RFR: 8331671: Implement JEP 472: Prepare to Restrict the Use of JNI [v3]
ExE Boss
duke at openjdk.org
Tue May 14 01:03:09 UTC 2024
On Mon, 13 May 2024 11:47:38 GMT, Maurizio Cimadamore <mcimadamore at openjdk.org> wrote:
>> This PR implements [JEP 472](https://openjdk.org/jeps/472), by restricting the use of JNI in the following ways:
>>
>> * `System::load` and `System::loadLibrary` are now restricted methods
>> * `Runtime::load` and `Runtime::loadLibrary` are now restricted methods
>> * binding a JNI `native` method declaration to a native implementation is now considered a restricted operation
>>
>> This PR slightly changes the way in which the JDK deals with restricted methods, even for FFM API calls. In Java 22, the single `--enable-native-access` was used both to specify a set of modules for which native access should be allowed *and* to specify whether illegal native access (that is, native access occurring from a module not specified by `--enable-native-access`) should be treated as an error or a warning. More specifically, an error is only issued if the `--enable-native-access flag` is used at least once.
>>
>> Here, a new flag is introduced, namely `illegal-native-access=allow/warn/deny`, which is used to specify what should happen when access to a restricted method and/or functionality is found outside the set of modules specified with `--enable-native-access`. The default policy is `warn`, but users can select `allow` to suppress the warnings, or `deny` to cause `IllegalCallerException` to be thrown. This aligns the treatment of restricted methods with other mechanisms, such as `--illegal-access` and the more recent `--sun-misc-unsafe-memory-access`.
>>
>> Some changes were required in the package-info javadoc for `java.lang.foreign`, to reflect the changes in the command line flags described above.
>
> Maurizio Cimadamore has updated the pull request incrementally with three additional commits since the last revision:
>
> - Fix another typo
> - Fix typo
> - Add more comments
src/hotspot/share/prims/nativeLookup.cpp line 275:
> 273:
> 274: // Otherwise call static method findNative in ClassLoader
> 275:
Suggestion:
src/hotspot/share/prims/nativeLookup.cpp line 419:
> 417: if (entry != nullptr) return entry;
> 418:
> 419:
Suggestion:
src/hotspot/share/prims/nativeLookup.cpp line 426:
> 424: return nullptr;
> 425: }
> 426: }
Suggestion:
}
src/java.base/share/classes/java/lang/Module.java line 331:
> 329: String modflag = isNamed() ? getName() : "ALL-UNNAMED";
> 330: String caller = currentClass != null ? currentClass.getName() : "code";
> 331: System.err.printf("""
This message should probably be different when linking native methods, since otherwise it’ll be:
WARNING: A restricted method in foo has been called
WARNING: bar has been called by Baz in Baz
WARNING: Use --enable-native-access=foo to avoid a warning for callers in this module
WARNING: Restricted methods will be blocked in a future release unless native access is enabled
when it should really be something like:
WARNING: A JNI native method in foo has been linked
WARNING: bar has been linked in Baz
WARNING: Use --enable-native-access=foo to avoid a warning for native methods in this module
WARNING: Native methods will be blocked in a future release unless native access is enabled
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/19213#discussion_r1599248442
PR Review Comment: https://git.openjdk.org/jdk/pull/19213#discussion_r1599248501
PR Review Comment: https://git.openjdk.org/jdk/pull/19213#discussion_r1599248577
PR Review Comment: https://git.openjdk.org/jdk/pull/19213#discussion_r1599253428
More information about the serviceability-dev
mailing list