[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-10851-g50815da
ggaren at apple.com
ggaren at apple.com
Wed Dec 22 18:05:57 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 36d5236d1b6b9b4556c7ecdeeeaf8ead3753c882
Author: ggaren at apple.com <ggaren at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue Dec 7 01:01:08 2010 +0000
2010-12-06 Geoffrey Garen <ggaren at apple.com>
Reviewed by Gavin Barraclough.
Simplified some ASLR-related code in PageAllocation/Reservation
https://bugs.webkit.org/show_bug.cgi?id=50599
Removed reserveAt, allocateAt, and friends, since they all existed to
serve one feature: ASLR for executable memory on x86_64 on Mac. Moved
ASLR code down into systemAllocate -- now, any time you allocate
executable memory on a supporting platform, the memory's location is
randomized.
* jit/ExecutableAllocatorFixedVMPool.cpp:
(JSC::FixedVMPoolAllocator::FixedVMPoolAllocator): No need for the caller
to randomize anything.
* wtf/PageAllocation.h:
(WTF::PageAllocation::systemAllocate): Removed some *At() functions, and
beefed up executable allocation with randomization.
* wtf/PageReservation.h:
(WTF::PageReservation::systemReserve): Removed some *At() functions.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@73417 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index d376dbf..fbdc41a 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,5 +1,29 @@
2010-12-06 Geoffrey Garen <ggaren at apple.com>
+ Reviewed by Gavin Barraclough.
+
+ Simplified some ASLR-related code in PageAllocation/Reservation
+ https://bugs.webkit.org/show_bug.cgi?id=50599
+
+ Removed reserveAt, allocateAt, and friends, since they all existed to
+ serve one feature: ASLR for executable memory on x86_64 on Mac. Moved
+ ASLR code down into systemAllocate -- now, any time you allocate
+ executable memory on a supporting platform, the memory's location is
+ randomized.
+
+ * jit/ExecutableAllocatorFixedVMPool.cpp:
+ (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator): No need for the caller
+ to randomize anything.
+
+ * wtf/PageAllocation.h:
+ (WTF::PageAllocation::systemAllocate): Removed some *At() functions, and
+ beefed up executable allocation with randomization.
+
+ * wtf/PageReservation.h:
+ (WTF::PageReservation::systemReserve): Removed some *At() functions.
+
+2010-12-06 Geoffrey Garen <ggaren at apple.com>
+
Reviewed by Maciej Stachowiak.
reserveAndCommit doesn't commit on MADVISE_FREE_REUSE systems
diff --git a/JavaScriptCore/jit/ExecutableAllocatorFixedVMPool.cpp b/JavaScriptCore/jit/ExecutableAllocatorFixedVMPool.cpp
index 15247c2..37320cf 100644
--- a/JavaScriptCore/jit/ExecutableAllocatorFixedVMPool.cpp
+++ b/JavaScriptCore/jit/ExecutableAllocatorFixedVMPool.cpp
@@ -48,9 +48,6 @@
#define COALESCE_LIMIT (4u * 1024u * 1024u) // 4Mb
#endif
-// ASLR currently only works on darwin (due to arc4random) & 64-bit (due to address space size).
-#define VM_POOL_ASLR (OS(DARWIN) && CPU(X86_64))
-
using namespace WTF;
namespace JSC {
@@ -282,24 +279,7 @@ public:
: m_commonSize(commonSize)
, m_countFreedSinceLastCoalesce(0)
{
- // Cook up an address to allocate at, using the following recipe:
- // 17 bits of zero, stay in userspace kids.
- // 26 bits of randomness for ASLR.
- // 21 bits of zero, at least stay aligned within one level of the pagetables.
- //
- // But! - as a temporary workaround for some plugin problems (rdar://problem/6812854),
- // for now instead of 2^26 bits of ASLR lets stick with 25 bits of randomization plus
- // 2^24, which should put up somewhere in the middle of userspace (in the address range
- // 0x200000000000 .. 0x5fffffffffff).
-#if VM_POOL_ASLR
- intptr_t randomLocation = 0;
- randomLocation = arc4random() & ((1 << 25) - 1);
- randomLocation += (1 << 24);
- randomLocation <<= 21;
- m_allocation = PageReservation::reserveAt(reinterpret_cast<void*>(randomLocation), false, totalHeapSize, PageAllocation::JSJITCodePages, EXECUTABLE_POOL_WRITABLE, true);
-#else
m_allocation = PageReservation::reserve(totalHeapSize, PageAllocation::JSJITCodePages, EXECUTABLE_POOL_WRITABLE, true);
-#endif
if (!!m_allocation)
m_freeList.insert(new FreeListEntry(m_allocation.base(), m_allocation.size()));
diff --git a/JavaScriptCore/wtf/PageAllocation.h b/JavaScriptCore/wtf/PageAllocation.h
index c13821c..5a28e40 100644
--- a/JavaScriptCore/wtf/PageAllocation.h
+++ b/JavaScriptCore/wtf/PageAllocation.h
@@ -76,12 +76,8 @@ namespace WTF {
system memory usage tracking tools, where implemented), and boolean values
specifying the required protection (defaulting to writable, non-executable).
- Where HAVE(PAGE_ALLOCATE_AT) and HAVE(PAGE_ALLOCATE_ALIGNED) are available
- memory may also be allocated at a specified address, or with a specified
- alignment respectively. PageAllocation::allocateAt take an address to try
- to allocate at, and a boolean indicating whether this behaviour is strictly
- required (if this address is unavailable, should memory at another address
- be allocated instead). PageAllocation::allocateAligned requires that the
+ Where HAVE(PAGE_ALLOCATE_ALIGNED) is available memory may also be allocated
+ with a specified alignment. PageAllocation::allocateAligned requires that the
size is a power of two that is >= system page size.
*/
class PageAllocation {
@@ -113,15 +109,6 @@ public:
return systemAllocate(size, usage, writable, executable);
}
-#if HAVE(PAGE_ALLOCATE_AT)
- static PageAllocation allocateAt(void* address, bool fixed, size_t size, Usage usage = UnknownUsage, bool writable = true, bool executable = false)
- {
- ASSERT(isPageAligned(address));
- ASSERT(isPageAligned(size));
- return systemAllocateAt(address, fixed, size, usage, writable, executable);
- }
-#endif
-
#if HAVE(PAGE_ALLOCATE_ALIGNED)
static PageAllocation allocateAligned(size_t size, Usage usage = UnknownUsage)
{
@@ -169,9 +156,6 @@ protected:
#endif
static PageAllocation systemAllocate(size_t, Usage, bool, bool);
-#if HAVE(PAGE_ALLOCATE_AT)
- static PageAllocation systemAllocateAt(void*, bool, size_t, Usage, bool, bool);
-#endif
#if HAVE(PAGE_ALLOCATE_ALIGNED)
static PageAllocation systemAllocateAligned(size_t, Usage);
#endif
@@ -195,11 +179,6 @@ protected:
inline PageAllocation PageAllocation::systemAllocate(size_t size, Usage usage, bool writable, bool executable)
{
- return systemAllocateAt(0, false, size, usage, writable, executable);
-}
-
-inline PageAllocation PageAllocation::systemAllocateAt(void* address, bool fixed, size_t size, Usage usage, bool writable, bool executable)
-{
int protection = PROT_READ;
if (writable)
protection |= PROT_WRITE;
@@ -207,8 +186,6 @@ inline PageAllocation PageAllocation::systemAllocateAt(void* address, bool fixed
protection |= PROT_EXEC;
int flags = MAP_PRIVATE | MAP_ANON;
- if (fixed)
- flags |= MAP_FIXED;
#if OS(DARWIN) && !defined(BUILDING_ON_TIGER)
int fd = usage;
@@ -216,7 +193,27 @@ inline PageAllocation PageAllocation::systemAllocateAt(void* address, bool fixed
int fd = -1;
#endif
- void* base = mmap(address, size, protection, flags, fd, 0);
+ void* base = 0;
+#if (OS(DARWIN) && CPU(X86_64))
+ if (executable) {
+ // Cook up an address to allocate at, using the following recipe:
+ // 17 bits of zero, stay in userspace kids.
+ // 26 bits of randomness for ASLR.
+ // 21 bits of zero, at least stay aligned within one level of the pagetables.
+ //
+ // But! - as a temporary workaround for some plugin problems (rdar://problem/6812854),
+ // for now instead of 2^26 bits of ASLR lets stick with 25 bits of randomization plus
+ // 2^24, which should put up somewhere in the middle of userspace (in the address range
+ // 0x200000000000 .. 0x5fffffffffff).
+ intptr_t randomLocation = 0;
+ randomLocation = arc4random() & ((1 << 25) - 1);
+ randomLocation += (1 << 24);
+ randomLocation <<= 21;
+ base = reinterpret_cast<void*>(randomLocation);
+ }
+#endif
+
+ base = mmap(base, size, protection, flags, fd, 0);
if (base == MAP_FAILED)
base = 0;
return PageAllocation(base, size);
diff --git a/JavaScriptCore/wtf/PageReservation.h b/JavaScriptCore/wtf/PageReservation.h
index cfc7cd9..28f06bb 100644
--- a/JavaScriptCore/wtf/PageReservation.h
+++ b/JavaScriptCore/wtf/PageReservation.h
@@ -49,9 +49,6 @@ namespace WTF {
is deallocated. Values in memory may not be retained accross a pair of calls if
the region of memory is decommitted and then committed again.
- Where HAVE(PAGE_ALLOCATE_AT) is available a PageReservation::reserveAt method
- also exists, with behaviour mirroring PageAllocation::allocateAt.
-
Memory protection should not be changed on decommitted memory, and if protection
is changed on memory while it is committed it should be returned to the orignal
protection before decommit is called.
@@ -100,15 +97,6 @@ public:
return systemReserve(size, usage, writable, executable);
}
-#if HAVE(PAGE_ALLOCATE_AT)
- static PageReservation reserveAt(void* address, bool fixed, size_t size, Usage usage = UnknownUsage, bool writable = true, bool executable = false)
- {
- ASSERT(isPageAligned(address));
- ASSERT(isPageAligned(size));
- return systemReserveAt(address, fixed, size, usage, writable, executable);
- }
-#endif
-
void deallocate()
{
ASSERT(m_base);
@@ -137,9 +125,6 @@ private:
bool systemCommit(void*, size_t);
void systemDecommit(void*, size_t);
static PageReservation systemReserve(size_t, Usage, bool, bool);
-#if HAVE(PAGE_ALLOCATE_AT)
- static PageReservation systemReserveAt(void*, bool, size_t, Usage, bool, bool);
-#endif
#if HAVE(VIRTUALALLOC)
DWORD m_protection;
@@ -180,12 +165,7 @@ inline void PageReservation::systemDecommit(void* start, size_t size)
inline PageReservation PageReservation::systemReserve(size_t size, Usage usage, bool writable, bool executable)
{
- return systemReserveAt(0, false, size, usage, writable, executable);
-}
-
-inline PageReservation PageReservation::systemReserveAt(void* address, bool fixed, size_t size, Usage usage, bool writable, bool executable)
-{
- void* base = systemAllocateAt(address, fixed, size, usage, writable, executable).base();
+ void* base = systemAllocate(size, usage, writable, executable).base();
#if HAVE(MADV_FREE_REUSE)
// When using MADV_FREE_REUSE we keep all decommitted memory marked as REUSABLE.
// We call REUSE on commit, and REUSABLE on decommit.
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list