• Georgia Kouveli's avatar
    [builtins] Clear c_entry_fp when entering JS and at exception path · 07b03b83
    Georgia Kouveli authored
    c_entry_fp is normally cleared in `LeaveExitFrame`, but we adjust
    the frame without it in the exception path.
    
    This can cause the SafeStackFrameIterator to assume we have an exit
    frame and iterate over frames incorrectly, which for arm64 can
    cause pointer authentication failures with CFI enabled. Even without
    the pointer authentication failure, we iterate over frames incorrectly,
    so make this change for other architectures too.
    
    Also clear c_entry_fp in the beginning of JSEntry, after pushing it
    on the stack. Not doing this doesn't cause pointer authentication
    failures, but it will make the SafeStackFrameIterator assume we
    are executing C++ and miss the JS frames on top.
    
    Bug: v8:10026
    Change-Id: Ie94834920f51e9f1cc5c1c775596726b61fc0507
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642256Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
    Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
    Cr-Commit-Position: refs/heads/master@{#72458}
    07b03b83
builtins-x64.cc 159 KB