[PA] Disable BRP zapping on iOS
This helps us to investigate Metadata corruption issue on iOS. Bug: 371135823 Change-Id: Id67489c7e989bc528e7ff078454c623d7c23aef9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6427158 Reviewed-by: Keishi Hattori <keishi@chromium.org> Commit-Queue: Mikihito Matsuura <mikt@google.com> Cr-Commit-Position: refs/heads/main@{#1442619}
This commit is contained in:
base/allocator/partition_allocator/src/partition_alloc
@ -4549,7 +4549,9 @@ TEST_P(PartitionAllocTest, RefCountBasic) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
constexpr uint64_t kCookie = 0x1234567890ABCDEF;
|
constexpr uint64_t kCookie = 0x1234567890ABCDEF;
|
||||||
|
#if !PA_BUILDFLAG(IS_IOS)
|
||||||
constexpr uint64_t kQuarantined = 0xEFEFEFEFEFEFEFEF;
|
constexpr uint64_t kQuarantined = 0xEFEFEFEFEFEFEFEF;
|
||||||
|
#endif // !PA_BUILDFLAG(IS_IOS)
|
||||||
|
|
||||||
size_t alloc_size = 64 - ExtraAllocSize(allocator);
|
size_t alloc_size = 64 - ExtraAllocSize(allocator);
|
||||||
uint64_t* ptr1 =
|
uint64_t* ptr1 =
|
||||||
@ -4574,8 +4576,10 @@ TEST_P(PartitionAllocTest, RefCountBasic) {
|
|||||||
// The allocation shouldn't be reclaimed, and its contents should be zapped.
|
// The allocation shouldn't be reclaimed, and its contents should be zapped.
|
||||||
// Retag ptr1 to get its correct MTE tag.
|
// Retag ptr1 to get its correct MTE tag.
|
||||||
ptr1 = TagPtr(ptr1);
|
ptr1 = TagPtr(ptr1);
|
||||||
|
#if !PA_BUILDFLAG(IS_IOS)
|
||||||
EXPECT_NE(*ptr1, kCookie);
|
EXPECT_NE(*ptr1, kCookie);
|
||||||
EXPECT_EQ(*ptr1, kQuarantined);
|
EXPECT_EQ(*ptr1, kQuarantined);
|
||||||
|
#endif // !PA_BUILDFLAG(IS_IOS)
|
||||||
|
|
||||||
// The allocator should not reuse the original slot since its reference count
|
// The allocator should not reuse the original slot since its reference count
|
||||||
// doesn't equal zero.
|
// doesn't equal zero.
|
||||||
|
@ -1983,7 +1983,11 @@ PA_NOINLINE void PartitionRoot::QuarantineForBrp(
|
|||||||
if (hook) [[unlikely]] {
|
if (hook) [[unlikely]] {
|
||||||
hook(object, usable_size);
|
hook(object, usable_size);
|
||||||
} else {
|
} else {
|
||||||
|
// TODO(https://crbug.com/371135823): Enable zapping again once finished
|
||||||
|
// investigation.
|
||||||
|
#if !PA_BUILDFLAG(IS_IOS)
|
||||||
internal::SecureMemset(object, internal::kQuarantinedByte, usable_size);
|
internal::SecureMemset(object, internal::kQuarantinedByte, usable_size);
|
||||||
|
#endif // !PA_BUILDFLAG(IS_IOS)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif // PA_BUILDFLAG(ENABLE_BACKUP_REF_PTR_SUPPORT)
|
#endif // PA_BUILDFLAG(ENABLE_BACKUP_REF_PTR_SUPPORT)
|
||||||
|
@ -1265,6 +1265,7 @@ PA_ALWAYS_INLINE void PartitionAllocFreeForRefCounting(uintptr_t slot_start) {
|
|||||||
|
|
||||||
// Iterating over the entire slot can be really expensive.
|
// Iterating over the entire slot can be really expensive.
|
||||||
#if PA_BUILDFLAG(EXPENSIVE_DCHECKS_ARE_ON)
|
#if PA_BUILDFLAG(EXPENSIVE_DCHECKS_ARE_ON)
|
||||||
|
#if !PA_BUILDFLAG(IS_IOS)
|
||||||
auto hook = PartitionAllocHooks::GetQuarantineOverrideHook();
|
auto hook = PartitionAllocHooks::GetQuarantineOverrideHook();
|
||||||
// If we have a hook the object segment is not necessarily filled
|
// If we have a hook the object segment is not necessarily filled
|
||||||
// with |kQuarantinedByte|.
|
// with |kQuarantinedByte|.
|
||||||
@ -1275,6 +1276,7 @@ PA_ALWAYS_INLINE void PartitionAllocFreeForRefCounting(uintptr_t slot_start) {
|
|||||||
PA_DCHECK(object[i] == kQuarantinedByte);
|
PA_DCHECK(object[i] == kQuarantinedByte);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif // !PA_BUILDFLAG(IS_IOS)
|
||||||
DebugMemset(SlotStartAddr2Ptr(slot_start), kFreedByte,
|
DebugMemset(SlotStartAddr2Ptr(slot_start), kFreedByte,
|
||||||
slot_span->GetUtilizedSlotSize());
|
slot_span->GetUtilizedSlotSize());
|
||||||
#endif // PA_BUILDFLAG(EXPENSIVE_DCHECKS_ARE_ON)
|
#endif // PA_BUILDFLAG(EXPENSIVE_DCHECKS_ARE_ON)
|
||||||
|
Reference in New Issue
Block a user