[webkit-changes] [269020] trunk/Source

Mon, 26 Oct 2020 19:14:43 -0700

Title: [269020] trunk/Source
Revision
269020
Author
[email protected]
Date
2020-10-26 19:13:14 -0700 (Mon, 26 Oct 2020)

Log Message

Sign MacroAssembler::jumpsToLink
https://bugs.webkit.org/show_bug.cgi?id=217774
<rdar://problem/69433058>

Reviewed by Saam Barati.

Source/_javascript_Core:

* assembler/ARM64Assembler.h:
(JSC::ARM64Assembler::LinkRecord::LinkRecord):
(JSC::ARM64Assembler::LinkRecord::setFrom):
(JSC::ARM64Assembler::LinkRecord::to const):
(JSC::ARM64Assembler::linkJump):
* assembler/LinkBuffer.cpp:
(JSC::LinkBuffer::copyCompactAndLinkCode):

Source/WTF:

* wtf/PtrTag.h:
(WTF::untagInt):
(WTF::tagInt):

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (269019 => 269020)


--- trunk/Source/_javascript_Core/ChangeLog	2020-10-27 02:07:46 UTC (rev 269019)
+++ trunk/Source/_javascript_Core/ChangeLog	2020-10-27 02:13:14 UTC (rev 269020)
@@ -1,5 +1,21 @@
 2020-10-15  Tadeu Zagallo  <[email protected]>
 
+        Sign MacroAssembler::jumpsToLink
+        https://bugs.webkit.org/show_bug.cgi?id=217774
+        <rdar://problem/69433058>
+
+        Reviewed by Saam Barati.
+
+        * assembler/ARM64Assembler.h:
+        (JSC::ARM64Assembler::LinkRecord::LinkRecord):
+        (JSC::ARM64Assembler::LinkRecord::setFrom):
+        (JSC::ARM64Assembler::LinkRecord::to const):
+        (JSC::ARM64Assembler::linkJump):
+        * assembler/LinkBuffer.cpp:
+        (JSC::LinkBuffer::copyCompactAndLinkCode):
+
+2020-10-15  Tadeu Zagallo  <[email protected]>
+
         Validate addresses returned by LinkBuffer::locationOf
         https://bugs.webkit.org/show_bug.cgi?id=217786
         <rdar://problem/69887913>

Modified: trunk/Source/_javascript_Core/assembler/ARM64Assembler.h (269019 => 269020)


--- trunk/Source/_javascript_Core/assembler/ARM64Assembler.h	2020-10-27 02:07:46 UTC (rev 269019)
+++ trunk/Source/_javascript_Core/assembler/ARM64Assembler.h	2020-10-27 02:13:14 UTC (rev 269020)
@@ -340,18 +340,28 @@
 
     class LinkRecord {
     public:
-        LinkRecord(intptr_t from, intptr_t to, JumpType type, Condition condition)
+        LinkRecord(const ARM64Assembler* assembler, intptr_t from, intptr_t to, JumpType type, Condition condition)
         {
             data.realTypes.m_from = from;
+#if CPU(ARM64E)
+            data.realTypes.m_to = tagInt(to, static_cast<PtrTag>(from ^ bitwise_cast<intptr_t>(assembler)));
+#else
+            UNUSED_PARAM(assembler);
             data.realTypes.m_to = to;
+#endif
             data.realTypes.m_type = type;
             data.realTypes.m_linkType = LinkInvalid;
             data.realTypes.m_condition = condition;
         }
-        LinkRecord(intptr_t from, intptr_t to, JumpType type, Condition condition, bool is64Bit, RegisterID compareRegister)
+        LinkRecord(const ARM64Assembler* assembler, intptr_t from, intptr_t to, JumpType type, Condition condition, bool is64Bit, RegisterID compareRegister)
         {
             data.realTypes.m_from = from;
+#if CPU(ARM64E)
+            data.realTypes.m_to = tagInt(to, static_cast<PtrTag>(from ^ bitwise_cast<intptr_t>(assembler)));
+#else
+            UNUSED_PARAM(assembler);
             data.realTypes.m_to = to;
+#endif
             data.realTypes.m_type = type;
             data.realTypes.m_linkType = LinkInvalid;
             data.realTypes.m_condition = condition;
@@ -358,10 +368,15 @@
             data.realTypes.m_is64Bit = is64Bit;
             data.realTypes.m_compareRegister = compareRegister;
         }
-        LinkRecord(intptr_t from, intptr_t to, JumpType type, Condition condition, unsigned bitNumber, RegisterID compareRegister)
+        LinkRecord(const ARM64Assembler* assembler, intptr_t from, intptr_t to, JumpType type, Condition condition, unsigned bitNumber, RegisterID compareRegister)
         {
             data.realTypes.m_from = from;
+#if CPU(ARM64E)
+            data.realTypes.m_to = tagInt(to, static_cast<PtrTag>(from ^ bitwise_cast<intptr_t>(assembler)));
+#else
+            UNUSED_PARAM(assembler);
             data.realTypes.m_to = to;
+#endif
             data.realTypes.m_type = type;
             data.realTypes.m_linkType = LinkInvalid;
             data.realTypes.m_condition = condition;
@@ -378,8 +393,24 @@
             return *this;
         }
         intptr_t from() const { return data.realTypes.m_from; }
-        void setFrom(intptr_t from) { data.realTypes.m_from = from; }
-        intptr_t to() const { return data.realTypes.m_to; }
+        void setFrom(const ARM64Assembler* assembler, intptr_t from)
+        {
+#if CPU(ARM64E)
+            data.realTypes.m_to = tagInt(to(assembler), static_cast<PtrTag>(from ^ bitwise_cast<intptr_t>(assembler)));
+#else
+            UNUSED_PARAM(assembler);
+#endif
+            data.realTypes.m_from = from;
+        }
+        intptr_t to(const ARM64Assembler* assembler) const
+        {
+#if CPU(ARM64E)
+            return untagInt(data.realTypes.m_to, static_cast<PtrTag>(data.realTypes.m_from ^ bitwise_cast<intptr_t>(assembler)));
+#else
+            UNUSED_PARAM(assembler);
+            return data.realTypes.m_to;
+#endif
+        }
         JumpType type() const { return data.realTypes.m_type; }
         JumpLinkType linkType() const { return data.realTypes.m_linkType; }
         void setLinkType(JumpLinkType linkType) { ASSERT(data.realTypes.m_linkType == LinkInvalid); data.realTypes.m_linkType = linkType; }
@@ -2526,7 +2557,7 @@
     {
         ASSERT(to.isSet());
         ASSERT(from.isSet());
-        m_jumpsToLink.append(LinkRecord(from.m_offset, to.m_offset, type, condition));
+        m_jumpsToLink.append(LinkRecord(this, from.m_offset, to.m_offset, type, condition));
     }
 
     void linkJump(AssemblerLabel from, AssemblerLabel to, JumpType type, Condition condition, bool is64Bit, RegisterID compareRegister)
@@ -2533,7 +2564,7 @@
     {
         ASSERT(to.isSet());
         ASSERT(from.isSet());
-        m_jumpsToLink.append(LinkRecord(from.m_offset, to.m_offset, type, condition, is64Bit, compareRegister));
+        m_jumpsToLink.append(LinkRecord(this, from.m_offset, to.m_offset, type, condition, is64Bit, compareRegister));
     }
 
     void linkJump(AssemblerLabel from, AssemblerLabel to, JumpType type, Condition condition, unsigned bitNumber, RegisterID compareRegister)
@@ -2540,7 +2571,7 @@
     {
         ASSERT(to.isSet());
         ASSERT(from.isSet());
-        m_jumpsToLink.append(LinkRecord(from.m_offset, to.m_offset, type, condition, bitNumber, compareRegister));
+        m_jumpsToLink.append(LinkRecord(this, from.m_offset, to.m_offset, type, condition, bitNumber, compareRegister));
     }
 
     static void linkJump(void* code, AssemblerLabel from, void* to)

Modified: trunk/Source/_javascript_Core/assembler/LinkBuffer.cpp (269019 => 269020)


--- trunk/Source/_javascript_Core/assembler/LinkBuffer.cpp	2020-10-27 02:07:46 UTC (rev 269019)
+++ trunk/Source/_javascript_Core/assembler/LinkBuffer.cpp	2020-10-27 02:13:14 UTC (rev 269020)
@@ -292,10 +292,15 @@
             // Calculate absolute address of the jump target, in the case of backwards
             // branches we need to be precise, forward branches we are pessimistic
             const uint8_t* target;
-            if (jumpsToLink[i].to() >= jumpsToLink[i].from())
-                target = codeOutData + jumpsToLink[i].to() - offset; // Compensate for what we have collapsed so far
+#if CPU(ARM64)
+            const intptr_t to = jumpsToLink[i].to(&macroAssembler.m_assembler);
+#else
+            const intptr_t to = jumpsToLink[i].to();
+#endif
+            if (to >= jumpsToLink[i].from())
+                target = codeOutData + to - offset; // Compensate for what we have collapsed so far
             else
-                target = codeOutData + jumpsToLink[i].to() - executableOffsetFor(jumpsToLink[i].to());
+                target = codeOutData + to - executableOffsetFor(to);
                 
             JumpLinkType jumpLinkType = MacroAssembler::computeJumpType(jumpsToLink[i], codeOutData + writePtr, target);
             // Compact branch if we can...
@@ -307,7 +312,11 @@
                     recordLinkOffsets(m_assemblerStorage, jumpsToLink[i].from() - delta, readPtr, readPtr - writePtr);
                 }
             }
+#if CPU(ARM64)
+            jumpsToLink[i].setFrom(&macroAssembler.m_assembler, writePtr);
+#else
             jumpsToLink[i].setFrom(writePtr);
+#endif
         }
     } else {
         if (ASSERT_ENABLED) {
@@ -349,7 +358,12 @@
         
     for (unsigned i = 0; i < jumpCount; ++i) {
         uint8_t* location = codeOutData + jumpsToLink[i].from();
-        uint8_t* target = codeOutData + jumpsToLink[i].to() - executableOffsetFor(jumpsToLink[i].to());
+#if CPU(ARM64)
+        const intptr_t to = jumpsToLink[i].to(&macroAssembler.m_assembler);
+#else
+        const intptr_t to = jumpsToLink[i].to();
+#endif
+        uint8_t* target = codeOutData + to - executableOffsetFor(to);
         if (useFastJITPermissions())
             MacroAssembler::link<memcpyWrapper>(jumpsToLink[i], outData + jumpsToLink[i].from(), location, target);
         else

Modified: trunk/Source/WTF/ChangeLog (269019 => 269020)


--- trunk/Source/WTF/ChangeLog	2020-10-27 02:07:46 UTC (rev 269019)
+++ trunk/Source/WTF/ChangeLog	2020-10-27 02:13:14 UTC (rev 269020)
@@ -1,5 +1,17 @@
 2020-10-15  Tadeu Zagallo  <[email protected]>
 
+        Sign MacroAssembler::jumpsToLink
+        https://bugs.webkit.org/show_bug.cgi?id=217774
+        <rdar://problem/69433058>
+
+        Reviewed by Saam Barati.
+
+        * wtf/PtrTag.h:
+        (WTF::untagInt):
+        (WTF::tagInt):
+
+2020-10-15  Tadeu Zagallo  <[email protected]>
+
         Add extra validation to MetaAllocator::findAndRemoveFreeSpace
         https://bugs.webkit.org/show_bug.cgi?id=217792
         <rdar://problem/69433015>

Modified: trunk/Source/WTF/wtf/PtrTag.h (269019 => 269020)


--- trunk/Source/WTF/wtf/PtrTag.h	2020-10-27 02:07:46 UTC (rev 269019)
+++ trunk/Source/WTF/wtf/PtrTag.h	2020-10-27 02:13:14 UTC (rev 269020)
@@ -410,6 +410,13 @@
 
 #if CPU(ARM64E)
 
+template <typename IntType>
+inline IntType untagInt(IntType ptrInt, PtrTag tag)
+{
+    static_assert(sizeof(IntType) == sizeof(uintptr_t));
+    return bitwise_cast<IntType>(ptrauth_auth_data(bitwise_cast<void*>(ptrInt), ptrauth_key_process_dependent_data, tag));
+}
+
 template<typename T>
 inline T* tagArrayPtr(std::nullptr_t ptr, size_t length)
 {
@@ -459,10 +466,17 @@
 template <PtrTag tag, typename IntType>
 inline IntType tagInt(IntType ptrInt)
 {
-    static_assert(sizeof(IntType) == sizeof(uintptr_t), "");
+    static_assert(sizeof(IntType) == sizeof(uintptr_t));
     return bitwise_cast<IntType>(ptrauth_sign_unauthenticated(bitwise_cast<void*>(ptrInt), ptrauth_key_process_dependent_data, tag));
 }
 
+template <typename IntType>
+inline IntType tagInt(IntType ptrInt, PtrTag tag)
+{
+    static_assert(sizeof(IntType) == sizeof(uintptr_t));
+    return bitwise_cast<IntType>(ptrauth_sign_unauthenticated(bitwise_cast<void*>(ptrInt), ptrauth_key_process_dependent_data, tag));
+}
+
 inline bool usesPointerTagging() { return true; }
 
 // vtbl function pointers need to sign with ptrauth_key_process_independent_code
@@ -519,6 +533,20 @@
     return ptrInt;
 }
 
+template <typename IntType>
+inline IntType tagInt(IntType ptrInt, PtrTag)
+{
+    static_assert(sizeof(IntType) == sizeof(uintptr_t));
+    return ptrInt;
+}
+
+template <typename IntType>
+inline IntType untagInt(IntType ptrInt, PtrTag)
+{
+    static_assert(sizeof(IntType) == sizeof(uintptr_t));
+    return ptrInt;
+}
+
 inline bool usesPointerTagging() { return false; }
 
 #define WTF_VTBL_FUNCPTR_PTRAUTH(discriminator)
@@ -553,6 +581,7 @@
 using WTF::tagCFunctionPtr;
 using WTF::untagCFunctionPtr;
 using WTF::tagInt;
+using WTF::untagInt;
 
 using WTF::assertIsCFunctionPtr;
 using WTF::assertIsNullOrCFunctionPtr;

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to