287046 – qt-webkit: add a USE flag to enable or disable JavaScript JIT

Bug 287046 - qt-webkit: add a USE flag to enable or disable JavaScript JIT

Summary: qt-webkit: add a USE flag to enable or disable JavaScript JIT

Status:	RESOLVED DUPLICATE of bug 285792

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Library (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Qt Bug Alias

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2009-09-30 09:51 UTC by Pavel Labushev
Modified:	2009-10-28 21:14 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Pavel Labushev 2009-09-30 09:51:23 UTC

The following patch adds a USE flag for qt-webkit/qt-webkit-4.5.1-r1 to enable or disable JavaScript JIT (enabled by default). I'm not sure if this flag should be arch-dependant: currently JIT is availabe on x86 only, but more archs to come (amd64 at least).

--- x11-libs/qt-webkit/qt-webkit-4.5.1-r1.ebuild	2009-09-12 04:06:48.000000000 +0800
+++ x11-libs/qt-webkit/qt-webkit-4.5.1-r1.ebuild	2009-09-30 17:26:00.000000000 +0800
@@ -8,7 +8,7 @@
 DESCRIPTION="The Webkit module for the Qt toolkit"
 SLOT="4"
 KEYWORDS="~alpha amd64 ~arm hppa ~ia64 ~mips ppc ~ppc64 -sparc x86 ~x86-fbsd"
-IUSE="kde"
+IUSE="+jit kde"
 
 DEPEND="~x11-libs/qt-core-${PV}[debug=,ssl]
 	~x11-libs/qt-gui-${PV}[debug=]
@@ -29,6 +29,7 @@
 	qt4-build_src_prepare
 	# Security patch from upstream, bug 281821
 	epatch "${FILESDIR}"/webkit-CVE-2009-1725.patch
+	use jit || epatch "${FILESDIR}"/${PV}-disable-jit.patch
 }
 
 src_configure() {
--- /dev/null	2009-09-30 11:23:31.371765162 +0800
+++ x11-libs/qt-webkit/files/4.5.1-disable-jit.patch	2009-08-27 20:16:20.000000000 +0800
@@ -0,0 +1,23 @@
+--- qt-x11-opensource-src-4.5.1/src/3rdparty/webkit/JavaScriptCore/JavaScriptCore.pri.orig	2009-08-27 20:12:27.000000000 +0800
++++ qt-x11-opensource-src-4.5.1/src/3rdparty/webkit/JavaScriptCore/JavaScriptCore.pri	2009-08-27 20:13:42.000000000 +0800
+@@ -13,20 +13,6 @@
+     LIBS += -lwinmm
+ }
+ 
+-# Disable the JIT due to numerous observed miscompilations :(
+-CONFIG(release):isEqual(QT_ARCH,i386) {
+-     JIT_DEFINES = ENABLE_JIT ENABLE_WREC ENABLE_JIT_OPTIMIZE_CALL ENABLE_JIT_OPTIMIZE_PROPERTY_ACCESS ENABLE_JIT_OPTIMIZE_ARITHMETIC
+-     # Require gcc >= 4.1
+-     linux-g++*:greaterThan(QT_GCC_MAJOR_VERSION,3):greaterThan(QT_GCC_MINOR_VERSION,0) {
+-         DEFINES += $$JIT_DEFINES WTF_USE_JIT_STUB_ARGUMENT_VA_LIST
+-         QMAKE_CXXFLAGS += -fno-stack-protector
+-         QMAKE_CFLAGS += -fno-stack-protector
+-     }
+-     win32-msvc* {
+-         DEFINES += $$JIT_DEFINES WTF_USE_JIT_STUB_ARGUMENT_REGISTER
+-     }
+-}
+-
+ win32-msvc*: INCLUDEPATH += $$PWD/os-win32
+ wince* {
+     INCLUDEPATH += $$PWD/os-wince

Comment 1 Ben de Groot (RETIRED) gentoo-dev

2009-10-01 06:48:04 UTC

Why? Some more background info would be nice.

Comment 2 Pavel Labushev 2009-10-02 10:41:59 UTC

(In reply to comment #1)
> Why? Some more background info would be nice.

JIT requires executable stack pages, and any process performing JavaScript on hardened kernels will require to run with PAX_MPROTECT disabled. This may allow easier code execution exploits to work (without the need in pure ret2libc-style stack preparations, that is harder). Apart from that the JIT itself can be vulnerable.

Comment 3 Ben de Groot (RETIRED) gentoo-dev

2009-10-28 21:14:10 UTC


*** This bug has been marked as a duplicate of bug 285792 ***