[webkit-changes] [WebKit/WebKit] 631724: Forbid JS execution in the GPU Process.

youennf noreply at github.com
Tue May 23 22:14:46 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 631724be62d95c99e442cfc06c2c7450ddc3a23e
      https://github.com/WebKit/WebKit/commit/631724be62d95c99e442cfc06c2c7450ddc3a23e
  Author: Mark Lam <mark.lam at apple.com>
  Date:   2023-05-23 (Tue, 23 May 2023)

  Changed paths:
    M Source/JavaScriptCore/assembler/AbortReason.h
    M Source/JavaScriptCore/interpreter/Interpreter.cpp
    M Source/JavaScriptCore/jit/ExecutableAllocator.cpp
    M Source/JavaScriptCore/llint/LLIntData.cpp
    M Source/JavaScriptCore/llint/LLIntSlowPaths.cpp
    M Source/JavaScriptCore/runtime/JSCConfig.h
    M Source/JavaScriptCore/runtime/VM.cpp
    M Source/WTF/wtf/Assertions.h
    M Source/WTF/wtf/WTFConfig.h
    M Source/WebKit/GPUProcess/EntryPoint/Cocoa/XPCService/GPUServiceEntryPoint.mm

  Log Message:
  -----------
  Forbid JS execution in the GPU Process.
https://bugs.webkit.org/show_bug.cgi?id=254101
rdar://106869810

Reviewed by Yusuke Suzuki and Justin Michaud.

The GPU Process does not need to execute any JS code.  We should enforce this invariant.

* Source/JavaScriptCore/assembler/AbortReason.h:
* Source/JavaScriptCore/interpreter/Interpreter.cpp
(JSC::Interpreter::Interpreter):
* Source/JavaScriptCore/jit/ExecutableAllocator.cpp:
(JSC::ExecutableAllocator::initialize):
* Source/JavaScriptCore/llint/LLIntData.cpp:
(JSC::LLInt::neuterOpcodeMaps):
(JSC::LLInt::initialize):
* Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:
(JSC::LLInt::llint_check_vm_entry_permission):
* Source/JavaScriptCore/runtime/JSCConfig.h:
* Source/JavaScriptCore/runtime/VM.cpp:
(JSC::VM::VM):
* Source/WTF/wtf/Assertions.h:
* Source/WTF/wtf/WTFConfig.h:
* Source/WebKit/GPUProcess/EntryPoint/Cocoa/XPCService/GPUServiceEntryPoint.mm:
(GPU_SERVICE_INITIALIZER):

Originally-landed-as: 259548.460 at safari-7615-branch (2396d8a6e829). rdar://109463439
Canonical link: https://commits.webkit.org/264457@main


  Commit: 611d8d08a798d5370bd90370176c1d42e02debbc
      https://github.com/WebKit/WebKit/commit/611d8d08a798d5370bd90370176c1d42e02debbc
  Author: Mark Lam <mark.lam at apple.com>
  Date:   2023-05-23 (Tue, 23 May 2023)

  Changed paths:
    M Source/JavaScriptCore/llint/LLIntSlowPaths.cpp
    M Source/WTF/WTF.xcodeproj/project.pbxproj
    M Source/WTF/wtf/Assertions.h
    A Source/WTF/wtf/spi/darwin/AbortWithReasonSPI.h

  Log Message:
  -----------
  Declare as abort_with_reason as SPI and add support for older builds.
https://bugs.webkit.org/show_bug.cgi?id=254551
<rdar://problem/107277043>

Reviewed by Tim Horton and Justin Michaud.

We only use abort_with_reason() with OS_REASON_FLAG_SECURITY_SENSITIVE, and that flag
is only available on newer OS versions.  Implement a back up implementation for older
OS versions.

* Source/WTF/WTF.xcodeproj/project.pbxproj:
* Source/WTF/wtf/Assertions.h:
* Source/WTF/wtf/spi/darwin/AbortWithReasonSPI.h: Added.

Originally-landed-as: 259548.499 at safari-7615-branch (af3f7f9c0743). rdar://107277043
Canonical link: https://commits.webkit.org/264458@main


  Commit: ec81069dd2e6d97fe79ae294b0232795384aa976
      https://github.com/WebKit/WebKit/commit/ec81069dd2e6d97fe79ae294b0232795384aa976
  Author: Youenn Fablet <youennf at gmail.com>
  Date:   2023-05-23 (Tue, 23 May 2023)

  Changed paths:
    M Source/WebKit/WebProcess/Network/NetworkProcessConnection.cpp

  Log Message:
  -----------
  [root] 615.1.17: CrashTracer: com.apple.WebKit:  WTF::Detail::CallableWrapper<WebKit::NetworkProcessConnection::broadcastConsoleMessage(JSC::MessageSource, JSC::MessageLevel, WTF::String const&)::$_9, void, WebCore::Page&>::call
rdar://103903569

Reviewed by Alex Christensen.

Not all pages might have a corresponding WebPage.
iTo wrokaround this, we can directly go from Page to main frame document to print console messages.

* Source/WebKit/WebProcess/Network/NetworkProcessConnection.cpp:
(WebKit::NetworkProcessConnection::broadcastConsoleMessage):

Originally-landed-as: 259548.510 at safari-7615-branch (e41d370e4050). rdar://109463439
Canonical link: https://commits.webkit.org/264459@main


Compare: https://github.com/WebKit/WebKit/compare/c6ea643a2652...ec81069dd2e6

More information about the webkit-changes mailing list