Backport Firefox patch to mark JIT pages as non-writable

We might get away with keeping JIT enabled as long as we mark JIT pages as non-writable. For a patch and the underlying discussion see: https://bugzilla.mozilla.org/show_bug.cgi?id=977805.

added TorBrowserTeam201606R component::applications/tor browser owner::mcs parent::12653 priority::medium resolution::fixed severity::normal status::closed tbb-firefox-patch tbb-hardened tbb-security type::enhancement labels

Trac:
Cc: N/A to intrigeri

Trac:
Parent: N/A to #12653 (moved)

Trac:
Cc: intrigeri to intrigeri, tom@ritter.vg

Trac:
Keywords: N/A deleted, tbb-firefox-patch added
Owner: mikeperry to tbb-team
Component: Firefox Patch Issues to Tor Browser

Trac:
Owner: tbb-team to arthuredelstein
Status: new to assigned
Keywords: N/A deleted, TorBrowserTeam201409 added

Applied patch to ESR31 at https://github.com/arthuredelstein/tor-browser/commit/26f381976714cc7aa7c942d67400c06832a23d7e

I've reverted the patch for now, as I discovered it was causing crashes.

Trac:
Keywords: TorBrowserTeam201409 deleted, TorBrowserTeam201410 added

Trac:
Keywords: ff31-esr deleted, N/A added

Trac:
Keywords: TorBrowserTeam201410 deleted, N/A added

A patch for this just landed in Nightly. Sadly there is no real buildconfig for this, so you might have to just patch ExecutableAllocator::nonWritableJitCode in js/src/jit/ExecutableAllocator.cpp.

Trac:
Username: evilpie

Trac:
Cc: intrigeri, tom@ritter.vg to intrigeri, tom@ritter.vg, mcs, brade

Trac:
Keywords: N/A deleted, tbb-hardening added

Trac:
Keywords: tbb-hardening deleted, tbb-hardened added

Mozilla made progress on this and in order to enable that with --non-writable-jitcode we only need to backport https://hg.mozilla.org/mozilla-central/rev/a0dbf1fe665f. Seems to be worth for the next alphas at least. We might want to backport https://bugzilla.mozilla.org/show_bug.cgi?id=1234246 as well.

Trac:
Severity: N/A to Normal
Reviewer: N/A to N/A
Sponsor: N/A to N/A
Keywords: N/A deleted, TorBrowserTeam201605 added

I think it makes sense to pick up https://bugzilla.mozilla.org/show_bug.cgi?id=1234246.

We could also backport these two performance fixes that went into FF46:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1233818 (8 patches!)
• https://bugzilla.mozilla.org/show_bug.cgi?id=1235046 (non-trivial patch) And there is also the following fix for a somewhat rare crash which will appear in Firefox 48:
• https://bugzilla.mozilla.org/show_bug.cgi?id=1238694

gk (or anyone with an opinion): What do you think? My opinion is that we should skip the two performance patches but pick up the crash fix (that patch is fairly simple, but there is some risk because Mozilla has not shipped it yet).

Trac:
Status: assigned to needs_information

Replying to mcs:

gk (or anyone with an opinion): What do you think? My opinion is that we should skip the two performance patches but pick up the crash fix (that patch is fairly simple, but there is some risk because Mozilla has not shipped it yet).

Sounds good to me and is territory for alpha builds anyway. :)

Trac:
Owner: arthuredelstein to mcs
Status: needs_information to assigned

Trac:
Keywords: TorBrowserTeam201605 deleted, TorBrowserTeam201606 added

We backported the three patches. They are all on the bug12523-01 branch within brade's tor-browser repo.: https://gitweb.torproject.org/user/brade/tor-browser.git/commit/?h=bug12523-01&id=da628e779cfcbc70e6dde45b09bdc2495d10570a https://gitweb.torproject.org/user/brade/tor-browser.git/commit/?h=bug12523-01&id=d733d46f5c5f9f1a73a9f4904d542a44bc984a0d https://gitweb.torproject.org/user/brade/tor-browser.git/commit/?h=bug12523-01&id=70bfa694be143dc5665379e3634d9a41f3d5d754

The first two applied cleanly but we had to do some manual work for the third one (Mozilla refactored some code under js/src/asmjs).

Trac:
Status: assigned to needs_review
Keywords: TorBrowserTeam201606 deleted, TorBrowserTeam201606R added