Hello
Since the audience has been expanded let me summarize what would be
needed to make jdk.attach free of JNI on Unix (AIX, Linux, macOS).
jdk.attach currently uses JNI for four different things.
1. reading and writing unix domain sockets
2. accessing uid, guid and permissions of a file
3. sending SIGQUIT to an arbitrary PID, including self in the case of
self attach
4. sysctl({CTL_KERN, KERN_PROC, KERN_PROC_PID, pid}) on macOS
For 1. and 2. there are already supported Java based APIs and I have
patches in case somebody is willing to sponsor this work / open a JIRA.
3. kill(SIGQUIT)
This can be done quite easily using FFM as the signature of kill() is
quite simple. The signature and values are the same an Linux and macOS
and I assume AIX as well, but I don't have access to a machine to
verify. Overlap with existing code is with ProcessHandleImpl.destroy0
which sends SIGKILL or SIGTERM to a PID but performs additional checks.
So an API to send a signal to a PID would be needed. It is my
understanding that jdk.internal.misc.Signal only supports sending signal
to self.
4. sysctl({CTL_KERN, KERN_PROC, KERN_PROC_PID, pid})
This is more complicated as the kinfo_proc and extern_proc structs are
quite large. jextract is the easiest way to come up with the
definitions. However the amount of generated code is quite large even
after filtering. The generated code can be further cut down using manual
editing. I have not yet looked into replacing not needed struct fields
with padding. To the best of my knowledge jextract hasn't the been
included into the JDK build.
Overlap here is in ProcessHandleImpl_macosx.c with the functions
os_getParentPidAndTimings and getUID but they access different fields of
extern_proc.
Honestly here I'm not sure why this check is needed at all. The
reasoning given for the check in VirtualMachineImpl.c would in my option
apply to Linux and AIX as well but this check is not performed there.
Removing this check from the macOS implementation would obviously be the
easiest.
I can't speak for Windows as I'm not familiar enough with Windows APIs.
Cheers
Philippe
On 19.06.25 14:40, Magnus Ihse Bursie wrote:
Hi Philippe,
There is an ongoing effort about "Panamization" (that is, adapting it to
use FFM instead of JNI) of native code in the JDK in general. This is
discussed on the core-libs-dev mailing list. I've cc:ed them. I think it
would be beneficial if you coordinate your efforts with the Panamization
effort.
/Magnus
On 2025-06-15 17:43, Philippe Marschall wrote:
Hello
I further pursued the approach
- Rebased the Linux implementation [1], implemented the permission
check using JSR 203 and the Unix domain sockets using JEP 380.
- Applied the same changes to the AIX implementation [2].
- Switched Linux to an FFM based kill implementation [3], completely
getting rid of JNI.
- Updated the macOS implementation [4], implemented the permission
check using JSR 203 and the Unix domain sockets using JEP 380.
- Switched macOS to an FFM based kill and sysctl implementation [5],
completely getting rid of JNI.
I ran the serviceability test suite on Linux and macOS and it passes.
I manually verified that I can attach to JVMs using local builds.
I could not test on AIX.
[1] https://github.com/marschall/jdk/
commit/3a7796daadad7c9d2d85e9e4623f170baecc0e41
[2] https://github.com/marschall/jdk/
commit/962729e0bfb6b7d86af303f25c6670d407d1d2d9
[3] https://github.com/marschall/jdk/
commit/7b5f1bf6f55458a7f69f50b8fdf4986e22202559
[4] https://github.com/marschall/jdk/
commit/93372a124eca6078fde5597c2498b381a4ef5dfa
[5] https://github.com/marschall/jdk/commit/
c5faf9655bbb85cc3ed9b2a7ef15b08ab83d1d8b
Cheers
Philippe
On 20.04.22 22:13, Philippe Marschall wrote:
Hello
I hope this is the right mailing list. I recently had a look at the
Linux attach provider implementation and could not help but noticing
that a large part, if not all of it, could be replaced with Java.
Besides getting rid of the C code this should allow us to unify the AIX,
Linux and macOS implementations under a single Unix implementation.
The permission check can be implemented using JSR 203 [1] to access uid,
gid and file mode and using jdk.internal.misc.VM to get the euid and
egid.
Reading and writing to Unix domain sockets can be done through JEP
380 [2].
Sending SIGQUIT to a process could in theory done through JEP 102 [3]
however sending SIGQUIT to self is currently blocked. This is required
for the self attach mechanism. There a very small C function is still
needed for now, this is hopefully portable.
I did a small prototype [4]. The tier1 suite runs and I can attach to a
local JVM.
The overhead will likely be a bit higher as we go through more JDK
abstractions.
[1] https://jcp.org/en/jsr/detail?id=203
[2] https://openjdk.java.net/jeps/380
[3] https://openjdk.java.net/jeps/102
[4]
https://github.com/marschall/jdk/
commit/207dac7e4d1bd65450bbd2c9e14d33fc34b7cebc
Cheers
Philippe
