Bug 1471258 Disable CFI icall at JIT function entry points
MozReview-Commit-ID: 2OaqvyWXgiK
--- a/js/src/irregexp/RegExpEngine.cpp
+++ b/js/src/irregexp/RegExpEngine.cpp
@@ -1859,16 +1859,18 @@ irregexp::CompilePattern(JSContext* cx,
? RegExpMacroAssembler::GLOBAL_NO_ZERO_LENGTH_CHECK
: RegExpMacroAssembler::GLOBAL);
}
return compiler.Assemble(cx, assembler, node, data->capture_count);
}
template <typename CharT>
+/* Do not apply CFI icall when we enter a JITed function. */
+MOZ_CFI_ICALL_BLACKLIST
RegExpRunStatus
irregexp::ExecuteCode(JSContext* cx, jit::JitCode* codeBlock, const CharT* chars, size_t start,
size_t length, MatchPairs* matches, size_t* endIndex)
{
typedef void (*RegExpCodeSignature)(InputOutputData*);
InputOutputData data(chars, chars + length, start, matches, endIndex);
--- a/js/src/jit/BaselineJIT.cpp
+++ b/js/src/jit/BaselineJIT.cpp
@@ -109,16 +109,18 @@ CheckFrame(InterpreterFrame* fp)
// Fall back to the interpreter to avoid running out of stack space.
JitSpew(JitSpew_BaselineAbort, "Too many arguments (%u)", fp->numActualArgs());
return false;
}
return true;
}
+/* Do not apply CFI icall when we enter a JITed function. */
+MOZ_CFI_ICALL_BLACKLIST
static JitExecStatus
EnterBaseline(JSContext* cx, EnterJitData& data)
{
MOZ_ASSERT(data.osrFrame);
// Check for potential stack overflow before OSR-ing.
uint8_t spDummy;
uint32_t extra = BaselineFrame::Size() + (data.osrNumStackValues * sizeof(Value));
--- a/js/src/jit/Jit.cpp
+++ b/js/src/jit/Jit.cpp
@@ -11,16 +11,18 @@
#include "jit/JitCommon.h"
#include "vm/Interpreter.h"
#include "vm/Stack-inl.h"
using namespace js;
using namespace js::jit;
+/* Do not apply CFI icall when we enter a JITed function. */
+MOZ_CFI_ICALL_BLACKLIST
static EnterJitStatus
EnterJit(JSContext* cx, RunState& state, uint8_t* code)
{
MOZ_ASSERT(state.script()->hasBaselineScript());
MOZ_ASSERT(code);
MOZ_ASSERT(IsBaselineEnabled(cx));
if (!CheckRecursionLimit(cx))
--- a/js/src/vm/UnboxedObject.cpp
+++ b/js/src/vm/UnboxedObject.cpp
@@ -831,16 +831,18 @@ UnboxedPlainObject::create(JSContext* cx
}
// Unboxed objects don't have Values to initialize.
MOZ_ASSERT(*(list + 1) == -1);
}
return uobj;
}
+/* Do not apply CFI icall when we enter a JITed function. */
+MOZ_CFI_ICALL_BLACKLIST
/* static */ JSObject*
UnboxedPlainObject::createWithProperties(JSContext* cx, HandleObjectGroup group,
NewObjectKind newKind, IdValuePair* properties)
{
MOZ_ASSERT(newKind == GenericObject || newKind == TenuredObject);
{
AutoSweepObjectGroup sweep(group);