Skip to site navigation (Press enter)

[webkit-changes] [240193] trunk/Source/bmalloc

keith_miller Fri, 18 Jan 2019 19:28:19 -0800

Title: [240193] trunk/Source/bmalloc

Revision: 240193
Author: [email protected]
Date: 2019-01-18 19:27:29 -0800 (Fri, 18 Jan 2019)

Log Message

gigacage slide should randomize both start and end
https://bugs.webkit.org/show_bug.cgi?id=193601


Reviewed by Yusuke Suzuki.

This patch makes it so that the gigacade slide has an arbitrary
distance from the end as well as the start. This is done by
picking a random size then based on that size picking an random
starting offset.

* bmalloc/Gigacage.h:
* bmalloc/Heap.cpp:
(bmalloc::Heap::Heap):

Modified Paths

trunk/Source/bmalloc/ChangeLog
trunk/Source/bmalloc/bmalloc/Algorithm.h
trunk/Source/bmalloc/bmalloc/Gigacage.h
trunk/Source/bmalloc/bmalloc/Heap.cpp

Diff

Modified: trunk/Source/bmalloc/ChangeLog (240192 => 240193)


--- trunk/Source/bmalloc/ChangeLog	2019-01-19 03:05:09 UTC (rev 240192)
+++ trunk/Source/bmalloc/ChangeLog	2019-01-19 03:27:29 UTC (rev 240193)
@@ -1,3 +1,19 @@
+2019-01-18  Keith Miller  <[email protected]>
+
+        gigacage slide should randomize both start and end
+        https://bugs.webkit.org/show_bug.cgi?id=193601
+
+        Reviewed by Yusuke Suzuki.
+
+        This patch makes it so that the gigacade slide has an arbitrary
+        distance from the end as well as the start. This is done by
+        picking a random size then based on that size picking an random
+        starting offset.
+
+        * bmalloc/Gigacage.h:
+        * bmalloc/Heap.cpp:
+        (bmalloc::Heap::Heap):
+
 2019-01-18  Jer Noble  <[email protected]>
 
         SDK_VARIANT build destinations should be separate from non-SDK_VARIANT builds

Modified: trunk/Source/bmalloc/bmalloc/Algorithm.h (240192 => 240193)


--- trunk/Source/bmalloc/bmalloc/Algorithm.h	2019-01-19 03:05:09 UTC (rev 240192)
+++ trunk/Source/bmalloc/bmalloc/Algorithm.h	2019-01-19 03:27:29 UTC (rev 240193)
@@ -99,9 +99,16 @@
 template<typename T> inline T roundDownToMultipleOf(size_t divisor, T x)
 {
     BASSERT(isPowerOfTwo(divisor));
-    return reinterpret_cast<T>(mask(reinterpret_cast<uintptr_t>(x), ~(divisor - 1ul)));
+    static_assert(sizeof(T) == sizeof(uintptr_t), "sizeof(T) must be equal to sizeof(uintptr_t).");
+    return static_cast<T>(mask(static_cast<uintptr_t>(x), ~(divisor - 1ul)));
 }
 
+template<typename T> inline T* roundDownToMultipleOf(size_t divisor, T* x)
+{
+    BASSERT(isPowerOfTwo(divisor));
+    return reinterpret_cast<T*>(mask(reinterpret_cast<uintptr_t>(x), ~(divisor - 1ul)));
+}
+
 template<size_t divisor, typename T> constexpr T roundDownToMultipleOf(T x)
 {
     static_assert(isPowerOfTwo(divisor), "'divisor' must be a power of two.");

Modified: trunk/Source/bmalloc/bmalloc/Gigacage.h (240192 => 240193)


--- trunk/Source/bmalloc/bmalloc/Gigacage.h	2019-01-19 03:05:09 UTC (rev 240192)
+++ trunk/Source/bmalloc/bmalloc/Gigacage.h	2019-01-19 03:27:29 UTC (rev 240193)
@@ -70,13 +70,13 @@
 constexpr size_t primitiveGigacageSize = 2 * bmalloc::Sizes::GB;
 constexpr size_t jsValueGigacageSize = 1 * bmalloc::Sizes::GB;
 constexpr size_t gigacageBasePtrsSize = 16 * bmalloc::Sizes::kB;
-constexpr size_t minimumCageSizeAfterSlide = bmalloc::Sizes::GB / 2;
+constexpr size_t maximumCageSizeReductionForSlide = bmalloc::Sizes::GB / 2;
 #define GIGACAGE_ALLOCATION_CAN_FAIL 1
 #else
 constexpr size_t primitiveGigacageSize = 32 * bmalloc::Sizes::GB;
 constexpr size_t jsValueGigacageSize = 16 * bmalloc::Sizes::GB;
 constexpr size_t gigacageBasePtrsSize = 4 * bmalloc::Sizes::kB;
-constexpr size_t minimumCageSizeAfterSlide = 4 * bmalloc::Sizes::GB;
+constexpr size_t maximumCageSizeReductionForSlide = 4 * bmalloc::Sizes::GB;
 #define GIGACAGE_ALLOCATION_CAN_FAIL 0
 #endif
 
@@ -90,8 +90,8 @@
 
 static_assert(bmalloc::isPowerOfTwo(primitiveGigacageSize), "");
 static_assert(bmalloc::isPowerOfTwo(jsValueGigacageSize), "");
-static_assert(primitiveGigacageSize > minimumCageSizeAfterSlide, "");
-static_assert(jsValueGigacageSize > minimumCageSizeAfterSlide, "");
+static_assert(primitiveGigacageSize > maximumCageSizeReductionForSlide, "");
+static_assert(jsValueGigacageSize > maximumCageSizeReductionForSlide, "");
 
 constexpr size_t gigacageSizeToMask(size_t size) { return size - 1; }

Modified: trunk/Source/bmalloc/bmalloc/Heap.cpp (240192 => 240193)


--- trunk/Source/bmalloc/bmalloc/Heap.cpp	2019-01-19 03:05:09 UTC (rev 240192)
+++ trunk/Source/bmalloc/bmalloc/Heap.cpp	2019-01-19 03:27:29 UTC (rev 240193)
@@ -62,12 +62,12 @@
 #if GIGACAGE_ENABLED
         if (usingGigacage()) {
             RELEASE_BASSERT(gigacageBasePtr());
-            uint64_t random;
-            cryptoRandom(reinterpret_cast<unsigned char*>(&random), sizeof(random));
-            ptrdiff_t offset = random % (gigacageSize() - Gigacage::minimumCageSizeAfterSlide);
-            offset = reinterpret_cast<ptrdiff_t>(roundDownToMultipleOf(vmPageSize(), reinterpret_cast<void*>(offset)));
+            uint64_t random[2];
+            cryptoRandom(reinterpret_cast<unsigned char*>(random), sizeof(random));
+            size_t size = roundDownToMultipleOf(vmPageSize(), gigacageSize() - (random[0] % Gigacage::maximumCageSizeReductionForSlide));
+            ptrdiff_t offset = roundDownToMultipleOf(vmPageSize(), random[1] % (gigacageSize() - size));
             void* base = reinterpret_cast<unsigned char*>(gigacageBasePtr()) + offset;
-            m_largeFree.add(LargeRange(base, gigacageSize() - offset, 0, 0));
+            m_largeFree.add(LargeRange(base, size, 0, 0));
         }
 #endif
     }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes