Reviewers: Søren Gjesse,
http://codereview.chromium.org/3030048/diff/1/3
File src/spaces.cc (right):
http://codereview.chromium.org/3030048/diff/1/3#newcode299
src/spaces.cc:299: capacity_rwx_ = RoundUp(capacity, Page::kPageSize);
Will control through the API and expose through GetHeapStatistics for
next patch set.
On 2010/08/05 15:30:43, Søren Gjesse wrote:
capacity_rwx_ = capacity_ to indicate that for now they are the same.
Also I think this should be controlled through the API
(SetResuourceConstraints)
so that it is up to the embedder to constrain the amount of executable
memory.
Also information on the current size could be exposed through the
GetHeapStatistics API.
http://codereview.chromium.org/3030048/diff/1/3#newcode356
src/spaces.cc:356: LOG(StringEvent("MemoryAllocator::AllocateRawMemory",
"V8 RWX Allocation capacity exceeded"));
On 2010/08/05 15:30:43, Søren Gjesse wrote:
Long line.
Done.
http://codereview.chromium.org/3030048/diff/1/3#newcode2611
src/spaces.cc:2611: // Clear the RWX flag before passing the size to
MemoryAllocator::FreeRawMemory
On 2010/08/05 15:30:43, Søren Gjesse wrote:
Long line and tabs.
Done.
http://codereview.chromium.org/3030048/diff/1/3#newcode2613
src/spaces.cc:2613: // Issue 51241 is merged.
On 2010/08/05 15:30:43, Søren Gjesse wrote:
Please don't have references to Chromium issues in the V8 source, only
V8
issues.
Done.
http://codereview.chromium.org/3030048/diff/1/3#newcode2794
src/spaces.cc:2794: Page* page =
Page::FromAddress(RoundUp(current->address(), Page::kPageSize));
On 2010/08/05 15:30:43, Søren Gjesse wrote:
Long line.
Done.
http://codereview.chromium.org/3030048/diff/1/4
File src/spaces.h (right):
http://codereview.chromium.org/3030048/diff/1/4#newcode565
src/spaces.h:565: static void FreeRawMemory(void* buf, size_t length,
bool executable);
On 2010/08/05 15:30:43, Søren Gjesse wrote:
bool -> Executability
Done.
http://codereview.chromium.org/3030048/diff/1/4#newcode633
src/spaces.h:633: // The mamimum RWX space size in bytes.
On 2010/08/05 15:30:43, Søren Gjesse wrote:
mamimum -> maximum
Done.
Description:
This feature implements a threshold that monitors and caps the total RWX
allocations to prevents security exploits from using V8 as a reliable DEP
bypass. The ideal threshold value is still TBD via histograms and as a
result
this feature will not be enabled until then.
BUG=51241
TEST=Allocate large chunks of javascript code and verify that the RWX
allocations are not contiguous
Please review this at http://codereview.chromium.org/3030048/show
SVN Base: http://v8.googlecode.com/svn/trunk/
Affected files:
M src/spaces-inl.h
M src/spaces.h
M src/spaces.cc
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
