[v8][pku] Add histogram for CFI page mismatch
We assume a maximum OS page size at compile time and need to bail out of memory protections if there's a mismatch to the size observed at runtime. This histogram will be used to see if this is happening in practice or if we can turn it into a CHECK instead. Change-Id: I6c76f4c8e45a32be610d5a91fe92699e75fcc54b Bug: v8:13355 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4530647 Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Stephen Röttger <sroettger@google.com> Cr-Commit-Position: refs/heads/main@{#1143971}
This commit is contained in:

committed by
Chromium LUCI CQ

parent
04023770ff
commit
191e7fa3fc
@ -12,6 +12,8 @@
|
||||
#include "base/allocator/partition_allocator/thread_isolation/alignment.h"
|
||||
#include "base/check.h"
|
||||
#include "base/check_op.h"
|
||||
#include "base/memory/page_size.h"
|
||||
#include "base/metrics/histogram_functions.h"
|
||||
#include "base/no_destructor.h"
|
||||
|
||||
namespace {
|
||||
@ -50,6 +52,15 @@ void PkeyDisableWriteAccess(int pkey) {
|
||||
namespace gin {
|
||||
|
||||
void ThreadIsolationData::InitializeBeforeThreadCreation() {
|
||||
bool page_size_mismatch = PA_THREAD_ISOLATED_ALIGN_SZ < base::GetPageSize();
|
||||
base::UmaHistogramBoolean("V8.CFIPageSizeMismatch", page_size_mismatch);
|
||||
if (page_size_mismatch) {
|
||||
// We write-protect global variables and need to align and pad them to (a
|
||||
// multiple of) the OS page size. But since page size is not a compile time
|
||||
// constant, check at runtime that our value was large enough.
|
||||
return;
|
||||
}
|
||||
|
||||
pkey = PkeyAlloc(0);
|
||||
if (pkey == -1) {
|
||||
return;
|
||||
|
@ -56,6 +56,19 @@ chromium-metrics-reviews@google.com.
|
||||
</summary>
|
||||
</histogram>
|
||||
|
||||
<histogram name="V8.CFIPageSizeMismatch" units="BooleanOccurred"
|
||||
expires_after="2024-06-01">
|
||||
<owner>sroettger@google.com</owner>
|
||||
<owner>v8-security@google.com</owner>
|
||||
<summary>
|
||||
Whether there's a mismatch between the maximum page size we assume at
|
||||
compile time and the page size we assume at runtime.
|
||||
|
||||
This metric is recorded once at renderer startup when the
|
||||
ThreadIsolatedAllocator is initialized.
|
||||
</summary>
|
||||
</histogram>
|
||||
|
||||
<histogram name="V8.CodeCacheRejectReason" enum="V8CodeCacheRejectReason"
|
||||
expires_after="M77">
|
||||
<owner>yangguo@chromium.org</owner>
|
||||
|
Reference in New Issue
Block a user