Reland "[sandbox] Fold V8_SANDBOXED_EXTERNAL_POINTERS into V8_ENABLE_SANDBOX"

This is a reland of commit 49c5967830

The non-deterministic snapshot issue has been fixed by using the correct
field size for CodeDataContainers in serializer.cc.

Original change's description:
> [sandbox] Fold V8_SANDBOXED_EXTERNAL_POINTERS into V8_ENABLE_SANDBOX
>
> Now that all external pointers have been sandboxed,
> V8_SANDBOXED_EXTERNAL_POINTERS is no longer needed. This change also
> shrinks external pointer slots to 32 bits when the sandbox is enabled.
>
> Bug: v8:10391
> Change-Id: Iccbef27ac107b988cb23fe9ef66da6fe0bae087a
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869269
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83083}

Bug: v8:10391
Change-Id: I29870404406902d99ba6016c570cc0c4d05c6c85
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3887899
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83130}
This commit is contained in:
Samuel Groß 2022-09-12 07:20:02 +00:00 committed by V8 LUCI CQ
parent c1e067e993
commit 0e2dbaac6b
13 changed files with 84 additions and 131 deletions

View File

@ -307,10 +307,6 @@ declare_args() {
# Sets -DV8_ENABLE_SANDBOX.
v8_enable_sandbox = ""
# Enable sandboxing for all external pointers. Requires v8_enable_sandbox.
# Sets -DV8_SANDBOXED_EXTERNAL_POINTERS.
v8_enable_sandboxed_external_pointers = false
# Enable all available sandbox features. Implies v8_enable_sandbox.
v8_enable_sandbox_future = false
@ -534,7 +530,6 @@ if (v8_enable_sandbox == "") {
# Enable all available sandbox features if sandbox future is enabled.
if (v8_enable_sandbox_future) {
v8_enable_sandboxed_external_pointers = true
v8_enable_sandbox = true
}
@ -569,9 +564,6 @@ assert(!v8_enable_sandbox || v8_enable_pointer_compression_shared_cage,
assert(!v8_enable_sandbox || v8_enable_external_code_space,
"The sandbox requires the external code space")
assert(!v8_enable_sandboxed_external_pointers || v8_enable_sandbox,
"Sandboxed external pointers require the sandbox")
assert(!v8_expose_memory_corruption_api || v8_enable_sandbox,
"The Memory Corruption API requires the sandbox")
@ -749,7 +741,6 @@ external_v8_defines = [
"V8_31BIT_SMIS_ON_64BIT_ARCH",
"V8_COMPRESS_ZONES",
"V8_ENABLE_SANDBOX",
"V8_SANDBOXED_EXTERNAL_POINTERS",
"V8_DEPRECATION_WARNINGS",
"V8_IMMINENT_DEPRECATION_WARNINGS",
"V8_NO_ARGUMENTS_ADAPTOR",
@ -780,9 +771,6 @@ if (v8_enable_zone_compression) {
if (v8_enable_sandbox) {
enabled_external_v8_defines += [ "V8_ENABLE_SANDBOX" ]
}
if (v8_enable_sandboxed_external_pointers) {
enabled_external_v8_defines += [ "V8_SANDBOXED_EXTERNAL_POINTERS" ]
}
if (v8_deprecation_warnings) {
enabled_external_v8_defines += [ "V8_DEPRECATION_WARNINGS" ]
}

View File

@ -100,9 +100,6 @@ class V8_EXPORT V8 {
const int kBuildConfiguration =
(internal::PointerCompressionIsEnabled() ? kPointerCompression : 0) |
(internal::SmiValuesAre31Bits() ? k31BitSmis : 0) |
(internal::SandboxedExternalPointersAreEnabled()
? kSandboxedExternalPointers
: 0) |
(internal::SandboxIsEnabled() ? kSandbox : 0);
return Initialize(kBuildConfiguration);
}
@ -273,8 +270,7 @@ class V8_EXPORT V8 {
enum BuildConfigurationFeatures {
kPointerCompression = 1 << 0,
k31BitSmis = 1 << 1,
kSandboxedExternalPointers = 1 << 2,
kSandbox = 1 << 3,
kSandbox = 1 << 2,
};
/**

View File

@ -166,14 +166,6 @@ constexpr bool SandboxIsEnabled() {
#endif
}
constexpr bool SandboxedExternalPointersAreEnabled() {
#ifdef V8_SANDBOXED_EXTERNAL_POINTERS
return true;
#else
return false;
#endif
}
// SandboxedPointers are guaranteed to point into the sandbox. This is achieved
// for example by storing them as offset rather than as raw pointers.
using SandboxedPointer_t = Address;
@ -272,7 +264,7 @@ using ExternalPointerHandle = uint32_t;
// ExternalPointers point to objects located outside the sandbox. When
// sandboxed external pointers are enabled, these are stored on heap as
// ExternalPointerHandles, otherwise they are simply raw pointers.
#ifdef V8_SANDBOXED_EXTERNAL_POINTERS
#ifdef V8_ENABLE_SANDBOX
using ExternalPointer_t = ExternalPointerHandle;
#else
using ExternalPointer_t = Address;
@ -399,9 +391,8 @@ constexpr uint64_t kAllExternalPointerTypeTags[] = {
// When the sandbox is enabled, external pointers marked as "sandboxed" above
// use the external pointer table (i.e. are sandboxed). This allows a gradual
// rollout of external pointer sandboxing. If V8_SANDBOXED_EXTERNAL_POINTERS is
// defined, all external pointers are sandboxed. If the sandbox is off, no
// external pointers are sandboxed.
// rollout of external pointer sandboxing. If the sandbox is off, no external
// pointers are sandboxed.
//
// Sandboxed external pointer tags are available when compressing pointers even
// when the sandbox is off. Some tags (e.g. kWaiterQueueNodeTag) are used
@ -409,9 +400,7 @@ constexpr uint64_t kAllExternalPointerTypeTags[] = {
// alignment requirements.
#define sandboxed(X) (X << kExternalPointerTagShift) | kExternalPointerMarkBit
#define unsandboxed(X) kUnsandboxedExternalPointerTag
#if defined(V8_SANDBOXED_EXTERNAL_POINTERS)
#define EXTERNAL_POINTER_TAG_ENUM(Name, State, Bits) Name = sandboxed(Bits),
#elif defined(V8_COMPRESS_POINTERS)
#if defined(V8_COMPRESS_POINTERS)
#define EXTERNAL_POINTER_TAG_ENUM(Name, State, Bits) Name = State(Bits),
#else
#define EXTERNAL_POINTER_TAG_ENUM(Name, State, Bits) Name = unsandboxed(Bits),

View File

@ -6162,17 +6162,6 @@ bool v8::V8::Initialize(const int build_config) {
kEmbedderSmiValueSize, internal::kSmiValueSize);
}
const bool kEmbedderSandboxedExternalPointers =
(build_config & kSandboxedExternalPointers) != 0;
if (kEmbedderSandboxedExternalPointers !=
V8_SANDBOXED_EXTERNAL_POINTERS_BOOL) {
FATAL(
"Embedder-vs-V8 build configuration mismatch. On embedder side "
"sandboxed external pointers is %s while on V8 side it's %s.",
kEmbedderSandboxedExternalPointers ? "ENABLED" : "DISABLED",
V8_SANDBOXED_EXTERNAL_POINTERS_BOOL ? "ENABLED" : "DISABLED");
}
const bool kEmbedderSandbox = (build_config & kSandbox) != 0;
if (kEmbedderSandbox != V8_ENABLE_SANDBOX_BOOL) {
FATAL(

View File

@ -88,7 +88,7 @@ struct ExternalPointerHandleT : Uint32T {
static constexpr MachineType kMachineType = MachineType::Uint32();
};
#ifdef V8_SANDBOXED_EXTERNAL_POINTERS
#ifdef V8_ENABLE_SANDBOX
struct ExternalPointerT : Uint32T {
static constexpr MachineType kMachineType = MachineType::Uint32();
};

View File

@ -124,12 +124,6 @@ namespace internal {
#define V8_CAN_CREATE_SHARED_HEAP_BOOL false
#endif
#ifdef V8_SANDBOXED_EXTERNAL_POINTERS
#define V8_SANDBOXED_EXTERNAL_POINTERS_BOOL true
#else
#define V8_SANDBOXED_EXTERNAL_POINTERS_BOOL false
#endif
#ifdef V8_ENABLE_SANDBOX
#define V8_ENABLE_SANDBOX_BOOL true
#else
@ -511,7 +505,7 @@ static_assert(kPointerSize == (1 << kPointerSizeLog2));
// This type defines raw storage type for external (or off-V8 heap) pointers
// stored on V8 heap.
constexpr int kExternalPointerSlotSize = sizeof(ExternalPointer_t);
#ifdef V8_SANDBOXED_EXTERNAL_POINTERS
#ifdef V8_ENABLE_SANDBOX
static_assert(kExternalPointerSlotSize == kTaggedSize);
#else
static_assert(kExternalPointerSlotSize == kSystemPointerSize);

View File

@ -221,7 +221,7 @@ void ExternalPointerSlot::store(Isolate* isolate, Address value,
ExternalPointerSlot::RawContent
ExternalPointerSlot::GetAndClearContentForSerialization(
const DisallowGarbageCollection& no_gc) {
#ifdef V8_SANDBOXED_EXTERNAL_POINTERS
#ifdef V8_ENABLE_SANDBOX
ExternalPointerHandle content = Relaxed_LoadHandle();
Relaxed_StoreHandle(kNullExternalPointerHandle);
#else
@ -234,7 +234,7 @@ ExternalPointerSlot::GetAndClearContentForSerialization(
void ExternalPointerSlot::RestoreContentAfterSerialization(
ExternalPointerSlot::RawContent content,
const DisallowGarbageCollection& no_gc) {
#ifdef V8_SANDBOXED_EXTERNAL_POINTERS
#ifdef V8_ENABLE_SANDBOX
return Relaxed_StoreHandle(content);
#else
return WriteMaybeUnalignedValue<Address>(address(), content);

View File

@ -1238,7 +1238,7 @@ void Serializer::ObjectSerializer::OutputRawData(Address up_to) {
// snapshot deterministic.
CHECK_EQ(CodeDataContainer::kCodeCageBaseUpper32BitsOffset + kTaggedSize,
CodeDataContainer::kCodeEntryPointOffset);
static byte field_value[kTaggedSize + kExternalPointerSlotSize] = {0};
static byte field_value[kTaggedSize + kSystemPointerSize] = {0};
OutputRawWithCustomField(
sink_, object_start, base, bytes_to_output,
CodeDataContainer::kCodeCageBaseUpper32BitsOffset,

View File

@ -68,8 +68,6 @@ class BuildFlags : public ContextualClass<BuildFlags> {
build_flags_["V8_ENABLE_WEBASSEMBLY"] = false;
#endif
build_flags_["V8_ENABLE_SANDBOX"] = V8_ENABLE_SANDBOX_BOOL;
build_flags_["V8_SANDBOXED_EXTERNAL_POINTERS"] =
V8_SANDBOXED_EXTERNAL_POINTERS_BOOL;
build_flags_["DEBUG"] = DEBUG_BOOL;
}
static bool GetFlag(const std::string& name, const char* production) {

View File

@ -14,9 +14,9 @@ extern class WasmInstanceObject extends JSObject;
// Represents the context of a function that is defined through the JS or C
// APIs. Corresponds to the WasmInstanceObject passed to a Wasm function
// reference.
// TODO(manoskouk): If V8_SANDBOXED_EXTERNAL_POINTERS, we cannot encode the
// isolate_root as a sandboxed pointer, because that would require having access
// to the isolate root in the first place.
// TODO(manoskouk): If V8_ENABLE_SANDBOX, we cannot encode the isolate_root as
// a sandboxed pointer, because that would require having access to the isolate
// root in the first place.
extern class WasmApiFunctionRef extends HeapObject {
isolate_root: RawPtr;
native_context: NativeContext;

View File

@ -687,9 +687,8 @@ TEST(MakingExternalStringConditions) {
CHECK(local_string->CanMakeExternal());
// Tiny strings are not in-place externalizable when pointer compression is
// enabled, but they are if sandboxed external pointers are enabled.
CHECK_EQ(V8_SANDBOXED_EXTERNAL_POINTERS_BOOL ||
i::kTaggedSize == i::kSystemPointerSize,
// enabled, but they are if the sandbox is enabled.
CHECK_EQ(V8_ENABLE_SANDBOX_BOOL || i::kTaggedSize == i::kSystemPointerSize,
tiny_local_string->CanMakeExternal());
}

View File

@ -2066,11 +2066,11 @@ TEST(CheckCachedDataInternalExternalUncachedString) {
// that we indeed cached it.
Handle<ExternalOneByteString> external_string =
Handle<ExternalOneByteString>::cast(string);
// If sandboxed external pointers are enabled, string objects will always be
// cacheable because they are smaller.
CHECK(V8_SANDBOXED_EXTERNAL_POINTERS_BOOL || external_string->is_uncached());
// If the sandbox is enabled, string objects will always be cacheable because
// they are smaller.
CHECK(V8_ENABLE_SANDBOX_BOOL || external_string->is_uncached());
CHECK(external_string->resource()->IsCacheable());
if (!V8_SANDBOXED_EXTERNAL_POINTERS_BOOL) {
if (!V8_ENABLE_SANDBOX_BOOL) {
CHECK_NOT_NULL(external_string->resource()->cached_data());
CHECK_EQ(external_string->resource()->cached_data(),
external_string->resource()->data());
@ -2109,11 +2109,11 @@ TEST(CheckCachedDataInternalExternalUncachedStringTwoByte) {
// that we indeed cached it.
Handle<ExternalTwoByteString> external_string =
Handle<ExternalTwoByteString>::cast(string);
// If sandboxed external pointers are enabled, string objects will always be
// cacheable because they are smaller.
CHECK(V8_SANDBOXED_EXTERNAL_POINTERS_BOOL || external_string->is_uncached());
// If the sandbox is enabled, string objects will always be cacheable because
// they are smaller.
CHECK(V8_ENABLE_SANDBOX_BOOL || external_string->is_uncached());
CHECK(external_string->resource()->IsCacheable());
if (!V8_SANDBOXED_EXTERNAL_POINTERS_BOOL) {
if (!V8_ENABLE_SANDBOX_BOOL) {
CHECK_NOT_NULL(external_string->resource()->cached_data());
CHECK_EQ(external_string->resource()->cached_data(),
external_string->resource()->data());

View File

@ -515,67 +515,67 @@ KNOWN_OBJECTS = {
("read_only_space", 0x04b49): "NativeScopeInfo",
("read_only_space", 0x04b61): "HashSeed",
("old_space", 0x04235): "ArgumentsIteratorAccessor",
("old_space", 0x04255): "ArrayLengthAccessor",
("old_space", 0x04275): "BoundFunctionLengthAccessor",
("old_space", 0x04295): "BoundFunctionNameAccessor",
("old_space", 0x042b5): "ErrorStackAccessor",
("old_space", 0x042d5): "FunctionArgumentsAccessor",
("old_space", 0x042f5): "FunctionCallerAccessor",
("old_space", 0x04315): "FunctionNameAccessor",
("old_space", 0x04335): "FunctionLengthAccessor",
("old_space", 0x04355): "FunctionPrototypeAccessor",
("old_space", 0x04375): "SharedArrayLengthAccessor",
("old_space", 0x04395): "StringLengthAccessor",
("old_space", 0x043b5): "ValueUnavailableAccessor",
("old_space", 0x043d5): "WrappedFunctionLengthAccessor",
("old_space", 0x043f5): "WrappedFunctionNameAccessor",
("old_space", 0x04415): "InvalidPrototypeValidityCell",
("old_space", 0x0441d): "EmptyScript",
("old_space", 0x04461): "ManyClosuresCell",
("old_space", 0x0446d): "ArrayConstructorProtector",
("old_space", 0x04481): "NoElementsProtector",
("old_space", 0x04495): "MegaDOMProtector",
("old_space", 0x044a9): "IsConcatSpreadableProtector",
("old_space", 0x044bd): "ArraySpeciesProtector",
("old_space", 0x044d1): "TypedArraySpeciesProtector",
("old_space", 0x044e5): "PromiseSpeciesProtector",
("old_space", 0x044f9): "RegExpSpeciesProtector",
("old_space", 0x0450d): "StringLengthProtector",
("old_space", 0x04521): "ArrayIteratorProtector",
("old_space", 0x04535): "ArrayBufferDetachingProtector",
("old_space", 0x04549): "PromiseHookProtector",
("old_space", 0x0455d): "PromiseResolveProtector",
("old_space", 0x04571): "MapIteratorProtector",
("old_space", 0x04585): "PromiseThenProtector",
("old_space", 0x04599): "SetIteratorProtector",
("old_space", 0x045ad): "StringIteratorProtector",
("old_space", 0x045c1): "StringSplitCache",
("old_space", 0x049c9): "RegExpMultipleCache",
("old_space", 0x04dd1): "BuiltinsConstantsTable",
("old_space", 0x05225): "AsyncFunctionAwaitRejectSharedFun",
("old_space", 0x05249): "AsyncFunctionAwaitResolveSharedFun",
("old_space", 0x0526d): "AsyncGeneratorAwaitRejectSharedFun",
("old_space", 0x05291): "AsyncGeneratorAwaitResolveSharedFun",
("old_space", 0x052b5): "AsyncGeneratorYieldResolveSharedFun",
("old_space", 0x052d9): "AsyncGeneratorReturnResolveSharedFun",
("old_space", 0x052fd): "AsyncGeneratorReturnClosedRejectSharedFun",
("old_space", 0x05321): "AsyncGeneratorReturnClosedResolveSharedFun",
("old_space", 0x05345): "AsyncIteratorValueUnwrapSharedFun",
("old_space", 0x05369): "PromiseAllResolveElementSharedFun",
("old_space", 0x0538d): "PromiseAllSettledResolveElementSharedFun",
("old_space", 0x053b1): "PromiseAllSettledRejectElementSharedFun",
("old_space", 0x053d5): "PromiseAnyRejectElementSharedFun",
("old_space", 0x053f9): "PromiseCapabilityDefaultRejectSharedFun",
("old_space", 0x0541d): "PromiseCapabilityDefaultResolveSharedFun",
("old_space", 0x05441): "PromiseCatchFinallySharedFun",
("old_space", 0x05465): "PromiseGetCapabilitiesExecutorSharedFun",
("old_space", 0x05489): "PromiseThenFinallySharedFun",
("old_space", 0x054ad): "PromiseThrowerFinallySharedFun",
("old_space", 0x054d1): "PromiseValueThunkFinallySharedFun",
("old_space", 0x054f5): "ProxyRevokeSharedFun",
("old_space", 0x05519): "ShadowRealmImportValueFulfilledSFI",
("old_space", 0x0553d): "SourceTextModuleExecuteAsyncModuleFulfilledSFI",
("old_space", 0x05561): "SourceTextModuleExecuteAsyncModuleRejectedSFI",
("old_space", 0x0424d): "ArrayLengthAccessor",
("old_space", 0x04265): "BoundFunctionLengthAccessor",
("old_space", 0x0427d): "BoundFunctionNameAccessor",
("old_space", 0x04295): "ErrorStackAccessor",
("old_space", 0x042ad): "FunctionArgumentsAccessor",
("old_space", 0x042c5): "FunctionCallerAccessor",
("old_space", 0x042dd): "FunctionNameAccessor",
("old_space", 0x042f5): "FunctionLengthAccessor",
("old_space", 0x0430d): "FunctionPrototypeAccessor",
("old_space", 0x04325): "SharedArrayLengthAccessor",
("old_space", 0x0433d): "StringLengthAccessor",
("old_space", 0x04355): "ValueUnavailableAccessor",
("old_space", 0x0436d): "WrappedFunctionLengthAccessor",
("old_space", 0x04385): "WrappedFunctionNameAccessor",
("old_space", 0x0439d): "InvalidPrototypeValidityCell",
("old_space", 0x043a5): "EmptyScript",
("old_space", 0x043e9): "ManyClosuresCell",
("old_space", 0x043f5): "ArrayConstructorProtector",
("old_space", 0x04409): "NoElementsProtector",
("old_space", 0x0441d): "MegaDOMProtector",
("old_space", 0x04431): "IsConcatSpreadableProtector",
("old_space", 0x04445): "ArraySpeciesProtector",
("old_space", 0x04459): "TypedArraySpeciesProtector",
("old_space", 0x0446d): "PromiseSpeciesProtector",
("old_space", 0x04481): "RegExpSpeciesProtector",
("old_space", 0x04495): "StringLengthProtector",
("old_space", 0x044a9): "ArrayIteratorProtector",
("old_space", 0x044bd): "ArrayBufferDetachingProtector",
("old_space", 0x044d1): "PromiseHookProtector",
("old_space", 0x044e5): "PromiseResolveProtector",
("old_space", 0x044f9): "MapIteratorProtector",
("old_space", 0x0450d): "PromiseThenProtector",
("old_space", 0x04521): "SetIteratorProtector",
("old_space", 0x04535): "StringIteratorProtector",
("old_space", 0x04549): "StringSplitCache",
("old_space", 0x04951): "RegExpMultipleCache",
("old_space", 0x04d59): "BuiltinsConstantsTable",
("old_space", 0x051ad): "AsyncFunctionAwaitRejectSharedFun",
("old_space", 0x051d1): "AsyncFunctionAwaitResolveSharedFun",
("old_space", 0x051f5): "AsyncGeneratorAwaitRejectSharedFun",
("old_space", 0x05219): "AsyncGeneratorAwaitResolveSharedFun",
("old_space", 0x0523d): "AsyncGeneratorYieldResolveSharedFun",
("old_space", 0x05261): "AsyncGeneratorReturnResolveSharedFun",
("old_space", 0x05285): "AsyncGeneratorReturnClosedRejectSharedFun",
("old_space", 0x052a9): "AsyncGeneratorReturnClosedResolveSharedFun",
("old_space", 0x052cd): "AsyncIteratorValueUnwrapSharedFun",
("old_space", 0x052f1): "PromiseAllResolveElementSharedFun",
("old_space", 0x05315): "PromiseAllSettledResolveElementSharedFun",
("old_space", 0x05339): "PromiseAllSettledRejectElementSharedFun",
("old_space", 0x0535d): "PromiseAnyRejectElementSharedFun",
("old_space", 0x05381): "PromiseCapabilityDefaultRejectSharedFun",
("old_space", 0x053a5): "PromiseCapabilityDefaultResolveSharedFun",
("old_space", 0x053c9): "PromiseCatchFinallySharedFun",
("old_space", 0x053ed): "PromiseGetCapabilitiesExecutorSharedFun",
("old_space", 0x05411): "PromiseThenFinallySharedFun",
("old_space", 0x05435): "PromiseThrowerFinallySharedFun",
("old_space", 0x05459): "PromiseValueThunkFinallySharedFun",
("old_space", 0x0547d): "ProxyRevokeSharedFun",
("old_space", 0x054a1): "ShadowRealmImportValueFulfilledSFI",
("old_space", 0x054c5): "SourceTextModuleExecuteAsyncModuleFulfilledSFI",
("old_space", 0x054e9): "SourceTextModuleExecuteAsyncModuleRejectedSFI",
}
# Lower 32 bits of first page addresses for various heap spaces.