diff -r d80eefe94738 js/src/jit/JitOptions.cpp --- a/js/src/jit/JitOptions.cpp Tue Nov 28 21:01:37 2023 +0000 +++ b/js/src/jit/JitOptions.cpp Sat Dec 16 21:21:02 2023 +0100 @@ -441,14 +441,5 @@ setNormalIonWarmUpThreshold(defaultValues.normalIonWarmUpThreshold); } -void DefaultJitOptions::maybeSetWriteProtectCode(bool val) { -#ifdef JS_USE_APPLE_FAST_WX - // On Apple Silicon we always use pthread_jit_write_protect_np. - MOZ_ASSERT(!writeProtectCode); -#else - writeProtectCode = val; -#endif -} - } // namespace jit } // namespace js diff -r d80eefe94738 js/src/jit/JitOptions.h --- a/js/src/jit/JitOptions.h Tue Nov 28 21:01:37 2023 +0000 +++ b/js/src/jit/JitOptions.h Sat Dec 16 21:21:02 2023 +0100 @@ -128,8 +128,6 @@ bool spectreValueMasking; bool spectreJitToCxxCalls; - bool writeProtectCode; - bool supportsUnalignedAccesses; BaseRegForAddress baseRegForLocals; @@ -157,8 +155,6 @@ void enableGvn(bool val); void setFastWarmUp(); - void maybeSetWriteProtectCode(bool val); - bool eagerIonCompilation() const { return normalIonWarmUpThreshold == 0; } }; diff -r d80eefe94738 js/src/jit/ProcessExecutableMemory.cpp --- a/js/src/jit/ProcessExecutableMemory.cpp Tue Nov 28 21:01:37 2023 +0000 +++ b/js/src/jit/ProcessExecutableMemory.cpp Sat Dec 16 21:21:02 2023 +0100 @@ -366,9 +366,6 @@ } static DWORD ProtectionSettingToFlags(ProtectionSetting protection) { - if (!JitOptions.writeProtectCode) { - return PAGE_EXECUTE_READWRITE; - } switch (protection) { case ProtectionSetting::Writable: return PAGE_READWRITE; @@ -516,9 +513,6 @@ } static unsigned ProtectionSettingToFlags(ProtectionSetting protection) { - if (!JitOptions.writeProtectCode) { - return PROT_READ | PROT_WRITE | PROT_EXEC; - } # ifdef MOZ_VALGRIND // If we're configured for Valgrind and running on it, use a slacker // scheme that doesn't change execute permissions, since doing so causes @@ -931,14 +925,6 @@ #else std::atomic_thread_fence(std::memory_order_seq_cst); - if (!JitOptions.writeProtectCode) { - return true; - } - -# ifdef JS_USE_APPLE_FAST_WX - MOZ_CRASH("writeProtectCode should always be false on Apple Silicon"); -# endif - # ifdef XP_WIN DWORD flags = ProtectionSettingToFlags(protection); // This is a essentially a VirtualProtect, but with lighter impact on diff -r d80eefe94738 js/src/jsapi.cpp --- a/js/src/jsapi.cpp Tue Nov 28 21:01:37 2023 +0000 +++ b/js/src/jsapi.cpp Sat Dec 16 21:21:02 2023 +0100 @@ -4332,9 +4332,6 @@ case JSJITCOMPILER_SPECTRE_JIT_TO_CXX_CALLS: jit::JitOptions.spectreJitToCxxCalls = !!value; break; - case JSJITCOMPILER_WRITE_PROTECT_CODE: - jit::JitOptions.maybeSetWriteProtectCode(!!value); - break; case JSJITCOMPILER_WATCHTOWER_MEGAMORPHIC: jit::JitOptions.enableWatchtowerMegamorphic = !!value; break; @@ -4424,9 +4421,6 @@ case JSJITCOMPILER_SPECTRE_JIT_TO_CXX_CALLS: *valueOut = jit::JitOptions.spectreJitToCxxCalls ? 1 : 0; break; - case JSJITCOMPILER_WRITE_PROTECT_CODE: - *valueOut = jit::JitOptions.writeProtectCode ? 1 : 0; - break; case JSJITCOMPILER_WATCHTOWER_MEGAMORPHIC: *valueOut = jit::JitOptions.enableWatchtowerMegamorphic ? 1 : 0; break; diff -r d80eefe94738 js/src/jsapi.h --- a/js/src/jsapi.h Tue Nov 28 21:01:37 2023 +0000 +++ b/js/src/jsapi.h Sat Dec 16 21:21:02 2023 +0100 @@ -837,7 +837,6 @@ Register(SPECTRE_STRING_MITIGATIONS, "spectre.string-mitigations") \ Register(SPECTRE_VALUE_MASKING, "spectre.value-masking") \ Register(SPECTRE_JIT_TO_CXX_CALLS, "spectre.jit-to-cxx-calls") \ - Register(WRITE_PROTECT_CODE, "write-protect-code") \ Register(WATCHTOWER_MEGAMORPHIC, "watchtower.megamorphic") \ Register(WASM_FOLD_OFFSETS, "wasm.fold-offsets") \ Register(WASM_DELAY_TIER2, "wasm.delay-tier2") \ diff -r d80eefe94738 js/src/shell/fuzz-flags.txt --- a/js/src/shell/fuzz-flags.txt Tue Nov 28 21:01:37 2023 +0000 +++ b/js/src/shell/fuzz-flags.txt Sat Dec 16 21:21:02 2023 +0100 @@ -50,8 +50,6 @@ --nursery-bigints=on --spectre-mitigations=off --spectre-mitigations=on ---write-protect-code=off ---write-protect-code=on --more-compartments --fast-warmup --no-jit-backend diff -r d80eefe94738 js/src/shell/js.cpp --- a/js/src/shell/js.cpp Tue Nov 28 21:01:37 2023 +0000 +++ b/js/src/shell/js.cpp Sat Dec 16 21:21:02 2023 +0100 @@ -11697,11 +11697,6 @@ !op.addStringOption('\0', "spectre-mitigations", "on/off", "Whether Spectre mitigations are enabled (default: " "off, on to enable)") || - !op.addStringOption('\0', "write-protect-code", "on/off", - "Whether the W^X policy is enforced to mark JIT code " - "pages as either writable or executable but never " - "both at the same time (default: on, off to " - "disable)") || !op.addStringOption('\0', "cache-ir-stubs", "on/off/call", "Use CacheIR stubs (default: on, off to disable, " "call to enable work-in-progress call ICs)") || @@ -12422,16 +12417,6 @@ } } - if (const char* str = op.getStringOption("write-protect-code")) { - if (strcmp(str, "on") == 0) { - jit::JitOptions.maybeSetWriteProtectCode(true); - } else if (strcmp(str, "off") == 0) { - jit::JitOptions.maybeSetWriteProtectCode(false); - } else { - return OptionFailure("write-protect-code", str); - } - } - if (const char* str = op.getStringOption("ion-scalar-replacement")) { if (strcmp(str, "on") == 0) { jit::JitOptions.disableScalarReplacement = false; diff -r d80eefe94738 js/src/tests/lib/tests.py --- a/js/src/tests/lib/tests.py Tue Nov 28 21:01:37 2023 +0000 +++ b/js/src/tests/lib/tests.py Sat Dec 16 21:21:02 2023 +0100 @@ -25,7 +25,7 @@ "--no-sse3", "--no-threads", ], - ["--baseline-eager", "--write-protect-code=off"], + ["--baseline-eager"], ["--no-blinterp", "--no-baseline", "--no-ion", "--more-compartments"], ["--blinterp-eager"], ], @@ -38,12 +38,12 @@ "--ion-offthread-compile=off", # implies --baseline-eager "--more-compartments", ], - ["--baseline-eager", "--write-protect-code=off"], + ["--baseline-eager"], ["--no-blinterp", "--no-baseline", "--no-ion", "--more-compartments"], ], # used by jit_test.py "ion": [ - ["--baseline-eager", "--write-protect-code=off"], + ["--baseline-eager"], ["--ion-eager", "--ion-offthread-compile=off", "--more-compartments"], ], # Run reduced variants on debug builds, since they take longer time. @@ -54,7 +54,7 @@ "--ion-offthread-compile=off", # implies --baseline-eager "--more-compartments", ], - ["--baseline-eager", "--write-protect-code=off"], + ["--baseline-eager"], ], # Cover cases useful for tsan. Note that we test --ion-eager without # --ion-offthread-compile=off here, because it helps catch races. diff -r d80eefe94738 js/xpconnect/src/XPCJSContext.cpp --- a/js/xpconnect/src/XPCJSContext.cpp Tue Nov 28 21:01:37 2023 +0000 +++ b/js/xpconnect/src/XPCJSContext.cpp Sat Dec 16 21:21:02 2023 +0100 @@ -966,14 +966,6 @@ javascript_options_spectre_jit_to_cxx_calls_DoNotUseDirectly()); #endif - bool writeProtectCode = true; - if (XRE_IsContentProcess()) { - writeProtectCode = - StaticPrefs::javascript_options_content_process_write_protect_code(); - } - JS_SetGlobalJitCompilerOption(cx, JSJITCOMPILER_WRITE_PROTECT_CODE, - writeProtectCode); - JS_SetGlobalJitCompilerOption( cx, JSJITCOMPILER_WATCHTOWER_MEGAMORPHIC, StaticPrefs:: diff -r d80eefe94738 modules/libpref/init/StaticPrefList.yaml --- a/modules/libpref/init/StaticPrefList.yaml Tue Nov 28 21:01:37 2023 +0000 +++ b/modules/libpref/init/StaticPrefList.yaml Sat Dec 16 21:21:02 2023 +0100 @@ -7653,22 +7653,6 @@ # Separate pref to override the values of the Spectre-related prefs above for # isolated web content processes, where we don't need these mitigations. -- name: javascript.options.spectre.disable_for_isolated_content - type: bool - value: true - mirror: always - -# Whether the W^X policy is enforced to mark JIT code pages as either writable -# or executable but never both at the same time. OpenBSD defaults to W^X. -- name: javascript.options.content_process_write_protect_code - type: bool -#if defined(XP_OPENBSD) - value: true -#else - value: false -#endif - mirror: always - # Whether to use the XPCOM thread pool for JS helper tasks. - name: javascript.options.external_thread_pool type: bool