On Dec 5, 2019, at 2:39 PM, Vladimir Ivanov <vladimir.x.iva...@oracle.com> wrote: > > Regarding hotspot changes: > >> * ciField.cpp - this one is to trust final fields in the foreign memory >> access implementation (otherwise VM doesn't trust memory segment bounds) > > New packages aren't part of java.base. Considering the implementation resides > in an incubator module, is it enough to consider them as trusted and > well-known to the JVM?
Yes, I think we can get away with this. IIUC, the effect you are observing is that java.base trusts something outside of itself. This is not new, and is OK as long as the “something” can’t be spoofed by an untrusted party. — John
