bmalloc: vm allocations should plant guard pages

https://bugs.webkit.org/show_bug.cgi?id=156937 Reviewed by Michael Saboff. * bmalloc/Object.h: (bmalloc::Object::operator-): Added a - helper. * bmalloc/VMAllocate.h: (bmalloc::vmRevokePermissions): Added a helper to revoke permissions on a VM region. We use this for guard pages. * bmalloc/VMHeap.cpp: (bmalloc::VMHeap::allocateSmallChunk): Add guard pages to the start and end of the chunk. Note that we don't guard large chunks becuase we need to be able to merge them. Otherwise, we will run out of virtual addresses. Canonical link: https://commits.webkit.org/175048@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199936 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebKit · Apr 22, 2016 · fdcb8a8b858def95fc852acdc88b9d909a006c65 · fdcb8a8
1 parent a8bde5f
commit fdcb8a8b858def95fc852acdc88b9d909a006c65
Showing with 39 additions and 0 deletions.

+21 −0 Source/bmalloc/ChangeLog

+6 −0 Source/bmalloc/bmalloc/Object.h

+6 −0 Source/bmalloc/bmalloc/VMAllocate.h

+6 −0 Source/bmalloc/bmalloc/VMHeap.cpp
diff --git a/Source/bmalloc/ChangeLog b/Source/bmalloc/ChangeLog
@@ -1,3 +1,24 @@
+2016-04-22  Geoffrey Garen  <ggaren@apple.com>
+
+        bmalloc: vm allocations should plant guard pages
+        https://bugs.webkit.org/show_bug.cgi?id=156937
+
+        Reviewed by Michael Saboff.
+
+        * bmalloc/Object.h:
+        (bmalloc::Object::operator-): Added a - helper.
+
+        * bmalloc/VMAllocate.h:
+        (bmalloc::vmRevokePermissions): Added a helper to revoke permissions on
+        a VM region. We use this for guard pages.
+
+        * bmalloc/VMHeap.cpp:
+        (bmalloc::VMHeap::allocateSmallChunk): Add guard pages to the start and
+        end of the chunk.
+
+        Note that we don't guard large chunks becuase we need to be able to merge
+        them. Otherwise, we will run out of virtual addresses.
+
 2016-04-22  Geoffrey Garen  <ggaren@apple.com>
 
         bmalloc: Constify introspect function pointer table

diff --git a/Source/bmalloc/bmalloc/Object.h b/Source/bmalloc/bmalloc/Object.h
@@ -52,6 +52,7 @@ class Object {
     SmallPage* page();
 
     Object operator+(size_t);
+    Object operator-(size_t);
     bool operator<=(const Object&);
 
 private:
@@ -64,6 +65,11 @@ inline Object Object::operator+(size_t offset)
     return Object(m_chunk, m_offset + offset);
 }
 
+inline Object Object::operator-(size_t offset)
+{
+    return Object(m_chunk, m_offset - offset);
+}
+
 inline bool Object::operator<=(const Object& other)
 {
     BASSERT(m_chunk == other.m_chunk);

diff --git a/Source/bmalloc/bmalloc/VMAllocate.h b/Source/bmalloc/bmalloc/VMAllocate.h
@@ -137,6 +137,12 @@ inline void vmDeallocate(void* p, size_t vmSize)
     munmap(p, vmSize);
 }
 
+inline void vmRevokePermissions(void* p, size_t vmSize)
+{
+    vmValidate(p, vmSize);
+    mprotect(p, vmSize, PROT_NONE);
+}
+
 // Allocates vmSize bytes at a specified power-of-two alignment.
 // Use this function to create maskable memory regions.
 

diff --git a/Source/bmalloc/bmalloc/VMHeap.cpp b/Source/bmalloc/bmalloc/VMHeap.cpp
@@ -75,6 +75,12 @@ void VMHeap::allocateSmallChunk(std::lock_guard<StaticMutex>& lock, size_t pageC
     Object begin(chunk, metadataSize);
     Object end(chunk, chunkSize);
 
+    vmRevokePermissions(begin.begin(), pageSize);
+    vmRevokePermissions(end.begin() - pageSize, pageSize);
+
+    begin = begin + pageSize;
+    end = end - pageSize;
+
     for (Object it = begin; it + pageSize <= end; it = it + pageSize) {
         SmallPage* page = it.page();
         new (page) SmallPage;