bmalloc: vm allocations should plant guard pages

https://bugs.webkit.org/show_bug.cgi?id=156937

Reviewed by Michael Saboff.

* bmalloc/Object.h:
(bmalloc::Object::operator-): Added a - helper.

* bmalloc/VMAllocate.h:
(bmalloc::vmRevokePermissions): Added a helper to revoke permissions on
a VM region. We use this for guard pages.

* bmalloc/VMHeap.cpp:
(bmalloc::VMHeap::allocateSmallChunk): Add guard pages to the start and
end of the chunk.

Note that we don't guard large chunks becuase we need to be able to merge
them. Otherwise, we will run out of virtual addresses.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199936 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/bmalloc/ChangeLog b/Source/bmalloc/ChangeLog
index e5c6431..5dbc6ec 100644 (file)
--- a/Source/bmalloc/ChangeLog
+++ b/Source/bmalloc/ChangeLog
@@ -1,5 +1,26 @@
 2016-04-22  Geoffrey Garen  <ggaren@apple.com>
 
+        bmalloc: vm allocations should plant guard pages
+        https://bugs.webkit.org/show_bug.cgi?id=156937
+
+        Reviewed by Michael Saboff.
+
+        * bmalloc/Object.h:
+        (bmalloc::Object::operator-): Added a - helper.
+
+        * bmalloc/VMAllocate.h:
+        (bmalloc::vmRevokePermissions): Added a helper to revoke permissions on
+        a VM region. We use this for guard pages.
+
+        * bmalloc/VMHeap.cpp:
+        (bmalloc::VMHeap::allocateSmallChunk): Add guard pages to the start and
+        end of the chunk.
+
+        Note that we don't guard large chunks becuase we need to be able to merge
+        them. Otherwise, we will run out of virtual addresses.
+
+2016-04-22  Geoffrey Garen  <ggaren@apple.com>
+
         bmalloc: Constify introspect function pointer table
         https://bugs.webkit.org/show_bug.cgi?id=156936
 

diff --git a/Source/bmalloc/bmalloc/Object.h b/Source/bmalloc/bmalloc/Object.h
index 89650c3..c092a7c 100644 (file)
--- a/Source/bmalloc/bmalloc/Object.h
+++ b/Source/bmalloc/bmalloc/Object.h
@@ -52,6 +52,7 @@ public:
     SmallPage* page();
     
     Object operator+(size_t);
+    Object operator-(size_t);
     bool operator<=(const Object&);
 
 private:
@@ -64,6 +65,11 @@ inline Object Object::operator+(size_t offset)
     return Object(m_chunk, m_offset + offset);
 }
 
+inline Object Object::operator-(size_t offset)
+{
+    return Object(m_chunk, m_offset - offset);
+}
+
 inline bool Object::operator<=(const Object& other)
 {
     BASSERT(m_chunk == other.m_chunk);

diff --git a/Source/bmalloc/bmalloc/VMAllocate.h b/Source/bmalloc/bmalloc/VMAllocate.h
index b0ae33a..1b79f3b 100644 (file)
--- a/Source/bmalloc/bmalloc/VMAllocate.h
+++ b/Source/bmalloc/bmalloc/VMAllocate.h
@@ -137,6 +137,12 @@ inline void vmDeallocate(void* p, size_t vmSize)
     munmap(p, vmSize);
 }
 
+inline void vmRevokePermissions(void* p, size_t vmSize)
+{
+    vmValidate(p, vmSize);
+    mprotect(p, vmSize, PROT_NONE);
+}
+
 // Allocates vmSize bytes at a specified power-of-two alignment.
 // Use this function to create maskable memory regions.
 

diff --git a/Source/bmalloc/bmalloc/VMHeap.cpp b/Source/bmalloc/bmalloc/VMHeap.cpp
index 13dfeaf..8d84522 100644 (file)
--- a/Source/bmalloc/bmalloc/VMHeap.cpp
+++ b/Source/bmalloc/bmalloc/VMHeap.cpp
@@ -75,6 +75,12 @@ void VMHeap::allocateSmallChunk(std::lock_guard<StaticMutex>& lock, size_t pageC
     Object begin(chunk, metadataSize);
     Object end(chunk, chunkSize);
 
+    vmRevokePermissions(begin.begin(), pageSize);
+    vmRevokePermissions(end.begin() - pageSize, pageSize);
+
+    begin = begin + pageSize;
+    end = end - pageSize;
+
     for (Object it = begin; it + pageSize <= end; it = it + pageSize) {
         SmallPage* page = it.page();
         new (page) SmallPage;