Bug 182457 - Gigacage: enable only for WebContent process and token executables
Summary: Gigacage: enable only for WebContent process and token executables
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: bmalloc (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: JF Bastien
URL:
Keywords: InRadar
Depends on:
Blocks: 182580
  Show dependency treegraph
 
Reported: 2018-02-02 21:30 PST by JF Bastien
Modified: 2018-02-07 13:43 PST (History)
11 users (show)

See Also:


Attachments
patch (13.54 KB, patch)
2018-02-02 21:46 PST, JF Bastien
keith_miller: review+
Details | Formatted Diff | Diff
patch (13.55 KB, patch)
2018-02-05 09:05 PST, JF Bastien
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description JF Bastien 2018-02-02 21:30:45 PST
Gigacage is a solid security improvement, but it's probably best to roll it out incrementally to the most valuable targets first and progressively try out more and more over time rather than outright enabling it everywhere. We've gotten some reports that it has some side-effects that weren't expected, so for now let's enable it for the WebContent process, JSC, and other executables we know, and then later we'll enable more gigacage uses.
Comment 1 JF Bastien 2018-02-02 21:31:13 PST
<rdar://problem/35875011>
Comment 2 JF Bastien 2018-02-02 21:46:31 PST
Created attachment 333027 [details]
patch
Comment 3 EWS Watchlist 2018-02-02 21:48:36 PST
Attachment 333027 [details] did not pass style-queue:


ERROR: Source/bmalloc/bmalloc/ProcessCheck.mm:26:  Found header this file implements before WebCore config.h. Should be: config.h, primary header, blank line, and then alphabetically sorted.  [build/include_order] [4]
Total errors found: 1 in 7 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 4 Keith Miller 2018-02-05 08:54:56 PST
Comment on attachment 333027 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=333027&action=review

r=me with comment.

> Source/bmalloc/bmalloc/ProcessCheck.h:34
> +bool gigacageEnabledForProcess() { return false; }

Don't you need to mark this inline or forward declare the function for this to build?

> Source/bmalloc/bmalloc/ProcessCheck.h:39
> +bool gigacageEnabledForProcess() { return true; }

ditto, idk how this builds...
Comment 5 JF Bastien 2018-02-05 09:05:18 PST
Created attachment 333084 [details]
patch

> > Source/bmalloc/bmalloc/ProcessCheck.h:34
> > +bool gigacageEnabledForProcess() { return false; }
> 
> Don't you need to mark this inline or forward declare the function for this
> to build?
> 
> > Source/bmalloc/bmalloc/ProcessCheck.h:39
> > +bool gigacageEnabledForProcess() { return true; }
> 
> ditto, idk how this builds...

Oops yeah, included in just one .cpp file so it Just Works, but it's also Just Wrong.
Comment 6 EWS Watchlist 2018-02-05 09:07:50 PST
Attachment 333084 [details] did not pass style-queue:


ERROR: Source/bmalloc/bmalloc/ProcessCheck.mm:26:  Found header this file implements before WebCore config.h. Should be: config.h, primary header, blank line, and then alphabetically sorted.  [build/include_order] [4]
Total errors found: 1 in 7 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 7 WebKit Commit Bot 2018-02-05 11:26:54 PST
Comment on attachment 333084 [details]
patch

Clearing flags on attachment: 333084

Committed r228108: <https://trac.webkit.org/changeset/228108>
Comment 8 WebKit Commit Bot 2018-02-05 11:26:56 PST
All reviewed patches have been landed.  Closing bug.
Comment 9 Saam Barati 2018-02-05 11:39:41 PST
Comment on attachment 333084 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=333084&action=review

> Source/bmalloc/bmalloc/ProcessCheck.mm:36
> +    static NSString *appName = [[NSBundle mainBundle] bundleIdentifier];

Style Nit: Iā€™d just wrap this entire thing in a do_once and get rid of these static variables

> Source/bmalloc/bmalloc/ProcessCheck.mm:45
> +    static bool isOptInBinary = [processName isEqualToString:@"jsc"]

Is it worth opting in minibrowser since we use that as a proxy for the full browser often.

Also, what about DumpRenderTree and WebkitTestRunner? We should definitely opt those in