Suggestion:

        return downcallHandle0(function, options).bindTo(symbol);
    }

    @Override
    @CallerSensitive
    public final MethodHandle downcallHandle(FunctionDescriptor function, Option... options) {
        Reflection.ensureNativeAccess(Reflection.getCallerClass(), Linker.class, "downcallHandle");
        return downcallHandle0(function, options);
    }

    private MethodHandle downcallHandle0(FunctionDescriptor function, Option[] options) {

-------------

PR Review Comment: https://git.openjdk.org/panama-foreign/pull/831#discussion_r1186660692

More information about the panama-dev mailing list