ASSIGNED 208671
[JSC] Cage JIT pointers to the JIT region 
https://bugs.webkit.org/show_bug.cgi?id=208671
Summary [JSC] Cage JIT pointers to the JIT region
Michael Saboff
Reported 2020-03-05 15:54:21 PST
The idea here is that we emit code that cages code pointers to the JIT region so that JIT execution does not escape to not-JIT'ed regions except to known destinations. For functions that the JIT'ed code needs to call out to in C++ code space, provide a whitelist of allowable entry points. Finally, verify that the emitted instructions follow the designed restrictions. This change is currently only implemented for ARM64 hardware.
Attachments
Draft patch (598.44 KB, patch)
2020-03-05 17:03 PST, Michael Saboff 		no flags
DetailsFormatted DiffDiff
Work in progress patch (735.51 KB, patch)
2020-09-22 20:18 PDT, Michael Saboff 		ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Michael Saboff
Comment 1 2020-03-05 15:54:38 PST
<rdar://problem/56044895>
Michael Saboff
Comment 2 2020-03-05 17:03:36 PST
Created attachment 392652 [details] Draft patch This patch does not build for non-ARM64 platforms. It also doesn't generate the WebKit and WebCore whitelists.
Michael Saboff
Comment 3 2020-09-22 20:18:16 PDT
Created attachment 409448 [details] Work in progress patch
Note You need to log in before you can comment on or make changes to this bug.