Bug 1529933 - Execute a fence before mprotect. r=luke
☠☠ backed out by 6ea65bcee7cf ☠ ☠
authorLars T Hansen <lhansen@mozilla.com>
Thu, 14 Mar 2019 17:22:50 +0100
changeset 525062 759a68d0af0fbdf24b36101503d8c61a879cfc25
parent 525010 c525a24dffc34f710b52dfcb949fcafeb3f6bac6
child 525063 6ea65bcee7cfbbce9dd6824f590f73313a9850b5
push id2032
push userffxbld-merge
push dateMon, 13 May 2019 09:36:57 +0000
treeherdermozilla-release@455c1065dcbe [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersluke
bugs1529933
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1529933 - Execute a fence before mprotect. r=luke Differential Revision: https://phabricator.services.mozilla.com/D23527
js/src/jit/ProcessExecutableMemory.cpp
--- a/js/src/jit/ProcessExecutableMemory.cpp
+++ b/js/src/jit/ProcessExecutableMemory.cpp
@@ -18,16 +18,17 @@
 #include "jsfriendapi.h"
 #include "jsmath.h"
 #include "jsutil.h"
 
 #include "gc/Memory.h"
 #ifdef JS_CODEGEN_ARM64
 #  include "jit/arm64/vixl/Cpu-vixl.h"
 #endif
+#include "jit/AtomicOperations.h"
 #include "threading/LockGuard.h"
 #include "threading/Mutex.h"
 #include "util/Windows.h"
 #include "vm/MutexIDs.h"
 
 #ifdef XP_WIN
 #  include "mozilla/StackWalk_windows.h"
 #  include "mozilla/WindowsVersion.h"
@@ -720,16 +721,25 @@ bool js::jit::ReprotectRegion(void* star
   // Round size up
   size += (pageSize - 1);
   size &= ~(pageSize - 1);
 
   MOZ_ASSERT((uintptr_t(pageStart) % pageSize) == 0);
 
   execMemory.assertValidAddress(pageStart, size);
 
+  // On weak memory systems, make sure new code is visible on all cores before
+  // addresses of the code are made public.  Now is the latest moment in time
+  // when we can do that, and we're assuming that every other thread that has
+  // written into the memory that is being reprotected here has synchronized
+  // with this thread in such a way that the memory writes have become visible
+  // and we therefore only need to execute the fence once here.  See bug 1529933
+  // for a longer discussion of why this is both necessary and sufficient.
+  AtomicOperations::fenceSeqCst();
+
 #ifdef XP_WIN
   DWORD oldProtect;
   DWORD flags = ProtectionSettingToFlags(protection);
   if (!VirtualProtect(pageStart, size, flags, &oldProtect)) {
     return false;
   }
 #else
   unsigned flags = ProtectionSettingToFlags(protection);