|Summary:||Protect and mark JIT buffers executable|
|Product:||WebKit||Reporter:||Alp Toker <firstname.lastname@example.org>|
|Severity:||Normal||CC:||email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com|
|Version:||528+ (Nightly build)|
X86Assembler.h currently uses plain fastMalloc() for its buffer. We should consider using mprotect() (or VirtualAlloc() on Windows) to: 1) Mark the memory executable with PROT_EXEC, probably necessary for the JIT to work with NX (no-execute) security capabilities enabled. 2) When compilation is completed, mark the memory read-only with PROT_WRITE. Prevents further modification of JITed code, which could stop unrelated security flaws like buffer overflow from escalating to arbitrary code execution. mprotect() expects memory to be aligned to a page boundary (smallest granularity typically 4k) so we might want to allocate out of a custom memory pool.
This will need to be done for x86_64 support on Mac OS X, as the heap is non-executable by default.
We need to solve this problem by implementing an allocator for the generated code. We probably want to mmap pages from the OS and implement sub-page allocation, as many functions have less than 4kb of code. We will also have to be careful about unmapping pages and giving them back to the OS.