RESOLVED FIXED 174281
Lower the max_protection for the separated heap 
https://bugs.webkit.org/show_bug.cgi?id=174281
Summary Lower the max_protection for the separated heap
AJ Ringer
Reported 2017-07-07 15:45:22 PDT
Lower the max_protection for the separated heap
Attachments
Patch (3.50 KB, patch)
2017-07-07 15:46 PDT, AJ Ringer 		no flags
DetailsFormatted DiffDiff
Patch (3.62 KB, patch)
2017-07-07 16:14 PDT, AJ Ringer 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
AJ Ringer
Comment 1 2017-07-07 15:46:09 PDT
Created attachment 314886 [details] Patch
Oliver Hunt
Comment 2 2017-07-07 15:47:16 PDT
<rdar://problem/27452153>
Saam Barati
Comment 3 2017-07-07 15:49:31 PDT
Comment on attachment 314886 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=314886&action=review > Source/JavaScriptCore/jit/ExecutableAllocator.cpp:224 > + result = vm_protect(mach_task_self(), (vm_address_t)stubBase, stubSize, true, VM_PROT_EXECUTE); > RELEASE_ASSERT(!result); > #endif > > // Prevent writing into the executable JIT mapping. > - result = mprotect(jitBase, jitSize, VM_PROT_READ | VM_PROT_EXECUTE); > + result = vm_protect(mach_task_self(), (vm_address_t)jitBase, jitSize, true, VM_PROT_READ | VM_PROT_EXECUTE); > RELEASE_ASSERT(!result); > > // Prevent execution in the writable JIT mapping. > - result = mprotect((void*)writableAddr, jitSize, VM_PROT_READ | VM_PROT_WRITE); > + result = vm_protect(mach_task_self(), (vm_address_t)writableAddr, jitSize, true, VM_PROT_READ | VM_PROT_WRITE); Style nit: Please use static_cast instead of C-style casts.
Saam Barati
Comment 4 2017-07-07 15:49:43 PDT
Oops, didn't mean to clear r+
Oliver Hunt
Comment 5 2017-07-07 15:54:45 PDT
(In reply to Saam Barati from comment #3) > Comment on attachment 314886 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=314886&action=review > > > Source/JavaScriptCore/jit/ExecutableAllocator.cpp:224 > > + result = vm_protect(mach_task_self(), (vm_address_t)stubBase, stubSize, true, VM_PROT_EXECUTE); > > RELEASE_ASSERT(!result); > > #endif > > > > // Prevent writing into the executable JIT mapping. > > - result = mprotect(jitBase, jitSize, VM_PROT_READ | VM_PROT_EXECUTE); > > + result = vm_protect(mach_task_self(), (vm_address_t)jitBase, jitSize, true, VM_PROT_READ | VM_PROT_EXECUTE); > > RELEASE_ASSERT(!result); > > > > // Prevent execution in the writable JIT mapping. > > - result = mprotect((void*)writableAddr, jitSize, VM_PROT_READ | VM_PROT_WRITE); > > + result = vm_protect(mach_task_self(), (vm_address_t)writableAddr, jitSize, true, VM_PROT_READ | VM_PROT_WRITE); > > Style nit: Please use static_cast instead of C-style casts. for void*? I think it might need to be reinterpret_cast<> because vmprotect is obnoxious and uses uint66 or some such nonsense
Oliver Hunt
Comment 6 2017-07-07 16:06:52 PDT
Comment on attachment 314886 [details] Patch AJ is posting an updated patch
AJ Ringer
Comment 7 2017-07-07 16:14:49 PDT
Created attachment 314892 [details] Patch
WebKit Commit Bot
Comment 8 2017-07-07 17:03:31 PDT
Comment on attachment 314892 [details] Patch Clearing flags on attachment: 314892 Committed r219273: <http://trac.webkit.org/changeset/219273>
WebKit Commit Bot
Comment 9 2017-07-07 17:03:32 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.