Diff
Modified: branches/safari-605-branch/Source/bmalloc/CMakeLists.txt (228161 => 228162)
--- branches/safari-605-branch/Source/bmalloc/CMakeLists.txt 2018-02-06 15:16:18 UTC (rev 228161)
+++ branches/safari-605-branch/Source/bmalloc/CMakeLists.txt 2018-02-06 15:16:22 UTC (rev 228162)
@@ -34,6 +34,7 @@
if (CMAKE_SYSTEM_NAME MATCHES "Darwin")
list(APPEND bmalloc_SOURCES
+ bmalloc/ProcessCheck.mm
bmalloc/Zone.cpp
)
endif ()
Modified: branches/safari-605-branch/Source/bmalloc/ChangeLog (228161 => 228162)
--- branches/safari-605-branch/Source/bmalloc/ChangeLog 2018-02-06 15:16:18 UTC (rev 228161)
+++ branches/safari-605-branch/Source/bmalloc/ChangeLog 2018-02-06 15:16:22 UTC (rev 228162)
@@ -1,5 +1,67 @@
2018-02-06 Jason Marcell <jmarc...@apple.com>
+ Cherry-pick r228108. rdar://problem/37264475
+
+ 2018-02-05 JF Bastien <jfbast...@apple.com>
+
+ Gigacage: enable only for WebContent process and token executables
+ https://bugs.webkit.org/show_bug.cgi?id=182457
+ <rdar://problem/35875011>
+
+ Reviewed by Keith Miller.
+
+ Gigacage is a solid security improvement, but it's probably best
+ to roll it out incrementally to the most valuable targets first
+ and progressively try out more and more over time rather than
+ outright enabling it everywhere. We've gotten some reports that it
+ has some side-effects that weren't expected, so for now let's
+ enable it for the WebContent process, JSC, and other executables
+ we know, and then later we'll enable more gigacage uses.
+
+ For now I've chosen the following bundles:
+
+ - com.apple.WebKit.WebContent.Development
+ - com.apple.WebKit.WebContent
+ - com.apple.WebProcess
+
+ And the following processes:
+
+ - jsc
+ - wasm
+ - anything starting with "test", to match the JSC tests
+
+ I tried a different approach first, where I add a function to turn
+ gigacage on or off and crash if gigacage is initialized without
+ having been told what to do. Doing this in ChildProcess and a
+ bunch of the process initialization methods isn't sufficient. I
+ got MiniBrowser working, but some other builds use static globals
+ which themselves use hash and string which are allocate with
+ bmalloc and therefore which initialize gigacage before main is
+ called and before the process gets a chance to opt in our out. It
+ gets tricky with API calls too, because we have to do the right
+ thing in any entry an API user could plausibly use, even the
+ private ones, so I endend up having to initialize gigacage in e.g.
+ WebPreferencesExperimentalFeatures.cpp.erb.
+
+ Another approach could be to create a free-for-all gigacage
+ entitlement, and opt-in the processes we want..
+
+ As a follow-up we can also check that gigacage allocation always
+ succeeds if it was allowed for that process. With my change I
+ expect it to always succeed.
+
+ * CMakeLists.txt:
+ * bmalloc.xcodeproj/project.pbxproj:
+ * bmalloc/BPlatform.h:
+ * bmalloc/Gigacage.cpp:
+ (Gigacage::shouldBeEnabled):
+ * bmalloc/ProcessCheck.h: Added.
+ (bmalloc::gigacageEnabledForProcess):
+ * bmalloc/ProcessCheck.mm: Added.
+ (bmalloc::gigacageEnabledForProcess):
+
+2018-02-06 Jason Marcell <jmarc...@apple.com>
+
Cherry-pick r228107. rdar://problem/37264489
2018-02-05 Joseph Pecoraro <pecor...@apple.com>
Modified: branches/safari-605-branch/Source/bmalloc/bmalloc/BPlatform.h (228161 => 228162)
--- branches/safari-605-branch/Source/bmalloc/bmalloc/BPlatform.h 2018-02-06 15:16:18 UTC (rev 228161)
+++ branches/safari-605-branch/Source/bmalloc/bmalloc/BPlatform.h 2018-02-06 15:16:22 UTC (rev 228162)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -63,6 +63,14 @@
#endif
#endif
+#if BPLATFORM(MAC) || BPLATFORM(IOS)
+#define BPLATFORM_COCOA 1
+#endif
+
+#if defined(TARGET_OS_WATCH) && TARGET_OS_WATCH
+#define BPLATFORM_WATCHOS 1
+#endif
+
/* ==== Policy decision macros: these define policy choices for a particular port. ==== */
/* BUSE() - use a particular third-party library or optional OS service */
Modified: branches/safari-605-branch/Source/bmalloc/bmalloc/Gigacage.cpp (228161 => 228162)
--- branches/safari-605-branch/Source/bmalloc/bmalloc/Gigacage.cpp 2018-02-06 15:16:18 UTC (rev 228161)
+++ branches/safari-605-branch/Source/bmalloc/bmalloc/Gigacage.cpp 2018-02-06 15:16:22 UTC (rev 228162)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2017-2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -28,6 +28,7 @@
#include "CryptoRandom.h"
#include "Environment.h"
#include "PerProcess.h"
+#include "ProcessCheck.h"
#include "VMAllocate.h"
#include "Vector.h"
#include "bmalloc.h"
@@ -250,6 +251,9 @@
std::call_once(
onceFlag,
[] {
+ if (!gigacageEnabledForProcess())
+ return;
+
bool result = !PerProcess<Environment>::get()->isDebugHeapEnabled();
if (!result)
return;
Added: branches/safari-605-branch/Source/bmalloc/bmalloc/ProcessCheck.h (0 => 228162)
--- branches/safari-605-branch/Source/bmalloc/bmalloc/ProcessCheck.h (rev 0)
+++ branches/safari-605-branch/Source/bmalloc/bmalloc/ProcessCheck.h 2018-02-06 15:16:22 UTC (rev 228162)
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2018 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include "BPlatform.h"
+
+namespace bmalloc {
+
+#if BPLATFORM(COCOA)
+#if BPLATFORM(WATCHOS)
+inline bool gigacageEnabledForProcess() { return false; }
+#else
+bool gigacageEnabledForProcess();
+#endif
+#else
+inline bool gigacageEnabledForProcess() { return true; }
+#endif
+
+}
Added: branches/safari-605-branch/Source/bmalloc/bmalloc/ProcessCheck.mm (0 => 228162)
--- branches/safari-605-branch/Source/bmalloc/bmalloc/ProcessCheck.mm (rev 0)
+++ branches/safari-605-branch/Source/bmalloc/bmalloc/ProcessCheck.mm 2018-02-06 15:16:22 UTC (rev 228162)
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2018 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import "ProcessCheck.h"
+
+#if !BPLATFORM(WATCHOS)
+
+#import <Foundation/Foundation.h>
+
+namespace bmalloc {
+
+bool gigacageEnabledForProcess()
+{
+ static NSString *appName = [[NSBundle mainBundle] bundleIdentifier];
+ if (appName) {
+ static bool isWebProcess = [appName isEqualToString:@"com.apple.WebKit.WebContent.Development"]
+ || [appName isEqualToString:@"com.apple.WebKit.WebContent"]
+ || [appName isEqualToString:@"com.apple.WebProcess"];
+ return isWebProcess;
+ }
+
+ static NSString *processName = [[NSProcessInfo processInfo] processName];
+ static bool isOptInBinary = [processName isEqualToString:@"jsc"]
+ || [processName isEqualToString:@"wasm"]
+ || [processName hasPrefix:@"test"];
+
+ return isOptInBinary;
+}
+
+}
+
+#endif
Modified: branches/safari-605-branch/Source/bmalloc/bmalloc.xcodeproj/project.pbxproj (228161 => 228162)
--- branches/safari-605-branch/Source/bmalloc/bmalloc.xcodeproj/project.pbxproj 2018-02-06 15:16:18 UTC (rev 228161)
+++ branches/safari-605-branch/Source/bmalloc/bmalloc.xcodeproj/project.pbxproj 2018-02-06 15:16:22 UTC (rev 228162)
@@ -133,6 +133,8 @@
6599C5CC1EC3F15900A2F7BB /* AvailableMemory.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 6599C5CA1EC3F15900A2F7BB /* AvailableMemory.cpp */; };
6599C5CD1EC3F15900A2F7BB /* AvailableMemory.h in Headers */ = {isa = PBXBuildFile; fileRef = 6599C5CB1EC3F15900A2F7BB /* AvailableMemory.h */; settings = {ATTRIBUTES = (Private, ); }; };
AD0934331FCF406D00E85EB5 /* BCompiler.h in Headers */ = {isa = PBXBuildFile; fileRef = AD0934321FCF405000E85EB5 /* BCompiler.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ AD14AD29202529C400890E3B /* ProcessCheck.h in Headers */ = {isa = PBXBuildFile; fileRef = AD14AD27202529A600890E3B /* ProcessCheck.h */; };
+ AD14AD2A202529C700890E3B /* ProcessCheck.mm in Sources */ = {isa = PBXBuildFile; fileRef = AD14AD28202529B000890E3B /* ProcessCheck.mm */; };
/* End PBXBuildFile section */
/* Begin PBXContainerItemProxy section */
@@ -289,6 +291,8 @@
6599C5CA1EC3F15900A2F7BB /* AvailableMemory.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = AvailableMemory.cpp; path = bmalloc/AvailableMemory.cpp; sourceTree = "<group>"; };
6599C5CB1EC3F15900A2F7BB /* AvailableMemory.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = AvailableMemory.h; path = bmalloc/AvailableMemory.h; sourceTree = "<group>"; };
AD0934321FCF405000E85EB5 /* BCompiler.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = BCompiler.h; path = bmalloc/BCompiler.h; sourceTree = "<group>"; };
+ AD14AD27202529A600890E3B /* ProcessCheck.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ProcessCheck.h; path = bmalloc/ProcessCheck.h; sourceTree = "<group>"; };
+ AD14AD28202529B000890E3B /* ProcessCheck.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = ProcessCheck.mm; path = bmalloc/ProcessCheck.mm; sourceTree = "<group>"; };
/* End PBXFileReference section */
/* Begin PBXFrameworksBuildPhase section */
@@ -480,6 +484,8 @@
144BE11E1CA346520099C8C0 /* Object.h */,
14105E8318E14374003A106E /* ObjectType.cpp */,
1485656018A43DBA00ED6942 /* ObjectType.h */,
+ AD14AD27202529A600890E3B /* ProcessCheck.h */,
+ AD14AD28202529B000890E3B /* ProcessCheck.mm */,
0F5BF1501F22E1570029D91D /* Scavenger.cpp */,
0F5BF1511F22E1570029D91D /* Scavenger.h */,
145F6874179DF84100D65598 /* Sizes.h */,
@@ -632,6 +638,7 @@
14DD78CF18F48D7500950702 /* Vector.h in Headers */,
14DD78D018F48D7500950702 /* VMAllocate.h in Headers */,
0F7EB83A1F9541B000F1ABCB /* IsoDeallocatorInlines.h in Headers */,
+ AD14AD29202529C400890E3B /* ProcessCheck.h in Headers */,
1400274A18F89C2300115C97 /* VMHeap.h in Headers */,
1440AFCB1A95261100837FAA /* Zone.h in Headers */,
);
@@ -765,6 +772,7 @@
142B44361E2839E7001DA6E9 /* DebugHeap.cpp in Sources */,
14895D911A3A319C0006235D /* Environment.cpp in Sources */,
0F7EB83F1F9541B000F1ABCB /* IsoTLSLayout.cpp in Sources */,
+ AD14AD2A202529C700890E3B /* ProcessCheck.mm in Sources */,
14F271C718EA3990008C152F /* Heap.cpp in Sources */,
0F7EB8321F9541B000F1ABCB /* IsoTLSEntry.cpp in Sources */,
0F74B93F1F89713E00B935D3 /* CryptoRandom.cpp in Sources */,
