Skip to site navigation (Press enter)

[webkit-changes] [92635] trunk/Source/JavaScriptCore

oliver Mon, 08 Aug 2011 14:29:28 -0700

Title: [92635] trunk/Source/_javascript_Core

Revision: 92635
Author: [email protected]
Date: 2011-08-08 14:28:53 -0700 (Mon, 08 Aug 2011)

Log Message

Using mprotect to create guard pages breaks our use of madvise to release executable memory
https://bugs.webkit.org/show_bug.cgi?id=65870


Reviewed by Gavin Barraclough.

Use mmap rather than mprotect to clear guard page permissions.

* wtf/OSAllocatorPosix.cpp:
(WTF::OSAllocator::reserveAndCommit):

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/wtf/OSAllocatorPosix.cpp

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (92634 => 92635)


--- trunk/Source/_javascript_Core/ChangeLog	2011-08-08 21:28:03 UTC (rev 92634)
+++ trunk/Source/_javascript_Core/ChangeLog	2011-08-08 21:28:53 UTC (rev 92635)
@@ -1,5 +1,17 @@
 2011-08-08  Oliver Hunt  <[email protected]>
 
+        Using mprotect to create guard pages breaks our use of madvise to release executable memory
+        https://bugs.webkit.org/show_bug.cgi?id=65870
+
+        Reviewed by Gavin Barraclough.
+
+        Use mmap rather than mprotect to clear guard page permissions.
+
+        * wtf/OSAllocatorPosix.cpp:
+        (WTF::OSAllocator::reserveAndCommit):
+
+2011-08-08  Oliver Hunt  <[email protected]>
+
         Non-extensibility does not prevent mutating [[Prototype]]
         https://bugs.webkit.org/show_bug.cgi?id=65832

Modified: trunk/Source/_javascript_Core/wtf/OSAllocatorPosix.cpp (92634 => 92635)


--- trunk/Source/_javascript_Core/wtf/OSAllocatorPosix.cpp	2011-08-08 21:28:03 UTC (rev 92634)
+++ trunk/Source/_javascript_Core/wtf/OSAllocatorPosix.cpp	2011-08-08 21:28:53 UTC (rev 92635)
@@ -104,8 +104,12 @@
             CRASH();
     }
     if (result && includesGuardPages) {
-        mprotect(result, pageSize(), PROT_NONE);
-        mprotect(static_cast<char*>(result) + bytes - pageSize(), pageSize(), PROT_NONE);
+        // We use mmap to remap the guardpages rather than using mprotect as
+        // mprotect results in multiple references to the code region.  This
+        // breaks the madvise based mechanism we use to return physical memory
+        // to the OS.
+        mmap(result, pageSize(), PROT_NONE, MAP_FIXED | MAP_PRIVATE | MAP_ANON, fd, 0);
+        mmap(static_cast<char*>(result) + bytes - pageSize(), pageSize(), PROT_NONE, MAP_FIXED | MAP_PRIVATE | MAP_ANON, fd, 0);
     }
     return result;
 }

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes