Title: [234648] trunk/Source
- Revision
- 234648
- Author
- [email protected]
- Date
- 2018-08-07 05:50:23 -0700 (Tue, 07 Aug 2018)
Log Message
Hardcoded LFENCE instruction
https://bugs.webkit.org/show_bug.cgi?id=188145
Patch by Karo Gyoker <[email protected]> on 2018-08-07
Reviewed by Filip Pizlo.
Remove lfence instruction because it is crashing systems without SSE2 and
this is not the way how WebKit mitigates Spectre.
Source/_javascript_Core:
* runtime/JSLock.cpp:
(JSC::JSLock::didAcquireLock):
(JSC::JSLock::willReleaseLock):
Source/WTF:
* wtf/Atomics.h:
(WTF::crossModifyingCodeFence):
(WTF::speculationFence): Deleted.
(WTF::x86_lfence): Deleted.
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (234647 => 234648)
--- trunk/Source/_javascript_Core/ChangeLog 2018-08-07 10:59:40 UTC (rev 234647)
+++ trunk/Source/_javascript_Core/ChangeLog 2018-08-07 12:50:23 UTC (rev 234648)
@@ -1,3 +1,17 @@
+2018-08-07 Karo Gyoker <[email protected]>
+
+ Hardcoded LFENCE instruction
+ https://bugs.webkit.org/show_bug.cgi?id=188145
+
+ Reviewed by Filip Pizlo.
+
+ Remove lfence instruction because it is crashing systems without SSE2 and
+ this is not the way how WebKit mitigates Spectre.
+
+ * runtime/JSLock.cpp:
+ (JSC::JSLock::didAcquireLock):
+ (JSC::JSLock::willReleaseLock):
+
2018-08-04 David Kilzer <[email protected]>
REGRESSION (r208953): TemplateObjectDescriptor constructor calculates m_hash on use-after-move variable
Modified: trunk/Source/_javascript_Core/runtime/JSLock.cpp (234647 => 234648)
--- trunk/Source/_javascript_Core/runtime/JSLock.cpp 2018-08-07 10:59:40 UTC (rev 234647)
+++ trunk/Source/_javascript_Core/runtime/JSLock.cpp 2018-08-07 12:50:23 UTC (rev 234648)
@@ -122,9 +122,7 @@
}
void JSLock::didAcquireLock()
-{
- WTF::speculationFence();
-
+{
// FIXME: What should happen to the per-thread identifier table if we don't have a VM?
if (!m_vm)
return;
@@ -192,9 +190,7 @@
}
void JSLock::willReleaseLock()
-{
- WTF::speculationFence();
-
+{
RefPtr<VM> vm = m_vm;
if (vm) {
vm->drainMicrotasks();
Modified: trunk/Source/WTF/ChangeLog (234647 => 234648)
--- trunk/Source/WTF/ChangeLog 2018-08-07 10:59:40 UTC (rev 234647)
+++ trunk/Source/WTF/ChangeLog 2018-08-07 12:50:23 UTC (rev 234648)
@@ -1,3 +1,18 @@
+2018-08-07 Karo Gyoker <[email protected]>
+
+ Hardcoded LFENCE instruction
+ https://bugs.webkit.org/show_bug.cgi?id=188145
+
+ Reviewed by Filip Pizlo.
+
+ Remove lfence instruction because it is crashing systems without SSE2 and
+ this is not the way how WebKit mitigates Spectre.
+
+ * wtf/Atomics.h:
+ (WTF::crossModifyingCodeFence):
+ (WTF::speculationFence): Deleted.
+ (WTF::x86_lfence): Deleted.
+
2018-08-07 Antti Koivisto <[email protected]>
Web process never leaves memory pressured state if caused by process size limit
Modified: trunk/Source/WTF/wtf/Atomics.h (234647 => 234648)
--- trunk/Source/WTF/wtf/Atomics.h 2018-08-07 10:59:40 UTC (rev 234647)
+++ trunk/Source/WTF/wtf/Atomics.h 2018-08-07 12:50:23 UTC (rev 234648)
@@ -276,17 +276,9 @@
inline void memoryBarrierAfterLock() { arm_dmb(); }
inline void memoryBarrierBeforeUnlock() { arm_dmb(); }
inline void crossModifyingCodeFence() { arm_isb(); }
-inline void speculationFence() { arm_isb(); }
#elif CPU(X86) || CPU(X86_64)
-inline void x86_lfence()
-{
-#if !OS(WINDOWS)
- asm volatile("lfence" ::: "memory");
-#endif
-}
-
inline void x86_ortop()
{
#if OS(WINDOWS)
@@ -322,7 +314,6 @@
inline void memoryBarrierAfterLock() { compilerFence(); }
inline void memoryBarrierBeforeUnlock() { compilerFence(); }
inline void crossModifyingCodeFence() { x86_cpuid(); }
-inline void speculationFence() { x86_lfence(); }
#else
@@ -333,7 +324,6 @@
inline void memoryBarrierAfterLock() { std::atomic_thread_fence(std::memory_order_seq_cst); }
inline void memoryBarrierBeforeUnlock() { std::atomic_thread_fence(std::memory_order_seq_cst); }
inline void crossModifyingCodeFence() { std::atomic_thread_fence(std::memory_order_seq_cst); } // Probably not strong enough.
-inline void speculationFence() { } // Probably not strong enough.
#endif
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
