[sandbox] Unsandboxify CodeEntryPoint
For code pointers, the sandbox will require a custom, lightweight CFI mechanism (likely based on the external pointer table). Simply turning all code pointers into ExternalPointers is not sufficient. This CL therefore turns code pointers back into raw pointers for now so that they don't block the external pointer table rollout. Bug: v8:10391 Change-Id: Ib2ba246be546bbf19fcd0f4ae20f4e9a2cf2e099 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859348 Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#82775}
This commit is contained in:
parent
c497701814
commit
a94048877d
@ -383,15 +383,14 @@ constexpr uint64_t kAllExternalPointerTypeTags[] = {
|
|||||||
V(kForeignForeignAddressTag, unsandboxed, TAG(10)) \
|
V(kForeignForeignAddressTag, unsandboxed, TAG(10)) \
|
||||||
V(kNativeContextMicrotaskQueueTag, sandboxed, TAG(11)) \
|
V(kNativeContextMicrotaskQueueTag, sandboxed, TAG(11)) \
|
||||||
V(kEmbedderDataSlotPayloadTag, sandboxed, TAG(12)) \
|
V(kEmbedderDataSlotPayloadTag, sandboxed, TAG(12)) \
|
||||||
V(kCodeEntryPointTag, unsandboxed, TAG(13)) \
|
V(kExternalObjectValueTag, sandboxed, TAG(13)) \
|
||||||
V(kExternalObjectValueTag, sandboxed, TAG(14)) \
|
V(kCallHandlerInfoCallbackTag, sandboxed, TAG(14)) \
|
||||||
V(kCallHandlerInfoCallbackTag, sandboxed, TAG(15)) \
|
V(kAccessorInfoGetterTag, sandboxed, TAG(15)) \
|
||||||
V(kAccessorInfoGetterTag, sandboxed, TAG(16)) \
|
V(kAccessorInfoSetterTag, sandboxed, TAG(16)) \
|
||||||
V(kAccessorInfoSetterTag, sandboxed, TAG(17)) \
|
V(kWasmInternalFunctionCallTargetTag, sandboxed, TAG(17)) \
|
||||||
V(kWasmInternalFunctionCallTargetTag, sandboxed, TAG(18)) \
|
V(kWasmTypeInfoNativeTypeTag, sandboxed, TAG(18)) \
|
||||||
V(kWasmTypeInfoNativeTypeTag, sandboxed, TAG(19)) \
|
V(kWasmExportedFunctionDataSignatureTag, sandboxed, TAG(19)) \
|
||||||
V(kWasmExportedFunctionDataSignatureTag, sandboxed, TAG(20)) \
|
V(kWasmContinuationJmpbufTag, sandboxed, TAG(20))
|
||||||
V(kWasmContinuationJmpbufTag, sandboxed, TAG(21))
|
|
||||||
|
|
||||||
// All external pointer tags.
|
// All external pointer tags.
|
||||||
#define ALL_EXTERNAL_POINTER_TAGS(V) \
|
#define ALL_EXTERNAL_POINTER_TAGS(V) \
|
||||||
|
@ -2343,11 +2343,8 @@ void TurboAssembler::LoadCodeDataContainerEntry(
|
|||||||
ASM_CODE_COMMENT(this);
|
ASM_CODE_COMMENT(this);
|
||||||
CHECK(V8_EXTERNAL_CODE_SPACE_BOOL);
|
CHECK(V8_EXTERNAL_CODE_SPACE_BOOL);
|
||||||
|
|
||||||
LoadExternalPointerField(
|
Ldr(destination, FieldMemOperand(code_data_container_object,
|
||||||
destination,
|
CodeDataContainer::kCodeEntryPointOffset));
|
||||||
FieldMemOperand(code_data_container_object,
|
|
||||||
CodeDataContainer::kCodeEntryPointOffset),
|
|
||||||
kCodeEntryPointTag);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void TurboAssembler::LoadCodeDataContainerCodeNonBuiltin(
|
void TurboAssembler::LoadCodeDataContainerCodeNonBuiltin(
|
||||||
|
@ -14832,9 +14832,8 @@ TNode<CodeT> CodeStubAssembler::GetSharedFunctionInfoCode(
|
|||||||
TNode<RawPtrT> CodeStubAssembler::GetCodeEntry(TNode<CodeT> code) {
|
TNode<RawPtrT> CodeStubAssembler::GetCodeEntry(TNode<CodeT> code) {
|
||||||
#ifdef V8_EXTERNAL_CODE_SPACE
|
#ifdef V8_EXTERNAL_CODE_SPACE
|
||||||
TNode<CodeDataContainer> cdc = CodeDataContainerFromCodeT(code);
|
TNode<CodeDataContainer> cdc = CodeDataContainerFromCodeT(code);
|
||||||
return LoadExternalPointerFromObject(
|
return LoadObjectField<RawPtrT>(
|
||||||
cdc, IntPtrConstant(CodeDataContainer::kCodeEntryPointOffset),
|
cdc, IntPtrConstant(CodeDataContainer::kCodeEntryPointOffset));
|
||||||
kCodeEntryPointTag);
|
|
||||||
#else
|
#else
|
||||||
TNode<IntPtrT> object = BitcastTaggedToWord(code);
|
TNode<IntPtrT> object = BitcastTaggedToWord(code);
|
||||||
return ReinterpretCast<RawPtrT>(
|
return ReinterpretCast<RawPtrT>(
|
||||||
|
@ -2217,10 +2217,8 @@ void TurboAssembler::LoadCodeObjectEntry(Register destination,
|
|||||||
Register code_object) {
|
Register code_object) {
|
||||||
ASM_CODE_COMMENT(this);
|
ASM_CODE_COMMENT(this);
|
||||||
if (V8_EXTERNAL_CODE_SPACE_BOOL) {
|
if (V8_EXTERNAL_CODE_SPACE_BOOL) {
|
||||||
LoadExternalPointerField(
|
movq(destination,
|
||||||
destination,
|
FieldOperand(code_object, CodeDataContainer::kCodeEntryPointOffset));
|
||||||
FieldOperand(code_object, CodeDataContainer::kCodeEntryPointOffset),
|
|
||||||
kCodeEntryPointTag, kScratchRegister);
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2287,11 +2285,8 @@ void TurboAssembler::LoadCodeDataContainerEntry(
|
|||||||
Register destination, Register code_data_container_object) {
|
Register destination, Register code_data_container_object) {
|
||||||
ASM_CODE_COMMENT(this);
|
ASM_CODE_COMMENT(this);
|
||||||
CHECK(V8_EXTERNAL_CODE_SPACE_BOOL);
|
CHECK(V8_EXTERNAL_CODE_SPACE_BOOL);
|
||||||
LoadExternalPointerField(
|
movq(destination, FieldOperand(code_data_container_object,
|
||||||
destination,
|
CodeDataContainer::kCodeEntryPointOffset));
|
||||||
FieldOperand(code_data_container_object,
|
|
||||||
CodeDataContainer::kCodeEntryPointOffset),
|
|
||||||
kCodeEntryPointTag, kScratchRegister);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void TurboAssembler::LoadCodeDataContainerCodeNonBuiltin(
|
void TurboAssembler::LoadCodeDataContainerCodeNonBuiltin(
|
||||||
|
@ -2951,9 +2951,10 @@ Node* WasmGraphBuilder::BuildCallRef(const wasm::FunctionSig* sig,
|
|||||||
wasm::ObjectAccess::ToTagged(WasmInternalFunction::kCodeOffset));
|
wasm::ObjectAccess::ToTagged(WasmInternalFunction::kCodeOffset));
|
||||||
Node* call_target;
|
Node* call_target;
|
||||||
if (V8_EXTERNAL_CODE_SPACE_BOOL) {
|
if (V8_EXTERNAL_CODE_SPACE_BOOL) {
|
||||||
call_target = BuildLoadExternalPointerFromObject(
|
call_target =
|
||||||
wrapper_code, CodeDataContainer::kCodeEntryPointOffset,
|
gasm_->LoadFromObject(MachineType::Pointer(), wrapper_code,
|
||||||
kCodeEntryPointTag);
|
wasm::ObjectAccess::ToTagged(
|
||||||
|
CodeDataContainer::kCodeEntryPointOffset));
|
||||||
} else {
|
} else {
|
||||||
call_target = gasm_->IntAdd(
|
call_target = gasm_->IntAdd(
|
||||||
wrapper_code, gasm_->IntPtrConstant(
|
wrapper_code, gasm_->IntPtrConstant(
|
||||||
|
@ -1529,22 +1529,16 @@ Code CodeDataContainer::code(PtrComprCageBase cage_base,
|
|||||||
|
|
||||||
DEF_GETTER(CodeDataContainer, code_entry_point, Address) {
|
DEF_GETTER(CodeDataContainer, code_entry_point, Address) {
|
||||||
CHECK(V8_EXTERNAL_CODE_SPACE_BOOL);
|
CHECK(V8_EXTERNAL_CODE_SPACE_BOOL);
|
||||||
Isolate* isolate = GetIsolateForSandbox(*this);
|
return ReadField<Address>(kCodeEntryPointOffset);
|
||||||
return ReadExternalPointerField<kCodeEntryPointTag>(kCodeEntryPointOffset,
|
|
||||||
isolate);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void CodeDataContainer::init_code_entry_point(Isolate* isolate,
|
void CodeDataContainer::init_code_entry_point(Isolate* isolate, Address value) {
|
||||||
Address initial_value) {
|
set_code_entry_point(isolate, value);
|
||||||
CHECK(V8_EXTERNAL_CODE_SPACE_BOOL);
|
|
||||||
InitExternalPointerField<kCodeEntryPointTag>(kCodeEntryPointOffset, isolate,
|
|
||||||
initial_value);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void CodeDataContainer::set_code_entry_point(Isolate* isolate, Address value) {
|
void CodeDataContainer::set_code_entry_point(Isolate* isolate, Address value) {
|
||||||
CHECK(V8_EXTERNAL_CODE_SPACE_BOOL);
|
CHECK(V8_EXTERNAL_CODE_SPACE_BOOL);
|
||||||
WriteExternalPointerField<kCodeEntryPointTag>(kCodeEntryPointOffset, isolate,
|
WriteField<Address>(kCodeEntryPointOffset, value);
|
||||||
value);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void CodeDataContainer::SetCodeAndEntryPoint(Isolate* isolate_for_sandbox,
|
void CodeDataContainer::SetCodeAndEntryPoint(Isolate* isolate_for_sandbox,
|
||||||
|
@ -255,7 +255,7 @@ class CodeDataContainer : public HeapObject {
|
|||||||
V(kCodeCageBaseUpper32BitsOffset, \
|
V(kCodeCageBaseUpper32BitsOffset, \
|
||||||
V8_EXTERNAL_CODE_SPACE_BOOL ? kTaggedSize : 0) \
|
V8_EXTERNAL_CODE_SPACE_BOOL ? kTaggedSize : 0) \
|
||||||
V(kCodeEntryPointOffset, \
|
V(kCodeEntryPointOffset, \
|
||||||
V8_EXTERNAL_CODE_SPACE_BOOL ? kExternalPointerSlotSize : 0) \
|
V8_EXTERNAL_CODE_SPACE_BOOL ? kSystemPointerSize : 0) \
|
||||||
V(kFlagsOffset, V8_EXTERNAL_CODE_SPACE_BOOL ? kUInt16Size : 0) \
|
V(kFlagsOffset, V8_EXTERNAL_CODE_SPACE_BOOL ? kUInt16Size : 0) \
|
||||||
V(kBuiltinIdOffset, V8_EXTERNAL_CODE_SPACE_BOOL ? kInt16Size : 0) \
|
V(kBuiltinIdOffset, V8_EXTERNAL_CODE_SPACE_BOOL ? kInt16Size : 0) \
|
||||||
V(kKindSpecificFlagsOffset, kInt32Size) \
|
V(kKindSpecificFlagsOffset, kInt32Size) \
|
||||||
|
@ -1065,9 +1065,6 @@ class CodeDataContainer::BodyDescriptor final : public BodyDescriptorBase {
|
|||||||
|
|
||||||
if (V8_EXTERNAL_CODE_SPACE_BOOL) {
|
if (V8_EXTERNAL_CODE_SPACE_BOOL) {
|
||||||
v->VisitCodePointer(obj, obj.RawCodeField(kCodeOffset));
|
v->VisitCodePointer(obj, obj.RawCodeField(kCodeOffset));
|
||||||
v->VisitExternalPointer(
|
|
||||||
obj, obj.RawExternalPointerField(kCodeEntryPointOffset),
|
|
||||||
kCodeEntryPointTag);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user