[webkit-changes] [WebKit/WebKit] 341e30: Remove OSAllocator's legacy manual impl of ASLR on...

Marcus Plutowski noreply at github.com
Wed Sep 11 08:57:10 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 341e30e628ef34306363a6af1ee18ea4a4955088
      https://github.com/WebKit/WebKit/commit/341e30e628ef34306363a6af1ee18ea4a4955088
  Author: Marcus Plutowski <marcus_plutowski at apple.com>
  Date:   2024-09-11 (Wed, 11 Sep 2024)

  Changed paths:
    M Source/WTF/wtf/posix/OSAllocatorPOSIX.cpp

  Log Message:
  -----------
  Remove OSAllocator's legacy manual impl of ASLR on x86
https://bugs.webkit.org/show_bug.cgi?id=279273
rdar://135430256

Reviewed by Yusuke Suzuki and Sam Weinig.

This has not been necessary for a long time: if you pass mmap a nullptr
for the address, the kernel will select a suitably random location on
its own.
Doing it ourselves is bad for multiple reasons:
 1) it’s slower,
 2) it's confusing,
 3) selecting a specific location in memory is generally suspicious, and
    could stress kernel-internal code paths which are not used much
    elsewhere -- increasing the likelihood of running into a bug.

However, this situation does raise the specter of Chesterton’s Fence: if
the OS does this automatically, then why did we ever implement code to
do it ourselves? The answer is that this code is just really old: the
first patch adding this to the codebase (34933 at main) was committed in
April 2009, and the code has not been touched since December 2010
(63979 at main). ASLR was only implemented on Mac OS X in version 10.5
(Leopard, released October 2007) and only expanded to cover all
applications in 10.7 (Lion, July 2011). So this code was written during
a time when we _did_ need to implement it ourselves; as that is no
longer the case, we should stop doing so.

* Source/WTF/wtf/posix/OSAllocatorPOSIX.cpp:
(WTF::OSAllocator::tryReserveAndCommit): stop rolling our own ASLR

Canonical link: https://commits.webkit.org/283483@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list