Open Bug 1886563 Opened 1 year ago Updated 1 month ago

[meta] Make the location of immediate constants uncertain

Tracking

()

Status:

NEW

People

(Reporter: nbp, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: meta)

Nicolas B. Pierron [:nbp]

Reporter

Description

•

1 year ago

Immediate constants are unavoidable, and moving all of them in a data-section might also be undesirable for performance and security reasons.

Also, register allocations and instruction opcodes might be a source of entropy that we would have to mitigate and that cannot easily be moved out of the code-section.

Thus we should add a MacroAssembler wrapping mechanism capable of relocating a section of code during the link-phase of the compilation.
The intent if to have a fixed-size assembly code generation where the linker will alternate between locations where the code might be relocated. The non-allocated location should be forged to cause a catastrophic failure of the program.

Thus, even if the generated content is known, the location would be uncertain, making JIT Spraying unreliable without reading the executable content.

Nicolas B. Pierron [:nbp]

Reporter

Updated

•

1 month ago

Severity: S4 → N/A

You need to log in before you can comment on or make changes to this bug.

Bugzilla

[meta] Make the location of immediate constants uncertain

Categories

(Core :: JavaScript Engine: JIT, task, P3)

Tracking

()

People

(Reporter: nbp, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: meta)

Crash Data

Security

(public)

User Story

Description

Updated