tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE
commit ad3f3d0b8bdfa4e8c3fb7f915081b88f8a12efe2
parent 984eef92f3f7ebe268739fb1c1a3e9875c45a9b5
Author: Ryan Hunt <rhunt@eqrion.net>
Date:   Thu, 18 Dec 2025 16:45:26 +0000

Bug 2002625 - wasm: Move arbitrary code assertions into wasm::Context. r=yury

Move more suspender switching logic into wasm::Context.

Differential Revision: https://phabricator.services.mozilla.com/D274187

Diffstat:

Mjs/src/wasm/WasmContext.cpp | 14+++++++++++---


Mjs/src/wasm/WasmContext.h | 4++--


Mjs/src/wasm/WasmPI.cpp | 19+++----------------


3 files changed, 16 insertions(+), 21 deletions(-)

diff --git a/js/src/wasm/WasmContext.cpp b/js/src/wasm/WasmContext.cpp
@@ -18,10 +18,10 @@
 
 #include "wasm/WasmContext.h"
 
+#include "jit/JitRuntime.h"
 #include "js/friend/StackLimits.h"
 #include "js/TracingAPI.h"
 #include "vm/JSContext.h"
-
 #include "wasm/WasmPI.h"
 
 #ifdef XP_WIN
@@ -93,7 +93,7 @@ void Context::traceRoots(JSTracer* trc) {
   }
 }
 
-void Context::enterSuspendableStack(SuspenderObject* suspender) {
+void Context::enterSuspendableStack(JSContext* cx, SuspenderObject* suspender) {
   MOZ_ASSERT(!activeSuspender_);
   activeSuspender_ = suspender;
   stackLimit = suspender->stackMemoryLimitForJit();
@@ -107,9 +107,13 @@ void Context::enterSuspendableStack(SuspenderObject* suspender) {
   tib->StackLimit =
       reinterpret_cast<void*>(suspender->stackMemoryLimitForSystem());
 #  endif
+
+#  ifdef DEBUG
+  cx->runtime()->jitRuntime()->disallowArbitraryCode();
+#  endif
 }
 
-void Context::leaveSuspendableStack() {
+void Context::leaveSuspendableStack(JSContext* cx) {
   MOZ_ASSERT(activeSuspender_);
   activeSuspender_ = nullptr;
   stackLimit = mainStackLimit;
@@ -120,6 +124,10 @@ void Context::leaveSuspendableStack() {
   tib->StackBase = tibStackBase_;
   tib->StackLimit = tibStackLimit_;
 #  endif
+
+#  ifdef DEBUG
+  cx->runtime()->jitRuntime()->clearDisallowArbitraryCode();
+#  endif
 }
 
 bool js::IsSuspendableStackActive(JSContext* cx) {
diff --git a/js/src/wasm/WasmContext.h b/js/src/wasm/WasmContext.h
@@ -56,8 +56,8 @@ class Context {
   SuspenderObject* activeSuspender() { return activeSuspender_; }
   bool onSuspendableStack() const { return activeSuspender_ != nullptr; }
 
-  void enterSuspendableStack(SuspenderObject* suspender);
-  void leaveSuspendableStack();
+  void enterSuspendableStack(JSContext* cx, SuspenderObject* suspender);
+  void leaveSuspendableStack(JSContext* cx);
 
   void trace(JSTracer* trc);
   void traceRoots(JSTracer* trc);
diff --git a/js/src/wasm/WasmPI.cpp b/js/src/wasm/WasmPI.cpp
@@ -21,7 +21,6 @@
 #include "builtin/Promise.h"
 #include "debugger/DebugAPI.h"
 #include "debugger/Debugger.h"
-#include "jit/JitRuntime.h"
 #include "jit/MIRGenerator.h"
 #include "js/CallAndConstruct.h"
 #include "js/Printf.h"
@@ -323,7 +322,7 @@ void SuspenderObject::trace(JSTracer* trc, JSObject* obj) {
 
 void SuspenderObject::setMoribund(JSContext* cx) {
   MOZ_ASSERT(state() == SuspenderState::Active);
-  cx->wasm().leaveSuspendableStack();
+  cx->wasm().leaveSuspendableStack(cx);
   SuspenderObjectData* data = this->data();
   data->setState(SuspenderState::Moribund);
   data->releaseStackMemory();
@@ -333,20 +332,17 @@ void SuspenderObject::setMoribund(JSContext* cx) {
 
 void SuspenderObject::setActive(JSContext* cx) {
   data()->setState(SuspenderState::Active);
-  cx->wasm().enterSuspendableStack(this);
+  cx->wasm().enterSuspendableStack(cx, this);
 }
 
 void SuspenderObject::setSuspended(JSContext* cx) {
   data()->setState(SuspenderState::Suspended);
-  cx->wasm().leaveSuspendableStack();
+  cx->wasm().leaveSuspendableStack(cx);
 }
 
 void SuspenderObject::enter(JSContext* cx) {
   MOZ_ASSERT(state() == SuspenderState::Initial);
   setActive(cx);
-#  ifdef DEBUG
-  cx->runtime()->jitRuntime()->disallowArbitraryCode();
-#  endif
 }
 
 void SuspenderObject::suspend(JSContext* cx) {
@@ -354,9 +350,6 @@ void SuspenderObject::suspend(JSContext* cx) {
   setSuspended(cx);
   cx->wasm().suspendedStacks_.pushFront(data());
   data()->setSuspendedBy(&cx->wasm());
-#  ifdef DEBUG
-  cx->runtime()->jitRuntime()->clearDisallowArbitraryCode();
-#  endif
 
   if (cx->realm()->isDebuggee()) {
     WasmFrameIter iter(cx->activation()->asJit());
@@ -381,9 +374,6 @@ void SuspenderObject::resume(JSContext* cx) {
   // from roots.
   gc::PreWriteBarrier(this);
   cx->wasm().suspendedStacks_.remove(data());
-#  ifdef DEBUG
-  cx->runtime()->jitRuntime()->disallowArbitraryCode();
-#  endif
 
   if (cx->realm()->isDebuggee()) {
     for (FrameIter iter(cx);; ++iter) {
@@ -402,9 +392,6 @@ void SuspenderObject::resume(JSContext* cx) {
 }
 
 void SuspenderObject::leave(JSContext* cx) {
-#  ifdef DEBUG
-  cx->runtime()->jitRuntime()->clearDisallowArbitraryCode();
-#  endif
   // We are exiting alternative stack if state is active,
   // otherwise the stack was just suspended.
   switch (state()) {