Title: [249621] trunk/Source/bmalloc
- Revision
- 249621
- Author
- mark....@apple.com
- Date
- 2019-09-07 18:19:08 -0700 (Sat, 07 Sep 2019)
Log Message
[Follow up fix] Harden protection of the Gigacage Config parameters.
https://bugs.webkit.org/show_bug.cgi?id=201570
<rdar://problem/55134229>
Reviewed by Saam Barati.
The previously landed hardening measures is failing the assertion in
forbidDisablingPrimitiveGigacage() when a replacement heap (e.g. gmalloc) is
used.
1. forbidDisablingPrimitiveGigacage() should just ensureGigacage() so that we
know that the Gigacage is properly configured (whether enabled or disabled).
2. Strengthen the assertion in forbidDisablingPrimitiveGigacage() to ensure that
we have already determined if the Gigacage should be enabled.
* bmalloc/Gigacage.cpp:
(Gigacage::forbidDisablingPrimitiveGigacage):
Modified Paths
Diff
Modified: trunk/Source/bmalloc/ChangeLog (249620 => 249621)
--- trunk/Source/bmalloc/ChangeLog 2019-09-07 22:56:32 UTC (rev 249620)
+++ trunk/Source/bmalloc/ChangeLog 2019-09-08 01:19:08 UTC (rev 249621)
@@ -1,5 +1,25 @@
2019-09-07 Mark Lam <mark....@apple.com>
+ [Follow up fix] Harden protection of the Gigacage Config parameters.
+ https://bugs.webkit.org/show_bug.cgi?id=201570
+ <rdar://problem/55134229>
+
+ Reviewed by Saam Barati.
+
+ The previously landed hardening measures is failing the assertion in
+ forbidDisablingPrimitiveGigacage() when a replacement heap (e.g. gmalloc) is
+ used.
+
+ 1. forbidDisablingPrimitiveGigacage() should just ensureGigacage() so that we
+ know that the Gigacage is properly configured (whether enabled or disabled).
+ 2. Strengthen the assertion in forbidDisablingPrimitiveGigacage() to ensure that
+ we have already determined if the Gigacage should be enabled.
+
+ * bmalloc/Gigacage.cpp:
+ (Gigacage::forbidDisablingPrimitiveGigacage):
+
+2019-09-07 Mark Lam <mark....@apple.com>
+
performJITMemcpy() source buffer should not be in the Gigacage.
https://bugs.webkit.org/show_bug.cgi?id=201577
<rdar://problem/55142606>
Modified: trunk/Source/bmalloc/bmalloc/Gigacage.cpp (249620 => 249621)
--- trunk/Source/bmalloc/bmalloc/Gigacage.cpp 2019-09-07 22:56:32 UTC (rev 249620)
+++ trunk/Source/bmalloc/bmalloc/Gigacage.cpp 2019-09-08 01:19:08 UTC (rev 249621)
@@ -305,7 +305,10 @@
void forbidDisablingPrimitiveGigacage()
{
- RELEASE_BASSERT(GIGACAGE_ALLOCATION_CAN_FAIL || verifyGigacageIsEnabled());
+ ensureGigacage();
+ RELEASE_BASSERT(g_gigacageConfig.shouldBeEnabledHasBeenCalled
+ && (GIGACAGE_ALLOCATION_CAN_FAIL || !g_gigacageConfig.shouldBeEnabled || verifyGigacageIsEnabled()));
+
if (!g_gigacageConfig.disablingPrimitiveGigacageIsForbidden) {
unfreezeGigacageConfig();
g_gigacageConfig.disablingPrimitiveGigacageIsForbidden = true;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes