[PA] Disable BRP zapping on iOS
This helps us to investigate Metadata corruption issue on iOS. Bug: 371135823 Change-Id: Id67489c7e989bc528e7ff078454c623d7c23aef9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6427158 Reviewed-by: Keishi Hattori <keishi@chromium.org> Commit-Queue: Mikihito Matsuura <mikt@google.com> Cr-Commit-Position: refs/heads/main@{#1442619}
This commit is contained in:
base/allocator/partition_allocator/src/partition_alloc
@ -4549,7 +4549,9 @@ TEST_P(PartitionAllocTest, RefCountBasic) {
|
||||
}
|
||||
|
||||
constexpr uint64_t kCookie = 0x1234567890ABCDEF;
|
||||
#if !PA_BUILDFLAG(IS_IOS)
|
||||
constexpr uint64_t kQuarantined = 0xEFEFEFEFEFEFEFEF;
|
||||
#endif // !PA_BUILDFLAG(IS_IOS)
|
||||
|
||||
size_t alloc_size = 64 - ExtraAllocSize(allocator);
|
||||
uint64_t* ptr1 =
|
||||
@ -4574,8 +4576,10 @@ TEST_P(PartitionAllocTest, RefCountBasic) {
|
||||
// The allocation shouldn't be reclaimed, and its contents should be zapped.
|
||||
// Retag ptr1 to get its correct MTE tag.
|
||||
ptr1 = TagPtr(ptr1);
|
||||
#if !PA_BUILDFLAG(IS_IOS)
|
||||
EXPECT_NE(*ptr1, kCookie);
|
||||
EXPECT_EQ(*ptr1, kQuarantined);
|
||||
#endif // !PA_BUILDFLAG(IS_IOS)
|
||||
|
||||
// The allocator should not reuse the original slot since its reference count
|
||||
// doesn't equal zero.
|
||||
|
@ -1983,7 +1983,11 @@ PA_NOINLINE void PartitionRoot::QuarantineForBrp(
|
||||
if (hook) [[unlikely]] {
|
||||
hook(object, usable_size);
|
||||
} else {
|
||||
// TODO(https://crbug.com/371135823): Enable zapping again once finished
|
||||
// investigation.
|
||||
#if !PA_BUILDFLAG(IS_IOS)
|
||||
internal::SecureMemset(object, internal::kQuarantinedByte, usable_size);
|
||||
#endif // !PA_BUILDFLAG(IS_IOS)
|
||||
}
|
||||
}
|
||||
#endif // PA_BUILDFLAG(ENABLE_BACKUP_REF_PTR_SUPPORT)
|
||||
|
@ -1265,6 +1265,7 @@ PA_ALWAYS_INLINE void PartitionAllocFreeForRefCounting(uintptr_t slot_start) {
|
||||
|
||||
// Iterating over the entire slot can be really expensive.
|
||||
#if PA_BUILDFLAG(EXPENSIVE_DCHECKS_ARE_ON)
|
||||
#if !PA_BUILDFLAG(IS_IOS)
|
||||
auto hook = PartitionAllocHooks::GetQuarantineOverrideHook();
|
||||
// If we have a hook the object segment is not necessarily filled
|
||||
// with |kQuarantinedByte|.
|
||||
@ -1275,6 +1276,7 @@ PA_ALWAYS_INLINE void PartitionAllocFreeForRefCounting(uintptr_t slot_start) {
|
||||
PA_DCHECK(object[i] == kQuarantinedByte);
|
||||
}
|
||||
}
|
||||
#endif // !PA_BUILDFLAG(IS_IOS)
|
||||
DebugMemset(SlotStartAddr2Ptr(slot_start), kFreedByte,
|
||||
slot_span->GetUtilizedSlotSize());
|
||||
#endif // PA_BUILDFLAG(EXPENSIVE_DCHECKS_ARE_ON)
|
||||
|
Reference in New Issue
Block a user