130156 2014-03-12 13:36:38 -0700 Allocate the data section on the heap again for FTL on ARM64 2014-04-29 14:45:05 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) iPhone / iPad iOS 7.0 RESOLVED FIXED P1 Critical --- 112840 1 juergen webkit-unassigned dbates fpizlo ggaren oliver oldest_to_newest 989815 0 juergen 2014-03-12 13:36:38 -0700 Revert the temporary workaround that allocated data section in executable memory. This is no longer required, because the MCJIT supports now the large code model for ARM64. 989816 1 226549 juergen 2014-03-12 13:38:17 -0700 Created attachment 226549 Patch 989947 2 226549 ggaren 2014-03-12 23:42:26 -0700 Comment on attachment 226549 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=226549&action=review r=me > Source/JavaScriptCore/ftl/FTLCompile.cpp:84 > + // Allocate the GOT in the code section to make it reachable for all code. > + if (!strcmp(sectionName, "__got")) > + return mmAllocateCodeSection(opaqueState, size, alignment, sectionID, sectionName); As a follow-up, we'll need to allocate the GOT outside executable memory -- otherwise we're still subject to "JIT spray" attacks. 989998 3 fpizlo 2014-03-13 07:12:42 -0700 (In reply to comment #2) > (From update of attachment 226549 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=226549&action=review > > r=me > > > Source/JavaScriptCore/ftl/FTLCompile.cpp:84 > > + // Allocate the GOT in the code section to make it reachable for all code. > > + if (!strcmp(sectionName, "__got")) > > + return mmAllocateCodeSection(opaqueState, size, alignment, sectionID, sectionName); > > As a follow-up, we'll need to allocate the GOT outside executable memory -- otherwise we're still subject to "JIT spray" attacks. No it won't. The GOT is just a table of pointers. We control it entirely. 990059 4 226549 fpizlo 2014-03-13 10:43:52 -0700 Comment on attachment 226549 Patch Let's not land this yet. We want to first verify the LLVM changes and give everyone time to start building with the new LLVM that has the code model changes. 1001385 5 fpizlo 2014-04-16 16:30:50 -0700 Landed in http://trac.webkit.org/changeset/167397 1005129 6 fpizlo 2014-04-29 14:45:05 -0700 *** Bug 129756 has been marked as a duplicate of this bug. *** 226549 2014-03-12 13:38:17 -0700 2014-04-16 16:31:01 -0700 Patch bug-130156-20140312133906.patch text/plain 4291 juergen U3VidmVyc2lvbiBSZXZpc2lvbjogMTY1NDkzCmRpZmYgLS1naXQgYS9Tb3VyY2UvSmF2YVNjcmlw dENvcmUvQ2hhbmdlTG9nIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwppbmRleCA1 YmJmMzNiNjk2MzNjZWQ5NTU2ZWMwMzU5NzhiMzc5ZmNkZmQ1MDE5Li4yYmM5YjllNDI1OTVhZWM4 NWI1NTQyMjE4NjdmNWM2MDI0NGY2MTE5IDEwMDY0NAotLS0gYS9Tb3VyY2UvSmF2YVNjcmlwdENv cmUvQ2hhbmdlTG9nCisrKyBiL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKQEAgLTEs MyArMSwxNyBAQAorMjAxNC0wMy0xMiAgSnVlcmdlbiBSaWJ1dHprYSAgPGp1ZXJnZW5AYXBwbGUu Y29tPgorCisgICAgICAgIEFsbG9jYXRlIHRoZSBkYXRhIHNlY3Rpb24gb24gdGhlIGhlYXAgYWdh aW4gZm9yIEZUTCBvbiBBUk02NAorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93 X2J1Zy5jZ2k/aWQ9MTMwMTU2CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISku CisKKyAgICAgICAgKiBmdGwvRlRMQ29tcGlsZS5jcHA6CisgICAgICAgIChKU0M6OkZUTDo6bW1B bGxvY2F0ZURhdGFTZWN0aW9uKToKKyAgICAgICAgKiBmdGwvRlRMRGF0YVNlY3Rpb24uY3BwOgor ICAgICAgICAoSlNDOjpGVEw6OkRhdGFTZWN0aW9uOjpEYXRhU2VjdGlvbik6CisgICAgICAgIChK U0M6OkZUTDo6RGF0YVNlY3Rpb246On5EYXRhU2VjdGlvbik6CisgICAgICAgICogZnRsL0ZUTERh dGFTZWN0aW9uLmg6CisKIDIwMTQtMDMtMTIgIE1hcmsgSGFobmVuYmVyZyAgPG1oYWhuZW5iZXJn QGFwcGxlLmNvbT4KIAogICAgICAgICBSZW1vdmUgSGFuZGxlU2V0OjptX25leHRUb0ZpbmFsaXpl CmRpZmYgLS1naXQgYS9Tb3VyY2UvSmF2YVNjcmlwdENvcmUvZnRsL0ZUTENvbXBpbGUuY3BwIGIv U291cmNlL0phdmFTY3JpcHRDb3JlL2Z0bC9GVExDb21waWxlLmNwcAppbmRleCA3ZGVlYjYzYTkw ZjU2YTFhZWIxMWRmNjQxY2Q4NTlhOWUyNDc4NGQ4Li5jZjk3YTdjNzNkMjU4MTY1ZmYxMzJlYzc1 NmUyMTU2OGNhMzY1OGZiIDEwMDY0NAotLS0gYS9Tb3VyY2UvSmF2YVNjcmlwdENvcmUvZnRsL0ZU TENvbXBpbGUuY3BwCisrKyBiL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9mdGwvRlRMQ29tcGlsZS5j cHAKQEAgLTc5LDExICs3OSwxNCBAQCBzdGF0aWMgdWludDhfdCogbW1BbGxvY2F0ZURhdGFTZWN0 aW9uKAogICAgIFVOVVNFRF9QQVJBTShzZWN0aW9uSUQpOwogICAgIFVOVVNFRF9QQVJBTShpc1Jl YWRPbmx5KTsKIAorICAgIC8vIEFsbG9jYXRlIHRoZSBHT1QgaW4gdGhlIGNvZGUgc2VjdGlvbiB0 byBtYWtlIGl0IHJlYWNoYWJsZSBmb3IgYWxsIGNvZGUuCisgICAgaWYgKCFzdHJjbXAoc2VjdGlv bk5hbWUsICJfX2dvdCIpKQorICAgICAgICByZXR1cm4gbW1BbGxvY2F0ZUNvZGVTZWN0aW9uKG9w YXF1ZVN0YXRlLCBzaXplLCBhbGlnbm1lbnQsIHNlY3Rpb25JRCwgc2VjdGlvbk5hbWUpOworCiAg ICAgU3RhdGUmIHN0YXRlID0gKnN0YXRpY19jYXN0PFN0YXRlKj4ob3BhcXVlU3RhdGUpOwotICAg IAotICAgIFJlZlB0cjxEYXRhU2VjdGlvbj4gc2VjdGlvbiA9IGFkb3B0UmVmKG5ldyBEYXRhU2Vj dGlvbigKLSAgICAgICAgc3RhdGUuZ3JhcGgubV92bSwgc3RhdGUuZ3JhcGgubV9jb2RlQmxvY2ss IHNpemUsIGFsaWdubWVudCkpOwotICAgIAorCisgICAgUmVmUHRyPERhdGFTZWN0aW9uPiBzZWN0 aW9uID0gYWRvcHRSZWYobmV3IERhdGFTZWN0aW9uKHNpemUsIGFsaWdubWVudCkpOworCiAgICAg aWYgKCFzdHJjbXAoc2VjdGlvbk5hbWUsICJfX2xsdm1fc3RhY2ttYXBzIikpCiAgICAgICAgIHN0 YXRlLnN0YWNrbWFwc1NlY3Rpb24gPSBzZWN0aW9uOwogICAgIGVsc2UgewpAQCAtOTQsNyArOTcs NyBAQCBzdGF0aWMgdWludDhfdCogbW1BbGxvY2F0ZURhdGFTZWN0aW9uKAogICAgICAgICAgICAg c3RhdGUuY29tcGFjdFVud2luZFNpemUgPSBzaXplOwogICAgICAgICB9CiAgICAgfQotICAgIAor CiAgICAgcmV0dXJuIGJpdHdpc2VfY2FzdDx1aW50OF90Kj4oc2VjdGlvbi0+YmFzZSgpKTsKIH0K IApkaWZmIC0tZ2l0IGEvU291cmNlL0phdmFTY3JpcHRDb3JlL2Z0bC9GVExEYXRhU2VjdGlvbi5j cHAgYi9Tb3VyY2UvSmF2YVNjcmlwdENvcmUvZnRsL0ZUTERhdGFTZWN0aW9uLmNwcAppbmRleCBh NmY5ZjRjYTg1N2M2NzYxNzBhNGQ2MzUxNzE2NTQzYWZmZjk0NzdkLi4xZWExY2M1MmNmNTZhZTEz ODQ3NDE2MTRhZWJlYTNhNTVkZWY5NWMxIDEwMDY0NAotLS0gYS9Tb3VyY2UvSmF2YVNjcmlwdENv cmUvZnRsL0ZUTERhdGFTZWN0aW9uLmNwcAorKysgYi9Tb3VyY2UvSmF2YVNjcmlwdENvcmUvZnRs L0ZUTERhdGFTZWN0aW9uLmNwcApAQCAtMzQsMzAgKzM0LDkgQEAKIAogbmFtZXNwYWNlIEpTQyB7 IG5hbWVzcGFjZSBGVEwgewogCi0jaWYgQ1BVKEFSTTY0KQotLy8gRklYTUU6IFdlIHNob3VsZCB1 bmRvIHRoaXMgb25jZSB3ZSBmaXggcmVsb2NhdGlvbiBpc3N1ZXMuCi0vLyBodHRwczovL2J1Z3Mu d2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTI5NzU2Ci1zdGF0aWMgY29uc3QgYm9vbCB1c2VF eGVjdXRhYmxlTWVtb3J5ID0gdHJ1ZTsKLSNlbHNlCi1zdGF0aWMgY29uc3QgYm9vbCB1c2VFeGVj dXRhYmxlTWVtb3J5ID0gZmFsc2U7Ci0jZW5kaWYKLQotRGF0YVNlY3Rpb246OkRhdGFTZWN0aW9u KFZNJiB2bSwgQ29kZUJsb2NrKiBjb2RlQmxvY2ssIHNpemVfdCBzaXplLCB1bnNpZ25lZCBhbGln bm1lbnQpCitEYXRhU2VjdGlvbjo6RGF0YVNlY3Rpb24oc2l6ZV90IHNpemUsIHVuc2lnbmVkIGFs aWdubWVudCkKICAgICA6IG1fc2l6ZShzaXplKQogewotICAgIGlmICh1c2VFeGVjdXRhYmxlTWVt b3J5KSB7Ci0gICAgICAgIFJFTEVBU0VfQVNTRVJUKGFsaWdubWVudCA8IGppdEFsbG9jYXRpb25H cmFudWxlKTsKLSAgICAgICAgCi0gICAgICAgIFJlZlB0cjxFeGVjdXRhYmxlTWVtb3J5SGFuZGxl PiByZXN1bHQgPQotICAgICAgICAgICAgdm0uZXhlY3V0YWJsZUFsbG9jYXRvci5hbGxvY2F0ZSgK LSAgICAgICAgICAgICAgICB2bSwgc2l6ZSwgY29kZUJsb2NrLCBKSVRDb21waWxhdGlvbk11c3RT dWNjZWVkKTsKLSAgICAgICAgbV9iYXNlID0gcmVzdWx0LT5zdGFydCgpOwotICAgICAgICBtX3Np emUgPSByZXN1bHQtPnNpemVJbkJ5dGVzKCk7Ci0gICAgICAgIAotICAgICAgICBtX2FsbG9jYXRp b25CYXNlID0gcmVzdWx0LnJlbGVhc2UoKS5sZWFrUmVmKCk7Ci0gICAgICAgIHJldHVybjsKLSAg ICB9Ci0gICAgCiAgICAgUkVMRUFTRV9BU1NFUlQoV1RGOjpiaXRDb3VudChhbGlnbm1lbnQpID09 IDEpOwogICAgIAogICAgIGNvbnN0IHVuc2lnbmVkIG5hdGl2ZUFsaWdubWVudCA9IDg7CkBAIC03 NiwxMCArNTUsNyBAQCBEYXRhU2VjdGlvbjo6RGF0YVNlY3Rpb24oVk0mIHZtLCBDb2RlQmxvY2sq IGNvZGVCbG9jaywgc2l6ZV90IHNpemUsIHVuc2lnbmVkIGFsaQogCiBEYXRhU2VjdGlvbjo6fkRh dGFTZWN0aW9uKCkKIHsKLSAgICBpZiAodXNlRXhlY3V0YWJsZU1lbW9yeSkKLSAgICAgICAgc3Rh dGljX2Nhc3Q8RXhlY3V0YWJsZU1lbW9yeUhhbmRsZSo+KG1fYWxsb2NhdGlvbkJhc2UpLT5kZXJl ZigpOwotICAgIGVsc2UKLSAgICAgICAgZmFzdEZyZWUobV9hbGxvY2F0aW9uQmFzZSk7CisgICAg ZmFzdEZyZWUobV9hbGxvY2F0aW9uQmFzZSk7CiB9CiAKIH0gfSAvLyBuYW1lc3BhY2UgSlNDOjpG VEwKZGlmZiAtLWdpdCBhL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9mdGwvRlRMRGF0YVNlY3Rpb24u aCBiL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9mdGwvRlRMRGF0YVNlY3Rpb24uaAppbmRleCBmODNi OGM0MDU0MzNiMzMyZDdhYzg3OThhYWVjMTFlNGY1MTZkOTkxLi4yNWU1OGUxY2EzYmQwZTA1Y2M1 YWY2ZmEyNzI4ODA3YmI0MmQwMzlhIDEwMDY0NAotLS0gYS9Tb3VyY2UvSmF2YVNjcmlwdENvcmUv ZnRsL0ZUTERhdGFTZWN0aW9uLmgKKysrIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL2Z0bC9GVExE YXRhU2VjdGlvbi5oCkBAIC0zNiw3ICszNiw3IEBAIG5hbWVzcGFjZSBKU0MgeyBuYW1lc3BhY2Ug RlRMIHsKIAogY2xhc3MgRGF0YVNlY3Rpb24gOiBwdWJsaWMgUmVmQ291bnRlZDxEYXRhU2VjdGlv bj4gewogcHVibGljOgotICAgIERhdGFTZWN0aW9uKFZNJiwgQ29kZUJsb2NrKiwgc2l6ZV90LCB1 bnNpZ25lZCBhbGlnbm1lbnQpOworICAgIERhdGFTZWN0aW9uKHNpemVfdCwgdW5zaWduZWQgYWxp Z25tZW50KTsKICAgICB+RGF0YVNlY3Rpb24oKTsKICAgICAKICAgICB2b2lkKiBiYXNlKCkgeyBy ZXR1cm4gbV9iYXNlOyB9Cg==