| author | Brian Hackett <bhackett1024@gmail.com> |
| Fri, 10 Jan 2020 05:26:10 +0000 | |
| changeset 509803 | 27a2f0bdfce95d85c3ee5e9f5096e58ee6fd61b1 |
| parent 509802 | eac17a862c29a52ae1a389c5e55c0a1cec0db7b6 |
| child 509804 | e75905873309543e5b281837458cf33d15972f23 |
| push id | 104847 |
| push user | bhackett@mozilla.com |
| push date | Fri, 10 Jan 2020 18:28:19 +0000 |
| treeherder | autoland@27a2f0bdfce9 [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| reviewers | glandium |
| bugs | 1598951 |
| milestone | 74.0a1 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| memory/build/mozjemalloc.cpp | file | annotate | diff | comparison | revisions | |
| memory/replace/logalloc/replay/moz.build | file | annotate | diff | comparison | revisions |
--- a/memory/build/mozjemalloc.cpp +++ b/memory/build/mozjemalloc.cpp @@ -2805,18 +2805,22 @@ void* arena_t::MallocSmall(size_t aSize, if (MOZ_UNLIKELY(mRandomizeSmallAllocations && mPRNG == nullptr)) { // This is frustrating. Because the code backing RandomUint64 (arc4random // for example) may allocate memory, and because // mRandomizeSmallAllocations is true and we haven't yet initilized mPRNG, // we would re-enter this same case and cause a deadlock inside e.g. // arc4random. So we temporarily disable mRandomizeSmallAllocations to // skip this case and then re-enable it mRandomizeSmallAllocations = false; - mozilla::Maybe<uint64_t> prngState1 = mozilla::RandomUint64(); - mozilla::Maybe<uint64_t> prngState2 = mozilla::RandomUint64(); + mozilla::Maybe<uint64_t> prngState1, prngState2; + { + mozilla::recordreplay::AutoEnsurePassThroughThreadEvents pt; + prngState1 = mozilla::RandomUint64(); + prngState2 = mozilla::RandomUint64(); + } void* backing = base_alloc(sizeof(mozilla::non_crypto::XorShift128PlusRNG)); mPRNG = new (backing) mozilla::non_crypto::XorShift128PlusRNG( prngState1.valueOr(0), prngState2.valueOr(0)); mRandomizeSmallAllocations = true; } MutexAutoLock lock(mLock); @@ -3537,17 +3541,21 @@ arena_t* ArenaCollection::CreateArena(bo } // For private arenas, generate a cryptographically-secure random id for the // new arena. If an attacker manages to get control of the process, this // should make it more difficult for them to "guess" the ID of a memory // arena, stopping them from getting data they may want while (true) { - mozilla::Maybe<uint64_t> maybeRandomId = mozilla::RandomUint64(); + mozilla::Maybe<uint64_t> maybeRandomId; + { + mozilla::recordreplay::AutoEnsurePassThroughThreadEvents pt; + maybeRandomId = mozilla::RandomUint64(); + } MOZ_RELEASE_ASSERT(maybeRandomId.isSome()); // Keep looping until we ensure that the random number we just generated // isn't already in use by another active arena arena_t* existingArena = GetByIdInternal(maybeRandomId.value(), true /*aIsPrivate*/); if (!existingArena) {
--- a/memory/replace/logalloc/replay/moz.build +++ b/memory/replace/logalloc/replay/moz.build @@ -5,16 +5,17 @@ # file, You can obtain one at http://mozilla.org/MPL/2.0/. Program('logalloc-replay') SOURCES += [ '/mfbt/Assertions.cpp', '/mfbt/Poison.cpp', '/mfbt/RandomNum.cpp', + '/mfbt/RecordReplay.cpp', '/mfbt/TaggedAnonymousMemory.cpp', '/mfbt/Unused.cpp', 'Replay.cpp', ] if CONFIG['MOZ_REPLACE_MALLOC_STATIC'] and \ (CONFIG['MOZ_DMD'] or CONFIG['MOZ_PHC']): UNIFIED_SOURCES += [