[sandbox] Treat sandbox reservation failures as OOMs
When the sandbox cannot be initialized, it's either because there is not enough virtual address space available, or because there is not enough memory for the kernel data structures needed for the reservation (this typically happens on Windows 7/8 where reserving virtual memory is expensive). Both cases should be reported as OOMs, not CHECK failures. Bug: chromium:1325302 Change-Id: I17bde9bcd4fbd6e3d54075b8891287c8fb01c1d7 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688406 Auto-Submit: Samuel Groß <saelo@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#80975}
This commit is contained in:
parent
851854c46f
commit
a072a429a4
@ -95,15 +95,15 @@ bool Sandbox::Initialize(v8::VirtualAddressSpace* vas) {
|
||||
// creating a partially reserved sandbox, as that allows covering more virtual
|
||||
// address space. This happens for CPUs with only 36 virtual address bits, in
|
||||
// which case the sandbox size would end up being only 8GB.
|
||||
bool partially_reserve = false;
|
||||
bool create_partially_reserved_sandbox = false;
|
||||
if (sandbox_size < kSandboxMinimumSize) {
|
||||
static_assert(
|
||||
(8ULL * GB) >= kSandboxMinimumReservationSize,
|
||||
"Minimum reservation size for a partially reserved sandbox must be at "
|
||||
"most 8GB to support CPUs with only 36 virtual address bits");
|
||||
"most 8GB to support systems with only 36 virtual address bits");
|
||||
size_to_reserve = sandbox_size;
|
||||
sandbox_size = kSandboxMinimumSize;
|
||||
partially_reserve = true;
|
||||
create_partially_reserved_sandbox = true;
|
||||
}
|
||||
|
||||
#if defined(V8_OS_WIN)
|
||||
@ -116,7 +116,7 @@ bool Sandbox::Initialize(v8::VirtualAddressSpace* vas) {
|
||||
// doesn't reserve most of the virtual memory, and so doesn't incur the
|
||||
// cost, but also doesn't provide the desired security benefits.
|
||||
size_to_reserve = kSandboxMinimumReservationSize;
|
||||
partially_reserve = true;
|
||||
create_partially_reserved_sandbox = true;
|
||||
}
|
||||
#endif // V8_OS_WIN
|
||||
|
||||
@ -131,18 +131,19 @@ bool Sandbox::Initialize(v8::VirtualAddressSpace* vas) {
|
||||
// technically required for a different reason (large virtual memory
|
||||
// reservations being too expensive).
|
||||
size_to_reserve = kSandboxMinimumReservationSize;
|
||||
partially_reserve = true;
|
||||
create_partially_reserved_sandbox = true;
|
||||
}
|
||||
|
||||
// In any case, the sandbox must be at most as large as our address space.
|
||||
DCHECK_LE(sandbox_size, address_space_limit);
|
||||
|
||||
if (partially_reserve) {
|
||||
return InitializeAsPartiallyReservedSandbox(vas, sandbox_size,
|
||||
size_to_reserve);
|
||||
bool success = false;
|
||||
if (create_partially_reserved_sandbox) {
|
||||
success = InitializeAsPartiallyReservedSandbox(vas, sandbox_size,
|
||||
size_to_reserve);
|
||||
} else {
|
||||
const bool use_guard_regions = true;
|
||||
bool success = Initialize(vas, sandbox_size, use_guard_regions);
|
||||
success = Initialize(vas, sandbox_size, use_guard_regions);
|
||||
#ifdef V8_SANDBOXED_POINTERS
|
||||
// If sandboxed pointers are enabled, we need the sandbox to be initialized,
|
||||
// so fall back to creating a partially reserved sandbox.
|
||||
@ -154,8 +155,17 @@ bool Sandbox::Initialize(v8::VirtualAddressSpace* vas) {
|
||||
vas, sandbox_size, kSandboxMinimumReservationSize);
|
||||
}
|
||||
#endif // V8_SANDBOXED_POINTERS
|
||||
return success;
|
||||
}
|
||||
|
||||
#ifdef V8_SANDBOXED_POINTERS
|
||||
if (!success) {
|
||||
V8::FatalProcessOutOfMemory(
|
||||
nullptr,
|
||||
"Failed to reserve the virtual address space for the V8 sandbox");
|
||||
}
|
||||
#endif // V8_SANDBOXED_POINTERS
|
||||
|
||||
return success;
|
||||
}
|
||||
|
||||
bool Sandbox::Initialize(v8::VirtualAddressSpace* vas, size_t size,
|
||||
|
Loading…
Reference in New Issue
Block a user