WebKit Bugzilla
Attachment 361152 Details for
Bug 194270
: JITExecutable should not try to mmap executable memory without entitlement
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-194270-20190204192854.patch (text/plain), 2.30 KB, created by
Keith Miller
on 2019-02-04 19:28:56 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Keith Miller
Created:
2019-02-04 19:28:56 PST
Size:
2.30 KB
patch
obsolete
>Subversion Revision: 240959 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index 4d70226ac5b3db1084dff51990d64fae9d9b21b9..fe3148029d17363b9278544901e473974a7f2bc1 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,20 @@ >+2019-02-04 Keith Miller <keith_miller@apple.com> >+ >+ JITExecutable should not try to mmap executable memory without entitlement >+ https://bugs.webkit.org/show_bug.cgi?id=194270 >+ <rdar://problem/47717151> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ We try to use our one time token to map JIT memory if we are not >+ going to use the JIT in a process. If we never had the >+ entitlement, however, this would cause the process to crash. This >+ patch fixes that. >+ >+ * jit/ExecutableAllocator.cpp: >+ (JSC::isJITEnabled): >+ (JSC::ExecutableAllocator::setJITEnabled): >+ > 2019-02-04 Robin Morisset <rmorisset@apple.com> > > when lowering AssertNotEmpty, create the value before creating the patchpoint >diff --git a/Source/JavaScriptCore/jit/ExecutableAllocator.cpp b/Source/JavaScriptCore/jit/ExecutableAllocator.cpp >index 4606756e80c4b8f6f08c48aa5c769d5c8982628c..77cffc489be7336e001d196f1fb2393550766de3 100644 >--- a/Source/JavaScriptCore/jit/ExecutableAllocator.cpp >+++ b/Source/JavaScriptCore/jit/ExecutableAllocator.cpp >@@ -117,11 +117,12 @@ class FixedVMPoolExecutableAllocator; > static FixedVMPoolExecutableAllocator* allocator = nullptr; > static ExecutableAllocator* executableAllocator = nullptr; > >+static constexpr char* jitEntitlement = "dynamic-codesigning"; > static bool s_isJITEnabled = true; > static bool isJITEnabled() > { > #if PLATFORM(IOS_FAMILY) && (CPU(ARM64) || CPU(ARM)) >- return processHasEntitlement("dynamic-codesigning") && s_isJITEnabled; >+ return processHasEntitlement(jitEntitlement) && s_isJITEnabled; > #else > return s_isJITEnabled; > #endif >@@ -137,6 +138,9 @@ void ExecutableAllocator::setJITEnabled(bool enabled) > > #if PLATFORM(IOS_FAMILY) && (CPU(ARM64) || CPU(ARM)) > if (!enabled) { >+ if (!processHasEntitlement(jitEntitlement)) >+ return; >+ > constexpr size_t size = 1; > constexpr int protection = PROT_READ | PROT_WRITE | PROT_EXEC; > constexpr int flags = MAP_PRIVATE | MAP_ANON | MAP_JIT;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=361152">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 194270
:
361152
|
361153