Bug 174281 - Lower the max_protection for the separated heap
Summary: Lower the max_protection for the separated heap
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2017-07-07 15:45 PDT by AJ Ringer
Modified: 2017-07-07 17:03 PDT (History)
8 users (show)

See Also:

Attachments
Patch (3.50 KB, patch)
2017-07-07 15:46 PDT, AJ Ringer 		no flags Details | Formatted Diff | Diff
Patch (3.62 KB, patch)
2017-07-07 16:14 PDT, AJ Ringer 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description AJ Ringer 2017-07-07 15:45:22 PDT 
Lower the max_protection for the separated heap
Comment 1 AJ Ringer 2017-07-07 15:46:09 PDT 
Created attachment 314886 [details]
Patch
Comment 2 Oliver Hunt 2017-07-07 15:47:16 PDT 
<rdar://problem/27452153>
Comment 3 Saam Barati 2017-07-07 15:49:31 PDT 
Comment on attachment 314886 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=314886&action=review

> Source/JavaScriptCore/jit/ExecutableAllocator.cpp:224
> +        result = vm_protect(mach_task_self(), (vm_address_t)stubBase, stubSize, true, VM_PROT_EXECUTE);
>          RELEASE_ASSERT(!result);
>  #endif
>  
>          // Prevent writing into the executable JIT mapping.
> -        result = mprotect(jitBase, jitSize, VM_PROT_READ | VM_PROT_EXECUTE);
> +        result = vm_protect(mach_task_self(), (vm_address_t)jitBase, jitSize, true, VM_PROT_READ | VM_PROT_EXECUTE);
>          RELEASE_ASSERT(!result);
>  
>          // Prevent execution in the writable JIT mapping.
> -        result = mprotect((void*)writableAddr, jitSize, VM_PROT_READ | VM_PROT_WRITE);
> +        result = vm_protect(mach_task_self(), (vm_address_t)writableAddr, jitSize, true, VM_PROT_READ | VM_PROT_WRITE);

Style nit: Please use static_cast instead of C-style casts.
Comment 4 Saam Barati 2017-07-07 15:49:43 PDT 
Oops, didn't mean to clear r+
Comment 5 Oliver Hunt 2017-07-07 15:54:45 PDT 
(In reply to Saam Barati from comment #3)
> Comment on attachment 314886 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=314886&action=review
> 
> > Source/JavaScriptCore/jit/ExecutableAllocator.cpp:224
> > +        result = vm_protect(mach_task_self(), (vm_address_t)stubBase, stubSize, true, VM_PROT_EXECUTE);
> >          RELEASE_ASSERT(!result);
> >  #endif
> >  
> >          // Prevent writing into the executable JIT mapping.
> > -        result = mprotect(jitBase, jitSize, VM_PROT_READ | VM_PROT_EXECUTE);
> > +        result = vm_protect(mach_task_self(), (vm_address_t)jitBase, jitSize, true, VM_PROT_READ | VM_PROT_EXECUTE);
> >          RELEASE_ASSERT(!result);
> >  
> >          // Prevent execution in the writable JIT mapping.
> > -        result = mprotect((void*)writableAddr, jitSize, VM_PROT_READ | VM_PROT_WRITE);
> > +        result = vm_protect(mach_task_self(), (vm_address_t)writableAddr, jitSize, true, VM_PROT_READ | VM_PROT_WRITE);
> 
> Style nit: Please use static_cast instead of C-style casts.

for void*? I think it might need to be reinterpret_cast<> because vmprotect is obnoxious and uses uint66 or some such nonsense
Comment 6 Oliver Hunt 2017-07-07 16:06:52 PDT 
Comment on attachment 314886 [details]
Patch

AJ is posting an updated patch
Comment 7 AJ Ringer 2017-07-07 16:14:49 PDT 
Created attachment 314892 [details]
Patch
Comment 8 WebKit Commit Bot 2017-07-07 17:03:31 PDT 
Comment on attachment 314892 [details]
Patch

Clearing flags on attachment: 314892

Committed r219273: <http://trac.webkit.org/changeset/219273>
Comment 9 WebKit Commit Bot 2017-07-07 17:03:32 PDT 
All reviewed patches have been landed.  Closing bug.