bmalloc should use JSC VM tag for gigacage
authorkeith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 16 Jan 2019 19:08:21 +0000 (19:08 +0000)
committerkeith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 16 Jan 2019 19:08:21 +0000 (19:08 +0000)
https://bugs.webkit.org/show_bug.cgi?id=193496

Reviewed by Mark Lam.

Source/bmalloc:

This patch moves the VMTag info from WTF to bmalloc so that we can
tag gigacage memory with the unused JSC memory tag. The JSC memory
tag was previously used for wasm but since wasm is now allocated
out of the primitive cage it was unused.

* bmalloc.xcodeproj/project.pbxproj:
* bmalloc/BVMTags.h: Copied from Source/WTF/wtf/VMTags.h.
* bmalloc/Gigacage.cpp:
(Gigacage::ensureGigacage):
* bmalloc/VMAllocate.h:
(bmalloc::tryVMAllocate):
(bmalloc::vmZeroAndPurge):

Source/WTF:

Move most of the macros for vm tagging to bmalloc.

* wtf/VMTags.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@240043 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WTF/ChangeLog
Source/WTF/wtf/VMTags.h
Source/bmalloc/ChangeLog
Source/bmalloc/bmalloc.xcodeproj/project.pbxproj
Source/bmalloc/bmalloc/BVMTags.h [new file with mode: 0644]
Source/bmalloc/bmalloc/Gigacage.cpp
Source/bmalloc/bmalloc/VMAllocate.h

index ac52ca0..121e6bf 100644 (file)
@@ -1,3 +1,14 @@
+2019-01-16  Keith Miller  <keith_miller@apple.com>
+
+        bmalloc should use JSC VM tag for gigacage
+        https://bugs.webkit.org/show_bug.cgi?id=193496
+
+        Reviewed by Mark Lam.
+
+        Move most of the macros for vm tagging to bmalloc.
+
+        * wtf/VMTags.h:
+
 2019-01-16  Alberto Garcia  <berto@igalia.com>
 
         [WTF] Compilation fails with system malloc
index 4cf7819..14e021f 100644 (file)
 
 #pragma once
 
-// On Mac OS X, the VM subsystem allows tagging memory requested from mmap and vm_map
-// in order to aid tools that inspect system memory use. 
-#if OS(DARWIN)
-
-#include <mach/vm_statistics.h>
-
-#if defined(VM_MEMORY_TCMALLOC)
-#define VM_TAG_FOR_TCMALLOC_MEMORY VM_MAKE_TAG(VM_MEMORY_TCMALLOC)
-#else
-#define VM_TAG_FOR_TCMALLOC_MEMORY VM_MAKE_TAG(53)
-#endif // defined(VM_MEMORY_TCMALLOC)
-
-#if defined(VM_MEMORY_JAVASCRIPT_JIT_EXECUTABLE_ALLOCATOR)
-#define VM_TAG_FOR_EXECUTABLEALLOCATOR_MEMORY VM_MAKE_TAG(VM_MEMORY_JAVASCRIPT_JIT_EXECUTABLE_ALLOCATOR)
-#else
-#define VM_TAG_FOR_EXECUTABLEALLOCATOR_MEMORY VM_MAKE_TAG(64)
-#endif // defined(VM_MEMORY_JAVASCRIPT_JIT_EXECUTABLE_ALLOCATOR)
-
-#if defined(VM_MEMORY_JAVASCRIPT_JIT_REGISTER_FILE)
-#define VM_TAG_FOR_REGISTERFILE_MEMORY VM_MAKE_TAG(VM_MEMORY_JAVASCRIPT_JIT_REGISTER_FILE)
-#else
-#define VM_TAG_FOR_REGISTERFILE_MEMORY VM_MAKE_TAG(65)
-#endif // defined(VM_MEMORY_JAVASCRIPT_JIT_REGISTER_FILE)
-
-#if defined(VM_MEMORY_JAVASCRIPT_CORE)
-#define VM_TAG_FOR_WEBASSEMBLY_MEMORY VM_MAKE_TAG(VM_MEMORY_JAVASCRIPT_CORE)
-#else
-#define VM_TAG_FOR_WEBASSEMBLY_MEMORY VM_MAKE_TAG(63)
-#endif // defined(VM_MEMORY_JAVASCRIPT_CORE)
-
-#else // OS(DARWIN)
+#if defined(USE_SYSTEM_MALLOC) && USE_SYSTEM_MALLOC
 
 #define VM_TAG_FOR_TCMALLOC_MEMORY -1
 #define VM_TAG_FOR_WEBASSEMBLY_MEMORY -1
 #define VM_TAG_FOR_EXECUTABLEALLOCATOR_MEMORY -1
 #define VM_TAG_FOR_REGISTERFILE_MEMORY -1
 
-#endif // OS(DARWIN)
+#else
+
+#include <bmalloc/BVMTags.h>
+
+#endif
index a2c7064..b30d125 100644 (file)
@@ -1,3 +1,23 @@
+2019-01-16  Keith Miller  <keith_miller@apple.com>
+
+        bmalloc should use JSC VM tag for gigacage
+        https://bugs.webkit.org/show_bug.cgi?id=193496
+
+        Reviewed by Mark Lam.
+
+        This patch moves the VMTag info from WTF to bmalloc so that we can
+        tag gigacage memory with the unused JSC memory tag. The JSC memory
+        tag was previously used for wasm but since wasm is now allocated
+        out of the primitive cage it was unused.
+
+        * bmalloc.xcodeproj/project.pbxproj:
+        * bmalloc/BVMTags.h: Copied from Source/WTF/wtf/VMTags.h.
+        * bmalloc/Gigacage.cpp:
+        (Gigacage::ensureGigacage):
+        * bmalloc/VMAllocate.h:
+        (bmalloc::tryVMAllocate):
+        (bmalloc::vmZeroAndPurge):
+
 2019-01-09  Mark Lam  <mark.lam@apple.com>
 
         Gigacage disabling checks should handle the GIGACAGE_ALLOCATION_CAN_FAIL case properly.
index 860c83e..ba4f0f8 100644 (file)
                AD0934331FCF406D00E85EB5 /* BCompiler.h in Headers */ = {isa = PBXBuildFile; fileRef = AD0934321FCF405000E85EB5 /* BCompiler.h */; settings = {ATTRIBUTES = (Private, ); }; };
                AD14AD29202529C400890E3B /* ProcessCheck.h in Headers */ = {isa = PBXBuildFile; fileRef = AD14AD27202529A600890E3B /* ProcessCheck.h */; };
                AD14AD2A202529C700890E3B /* ProcessCheck.mm in Sources */ = {isa = PBXBuildFile; fileRef = AD14AD28202529B000890E3B /* ProcessCheck.mm */; };
+               DE8B13B321CC5D9F00A63FCD /* BVMTags.h in Headers */ = {isa = PBXBuildFile; fileRef = DE8B13B221CC5D9F00A63FCD /* BVMTags.h */; settings = {ATTRIBUTES = (Private, ); }; };
 /* End PBXBuildFile section */
 
 /* Begin PBXContainerItemProxy section */
                AD0934321FCF405000E85EB5 /* BCompiler.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = BCompiler.h; path = bmalloc/BCompiler.h; sourceTree = "<group>"; };
                AD14AD27202529A600890E3B /* ProcessCheck.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ProcessCheck.h; path = bmalloc/ProcessCheck.h; sourceTree = "<group>"; };
                AD14AD28202529B000890E3B /* ProcessCheck.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = ProcessCheck.mm; path = bmalloc/ProcessCheck.mm; sourceTree = "<group>"; };
+               DE8B13B221CC5D9F00A63FCD /* BVMTags.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = BVMTags.h; path = bmalloc/BVMTags.h; sourceTree = "<group>"; };
 /* End PBXFileReference section */
 
 /* Begin PBXFrameworksBuildPhase section */
                                0F7EB84A1F9541C600F1ABCB /* Bits.h */,
                                0F7EB84B1F9541C600F1ABCB /* BMalloced.h */,
                                14C919C818FCC59F0028DB43 /* BPlatform.h */,
+                               DE8B13B221CC5D9F00A63FCD /* BVMTags.h */,
                                0F74B93D1F89713E00B935D3 /* CryptoRandom.cpp */,
                                0F74B93C1F89713E00B935D3 /* CryptoRandom.h */,
                                14D9DB4517F2447100EAAB79 /* FixedVector.h */,
                                0F5BF1481F22A8D80029D91D /* PerHeapKind.h */,
                                0F26A7A42054830D0090A141 /* PerProcess.cpp */,
                                14446A0717A61FA400F9EA1D /* PerProcess.h */,
-                               144469FD17A61F1F00F9EA1D /* PerThread.h */,
                                6543DDB320EEAEF3003B23D8 /* PerThread.cpp */,
+                               144469FD17A61F1F00F9EA1D /* PerThread.h */,
                                145F6878179E3A4400D65598 /* Range.h */,
                                148EFAE61D6B953B008E721E /* ScopeExit.h */,
                                1417F64F18B7280C0076FA3F /* Syscall.h */,
                4408F2961C9896C40012EC64 /* darwin */ = {
                        isa = PBXGroup;
                        children = (
-                               52F47248210BA2F500B730BB /* MemoryStatusSPI.h */,
                                4426E2821C839547008EB042 /* BSoftLinking.h */,
+                               52F47248210BA2F500B730BB /* MemoryStatusSPI.h */,
                        );
                        name = darwin;
                        sourceTree = "<group>";
                                0F5BF1731F23C5710029D91D /* BExport.h in Headers */,
                                14DD78C918F48D7500950702 /* BInline.h in Headers */,
                                0F7EB84C1F9541C700F1ABCB /* Bits.h in Headers */,
-                               52F47249210BA30200B730BB /* MemoryStatusSPI.h in Headers */,
                                1448C30118F3754C00502839 /* bmalloc.h in Headers */,
                                0F7EB84D1F9541C700F1ABCB /* BMalloced.h in Headers */,
                                14C919C918FCC59F0028DB43 /* BPlatform.h in Headers */,
                                7939885B2076EEB60074A2E7 /* BulkDecommit.h in Headers */,
                                14DD789C18F48D4A00950702 /* BumpAllocator.h in Headers */,
                                140FA00319CE429C00FFD3C8 /* BumpRange.h in Headers */,
+                               DE8B13B321CC5D9F00A63FCD /* BVMTags.h in Headers */,
                                14DD789918F48D4A00950702 /* Cache.h in Headers */,
                                147DC6E31CA5B70B00724E8D /* Chunk.h in Headers */,
                                0F74B93E1F89713E00B935D3 /* CryptoRandom.h in Headers */,
                                141D9B001C8E51C0000ABBA0 /* List.h in Headers */,
                                4426E2811C838EE0008EB042 /* Logging.h in Headers */,
                                14C8992B1CC485E70027A057 /* Map.h in Headers */,
+                               52F47249210BA30200B730BB /* MemoryStatusSPI.h in Headers */,
                                143CB81D19022BC900B16A45 /* Mutex.h in Headers */,
                                144BE11F1CA346520099C8C0 /* Object.h in Headers */,
                                14DD789318F48D0F00950702 /* ObjectType.h in Headers */,
                        };
                        buildConfigurationList = 145F683A179DC45F00D65598 /* Build configuration list for PBXProject "bmalloc" */;
                        compatibilityVersion = "Xcode 3.2";
-                       developmentRegion = English;
+                       developmentRegion = en;
                        hasScannedForEncodings = 0;
                        knownRegions = (
                                en,
                                0F5BF14F1F22DEAF0029D91D /* Gigacage.cpp in Sources */,
                                14F271C718EA3990008C152F /* Heap.cpp in Sources */,
                                0FD557331F7EDB7B00B1F0A3 /* HeapKind.cpp in Sources */,
-                               6543DDB420EEAEF3003B23D8 /* PerThread.cpp in Sources */,
                                0F7EB83B1F9541B000F1ABCB /* IsoHeapImpl.cpp in Sources */,
                                0F5549EF1FB54704007FF75A /* IsoPage.cpp in Sources */,
                                0F7EB8361F9541B000F1ABCB /* IsoTLS.cpp in Sources */,
                                143CB81C19022BC900B16A45 /* Mutex.cpp in Sources */,
                                14F271C818EA3990008C152F /* ObjectType.cpp in Sources */,
                                0F26A7A5205483130090A141 /* PerProcess.cpp in Sources */,
+                               6543DDB420EEAEF3003B23D8 /* PerThread.cpp in Sources */,
                                AD14AD2A202529C700890E3B /* ProcessCheck.mm in Sources */,
                                0F5BF1521F22E1570029D91D /* Scavenger.cpp in Sources */,
                                14F271C918EA3990008C152F /* VMHeap.cpp in Sources */,
diff --git a/Source/bmalloc/bmalloc/BVMTags.h b/Source/bmalloc/bmalloc/BVMTags.h
new file mode 100644 (file)
index 0000000..6574889
--- /dev/null
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2009, 2017 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include "BPlatform.h"
+
+// On Mac OS X, the VM subsystem allows tagging memory requested from mmap and vm_map
+// in order to aid tools that inspect system memory use.
+#if BOS(DARWIN)
+
+#include <mach/vm_statistics.h>
+
+#if defined(VM_MEMORY_TCMALLOC)
+#define VM_TAG_FOR_TCMALLOC_MEMORY VM_MAKE_TAG(VM_MEMORY_TCMALLOC)
+#else
+#define VM_TAG_FOR_TCMALLOC_MEMORY VM_MAKE_TAG(53)
+#endif // defined(VM_MEMORY_TCMALLOC)
+
+#if defined(VM_MEMORY_JAVASCRIPT_JIT_EXECUTABLE_ALLOCATOR)
+#define VM_TAG_FOR_EXECUTABLEALLOCATOR_MEMORY VM_MAKE_TAG(VM_MEMORY_JAVASCRIPT_JIT_EXECUTABLE_ALLOCATOR)
+#else
+#define VM_TAG_FOR_EXECUTABLEALLOCATOR_MEMORY VM_MAKE_TAG(64)
+#endif // defined(VM_MEMORY_JAVASCRIPT_JIT_EXECUTABLE_ALLOCATOR)
+
+#if defined(VM_MEMORY_JAVASCRIPT_JIT_REGISTER_FILE)
+#define VM_TAG_FOR_REGISTERFILE_MEMORY VM_MAKE_TAG(VM_MEMORY_JAVASCRIPT_JIT_REGISTER_FILE)
+#else
+#define VM_TAG_FOR_REGISTERFILE_MEMORY VM_MAKE_TAG(65)
+#endif // defined(VM_MEMORY_JAVASCRIPT_JIT_REGISTER_FILE)
+
+#if defined(VM_MEMORY_JAVASCRIPT_CORE)
+#define VM_TAG_FOR_GIGACAGE_MEMORY VM_MAKE_TAG(VM_MEMORY_JAVASCRIPT_CORE)
+#else
+#define VM_TAG_FOR_GIGACAGE_MEMORY VM_MAKE_TAG(63)
+#endif // defined(VM_MEMORY_JAVASCRIPT_CORE)
+
+#else // BOS(DARWIN)
+
+#define VM_TAG_FOR_TCMALLOC_MEMORY -1
+#define VM_TAG_FOR_GIGACAGE_MEMORY -1
+#define VM_TAG_FOR_EXECUTABLEALLOCATOR_MEMORY -1
+#define VM_TAG_FOR_REGISTERFILE_MEMORY -1
+
+#endif // BOS(DARWIN)
+
+namespace bmalloc {
+
+enum class VMTag {
+    Unknown = -1,
+    Malloc = VM_TAG_FOR_TCMALLOC_MEMORY,
+    JSVMStack = VM_TAG_FOR_REGISTERFILE_MEMORY,
+    JSJITCode = VM_TAG_FOR_EXECUTABLEALLOCATOR_MEMORY,
+    JSGigacage = VM_TAG_FOR_GIGACAGE_MEMORY,
+};
+
+} // namespace bmalloc
index 5b925c4..a88623d 100644 (file)
@@ -163,7 +163,7 @@ void ensureGigacage()
 
             // FIXME: Randomize where this goes.
             // https://bugs.webkit.org/show_bug.cgi?id=175245
-            void* base = tryVMAllocate(maxAlignment, totalSize);
+            void* base = tryVMAllocate(maxAlignment, totalSize, VMTag::JSGigacage);
             if (!base) {
                 if (GIGACAGE_ALLOCATION_CAN_FAIL)
                     return;
index 757d5cd..5370233 100644 (file)
@@ -27,6 +27,7 @@
 #define VMAllocate_h
 
 #include "BAssert.h"
+#include "BVMTags.h"
 #include "Logging.h"
 #include "Range.h"
 #include "Sizes.h"
 
 #if BOS(DARWIN)
 #include <mach/vm_page_size.h>
-#include <mach/vm_statistics.h>
 #endif
 
 namespace bmalloc {
 
-#if BOS(DARWIN)
-#define BMALLOC_VM_TAG VM_MAKE_TAG(VM_MEMORY_TCMALLOC)
-#define BMALLOC_NORESERVE 0
-#elif BOS(LINUX)
-#define BMALLOC_VM_TAG -1
+#ifndef BMALLOC_VM_TAG
+#define BMALLOC_VM_TAG VM_TAG_FOR_TCMALLOC_MEMORY
+#endif
+
+#if BOS(LINUX)
 #define BMALLOC_NORESERVE MAP_NORESERVE
 #else
-#define BMALLOC_VM_TAG -1
 #define BMALLOC_NORESERVE 0
 #endif
 
@@ -122,10 +121,10 @@ inline void vmValidatePhysical(void* p, size_t vmSize)
     BASSERT(p == mask(p, ~(vmPageSizePhysical() - 1)));
 }
 
-inline void* tryVMAllocate(size_t vmSize)
+inline void* tryVMAllocate(size_t vmSize, VMTag usage = VMTag::Malloc)
 {
     vmValidate(vmSize);
-    void* result = mmap(0, vmSize, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON | BMALLOC_NORESERVE, BMALLOC_VM_TAG, 0);
+    void* result = mmap(0, vmSize, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON | BMALLOC_NORESERVE, static_cast<int>(usage), 0);
     if (result == MAP_FAILED)
         return nullptr;
     return result;
@@ -150,19 +149,19 @@ inline void vmRevokePermissions(void* p, size_t vmSize)
     mprotect(p, vmSize, PROT_NONE);
 }
 
-inline void vmZeroAndPurge(void* p, size_t vmSize)
+inline void vmZeroAndPurge(void* p, size_t vmSize, VMTag usage = VMTag::Malloc)
 {
     vmValidate(p, vmSize);
     // MAP_ANON guarantees the memory is zeroed. This will also cause
     // page faults on accesses to this range following this call.
-    void* result = mmap(p, vmSize, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON | MAP_FIXED | BMALLOC_NORESERVE, BMALLOC_VM_TAG, 0);
+    void* result = mmap(p, vmSize, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON | MAP_FIXED | BMALLOC_NORESERVE, static_cast<int>(usage), 0);
     RELEASE_BASSERT(result == p);
 }
 
 // Allocates vmSize bytes at a specified power-of-two alignment.
 // Use this function to create maskable memory regions.
 
-inline void* tryVMAllocate(size_t vmAlignment, size_t vmSize)
+inline void* tryVMAllocate(size_t vmAlignment, size_t vmSize, VMTag usage = VMTag::Malloc)
 {
     vmValidate(vmSize);
     vmValidate(vmAlignment);
@@ -171,7 +170,7 @@ inline void* tryVMAllocate(size_t vmAlignment, size_t vmSize)
     if (mappedSize < vmAlignment || mappedSize < vmSize) // Check for overflow
         return nullptr;
 
-    char* mapped = static_cast<char*>(tryVMAllocate(mappedSize));
+    char* mapped = static_cast<char*>(tryVMAllocate(mappedSize, usage));
     if (!mapped)
         return nullptr;
     char* mappedEnd = mapped + mappedSize;