RFR: 8254231: Implementation of Foreign Linker API (Incubator) [v18]

David Holmes david.holmes at oracle.com
Wed Nov 11 11:36:43 UTC 2020 

On 11/11/2020 9:19 pm, Jorn Vernee wrote:
> On Wed, 11 Nov 2020 07:18:33 GMT, David Holmes <dholmes at openjdk.org> wrote:
> 
>>> Maurizio Cimadamore has updated the pull request incrementally with 10 additional commits since the last revision:
>>>
>>>   - Merge pull request #7 from JornVernee/Additional_Review_Comments
>>>     
>>>     Additional review comments
>>>   - Revert System.java changes
>>>   - Set copyright year for added files to 2020
>>>   - Check result of AttachCurrentThread
>>>   - Sort includes alphabetically
>>>   - Relax ret_addr_offset() assert
>>>   - Extra space after if
>>>   - remove excessive asserts in ProgrammableInvoker::invoke_native
>>>   - Remove os::is_MP() check
>>>   - remove blank line in thread.hpp
>>
>> src/hotspot/share/prims/universalUpcallHandler.cpp line 55:
>>
>>> 53:     JavaVM_ *vm = (JavaVM *)(&main_vm);
>>> 54:     jint result = vm->functions->AttachCurrentThread(vm, (void**) &p_env, nullptr);
>>> 55:     guarantee(result == JNI_OK, "Could not attach thread for upcall. JNI error code: %d", result);
>>
>> I'm assuming you don't have a mechanism for conveying an error back to the original entry point used by the native thread? Attaching an existing thread should only fail if we run out of C-Heap, so we're on the brink of aborting anyway, but still the guarantee here is not ideal.
> 
> Yeah, we have no idea where/how to report such and error. The native code might just call a function through a function pointer like `void(*)(void)` i.e. no place to return an error code. Also, since it's a previously non-attached thread, there is no JavaFrameAnchor that gives us a last Java frame we could jump back to and throw an exception.

Yeah not a solvable problem when you can transparently attach to the VM.

> Is there's a more explicit way to exit with an error, other than a `guarantee` that you would prefer here?

Perhaps vm_exit_out_if_memory under the assumption that is the only 
reason attach could fail. But really I don't think it makes much 
practical difference.

Thanks,
David
-----

> -------------
> 
> PR: https://git.openjdk.java.net/jdk/pull/634
>

More information about the security-dev mailing list