Add V8::IsUsingSecureVirtualMemoryCage API

V8 can fall back to creating a virtual memory cage that does not have the desired security properties but at least allows V8 to run when caging is enabled. This API allows the embedder to determine which kind of cage is being used, for example for metrics collection. Bug: chromium:1218005 Change-Id: I6988d0a4fce8aeb1361b30fce8c9c2f68f3b92f9 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3220343 Commit-Queue: Samuel Groß <saelo@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#77392}
2021-10-14 10:33:38 +02:00 · 2021-10-14 10:33:38 +02:00 · af1d043c21
commit af1d043c21
parent a2b9710fd8
2 changed files with 24 additions and 1 deletions
--- a/include/v8-initialization.h
+++ b/include/v8-initialization.h
@ -227,6 +227,16 @@ class V8_EXPORT V8 {
   * this returns zero.
   */
  static size_t GetVirtualMemoryCageSizeInBytes();
+
+  /**
+   * Returns whether the virtual memory cage is configured securely.
+   *
+   * If V8 cannot create a proper virtual memory cage, it will fall back to
+   * creating a cage that doesn't have the desired security properties but at
+   * least still allows V8 to function. This API can be used to determine if
+   * such an insecure cage is being used, in which case it will return false.
+   */
+  static bool IsUsingSecureVirtualMemoryCage();
 #endif

  /**
--- a/src/api/api.cc
+++ b/src/api/api.cc
@ -6110,7 +6110,9 @@ const char* v8::V8::GetVersion() { return i::Version::GetVersion(); }

 #ifdef V8_VIRTUAL_MEMORY_CAGE
 PageAllocator* v8::V8::GetVirtualMemoryCagePageAllocator() {
-  CHECK(i::GetProcessWideVirtualMemoryCage()->is_initialized());
+  Utils::ApiCheck(i::GetProcessWideVirtualMemoryCage()->is_initialized(),
+                  "v8::V8::GetVirtualMemoryCagePageAllocator",
+                  "The virtual memory cage must be initialized first.");
  return i::GetProcessWideVirtualMemoryCage()->page_allocator();
 }

@ -6121,6 +6123,17 @@ size_t v8::V8::GetVirtualMemoryCageSizeInBytes() {
    return i::GetProcessWideVirtualMemoryCage()->size();
  }
 }
+
+bool v8::V8::IsUsingSecureVirtualMemoryCage() {
+  Utils::ApiCheck(i::GetProcessWideVirtualMemoryCage()->is_initialized(),
+                  "v8::V8::IsUsingSecureVirtualMemoryCage",
+                  "The virtual memory cage must be initialized first.");
+  // TODO(saelo) For now, we only treat a fake cage as insecure. Once we use
+  // caged pointers that assume that the cage has a constant size, we'll also
+  // treat cages smaller than the default size as insecure because caged
+  // pointers can then access memory outside of them.
+  return !i::GetProcessWideVirtualMemoryCage()->is_fake_cage();
+}
 #endif

 void V8::GetSharedMemoryStatistics(SharedMemoryStatistics* statistics) {