Handle failure in `ffi_closure_alloc` by DaveCTurner · Pull Request #1378 · java-native-access/jna

DaveCTurner · 2021-08-30T09:40:45Z

ffi_closure_alloc may fail and return NULL if, for instance, we're
running in a locked-down operating system that forbids FFI from
allocating executable pages of memory in any of the ways that it tries.
Today we pass this NULL on to ffi_prep_closure_loc which triggers a
segmentation fault that takes down the whole JVM. With this change we
check for a failure in this call and turn it into an
UnsupportedOperationException so that the caller can handle it more
gracefully.

Relates elastic/elasticsearch#73309
Relates elastic/elasticsearch#18272
Closes #1107

DaveCTurner · 2021-08-30T09:43:02Z

I had a bit of a look for tests of similar things but didn't see anything obvious, nor can I think of good ways to test this change. Some guidance would be appreciated.

dkocher · 2021-08-30T09:44:02Z

Looks like a fix for #1107.

matthiasblaesing · 2021-09-05T20:21:41Z

Change looks good to me. Thank you.

I agree testing this will be difficult to impossible. You could startup a virtual machine, lock that down, test to run JNA in that setup and observe what happens. I think that the balance between effort and results would tip in a bad way, so I think review is enough here.

Could please also have a look at:

jna/native/dispatch.c

Lines 3515 to 3535 in a40db1b

    
           JNIEXPORT jlong JNICALL 
        
           Java_com_sun_jna_Native_ffi_1prep_1closure(JNIEnv *env, jclass UNUSED(cls), jlong cif, jobject obj) 
        
           { 
        
             callback* cb = (callback *)malloc(sizeof(callback)); 
        
             ffi_status s; 
        
             if ((*env)->GetJavaVM(env, &cb->vm) != JNI_OK) { 
        
               throwByName(env, EUnsatisfiedLink, "Can't get Java VM"); 
        
               return 0; 
        
             } 
        
             cb->object = (*env)->NewWeakGlobalRef(env, obj); 
        
             cb->closure = ffi_closure_alloc(sizeof(ffi_closure), L2A(&cb->x_closure)); 
        
             s = ffi_prep_closure_loc(cb->closure, L2A(cif), &closure_handler, 
        
                                      cb, cb->x_closure); 
        
             if (ffi_error(env, "ffi_prep_cif", s)) { 
        
               return 0; 
        
             } 
        
             return A2L(cb); 
        
           }

Lines 3527 and 3529 look pretty similar, so I think a guard should be placed there also.

DaveCTurner · 2021-09-06T07:08:54Z

Lines 3527 and 3529 look pretty similar, so I think a guard should be placed there also.

Sure, I think bb75249 does the right thing here.

matthiasblaesing · 2021-09-12T11:55:14Z

Eyeballed this and looks good to me. To get this in please squash the changes into a single commit. After merge I'll see which architectures I manage to rebuild.

`ffi_closure_alloc` may fail and return `NULL` if, for instance, we're running in a locked-down operating system that forbids FFI from allocating executable pages of memory in any of the ways that it tries. Today we pass this `NULL` on to `ffi_prep_closure_loc` which triggers a segmentation fault that takes down the whole JVM. With this change we check for a failure in this call and turn it into an `UnsupportedOperationException` so that the caller can handle it more gracefully. Relates elastic/elasticsearch#73309 Relates elastic/elasticsearch#18272

DaveCTurner · 2021-09-13T08:00:31Z

Sure thing. The squashed commit is 3f5e937.

matthiasblaesing · 2021-09-14T21:46:17Z

Thank you.

DaveCTurner mentioned this pull request Aug 30, 2021

Elasticsearch 7.X fails to start with jna tmp dir configured (CentOS8 - Hardened) elastic/elasticsearch#73309

Closed

dbwiddis reviewed Sep 6, 2021

View reviewed changes

Comment thread native/dispatch.c

DaveCTurner force-pushed the 2021-08-30-ffi_closure_alloc-returns-NULL branch from 5299bd5 to 3f5e937 Compare September 13, 2021 07:59

matthiasblaesing merged commit 4ebb64a into java-native-access:master Sep 14, 2021

DaveCTurner mentioned this pull request Sep 21, 2021

Please upgrade libffi to ≥3.4.2 #1381

Closed

DaveCTurner deleted the 2021-08-30-ffi_closure_alloc-returns-NULL branch September 21, 2021 06:58

dkocher mentioned this pull request Oct 2, 2021

Test failures on Apple silicon (aarch64) #1323

Closed

schlosna mentioned this pull request Sep 14, 2023

Rebump JNA with LIBFFI_TMPDIR palantir/cassandra#443

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Handle failure in `ffi_closure_alloc`#1378

Handle failure in `ffi_closure_alloc`#1378
matthiasblaesing merged 1 commit intojava-native-access:masterfrom
DaveCTurner:2021-08-30-ffi_closure_alloc-returns-NULL

DaveCTurner commented Aug 30, 2021 •

edited

Loading

Uh oh!

DaveCTurner commented Aug 30, 2021

Uh oh!

dkocher commented Aug 30, 2021

Uh oh!

matthiasblaesing commented Sep 5, 2021

Uh oh!

DaveCTurner commented Sep 6, 2021

Uh oh!

Uh oh!

matthiasblaesing commented Sep 12, 2021

Uh oh!

DaveCTurner commented Sep 13, 2021

Uh oh!

matthiasblaesing commented Sep 14, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Conversation

DaveCTurner commented Aug 30, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

DaveCTurner commented Aug 30, 2021

Uh oh!

dkocher commented Aug 30, 2021

Uh oh!

matthiasblaesing commented Sep 5, 2021

Uh oh!

DaveCTurner commented Sep 6, 2021

Uh oh!

Uh oh!

matthiasblaesing commented Sep 12, 2021

Uh oh!

DaveCTurner commented Sep 13, 2021

Uh oh!

matthiasblaesing commented Sep 14, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

DaveCTurner commented Aug 30, 2021 •

edited

Loading