Consider disabling code memory protection in the content process
Categories
(Core :: JavaScript Engine: JIT, task, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox116 | --- | fixed |
People
(Reporter: jandem, Assigned: jandem)
References
(Blocks 1 open bug)
Details
(Keywords: perf-alert, Whiteboard: [sp3])
Attachments
(2 files)
Our W^X scheme adds a fair amount of overhead on Speedometer 3 and page load. V8 recently disabled this mechanism for performance reasons and because there are known ways to bypass it.
We're working with the security and performance teams to investigate our trade-offs in this area.
|
Assignee | |
Comment 1•11 months ago
|
||
|
|
Assignee | |
Comment 2•11 months ago
|
||
Depends on D179468
|
||
Updated•11 months ago
|
|
||
Updated•11 months ago
|
|
||
Updated•11 months ago
|
|
|
Assignee | |
Updated•11 months ago
|
|
||
Updated•11 months ago
|
|
|
||
Updated•11 months ago
|
Pushed by jdemooij@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/1ce5ad17da6b part 1 - Remove unused ProtectionSetting::Protected. r=nbp https://hg.mozilla.org/integration/autoland/rev/9d31a829691c part 2 - Disable code write protection in content processes. r=nbp https://hg.mozilla.org/integration/autoland/rev/503f95d5ddc5 apply code formatting via Lando
|
||
Comment 4•11 months ago
•
|
||
Backed out for causing process crashes on [@ NS_ABORT_OOM]
Failure log - gl1c // Failure log - xpcshell
There's also this issue present. Failure log
|
|
Assignee | |
Comment 5•11 months ago
|
||
This actually makes sense; the problem is that Apple on ARM64 doesn't allow RWX allocations.
What we need to do is use MAP_JIT with pthread_jit_write_protect_np to change write/execute permissions for the current thread. I have this working locally for the JS JITs, but it also needs changes to how we commit and decommit JIT code pages to work with MAP_JIT so is fairly complicated.
I'll modify the patch to not change behavior on Apple Silicon and then work on supporting that in a separate bug.
|
|
Assignee | |
Updated•11 months ago
|
Pushed by jdemooij@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/028f981600d7 part 1 - Remove unused ProtectionSetting::Protected. r=nbp https://hg.mozilla.org/integration/autoland/rev/5c5cf716aa0b part 2 - Disable code write protection in content processes. r=nbp
|
||
Comment 7•11 months ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/028f981600d7
https://hg.mozilla.org/mozilla-central/rev/5c5cf716aa0b
|
||
Comment 8•11 months ago
|
||
(In reply to Pulsebot from comment #3)
Pushed by jdemooij@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/1ce5ad17da6b
part 1 - Remove unused ProtectionSetting::Protected. r=nbp
https://hg.mozilla.org/integration/autoland/rev/9d31a829691c
part 2 - Disable code write protection in content processes. r=nbp
https://hg.mozilla.org/integration/autoland/rev/503f95d5ddc5
apply code formatting via Lando
== Change summary for alert #38609 (as of Thu, 08 Jun 2023 04:13:13 GMT) ==
Improvements:
| Ratio | Test | Platform | Options | Absolute values (old vs new) | Performance Profiles |
|---|---|---|---|---|---|
| 6% | google-slides loadtime | windows10-64-shippable-qr | bytecode-cached fission warm webrender | 931.53 -> 876.52 | Before/After |
| 5% | google-slides LastVisualChange | windows10-64-shippable-qr | bytecode-cached fission warm webrender | 1,710.24 -> 1,619.02 | Before/After |
| 4% | ebay loadtime | windows10-64-shippable-qr | fission warm webrender | 234.81 -> 226.45 |
For up to date results, see: https://treeherder.mozilla.org/perfherder/alerts?id=38609
|
|
||
Updated•11 months ago
|
|
||
Comment 9•11 months ago
|
||
(In reply to Norisz Fay [:noriszfay] from comment #4)
Backed out for causing process crashes on [@ NS_ABORT_OOM]
Failure log - gl1c // Failure log - xpcshell
There's also this issue present. Failure log
== Change summary for alert #38621 (as of Thu, 08 Jun 2023 11:19:28 GMT) ==
Regressions:
| Ratio | Test | Platform | Options | Absolute values (old vs new) |
|---|---|---|---|---|
| 6% | reddit-billgates-post-1.comments SpeedIndex | windows10-64-shippable-qr | cold fission webrender | 310.05 -> 328.92 |
For up to date results, see: https://treeherder.mozilla.org/perfherder/alerts?id=38621
|
|
||
Comment 10•11 months ago
|
||
(In reply to Norisz Fay [:noriszfay] from comment #4)
Backed out for causing process crashes on [@ NS_ABORT_OOM]
Failure log - gl1c // Failure log - xpcshell
There's also this issue present. Failure log
== Change summary for alert #38628 (as of Thu, 08 Jun 2023 18:20:27 GMT) ==
Regressions:
| Ratio | Test | Platform | Options | Absolute values (old vs new) |
|---|---|---|---|---|
| 4% | ebay loadtime | windows10-64-shippable-qr | fission warm webrender | 222.70 -> 230.52 |
For up to date results, see: https://treeherder.mozilla.org/perfherder/alerts?id=38628
|
|
||
Comment 11•10 months ago
|
||
(In reply to Iulian Moraru from comment #7)
https://hg.mozilla.org/mozilla-central/rev/028f981600d7
https://hg.mozilla.org/mozilla-central/rev/5c5cf716aa0b
== Change summary for alert #38719 (as of Fri, 16 Jun 2023 10:22:28 GMT) ==
Improvements:
| Ratio | Test | Platform | Options | Absolute values (old vs new) | Performance Profiles |
|---|---|---|---|---|---|
| 7% | reddit-billgates-post-1.comments PerceptualSpeedIndex | windows10-64-shippable-qr | cold fission webrender | 242.91 -> 225.62 | |
| 6% | outlook fcp | windows10-64-shippable-qr | fission warm webrender | 100.32 -> 94.38 | |
| 6% | pinterest fcp | macosx1015-64-shippable-qr | fission warm webrender | 226.92 -> 213.58 | |
| 6% | office ContentfulSpeedIndex | windows10-64-shippable-qr | fission warm webrender | 611.22 -> 576.28 | Before/After |
| 6% | reddit-billgates-post-1.comments SpeedIndex | windows10-64-shippable-qr | cold fission webrender | 329.97 -> 311.64 | |
| ... | ... | ... | ... | ... | ... |
| 2% | outlook LastVisualChange | linux1804-64-shippable-qr | fission warm webrender | 2,396.22 -> 2,346.68 |
For up to date results, see: https://treeherder.mozilla.org/perfherder/alerts?id=38719
Description
•