Skip to site navigation (Press enter)

[webkit-changes] [240392] branches/safari-607-branch/Source/bmalloc

alancoon Wed, 23 Jan 2019 17:23:28 -0800

Title: [240392] branches/safari-607-branch/Source/bmalloc

Revision: 240392
Author: [email protected]
Date: 2019-01-23 17:22:15 -0800 (Wed, 23 Jan 2019)

Log Message

Cherry-pick r240193. rdar://problem/47458146


    gigacage slide should randomize both start and end
    https://bugs.webkit.org/show_bug.cgi?id=193601

    Reviewed by Yusuke Suzuki.

    This patch makes it so that the gigacade slide has an arbitrary
    distance from the end as well as the start. This is done by
    picking a random size then based on that size picking an random
    starting offset.

    * bmalloc/Gigacage.h:
    * bmalloc/Heap.cpp:
    (bmalloc::Heap::Heap):

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@240193 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

branches/safari-607-branch/Source/bmalloc/ChangeLog
branches/safari-607-branch/Source/bmalloc/bmalloc/Algorithm.h
branches/safari-607-branch/Source/bmalloc/bmalloc/Gigacage.h
branches/safari-607-branch/Source/bmalloc/bmalloc/Heap.cpp

Diff

Modified: branches/safari-607-branch/Source/bmalloc/ChangeLog (240391 => 240392)


--- branches/safari-607-branch/Source/bmalloc/ChangeLog	2019-01-24 01:22:12 UTC (rev 240391)
+++ branches/safari-607-branch/Source/bmalloc/ChangeLog	2019-01-24 01:22:15 UTC (rev 240392)
@@ -1,5 +1,41 @@
 2019-01-23  Alan Coon  <[email protected]>
 
+        Cherry-pick r240193. rdar://problem/47458146
+
+    gigacage slide should randomize both start and end
+    https://bugs.webkit.org/show_bug.cgi?id=193601
+    
+    Reviewed by Yusuke Suzuki.
+    
+    This patch makes it so that the gigacade slide has an arbitrary
+    distance from the end as well as the start. This is done by
+    picking a random size then based on that size picking an random
+    starting offset.
+    
+    * bmalloc/Gigacage.h:
+    * bmalloc/Heap.cpp:
+    (bmalloc::Heap::Heap):
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@240193 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2019-01-18  Keith Miller  <[email protected]>
+
+            gigacage slide should randomize both start and end
+            https://bugs.webkit.org/show_bug.cgi?id=193601
+
+            Reviewed by Yusuke Suzuki.
+
+            This patch makes it so that the gigacade slide has an arbitrary
+            distance from the end as well as the start. This is done by
+            picking a random size then based on that size picking an random
+            starting offset.
+
+            * bmalloc/Gigacage.h:
+            * bmalloc/Heap.cpp:
+            (bmalloc::Heap::Heap):
+
+2019-01-23  Alan Coon  <[email protected]>
+
         Cherry-pick r240175. rdar://problem/47458146
 
     Gigacages should start allocations from a slide

Modified: branches/safari-607-branch/Source/bmalloc/bmalloc/Algorithm.h (240391 => 240392)


--- branches/safari-607-branch/Source/bmalloc/bmalloc/Algorithm.h	2019-01-24 01:22:12 UTC (rev 240391)
+++ branches/safari-607-branch/Source/bmalloc/bmalloc/Algorithm.h	2019-01-24 01:22:15 UTC (rev 240392)
@@ -99,9 +99,16 @@
 template<typename T> inline T roundDownToMultipleOf(size_t divisor, T x)
 {
     BASSERT(isPowerOfTwo(divisor));
-    return reinterpret_cast<T>(mask(reinterpret_cast<uintptr_t>(x), ~(divisor - 1ul)));
+    static_assert(sizeof(T) == sizeof(uintptr_t), "sizeof(T) must be equal to sizeof(uintptr_t).");
+    return static_cast<T>(mask(static_cast<uintptr_t>(x), ~(divisor - 1ul)));
 }
 
+template<typename T> inline T* roundDownToMultipleOf(size_t divisor, T* x)
+{
+    BASSERT(isPowerOfTwo(divisor));
+    return reinterpret_cast<T*>(mask(reinterpret_cast<uintptr_t>(x), ~(divisor - 1ul)));
+}
+
 template<size_t divisor, typename T> constexpr T roundDownToMultipleOf(T x)
 {
     static_assert(isPowerOfTwo(divisor), "'divisor' must be a power of two.");

Modified: branches/safari-607-branch/Source/bmalloc/bmalloc/Gigacage.h (240391 => 240392)


--- branches/safari-607-branch/Source/bmalloc/bmalloc/Gigacage.h	2019-01-24 01:22:12 UTC (rev 240391)
+++ branches/safari-607-branch/Source/bmalloc/bmalloc/Gigacage.h	2019-01-24 01:22:15 UTC (rev 240392)
@@ -70,13 +70,13 @@
 constexpr size_t primitiveGigacageSize = 2 * bmalloc::Sizes::GB;
 constexpr size_t jsValueGigacageSize = 1 * bmalloc::Sizes::GB;
 constexpr size_t gigacageBasePtrsSize = 16 * bmalloc::Sizes::kB;
-constexpr size_t minimumCageSizeAfterSlide = bmalloc::Sizes::GB / 2;
+constexpr size_t maximumCageSizeReductionForSlide = bmalloc::Sizes::GB / 2;
 #define GIGACAGE_ALLOCATION_CAN_FAIL 1
 #else
 constexpr size_t primitiveGigacageSize = 32 * bmalloc::Sizes::GB;
 constexpr size_t jsValueGigacageSize = 16 * bmalloc::Sizes::GB;
 constexpr size_t gigacageBasePtrsSize = 4 * bmalloc::Sizes::kB;
-constexpr size_t minimumCageSizeAfterSlide = 4 * bmalloc::Sizes::GB;
+constexpr size_t maximumCageSizeReductionForSlide = 4 * bmalloc::Sizes::GB;
 #define GIGACAGE_ALLOCATION_CAN_FAIL 0
 #endif
 
@@ -90,8 +90,8 @@
 
 static_assert(bmalloc::isPowerOfTwo(primitiveGigacageSize), "");
 static_assert(bmalloc::isPowerOfTwo(jsValueGigacageSize), "");
-static_assert(primitiveGigacageSize > minimumCageSizeAfterSlide, "");
-static_assert(jsValueGigacageSize > minimumCageSizeAfterSlide, "");
+static_assert(primitiveGigacageSize > maximumCageSizeReductionForSlide, "");
+static_assert(jsValueGigacageSize > maximumCageSizeReductionForSlide, "");
 
 constexpr size_t gigacageSizeToMask(size_t size) { return size - 1; }

Modified: branches/safari-607-branch/Source/bmalloc/bmalloc/Heap.cpp (240391 => 240392)


--- branches/safari-607-branch/Source/bmalloc/bmalloc/Heap.cpp	2019-01-24 01:22:12 UTC (rev 240391)
+++ branches/safari-607-branch/Source/bmalloc/bmalloc/Heap.cpp	2019-01-24 01:22:15 UTC (rev 240392)
@@ -62,12 +62,12 @@
 #if GIGACAGE_ENABLED
         if (usingGigacage()) {
             RELEASE_BASSERT(gigacageBasePtr());
-            uint64_t random;
-            cryptoRandom(reinterpret_cast<unsigned char*>(&random), sizeof(random));
-            ptrdiff_t offset = random % (gigacageSize() - Gigacage::minimumCageSizeAfterSlide);
-            offset = reinterpret_cast<ptrdiff_t>(roundDownToMultipleOf(vmPageSize(), reinterpret_cast<void*>(offset)));
+            uint64_t random[2];
+            cryptoRandom(reinterpret_cast<unsigned char*>(random), sizeof(random));
+            size_t size = roundDownToMultipleOf(vmPageSize(), gigacageSize() - (random[0] % Gigacage::maximumCageSizeReductionForSlide));
+            ptrdiff_t offset = roundDownToMultipleOf(vmPageSize(), random[1] % (gigacageSize() - size));
             void* base = reinterpret_cast<unsigned char*>(gigacageBasePtr()) + offset;
-            m_largeFree.add(LargeRange(base, gigacageSize() - offset, 0, 0));
+            m_largeFree.add(LargeRange(base, size, 0, 0));
         }
 #endif
     }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes