> On 19 Apr 2017, at 21:40, Christian Thalinger <cthalin...@twitter.com> wrote: > >> >> On Apr 19, 2017, at 9:27 AM, Doug Simon <doug.si...@oracle.com> wrote: >> >>> >>> On 19 Apr 2017, at 21:04, Mandy Chung <mandy.ch...@oracle.com> wrote: >>> >>> >>>> On Apr 19, 2017, at 11:55 AM, Christian Thalinger <cthalin...@twitter.com> >>>> wrote: >>>> >>>> >>>>> On Apr 19, 2017, at 8:38 AM, Mandy Chung <mandy.ch...@oracle.com> wrote: >>>>> >>>>> Since jdk.internal.vm.compiler becomes an upgradeable module, it is not >>>>> hashed with java.base to allow it to be upgraded and there is no >>>>> integrity check. Such qualified export will be granted to any module >>>>> named jdk.internal.vm.compiler at runtime. The goal is for upgradeable >>>>> modules not to use any internal APIs and eliminate the qualified exports. >>>>> >>>>> The main thing is that jdk.vm.ci.services API would need to be guarded if >>>>> it’s used by non-Graal modules. >>>> >>>> This all makes sense but where is the restriction that only >>>> jdk.internal.vm.compiler can use jdk.vm.ci.services? >>> >>> It's unqualified and no restriction in this change. >> >> The public methods currently in jdk.vm.ci.services are: >> >> 1. JVMCIServiceLocator.getProvider(Class<S>) >> 2. JVMCIServiceLocator.getProviders(Class<S>) >> 3. Services.initializeJVMCI() >> 4. Services.getSavedProperties() >> 5. Services.exportJVMCITo(Class<?>) >> 6. Services.load(Class<S>) >> 7. Services.loadSingle(Class<S>, boolean) >> >> 1 should be made protected. I'll update the webrev with this change. > > Good. > >> >> 2 should check for JVMCIPermission. I'll update the webrev with this change. > > Good. > >> >> 3 is harmless from a security perspective in my opinion. > > Would be good if one of Oracle’s security engineers could take a quick look > just to be sure.
Vladimir, can you please bring this to the attention of the relevant engineer. >> >> 4 checks for JVMCIPermission. > > Ok. > >> >> 5, 6 and 7 will be removed in a follow bug that updates Graal from upstream >> (and removes its usage of these methods). > > About this, will this Graal update happen for JDK 9? Yes. > It’s awfully late in the cycle... These are jigsaw related changes and I've been told jigsaw has an FC exception (although I don't exactly know what that is). -Doug