Changeset 73417 in webkit
- Timestamp:
- Dec 6, 2010 5:01:08 PM (13 years ago)
- Location:
- trunk/JavaScriptCore
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/JavaScriptCore/ChangeLog
r73405 r73417 1 2010-12-06 Geoffrey Garen <ggaren@apple.com> 2 3 Reviewed by Gavin Barraclough. 4 5 Simplified some ASLR-related code in PageAllocation/Reservation 6 https://bugs.webkit.org/show_bug.cgi?id=50599 7 8 Removed reserveAt, allocateAt, and friends, since they all existed to 9 serve one feature: ASLR for executable memory on x86_64 on Mac. Moved 10 ASLR code down into systemAllocate -- now, any time you allocate 11 executable memory on a supporting platform, the memory's location is 12 randomized. 13 14 * jit/ExecutableAllocatorFixedVMPool.cpp: 15 (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator): No need for the caller 16 to randomize anything. 17 18 * wtf/PageAllocation.h: 19 (WTF::PageAllocation::systemAllocate): Removed some *At() functions, and 20 beefed up executable allocation with randomization. 21 22 * wtf/PageReservation.h: 23 (WTF::PageReservation::systemReserve): Removed some *At() functions. 24 1 25 2010-12-06 Geoffrey Garen <ggaren@apple.com> 2 26 -
trunk/JavaScriptCore/jit/ExecutableAllocatorFixedVMPool.cpp
r67130 r73417 48 48 #define COALESCE_LIMIT (4u * 1024u * 1024u) // 4Mb 49 49 #endif 50 51 // ASLR currently only works on darwin (due to arc4random) & 64-bit (due to address space size).52 #define VM_POOL_ASLR (OS(DARWIN) && CPU(X86_64))53 50 54 51 using namespace WTF; … … 283 280 , m_countFreedSinceLastCoalesce(0) 284 281 { 285 // Cook up an address to allocate at, using the following recipe:286 // 17 bits of zero, stay in userspace kids.287 // 26 bits of randomness for ASLR.288 // 21 bits of zero, at least stay aligned within one level of the pagetables.289 //290 // But! - as a temporary workaround for some plugin problems (rdar://problem/6812854),291 // for now instead of 2^26 bits of ASLR lets stick with 25 bits of randomization plus292 // 2^24, which should put up somewhere in the middle of userspace (in the address range293 // 0x200000000000 .. 0x5fffffffffff).294 #if VM_POOL_ASLR295 intptr_t randomLocation = 0;296 randomLocation = arc4random() & ((1 << 25) - 1);297 randomLocation += (1 << 24);298 randomLocation <<= 21;299 m_allocation = PageReservation::reserveAt(reinterpret_cast<void*>(randomLocation), false, totalHeapSize, PageAllocation::JSJITCodePages, EXECUTABLE_POOL_WRITABLE, true);300 #else301 282 m_allocation = PageReservation::reserve(totalHeapSize, PageAllocation::JSJITCodePages, EXECUTABLE_POOL_WRITABLE, true); 302 #endif303 283 304 284 if (!!m_allocation) -
trunk/JavaScriptCore/wtf/PageAllocation.h
r72967 r73417 77 77 specifying the required protection (defaulting to writable, non-executable). 78 78 79 Where HAVE(PAGE_ALLOCATE_AT) and HAVE(PAGE_ALLOCATE_ALIGNED) are available 80 memory may also be allocated at a specified address, or with a specified 81 alignment respectively. PageAllocation::allocateAt take an address to try 82 to allocate at, and a boolean indicating whether this behaviour is strictly 83 required (if this address is unavailable, should memory at another address 84 be allocated instead). PageAllocation::allocateAligned requires that the 79 Where HAVE(PAGE_ALLOCATE_ALIGNED) is available memory may also be allocated 80 with a specified alignment. PageAllocation::allocateAligned requires that the 85 81 size is a power of two that is >= system page size. 86 82 */ … … 114 110 } 115 111 116 #if HAVE(PAGE_ALLOCATE_AT)117 static PageAllocation allocateAt(void* address, bool fixed, size_t size, Usage usage = UnknownUsage, bool writable = true, bool executable = false)118 {119 ASSERT(isPageAligned(address));120 ASSERT(isPageAligned(size));121 return systemAllocateAt(address, fixed, size, usage, writable, executable);122 }123 #endif124 125 112 #if HAVE(PAGE_ALLOCATE_ALIGNED) 126 113 static PageAllocation allocateAligned(size_t size, Usage usage = UnknownUsage) … … 170 157 171 158 static PageAllocation systemAllocate(size_t, Usage, bool, bool); 172 #if HAVE(PAGE_ALLOCATE_AT)173 static PageAllocation systemAllocateAt(void*, bool, size_t, Usage, bool, bool);174 #endif175 159 #if HAVE(PAGE_ALLOCATE_ALIGNED) 176 160 static PageAllocation systemAllocateAligned(size_t, Usage); … … 195 179 196 180 inline PageAllocation PageAllocation::systemAllocate(size_t size, Usage usage, bool writable, bool executable) 197 {198 return systemAllocateAt(0, false, size, usage, writable, executable);199 }200 201 inline PageAllocation PageAllocation::systemAllocateAt(void* address, bool fixed, size_t size, Usage usage, bool writable, bool executable)202 181 { 203 182 int protection = PROT_READ; … … 208 187 209 188 int flags = MAP_PRIVATE | MAP_ANON; 210 if (fixed)211 flags |= MAP_FIXED;212 189 213 190 #if OS(DARWIN) && !defined(BUILDING_ON_TIGER) … … 217 194 #endif 218 195 219 void* base = mmap(address, size, protection, flags, fd, 0); 196 void* base = 0; 197 #if (OS(DARWIN) && CPU(X86_64)) 198 if (executable) { 199 // Cook up an address to allocate at, using the following recipe: 200 // 17 bits of zero, stay in userspace kids. 201 // 26 bits of randomness for ASLR. 202 // 21 bits of zero, at least stay aligned within one level of the pagetables. 203 // 204 // But! - as a temporary workaround for some plugin problems (rdar://problem/6812854), 205 // for now instead of 2^26 bits of ASLR lets stick with 25 bits of randomization plus 206 // 2^24, which should put up somewhere in the middle of userspace (in the address range 207 // 0x200000000000 .. 0x5fffffffffff). 208 intptr_t randomLocation = 0; 209 randomLocation = arc4random() & ((1 << 25) - 1); 210 randomLocation += (1 << 24); 211 randomLocation <<= 21; 212 base = reinterpret_cast<void*>(randomLocation); 213 } 214 #endif 215 216 base = mmap(base, size, protection, flags, fd, 0); 220 217 if (base == MAP_FAILED) 221 218 base = 0; -
trunk/JavaScriptCore/wtf/PageReservation.h
r65886 r73417 50 50 the region of memory is decommitted and then committed again. 51 51 52 Where HAVE(PAGE_ALLOCATE_AT) is available a PageReservation::reserveAt method53 also exists, with behaviour mirroring PageAllocation::allocateAt.54 55 52 Memory protection should not be changed on decommitted memory, and if protection 56 53 is changed on memory while it is committed it should be returned to the orignal … … 100 97 return systemReserve(size, usage, writable, executable); 101 98 } 102 103 #if HAVE(PAGE_ALLOCATE_AT)104 static PageReservation reserveAt(void* address, bool fixed, size_t size, Usage usage = UnknownUsage, bool writable = true, bool executable = false)105 {106 ASSERT(isPageAligned(address));107 ASSERT(isPageAligned(size));108 return systemReserveAt(address, fixed, size, usage, writable, executable);109 }110 #endif111 99 112 100 void deallocate() … … 138 126 void systemDecommit(void*, size_t); 139 127 static PageReservation systemReserve(size_t, Usage, bool, bool); 140 #if HAVE(PAGE_ALLOCATE_AT)141 static PageReservation systemReserveAt(void*, bool, size_t, Usage, bool, bool);142 #endif143 128 144 129 #if HAVE(VIRTUALALLOC) … … 181 166 inline PageReservation PageReservation::systemReserve(size_t size, Usage usage, bool writable, bool executable) 182 167 { 183 return systemReserveAt(0, false, size, usage, writable, executable); 184 } 185 186 inline PageReservation PageReservation::systemReserveAt(void* address, bool fixed, size_t size, Usage usage, bool writable, bool executable) 187 { 188 void* base = systemAllocateAt(address, fixed, size, usage, writable, executable).base(); 168 void* base = systemAllocate(size, usage, writable, executable).base(); 189 169 #if HAVE(MADV_FREE_REUSE) 190 170 // When using MADV_FREE_REUSE we keep all decommitted memory marked as REUSABLE.
Note: See TracChangeset
for help on using the changeset viewer.