guix-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: gnu: webkitgtk: Disable SharedArrayBuffers to mitigate Spectre.


From: Mark H. Weaver
Subject: 01/01: gnu: webkitgtk: Disable SharedArrayBuffers to mitigate Spectre.
Date: Sun, 7 Jan 2018 01:17:13 -0500 (EST)

mhw pushed a commit to branch master
in repository guix.

commit 56804398a94bea941183ae4ed29d2a9f82069a6f
Author: Mark H Weaver <address@hidden>
Date:   Sat Jan 6 19:51:06 2018 -0500

    gnu: webkitgtk: Disable SharedArrayBuffers to mitigate Spectre.
    
    * gnu/packages/patches/webkitgtk-mitigate-spectre.patch: New file.
    * gnu/local.mk (dist_patch_DATA): Add it.
    * gnu/packages/webkit.scm (webkitgtk)[source]: Add patch.
---
 gnu/local.mk                                       |   3 +-
 .../patches/webkitgtk-mitigate-spectre.patch       | 107 +++++++++++++++++++++
 gnu/packages/webkit.scm                            |   5 +-
 3 files changed, 112 insertions(+), 3 deletions(-)

diff --git a/gnu/local.mk b/gnu/local.mk
index d82cbce..d4e8419 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -2,7 +2,7 @@
 # Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès 
<address@hidden>
 # Copyright © 2013, 2014, 2015, 2016, 2017 Andreas Enge <address@hidden>
 # Copyright © 2016 Mathieu Lirzin <address@hidden>
-# Copyright © 2013, 2014, 2015, 2016, 2017 Mark H Weaver <address@hidden>
+# Copyright © 2013, 2014, 2015, 2016, 2017, 2018 Mark H Weaver <address@hidden>
 # Copyright © 2016 Chris Marusich <address@hidden>
 # Copyright © 2016, 2017 Kei Kebreau <address@hidden>
 # Copyright © 2016, 2017 Rene Saavedra <address@hidden>
@@ -1136,6 +1136,7 @@ dist_patch_DATA =                                         
\
   %D%/packages/patches/vsearch-unbundle-cityhash.patch         \
   %D%/packages/patches/vte-CVE-2012-2738-pt1.patch                     \
   %D%/packages/patches/vte-CVE-2012-2738-pt2.patch                     \
+  %D%/packages/patches/webkitgtk-mitigate-spectre.patch                \
   %D%/packages/patches/weechat-python.patch                    \
   %D%/packages/patches/wicd-bitrate-none-fix.patch             \
   %D%/packages/patches/wicd-get-selected-profile-fix.patch     \
diff --git a/gnu/packages/patches/webkitgtk-mitigate-spectre.patch 
b/gnu/packages/patches/webkitgtk-mitigate-spectre.patch
new file mode 100644
index 0000000..3d983ed
--- /dev/null
+++ b/gnu/packages/patches/webkitgtk-mitigate-spectre.patch
@@ -0,0 +1,107 @@
+Disable SharedArrayBuffers to mitigate Spectre.  Based on:
+
+  https://trac.webkit.org/changeset/226386/webkit
+
+Backported to webkitgtk-2.18.4 by Mark H Weaver <address@hidden>
+
+
+--- webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.h.orig       
2017-12-19 02:23:07.000000000 -0500
++++ webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.h    
2018-01-06 19:28:55.985066986 -0500
+@@ -338,8 +338,10 @@
+     WriteBarrier<Structure> m_moduleLoaderStructure;
+     WriteBarrier<JSArrayBufferPrototype> m_arrayBufferPrototype;
+     WriteBarrier<Structure> m_arrayBufferStructure;
++#if ENABLE(SHARED_ARRAY_BUFFER)
+     WriteBarrier<JSArrayBufferPrototype> m_sharedArrayBufferPrototype;
+     WriteBarrier<Structure> m_sharedArrayBufferStructure;
++#endif
+ 
+ #define DEFINE_STORAGE_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, 
instanceType, jsName, prototypeBase) \
+     WriteBarrier<capitalName ## Prototype> m_ ## lowerName ## Prototype; \
+@@ -670,8 +672,13 @@
+         switch (sharingMode) {
+         case ArrayBufferSharingMode::Default:
+             return m_arrayBufferPrototype.get();
++#if ENABLE(SHARED_ARRAY_BUFFER)
+         case ArrayBufferSharingMode::Shared:
+             return m_sharedArrayBufferPrototype.get();
++#else
++        default:
++            return m_arrayBufferPrototype.get();
++#endif
+         }
+     }
+     Structure* arrayBufferStructure(ArrayBufferSharingMode sharingMode) const
+@@ -679,8 +686,13 @@
+         switch (sharingMode) {
+         case ArrayBufferSharingMode::Default:
+             return m_arrayBufferStructure.get();
++#if ENABLE(SHARED_ARRAY_BUFFER)
+         case ArrayBufferSharingMode::Shared:
+             return m_sharedArrayBufferStructure.get();
++#else
++        default:
++            return m_arrayBufferStructure.get();
++#endif
+         }
+         RELEASE_ASSERT_NOT_REACHED();
+         return nullptr;
+--- webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.cpp.orig     
2017-12-19 02:23:07.000000000 -0500
++++ webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.cpp  
2018-01-06 19:27:16.628574304 -0500
+@@ -574,8 +574,10 @@
+     
+     m_arrayBufferPrototype.set(vm, this, JSArrayBufferPrototype::create(vm, 
this, JSArrayBufferPrototype::createStructure(vm, this, 
m_objectPrototype.get()), ArrayBufferSharingMode::Default));
+     m_arrayBufferStructure.set(vm, this, JSArrayBuffer::createStructure(vm, 
this, m_arrayBufferPrototype.get()));
++#if ENABLE(SHARED_ARRAY_BUFFER)
+     m_sharedArrayBufferPrototype.set(vm, this, 
JSArrayBufferPrototype::create(vm, this, 
JSArrayBufferPrototype::createStructure(vm, this, m_objectPrototype.get()), 
ArrayBufferSharingMode::Shared));
+     m_sharedArrayBufferStructure.set(vm, this, 
JSArrayBuffer::createStructure(vm, this, m_sharedArrayBufferPrototype.get()));
++#endif
+ 
+     m_iteratorPrototype.set(vm, this, IteratorPrototype::create(vm, this, 
IteratorPrototype::createStructure(vm, this, m_objectPrototype.get())));
+     m_generatorPrototype.set(vm, this, GeneratorPrototype::create(vm, this, 
GeneratorPrototype::createStructure(vm, this, m_iteratorPrototype.get())));
+@@ -620,10 +622,11 @@
+     
+     JSArrayBufferConstructor* arrayBufferConstructor = 
JSArrayBufferConstructor::create(vm, 
JSArrayBufferConstructor::createStructure(vm, this, m_functionPrototype.get()), 
m_arrayBufferPrototype.get(), m_speciesGetterSetter.get(), 
ArrayBufferSharingMode::Default);
+     m_arrayBufferPrototype->putDirectWithoutTransition(vm, 
vm.propertyNames->constructor, arrayBufferConstructor, DontEnum);
++#if ENABLE(SHARED_ARRAY_BUFFER)
+     JSArrayBufferConstructor* sharedArrayBufferConstructor = nullptr;
+     sharedArrayBufferConstructor = JSArrayBufferConstructor::create(vm, 
JSArrayBufferConstructor::createStructure(vm, this, m_functionPrototype.get()), 
m_sharedArrayBufferPrototype.get(), m_speciesGetterSetter.get(), 
ArrayBufferSharingMode::Shared);
+     m_sharedArrayBufferPrototype->putDirectWithoutTransition(vm, 
vm.propertyNames->constructor, sharedArrayBufferConstructor, DontEnum);
+-    
++#endif
+ #define CREATE_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, 
properName, instanceType, jsName, prototypeBase) \
+ capitalName ## Constructor* lowerName ## Constructor = capitalName ## 
Constructor::create(vm, capitalName ## Constructor::createStructure(vm, this, 
m_functionPrototype.get()), m_ ## lowerName ## Prototype.get(), 
m_speciesGetterSetter.get()); \
+ m_ ## lowerName ## Prototype->putDirectWithoutTransition(vm, 
vm.propertyNames->constructor, lowerName ## Constructor, DontEnum); \
+@@ -686,7 +689,9 @@
+     putDirectWithoutTransition(vm, 
vm.propertyNames->builtinNames().ArrayPrivateName(), arrayConstructor, DontEnum 
| DontDelete | ReadOnly);
+ 
+     putDirectWithoutTransition(vm, vm.propertyNames->ArrayBuffer, 
arrayBufferConstructor, DontEnum);
++#if ENABLE(SHARED_ARRAY_BUFFER)
+     putDirectWithoutTransition(vm, vm.propertyNames->SharedArrayBuffer, 
sharedArrayBufferConstructor, DontEnum);
++#endif
+ 
+ #define PUT_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, 
instanceType, jsName, prototypeBase) \
+ putDirectWithoutTransition(vm, vm.propertyNames-> jsName, lowerName ## 
Constructor, DontEnum); \
+@@ -1288,8 +1293,10 @@
+     
+     visitor.append(thisObject->m_arrayBufferPrototype);
+     visitor.append(thisObject->m_arrayBufferStructure);
++#if ENABLE(SHARED_ARRAY_BUFFER)
+     visitor.append(thisObject->m_sharedArrayBufferPrototype);
+     visitor.append(thisObject->m_sharedArrayBufferStructure);
++#endif
+ 
+ #define VISIT_SIMPLE_TYPE(CapitalName, lowerName, properName, instanceType, 
jsName, prototypeBase) \
+     visitor.append(thisObject->m_ ## lowerName ## Prototype); \
+--- webkitgtk-2.18.4/Source/WTF/wtf/Platform.h.orig    2017-10-16 
08:18:56.000000000 -0400
++++ webkitgtk-2.18.4/Source/WTF/wtf/Platform.h 2018-01-06 19:29:52.897349199 
-0500
+@@ -1190,6 +1190,9 @@
+ #define HAVE_NS_ACTIVITY 1
+ #endif
+ 
++/* Disable SharedArrayBuffers until Spectre security concerns are mitigated. 
*/
++#define ENABLE_SHARED_ARRAY_BUFFER 0
++
+ #if (OS(DARWIN) && USE(CG)) || (USE(FREETYPE) && !PLATFORM(GTK)) || 
(PLATFORM(WIN) && (USE(CG) || USE(CAIRO)))
+ #undef ENABLE_OPENTYPE_MATH
+ #define ENABLE_OPENTYPE_MATH 1
diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm
index e2d753a..7acc018 100644
--- a/gnu/packages/webkit.scm
+++ b/gnu/packages/webkit.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2015 Sou Bunnbu <address@hidden>
 ;;; Copyright © 2015 David Hashe <address@hidden>
 ;;; Copyright © 2015 Ricardo Wurmus <address@hidden>
-;;; Copyright © 2015, 2016, 2017 Mark H Weaver <address@hidden>
+;;; Copyright © 2015, 2016, 2017, 2018 Mark H Weaver <address@hidden>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -61,7 +61,8 @@
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1f1j0r996l20cgkvbwpizn7d4yp58cy334b1pvn4kfb5c2dbpdl7"))))
+                "1f1j0r996l20cgkvbwpizn7d4yp58cy334b1pvn4kfb5c2dbpdl7"))
+              (patches (search-patches "webkitgtk-mitigate-spectre.patch"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f ; no tests



reply via email to

[Prev in Thread] Current Thread [Next in Thread]