Bug 926778 - Prevent executable allocator from handing out poisoned pointers with JSGC_ROOT_ANALYSIS, r=terrence
authorSteve Fink <sfink@mozilla.com>
Tue, 15 Oct 2013 15:35:00 -0700
changeset 164875 8a18721cdd8d70e347f3bd8aa56b335e48afe13a
parent 164786 062d1737419669468dc7b6443d473d982f083dfe
child 164876 287878a32dd22f0d6a26845a3ee1cddc012b961b
push id3066
push userakeybl@mozilla.com
push dateMon, 09 Dec 2013 19:58:46 +0000
treeherdermozilla-beta@a31a0dce83aa [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersterrence
bugs926778
milestone27.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 926778 - Prevent executable allocator from handing out poisoned pointers with JSGC_ROOT_ANALYSIS, r=terrence
js/src/assembler/jit/ExecutableAllocatorPosix.cpp
--- a/js/src/assembler/jit/ExecutableAllocatorPosix.cpp
+++ b/js/src/assembler/jit/ExecutableAllocatorPosix.cpp
@@ -27,27 +27,35 @@
 
 #if ENABLE_ASSEMBLER && WTF_OS_UNIX && !WTF_OS_SYMBIAN
 
 #include <sys/mman.h>
 #include <unistd.h>
 
 #include "assembler/wtf/Assertions.h"
 #include "assembler/wtf/VMTags.h"
+#include "js/Utility.h"
 
 namespace JSC {
 
 size_t ExecutableAllocator::determinePageSize()
 {
     return getpagesize();
 }
 
 ExecutablePool::Allocation ExecutableAllocator::systemAlloc(size_t n)
 {
-    void* allocation = mmap(NULL, n, INITIAL_PROTECTION_FLAGS, MAP_PRIVATE | MAP_ANON, VM_TAG_FOR_EXECUTABLEALLOCATOR_MEMORY, 0);
+    void* allocation;
+#ifdef JSGC_ROOT_ANALYSIS
+    do {
+#endif
+        allocation = mmap(NULL, n, INITIAL_PROTECTION_FLAGS, MAP_PRIVATE | MAP_ANON, VM_TAG_FOR_EXECUTABLEALLOCATOR_MEMORY, 0);
+#ifdef JSGC_ROOT_ANALYSIS
+    } while (allocation && JS::IsPoisonedPtr(allocation));
+#endif
     if (allocation == MAP_FAILED)
         allocation = NULL;
     ExecutablePool::Allocation alloc = { reinterpret_cast<char*>(allocation), n };
     return alloc;
 }
 
 void ExecutableAllocator::systemRelease(const ExecutablePool::Allocation& alloc)
 {