Bug#605132: marked as done (libwebkit-1.0-2: don't crash when WX mmap() is denied)

Fri, 30 Nov 2018 18:49:07 -0800 

Your message dated Sat, 01 Dec 2018 02:45:29 +0000
with message-id <[email protected]>
and subject line Bug#893863: Removed package(s) from unstable
has caused the Debian Bug report #605132,
regarding libwebkit-1.0-2: don't crash when WX mmap() is denied
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
605132: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605132
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: libwebkit-1.0-2
Version: 1.2.5-2.1
Severity: normal

Hi,

I'm using a grsec-enabled kernel with PaX memory protection, which by
default deny mmap()ing with write and exec protection.

This leads to problems in webkit-based applications (GtkLauncher,
midori, epiphany, rhythmbox...) which crash when trying to use
javascript engine because the JIT js compiler needs to execute stuff it
just wrote in memory (that's the whole point of JIT).

The segfault is usually at:


#0  0x0000692f95f8edf4 in JSC::ExecutablePool::systemAlloc (n=16384)
    at ../JavaScriptCore/jit/ExecutableAllocatorPosix.cpp:49

the code beeing:

ExecutablePool::Allocation ExecutablePool::systemAlloc(size_t n)
{
    void* allocation = mmap(NULL, n, INITIAL_PROTECTION_FLAGS, MAP_PRIVATE |    
MAP_ANON, VM_TAG_FOR_EXECUTABLEALLOCATOR_MEMORY, 0);
    if (allocation == MAP_FAILED)
        CRASH();                                                                
    ExecutablePool::Allocation alloc = { reinterpret_cast<char*>(allocation), n 
};
    return alloc;
}

INITIAL_PROTECTION_FLAGS is 

#if ENABLE(ASSEMBLER_WX_EXCLUSIVE)
#define PROTECTION_FLAGS_RW (PROT_READ | PROT_WRITE)
#define PROTECTION_FLAGS_RX (PROT_READ | PROT_EXEC)
#define INITIAL_PROTECTION_FLAGS PROTECTION_FLAGS_RX
#else
#define INITIAL_PROTECTION_FLAGS (PROT_READ | PROT_WRITE | PROT_EXEC)
#endif

with ASSEMBLER_WX_EXCLUSIVE beeing enabled only on iphone platform.

As I understand it, disabling assembly completely has a too large cost, but
it'd be nice to not crash directly if the mmap is denied. A fallback to no jit
or no-assembly jit would be better imho.

What do you think?

I guess this really belongs upstream but I don't have a bugs.webkit.org account
right now.

Regards,
-- 
Yves-Alexis
-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-grsec-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libwebkit-1.0-2 depends on:
ii  libatk1.0-0                 1.30.0-1     The ATK accessibility toolkit
ii  libc6                       2.11.2-7     Embedded GNU C Library: Shared lib
ii  libcairo2                   1.9.14-1     The Cairo 2D vector graphics libra
ii  libenchant1c2a              1.6.0-1      a wrapper library for various spel
ii  libfontconfig1              2.8.0-2.1    generic font configuration library
ii  libfreetype6                2.4.2-2.1    FreeType 2 font engine, shared lib
ii  libgail18                   2.20.1-2     GNOME Accessibility Implementation
ii  libglib2.0-0                2.27.3-1     The GLib library of C routines
ii  libgstreamer-plugins-base0. 0.10.30-1    GStreamer libraries from the "base
ii  libgstreamer0.10-0          0.10.30-1    Core GStreamer libraries and eleme
ii  libgtk2.0-0                 2.20.1-2     The GTK+ graphical user interface 
ii  libicu44                    4.4.2-2      International Components for Unico
ii  libjpeg62                   6b1-1        The Independent JPEG Group's JPEG 
ii  libpango1.0-0               1.28.3-1     Layout and rendering of internatio
ii  libpng12-0                  1.2.44-1     PNG library - runtime
ii  libsoup2.4-1                2.30.2-1     an HTTP library implementation in 
ii  libsqlite3-0                3.7.3-1      SQLite 3 shared library
ii  libstdc++6                  4.4.5-8      The GNU Standard C++ Library v3
ii  libwebkit-1.0-common        1.2.5-2.1    Web content engine library for Gtk
ii  libxml2                     2.7.8.dfsg-1 GNOME XML library
ii  libxslt1.1                  1.1.26-6     XSLT 1.0 processing library - runt
ii  libxt6                      1:1.0.7-1    X11 toolkit intrinsics library

libwebkit-1.0-2 recommends no packages.

libwebkit-1.0-2 suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Version: 2.4.11-4+rm

Dear submitter,

as the package webkitgtk has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/893863

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
[email protected].

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

--- End Message ---

Reply via email to