2008-11-06 Alp Toker <alp@nuanti.com>

        Reviewed by Cameron Zwarich.

        https://bugs.webkit.org/show_bug.cgi?id=22033
        [GTK] CTI/Linux r38064 crashes; JIT requires executable memory

        Mark pages allocated by the FastMalloc mmap code path executable with
        PROT_EXEC. This fixes crashes seen on CPUs and kernels that enforce
        non-executable memory (like ExecShield on Fedora Linux) when the JIT
        is enabled.

        This patch does not resolve the issue on debug builds so affected
        developers may still need to pass --disable-jit to configure.

        * wtf/TCSystemAlloc.cpp:
        (TryMmap):
        (TryDevMem):
        (TCMalloc_SystemRelease):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@38187 268f45cc-cd09-0410-ab3c-d52691b4dbfc

JavaScriptCore/ChangeLog

+2008-11-06  Alp Toker  <alp@nuanti.com>
+
+        Reviewed by Cameron Zwarich.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22033
+        [GTK] CTI/Linux r38064 crashes; JIT requires executable memory
+
+        Mark pages allocated by the FastMalloc mmap code path executable with
+        PROT_EXEC. This fixes crashes seen on CPUs and kernels that enforce
+        non-executable memory (like ExecShield on Fedora Linux) when the JIT
+        is enabled.
+
+        This patch does not resolve the issue on debug builds so affected
+        developers may still need to pass --disable-jit to configure.
+
+        * wtf/TCSystemAlloc.cpp:
+        (TryMmap):
+        (TryDevMem):
+        (TCMalloc_SystemRelease):
+
 2008-11-06  Peter Gal  <galpeter@inf.u-szeged.hu>
 
         Reviewed by Cameron Zwarich.

JavaScriptCore/wtf/TCSystemAlloc.cpp

@@ -51,6 +51,14 @@
 #include "TCSpinLock.h"
 #include "UnusedParam.h"
 
+#if HAVE(MMAP)
+static const int cProtFlags = PROT_READ | PROT_WRITE
+#if ENABLE(CTI) && PLATFORM(GTK)
+                              | PROT_EXEC
+#endif
+                              ;
+#endif
+
 #ifndef MAP_ANONYMOUS
 #define MAP_ANONYMOUS MAP_ANON
 #endif
@@ -170,7 +178,7 @@ static void* TryMmap(size_t size, size_t *actual_size, size_t alignment) {
     extra = alignment - pagesize;
   }
   void* result = mmap(NULL, size + extra,
-                      PROT_READ|PROT_WRITE,
+                      cProtFlags,
                       MAP_PRIVATE|MAP_ANONYMOUS,
                       -1, 0);
   if (result == reinterpret_cast<void*>(MAP_FAILED)) {
@@ -302,7 +310,7 @@ static void* TryDevMem(size_t size, size_t *actual_size, size_t alignment) {
     devmem_failure = true;
     return NULL;
   }
-  void *result = mmap(0, size + extra, PROT_WRITE|PROT_READ,
+  void *result = mmap(0, size + extra, cProtFlags,
                       MAP_SHARED, physmem_fd, physmem_base);
   if (result == reinterpret_cast<void*>(MAP_FAILED)) {
     devmem_failure = true;
@@ -421,7 +429,7 @@ void TCMalloc_SystemRelease(void* start, size_t length)
 #endif
 
 #if HAVE(MMAP)
-  void *newAddress = mmap(start, length, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED, -1, 0);
+  void *newAddress = mmap(start, length, cProtFlags, MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED, -1, 0);
   UNUSED_PARAM(newAddress);
   // If the mmap failed then that's ok, we just won't return the memory to the system.
   ASSERT(newAddress == start || newAddress == reinterpret_cast<void*>(MAP_FAILED));