[webkit-changes] [249621] trunk/Source/bmalloc

[mark . lam]

Title: [249621] trunk/Source/bmalloc

Revision

249621

Author

mark....@apple.com

Date

2019-09-07 18:19:08 -0700 (Sat, 07 Sep 2019)

Log Message

[Follow up fix] Harden protection of the Gigacage Config parameters.
https://bugs.webkit.org/show_bug.cgi?id=201570
<rdar://problem/55134229>

Reviewed by Saam Barati.

The previously landed hardening measures is failing the assertion in
forbidDisablingPrimitiveGigacage() when a replacement heap (e.g. gmalloc) is
used.

1. forbidDisablingPrimitiveGigacage() should just ensureGigacage() so that we
   know that the Gigacage is properly configured (whether enabled or disabled).
2. Strengthen the assertion in forbidDisablingPrimitiveGigacage() to ensure that
   we have already determined if the Gigacage should be enabled.

* bmalloc/Gigacage.cpp:
(Gigacage::forbidDisablingPrimitiveGigacage):

Modified Paths

• trunk/Source/bmalloc/ChangeLog
• trunk/Source/bmalloc/bmalloc/Gigacage.cpp

Diff

Modified: trunk/Source/bmalloc/ChangeLog (249620 => 249621)

--- trunk/Source/bmalloc/ChangeLog	2019-09-07 22:56:32 UTC (rev 249620)
+++ trunk/Source/bmalloc/ChangeLog	2019-09-08 01:19:08 UTC (rev 249621)
@@ -1,5 +1,25 @@
 2019-09-07  Mark Lam  <mark....@apple.com>
 
+        [Follow up fix] Harden protection of the Gigacage Config parameters.
+        https://bugs.webkit.org/show_bug.cgi?id=201570
+        <rdar://problem/55134229>
+
+        Reviewed by Saam Barati.
+
+        The previously landed hardening measures is failing the assertion in
+        forbidDisablingPrimitiveGigacage() when a replacement heap (e.g. gmalloc) is
+        used.
+
+        1. forbidDisablingPrimitiveGigacage() should just ensureGigacage() so that we
+           know that the Gigacage is properly configured (whether enabled or disabled).
+        2. Strengthen the assertion in forbidDisablingPrimitiveGigacage() to ensure that
+           we have already determined if the Gigacage should be enabled.
+
+        * bmalloc/Gigacage.cpp:
+        (Gigacage::forbidDisablingPrimitiveGigacage):
+
+2019-09-07  Mark Lam  <mark....@apple.com>
+
         performJITMemcpy() source buffer should not be in the Gigacage.
         https://bugs.webkit.org/show_bug.cgi?id=201577
         <rdar://problem/55142606>

Modified: trunk/Source/bmalloc/bmalloc/Gigacage.cpp (249620 => 249621)

--- trunk/Source/bmalloc/bmalloc/Gigacage.cpp	2019-09-07 22:56:32 UTC (rev 249620)
+++ trunk/Source/bmalloc/bmalloc/Gigacage.cpp	2019-09-08 01:19:08 UTC (rev 249621)
@@ -305,7 +305,10 @@
 
 void forbidDisablingPrimitiveGigacage()
 {
-    RELEASE_BASSERT(GIGACAGE_ALLOCATION_CAN_FAIL || verifyGigacageIsEnabled());
+    ensureGigacage();
+    RELEASE_BASSERT(g_gigacageConfig.shouldBeEnabledHasBeenCalled
+        && (GIGACAGE_ALLOCATION_CAN_FAIL || !g_gigacageConfig.shouldBeEnabled || verifyGigacageIsEnabled()));
+
     if (!g_gigacageConfig.disablingPrimitiveGigacageIsForbidden) {
         unfreezeGigacageConfig();
         g_gigacageConfig.disablingPrimitiveGigacageIsForbidden = true;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes