Skip to content
This repository has been archived by the owner on Nov 7, 2018. It is now read-only.

Commit

Permalink
Backed out 2 changesets (bug 1402282) for turning multiple browser ch…
Browse files Browse the repository at this point in the history 
…rome bugs into permafail

Backed out changeset db7059b57f92 (bug 1402282)
Backed out changeset cea1d44ac776 (bug 1402282)
  • Loading branch information
@aiakab
aiakab committed Nov 5, 2018
1 parent 1e2e2ef commit 9a6705b
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 66 deletions.
94 changes: 31 additions & 63 deletions memory/build/mozjemalloc.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,6 @@
#include "mozilla/DoublyLinkedList.h"
#include "mozilla/Likely.h"
#include "mozilla/MathAlgorithms.h"
#include "mozilla/RandomNum.h"
#include "mozilla/Sprintf.h"
// Note: MozTaggedAnonymousMmap() could call an LD_PRELOADed mmap
// instead of the one defined here; use only MozTagAnonymousMemory().
Expand Down Expand Up @@ -516,8 +515,7 @@ static const size_t gRecycleLimit = 128_MiB;
// The current amount of recycled bytes, updated atomically. Malloc may be
// called non-deterministically when recording/replaying, so this atomic's
// accesses are not recorded.
static Atomic<size_t, ReleaseAcquire, recordreplay::Behavior::DontPreserve>
gRecycledSize;
static Atomic<size_t, ReleaseAcquire, recordreplay::Behavior::DontPreserve> gRecycledSize;

// Maximum number of dirty pages per arena.
#define DIRTY_MAX_DEFAULT (1U << 8)
Expand Down Expand Up @@ -559,10 +557,8 @@ static bool malloc_initialized;
#else
// Malloc may be called non-deterministically when recording/replaying, so this
// atomic's accesses are not recorded.
static Atomic<bool,
SequentiallyConsistent,
recordreplay::Behavior::DontPreserve>
malloc_initialized;
static Atomic<bool, SequentiallyConsistent,
recordreplay::Behavior::DontPreserve> malloc_initialized;
#endif

static StaticMutex gInitLock = { STATIC_MUTEX_INIT };
Expand Down Expand Up @@ -1162,9 +1158,8 @@ class ArenaCollection
Mutex mLock;

private:
inline arena_t* GetByIdInternal(arena_id_t aArenaId, bool aIsPrivate);

arena_t* mDefaultArena;
arena_id_t mLastArenaId;
Tree mArenas;
Tree mPrivateArenas;
};
Expand Down Expand Up @@ -2280,14 +2275,14 @@ arena_run_reg_alloc(arena_run_t* run, arena_bin_t* bin)
static inline void
arena_run_reg_dalloc(arena_run_t* run, arena_bin_t* bin, void* ptr, size_t size)
{
// To divide by a number D that is not a power of two we multiply
// by (2^21 / D) and then right shift by 21 positions.
//
// X / D
//
// becomes
//
// (X * size_invs[(D / kQuantum) - 3]) >> SIZE_INV_SHIFT
// To divide by a number D that is not a power of two we multiply
// by (2^21 / D) and then right shift by 21 positions.
//
// X / D
//
// becomes
//
// (X * size_invs[(D / kQuantum) - 3]) >> SIZE_INV_SHIFT

#define SIZE_INV_SHIFT 21
#define SIZE_INV(s) (((1U << SIZE_INV_SHIFT) / (s * kQuantum)) + 1)
Expand Down Expand Up @@ -3737,27 +3732,8 @@ ArenaCollection::CreateArena(bool aIsPrivate, arena_params_t* aParams)

MutexAutoLock lock(mLock);

ret->mId = [&] {
// Generate a cryptographically-secure random id for the new arena
// If an attacker manages to get control of the process, this should make
// it more difficult for them to "guess" the ID of another memory arena,
// stopping them from getting data they may want

while (true) {
mozilla::Maybe<uint64_t> maybeRandomId = mozilla::RandomUint64();
MOZ_RELEASE_ASSERT(maybeRandomId.isSome());

// Keep looping until we ensure that the random number we just generated
// isn't already in use by another active arena
arena_t* existingArena =
GetByIdInternal(maybeRandomId.value(), aIsPrivate);

if (!existingArena) {
return maybeRandomId.value();
}
}
}();

// TODO: Use random Ids.
ret->mId = mLastArenaId++;
(aIsPrivate ? mPrivateArenas : mArenas).Insert(ret);
return ret;
}
Expand Down Expand Up @@ -4583,25 +4559,18 @@ MozJemalloc::jemalloc_free_dirty_pages(void)
}
}

// ArenaCollection::mLock must be locked before calling this
inline arena_t*
ArenaCollection::GetByIdInternal(arena_id_t aArenaId, bool aIsPrivate)
{
// Use AlignedStorage2 to avoid running the arena_t constructor, while
// we only need it as a placeholder for mId.
mozilla::AlignedStorage2<arena_t> key;
key.addr()->mId = aArenaId;
return (aIsPrivate ? mPrivateArenas : mArenas).Search(key.addr());
}

inline arena_t*
ArenaCollection::GetById(arena_id_t aArenaId, bool aIsPrivate)
{
if (!malloc_initialized) {
return nullptr;
}
// Use AlignedStorage2 to avoid running the arena_t constructor, while
// we only need it as a placeholder for mId.
mozilla::AlignedStorage2<arena_t> key;
key.addr()->mId = aArenaId;
MutexAutoLock lock(mLock);
arena_t* result = GetByIdInternal(aArenaId, aIsPrivate);
arena_t* result = (aIsPrivate ? mPrivateArenas : mArenas).Search(key.addr());
MOZ_RELEASE_ASSERT(result);
return result;
}
Expand Down Expand Up @@ -4740,10 +4709,7 @@ static malloc_table_t gReplaceMallocTables[2] = {
unsigned gReplaceMallocIndex = 0;

// Avoid races when swapping malloc impls dynamically
static Atomic<malloc_table_t const*,
mozilla::MemoryOrdering::Relaxed,
recordreplay::Behavior::DontPreserve>
gReplaceMallocTable;
static Atomic<malloc_table_t const*, mozilla::MemoryOrdering::Relaxed, recordreplay::Behavior::DontPreserve> gReplaceMallocTable;

#ifdef MOZ_DYNAMIC_REPLACE_INIT
#undef replace_init
Expand Down Expand Up @@ -4882,15 +4848,15 @@ jemalloc_replace_dynamic(jemalloc_init_func replace_init_func)
gReplaceMallocTable = &gReplaceMallocTableDefault;
}

#define MALLOC_DECL(name, return_type, ...) \
#define MALLOC_DECL(name, return_type, ...) \
template<> \
inline return_type ReplaceMalloc::name( \
ARGS_HELPER(TYPED_ARGS, ##__VA_ARGS__)) \
{ \
if (MOZ_UNLIKELY(!gReplaceMallocTable)) { \
if (MOZ_UNLIKELY(!gReplaceMallocTable)) { \
init(); \
} \
return (*gReplaceMallocTable).name(ARGS_HELPER(ARGS, ##__VA_ARGS__)); \
return (*gReplaceMallocTable).name(ARGS_HELPER(ARGS, ##__VA_ARGS__)); \
}
#include "malloc_decls.h"

Expand All @@ -4909,7 +4875,7 @@ get_bridge(void)
// replace_valloc, and default implementations will be automatically derived
// from replace_memalign.
static void
replace_malloc_init_funcs(malloc_table_t* table)
replace_malloc_init_funcs(malloc_table_t *table)
{
if (table->posix_memalign == MozJemalloc::posix_memalign &&
table->memalign != MozJemalloc::memalign) {
Expand All @@ -4923,7 +4889,8 @@ replace_malloc_init_funcs(malloc_table_t* table)
}
if (table->valloc == MozJemalloc::valloc &&
table->memalign != MozJemalloc::memalign) {
table->valloc = AlignedAllocator<ReplaceMalloc::memalign>::valloc;
table->valloc =
AlignedAllocator<ReplaceMalloc::memalign>::valloc;
}
if (table->moz_create_arena_with_params ==
MozJemalloc::moz_create_arena_with_params &&
Expand All @@ -4933,7 +4900,8 @@ replace_malloc_init_funcs(malloc_table_t* table)
#define MALLOC_FUNCS MALLOC_FUNCS_ARENA_BASE
#include "malloc_decls.h"
}
if (table->moz_arena_malloc == MozJemalloc::moz_arena_malloc &&
if (table->moz_arena_malloc ==
MozJemalloc::moz_arena_malloc &&
table->malloc != MozJemalloc::malloc) {
#define MALLOC_DECL(name, ...) \
table->name = DummyArenaAllocator<ReplaceMalloc>::name;
Expand All @@ -4943,8 +4911,8 @@ replace_malloc_init_funcs(malloc_table_t* table)
}

#endif // MOZ_REPLACE_MALLOC
// ***************************************************************************
// Definition of all the _impl functions
// ***************************************************************************
// Definition of all the _impl functions

#define GENERIC_MALLOC_DECL2(name, name_impl, return_type, ...) \
return_type name_impl(ARGS_HELPER(TYPED_ARGS, ##__VA_ARGS__)) \
Expand All @@ -4968,7 +4936,7 @@ replace_malloc_init_funcs(malloc_table_t* table)
MOZ_JEMALLOC_API MACRO_CALL(GENERIC_MALLOC_DECL, (__VA_ARGS__))
#define MALLOC_FUNCS (MALLOC_FUNCS_JEMALLOC | MALLOC_FUNCS_ARENA)
#include "malloc_decls.h"
// ***************************************************************************
// ***************************************************************************

#ifdef HAVE_DLOPEN
#include <dlfcn.h>
Expand Down
6 changes: 6 additions & 0 deletions memory/replace/logalloc/replay/Replay.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -300,6 +300,12 @@ MOZ_BEGIN_EXTERN_C
#include "malloc_decls.h"

#ifdef ANDROID
/* mozjemalloc uses MozTagAnonymousMemory, which doesn't have an inline
* implementation on Android */
void
MozTagAnonymousMemory(const void* aPtr, size_t aLength, const char* aTag)
{
}

/* mozjemalloc and jemalloc use pthread_atfork, which Android doesn't have.
* While gecko has one in libmozglue, the replay program can't use that.
Expand Down
4 changes: 1 addition & 3 deletions memory/replace/logalloc/replay/moz.build
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,6 @@ Program('logalloc-replay')

SOURCES += [
'/mfbt/Assertions.cpp',
'/mfbt/Poison.cpp',
'/mfbt/RandomNum.cpp',
'/mfbt/TaggedAnonymousMemory.cpp',
'/mfbt/Unused.cpp',
'Replay.cpp',
]
Expand All @@ -19,6 +16,7 @@ if CONFIG['MOZ_REPLACE_MALLOC_STATIC'] and CONFIG['MOZ_DMD']:
UNIFIED_SOURCES += [
'/mfbt/HashFunctions.cpp',
'/mfbt/JSONWriter.cpp',
'/mfbt/Poison.cpp',
'/mozglue/misc/StackWalk.cpp',
]

Expand Down

0 comments on commit 9a6705b

Please sign in to comment.