Bug 998997 - Use PROT_NONE on POSIX and PAGE_NOACCESS on Windows when protecting JIT code. (r=luke)
authorShu-yu Guo <shu@rfrn.org>
Tue, 22 Apr 2014 14:13:14 -0700
changeset 180048 c2672cd82c959f0289b759a1fb63eb790ba3ed14
parent 180047 4e1aafbda8e4fd73909d756e53f5bd518f018584
child 180049 31b79b2c4a7a1afb3c521a74564a520bf044cbd8
push id272
push userpvanderbeken@mozilla.com
push dateMon, 05 May 2014 16:31:18 +0000
reviewersluke
bugs998997
milestone31.0a1
Bug 998997 - Use PROT_NONE on POSIX and PAGE_NOACCESS on Windows when protecting JIT code. (r=luke)
js/src/assembler/jit/ExecutableAllocatorPosix.cpp
js/src/assembler/jit/ExecutableAllocatorWin.cpp
js/src/jit-test/tests/ion/iloop.js
--- a/js/src/assembler/jit/ExecutableAllocatorPosix.cpp
+++ b/js/src/assembler/jit/ExecutableAllocatorPosix.cpp
@@ -94,19 +94,20 @@ void ExecutableAllocator::reprotectRegio
 
 void
 ExecutablePool::toggleAllCodeAsAccessible(bool accessible)
 {
     char* begin = m_allocation.pages;
     size_t size = m_freePtr - begin;
 
     if (size) {
-        int flags = accessible
-                    ? PROT_READ | PROT_WRITE | PROT_EXEC
-                    : PROT_READ | PROT_WRITE;
+        // N.B. Some systems, like 32bit Mac OS 10.6, implicitly add PROT_EXEC
+        // when mprotect'ing memory with any flag other than PROT_NONE. Be
+        // sure to use PROT_NONE when making inaccessible.
+        int flags = accessible ? PROT_READ | PROT_WRITE | PROT_EXEC : PROT_NONE;
         if (mprotect(begin, size, flags))
             MOZ_CRASH();
     }
 }
 
 }
 
 #endif // HAVE(ASSEMBLER)
--- a/js/src/assembler/jit/ExecutableAllocatorWin.cpp
+++ b/js/src/assembler/jit/ExecutableAllocatorWin.cpp
@@ -111,18 +111,20 @@ void ExecutableAllocator::systemRelease(
 
 void
 ExecutablePool::toggleAllCodeAsAccessible(bool accessible)
 {
     char* begin = m_allocation.pages;
     size_t size = m_freePtr - begin;
 
     if (size) {
+        // N.B. DEP is not on automatically in Windows XP, so be sure to use
+        // PAGE_NOACCESS instead of PAGE_READWRITE when making inaccessible.
         DWORD oldProtect;
-        int flags = accessible ? PAGE_EXECUTE_READWRITE : PAGE_READWRITE;
+        int flags = accessible ? PAGE_EXECUTE_READWRITE : PAGE_NOACCESS;
         if (!VirtualProtect(begin, size, flags, &oldProtect))
             MOZ_CRASH();
     }
 }
 
 #if ENABLE_ASSEMBLER_WX_EXCLUSIVE
 #error "ASSEMBLER_WX_EXCLUSIVE not yet suported on this platform."
 #endif
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/ion/iloop.js
@@ -0,0 +1,4 @@
+// |jit-test| exitstatus: 6;
+
+timeout(1);
+for(;;);