0

[v8][pku] Add histogram for CFI page mismatch

We assume a maximum OS page size at compile time and need to bail out
of memory protections if there's a mismatch to the size observed at
runtime.
This histogram will be used to see if this is happening in practice or
if we can turn it into a CHECK instead.

Change-Id: I6c76f4c8e45a32be610d5a91fe92699e75fcc54b
Bug: v8:13355
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4530647
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Stephen Röttger <sroettger@google.com>
Cr-Commit-Position: refs/heads/main@{#1143971}
This commit is contained in:
Stephen Roettger
2023-05-15 10:02:51 +00:00
committed by Chromium LUCI CQ
parent 04023770ff
commit 191e7fa3fc
2 changed files with 24 additions and 0 deletions
gin
tools/metrics/histograms/metadata/v8

@ -12,6 +12,8 @@
#include "base/allocator/partition_allocator/thread_isolation/alignment.h"
#include "base/check.h"
#include "base/check_op.h"
#include "base/memory/page_size.h"
#include "base/metrics/histogram_functions.h"
#include "base/no_destructor.h"
namespace {
@ -50,6 +52,15 @@ void PkeyDisableWriteAccess(int pkey) {
namespace gin {
void ThreadIsolationData::InitializeBeforeThreadCreation() {
bool page_size_mismatch = PA_THREAD_ISOLATED_ALIGN_SZ < base::GetPageSize();
base::UmaHistogramBoolean("V8.CFIPageSizeMismatch", page_size_mismatch);
if (page_size_mismatch) {
// We write-protect global variables and need to align and pad them to (a
// multiple of) the OS page size. But since page size is not a compile time
// constant, check at runtime that our value was large enough.
return;
}
pkey = PkeyAlloc(0);
if (pkey == -1) {
return;

@ -56,6 +56,19 @@ chromium-metrics-reviews@google.com.
</summary>
</histogram>
<histogram name="V8.CFIPageSizeMismatch" units="BooleanOccurred"
expires_after="2024-06-01">
<owner>sroettger@google.com</owner>
<owner>v8-security@google.com</owner>
<summary>
Whether there's a mismatch between the maximum page size we assume at
compile time and the page size we assume at runtime.
This metric is recorded once at renderer startup when the
ThreadIsolatedAllocator is initialized.
</summary>
</histogram>
<histogram name="V8.CodeCacheRejectReason" enum="V8CodeCacheRejectReason"
expires_after="M77">
<owner>yangguo@chromium.org</owner>