WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
240264
Add optional Integrity checks at JSC API boundaries.
https://bugs.webkit.org/show_bug.cgi?id=240264
Summary
Add optional Integrity checks at JSC API boundaries.
Mark Lam
Reported
2022-05-09 18:08:26 PDT
This will help us detect if bad values are passed across the API boundary.
Attachments
proposed patch with ENABLE(EXTRA_INTEGRITY_CHECKS) on.
(50.47 KB, patch)
2022-05-09 23:07 PDT
,
Mark Lam
ews-feeder
: commit-queue-
Details
Formatted Diff
Diff
proposed patch w/ ENABLE(EXTRA_INTEGRITY_CHECKS) on.
(51.78 KB, patch)
2022-05-09 23:55 PDT
,
Mark Lam
ews-feeder
: commit-queue-
Details
Formatted Diff
Diff
proposed patch.
(52.77 KB, patch)
2022-05-10 00:13 PDT
,
Mark Lam
ews-feeder
: commit-queue-
Details
Formatted Diff
Diff
proposed patch w/ extra audits enabled for EWS testing only.
(52.83 KB, patch)
2022-05-10 01:05 PDT
,
Mark Lam
no flags
Details
Formatted Diff
Diff
proposed patch.
(52.25 KB, patch)
2022-05-10 09:12 PDT
,
Mark Lam
ysuzuki
: review+
Details
Formatted Diff
Diff
patch for landing.
(53.65 KB, patch)
2022-05-10 14:48 PDT
,
Mark Lam
no flags
Details
Formatted Diff
Diff
Show Obsolete
(3)
View All
Add attachment
proposed patch, testcase, etc.
Mark Lam
Comment 1
2022-05-09 23:07:49 PDT
Created
attachment 459095
[details]
proposed patch with ENABLE(EXTRA_INTEGRITY_CHECKS) on.
Mark Lam
Comment 2
2022-05-09 23:08:52 PDT
Comment on
attachment 459095
[details]
proposed patch with ENABLE(EXTRA_INTEGRITY_CHECKS) on. View in context:
https://bugs.webkit.org/attachment.cgi?id=459095&action=review
> Source/JavaScriptCore/tools/Integrity.h:36 > +#define ENABLE_EXTRA_INTEGRITY_CHECKS 1
This is deliberately left enabled so that we can test this on the EWS. Will disable before landing.
Mark Lam
Comment 3
2022-05-09 23:55:23 PDT
Created
attachment 459096
[details]
proposed patch w/ ENABLE(EXTRA_INTEGRITY_CHECKS) on.
Mark Lam
Comment 4
2022-05-10 00:13:00 PDT
Created
attachment 459097
[details]
proposed patch.
Mark Lam
Comment 5
2022-05-10 01:05:30 PDT
Created
attachment 459098
[details]
proposed patch w/ extra audits enabled for EWS testing only.
Mark Lam
Comment 6
2022-05-10 09:12:42 PDT
Created
attachment 459123
[details]
proposed patch.
Yusuke Suzuki
Comment 7
2022-05-10 10:01:50 PDT
Comment on
attachment 459123
[details]
proposed patch. View in context:
https://bugs.webkit.org/attachment.cgi?id=459123&action=review
r=me with comments.
> Source/JavaScriptCore/ChangeLog:22 > + 4. Moved isSanePointer() to Integrity.h so that it can be used in more places.
Should we put it under `Integrity` namespace, what do you think of?
> Source/JavaScriptCore/ChangeLog:48 > + 11. Also strengten Integrity::auditStructureID() so that it will check if a > + Structure's memory has been released.
Can we split these lists into two sets of lists? They are based on, 1. features enabled only when ENABLE(EXTRA_INTEGRITY_CHECKS) is true 2. others e.g. The features enabled with ENABLE(EXTRA_INTEGRITY_CHECKS) are, 1. ... 2. ... 3. ..
> Source/JavaScriptCore/runtime/VM.cpp:410 > + WTF::compilerFence();
Let's use `storeStoreFence()` to ensure that all the above stores are effective when we set m_isInService.
> Source/JavaScriptCore/runtime/VM.cpp:435 > + WTF::compilerFence();
Use storeStoreFence to ensure that when m_isInService is true, we are not starting the following destruction operations.
> Source/JavaScriptCore/tools/Integrity.h:41 > +#if USE(JSVALUE32) > +#define ENABLE_EXTRA_INTEGRITY_CHECKS 0 // Not supported. > +#else > +// Force ENABLE_EXTRA_INTEGRITY_CHECKS to 1 for your local build if you want > +// more prolific audits to be enabled. > +#define ENABLE_EXTRA_INTEGRITY_CHECKS 0 > +#endif
What do you think about enabling it for debug builds? Is it too costly?
Mark Lam
Comment 8
2022-05-10 14:35:29 PDT
Comment on
attachment 459123
[details]
proposed patch. View in context:
https://bugs.webkit.org/attachment.cgi?id=459123&action=review
Thanks for the review.
>> Source/JavaScriptCore/ChangeLog:22 >> + 4. Moved isSanePointer() to Integrity.h so that it can be used in more places. > > Should we put it under `Integrity` namespace, what do you think of?
OK, I moved it into the Integrity namespace.
>> Source/JavaScriptCore/ChangeLog:48 >> + Structure's memory has been released. > > Can we split these lists into two sets of lists? They are based on, > > 1. features enabled only when ENABLE(EXTRA_INTEGRITY_CHECKS) is true > 2. others > > e.g. > > The features enabled with ENABLE(EXTRA_INTEGRITY_CHECKS) are, > > 1. ... > 2. ... > 3. ..
Most of this patch is adding support code that is always built in. The only code dependent on ENABLE(EXTRA_INTEGRITY_CHECKS) are the audit calls added at the API boundary. Those are no-ops when ENABLE(EXTRA_INTEGRITY_CHECKS) is disabled. The other change is that I added back a check to load from Structure memory (to test readability) in auditStructureID. This used to be enabled on Release builds as well, but was removed when the new StructureID management system was installed. My patch adds back this check but only for Debug builds and also for when ENABLE(EXTRA_INTEGRITY_CHECKS) is enabled. I've updated the ChangeLog to try to make this clearer.
>> Source/JavaScriptCore/runtime/VM.cpp:410 >> + WTF::compilerFence(); > > Let's use `storeStoreFence()` to ensure that all the above stores are effective when we set m_isInService.
Fixed.
>> Source/JavaScriptCore/runtime/VM.cpp:435 >> + WTF::compilerFence(); > > Use storeStoreFence to ensure that when m_isInService is true, we are not starting the following destruction operations.
Fixed.
>> Source/JavaScriptCore/tools/Integrity.h:41 >> +#endif > > What do you think about enabling it for debug builds? Is it too costly?
I'll land this patch with this disabled, and investigate enabling this always on Debug builds in a later patch.
Mark Lam
Comment 9
2022-05-10 14:48:06 PDT
Created
attachment 459134
[details]
patch for landing.
Mark Lam
Comment 10
2022-05-10 14:56:24 PDT
Landed in
r294017
: <
http://trac.webkit.org/r294017
>.
Radar WebKit Bug Importer
Comment 11
2022-05-10 14:56:48 PDT
<
rdar://problem/93056353
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug