RFR: 8264774: Implementation of Foreign Function and Memory API (Incubator) [v2]

Mandy Chung mchung at openjdk.java.net
Wed Apr 28 18:04:53 UTC 2021


On Wed, 28 Apr 2021 10:42:54 GMT, Maurizio Cimadamore <mcimadamore at openjdk.org> wrote:

>> This PR contains the API and implementation changes for JEP-412 [1]. A more detailed description of such changes, to avoid repetitions during the review process, is included as a separate comment.
>> 
>> [1] - https://openjdk.java.net/jeps/412
>
> Maurizio Cimadamore has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Address first batch of review comments

I reviewed the `--enable-native-access` related change that looks fine.

> Access to restricted methods from any other module not in the list is disallowed and will result in an IllegalAccessException.

I think you meant to say `IllegalCallerException` instead of `IllegalAccessException`.  Also do you intend to have javadoc to generate `@throw IllegalCallerException` for  the restricted methods automatically besides the javadoc description?

Making the restricted methods as `@CallerSensitive` in order to get the caller class for native access check is the proper approach.   However, some interface methods are restricted methods such as `CLinker::downcallHandle` whose the implementation method is `@CallerSensitive`.    I concern with the security issue with method handle and type aliasing.   On the other hand, `CLinker` is a sealed interface and only implemented by the platform and so it's less of a concern.   I think the interface method should also be `@CallerSensitive` so that for example a method handle for `CLinker::downcallHandle` will be produced with the proper caller-sensitive context.

-------------

PR: https://git.openjdk.java.net/jdk/pull/3699



More information about the security-dev mailing list