Changeset 234648 in webkit

Timestamp:

Aug 7, 2018 5:50:23 AM (6 years ago)

Author:

commit-queue@webkit.org

Message:

Hardcoded LFENCE instruction
​https://bugs.webkit.org/show_bug.cgi?id=188145

Patch by Karo Gyoker <​karogyoker2+webkit@gmail.com> on 2018-08-07
Reviewed by Filip Pizlo.

Remove lfence instruction because it is crashing systems without SSE2 and
this is not the way how WebKit mitigates Spectre.

Source/JavaScriptCore:

• runtime/JSLock.cpp:

(JSC::JSLock::didAcquireLock):
(JSC::JSLock::willReleaseLock):

Source/WTF:

• wtf/Atomics.h:

(WTF::crossModifyingCodeFence):
(WTF::speculationFence): Deleted.
(WTF::x86_lfence): Deleted.

Location:

trunk/Source

Files:

• JavaScriptCore/ChangeLog (modified) (1 diff)
• JavaScriptCore/runtime/JSLock.cpp (modified) (2 diffs)
• WTF/ChangeLog (modified) (1 diff)
• WTF/wtf/Atomics.h (modified) (3 diffs)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2018-08-07  Karo Gyoker  <karogyoker2+webkit@gmail.com>
+
+        Hardcoded LFENCE instruction
+        https://bugs.webkit.org/show_bug.cgi?id=188145
+
+        Reviewed by Filip Pizlo.
+
+        Remove lfence instruction because it is crashing systems without SSE2 and
+        this is not the way how WebKit mitigates Spectre.
+
+        * runtime/JSLock.cpp:
+        (JSC::JSLock::didAcquireLock):
+        (JSC::JSLock::willReleaseLock):
+
 2018-08-04  David Kilzer  <ddkilzer@apple.com>
 

trunk/Source/JavaScriptCore/runtime/JSLock.cpp

@@ -123 +123 @@
 
 void JSLock::didAcquireLock()
-{
-    WTF::speculationFence();
-    
+{  
     // FIXME: What should happen to the per-thread identifier table if we don't have a VM?
     if (!m_vm)
@@ -193 +191 @@
 
 void JSLock::willReleaseLock()
-{
-    WTF::speculationFence();
-    
+{   
     RefPtr<VM> vm = m_vm;
     if (vm) {

trunk/Source/WTF/ChangeLog

@@ +1 @@
+2018-08-07  Karo Gyoker  <karogyoker2+webkit@gmail.com>
+
+        Hardcoded LFENCE instruction
+        https://bugs.webkit.org/show_bug.cgi?id=188145
+
+        Reviewed by Filip Pizlo.
+
+        Remove lfence instruction because it is crashing systems without SSE2 and
+        this is not the way how WebKit mitigates Spectre.
+
+        * wtf/Atomics.h:
+        (WTF::crossModifyingCodeFence):
+        (WTF::speculationFence): Deleted.
+        (WTF::x86_lfence): Deleted.
+
 2018-08-07  Antti Koivisto  <antti@apple.com>
 

trunk/Source/WTF/wtf/Atomics.h

@@ -277 +277 @@
 inline void memoryBarrierBeforeUnlock() { arm_dmb(); }
 inline void crossModifyingCodeFence() { arm_isb(); }
-inline void speculationFence() { arm_isb(); }
 
 #elif CPU(X86) || CPU(X86_64)
-
-inline void x86_lfence()
-{
-#if !OS(WINDOWS)
-    asm volatile("lfence" ::: "memory");
-#endif
-}
 
 inline void x86_ortop()
@@ -323 +315 @@
 inline void memoryBarrierBeforeUnlock() { compilerFence(); }
 inline void crossModifyingCodeFence() { x86_cpuid(); }
-inline void speculationFence() { x86_lfence(); }
 
 #else
@@ -334 +325 @@
 inline void memoryBarrierBeforeUnlock() { std::atomic_thread_fence(std::memory_order_seq_cst); }
 inline void crossModifyingCodeFence() { std::atomic_thread_fence(std::memory_order_seq_cst); } // Probably not strong enough.
-inline void speculationFence() { } // Probably not strong enough.
 
 #endif