[ext-code-space] Support V8 sandbox mode

Drive-by: fix multi-arch build. Bug: v8:11880 Change-Id: I4e56370598117fec2a0131e5638d4bac3d84c52f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3412083Reviewed-by: Samuel Groß <saelo@chromium.org> Auto-Submit: Igor Sheludko <ishell@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#78759}

[ext-code-space] Support V8 sandbox mode
Drive-by: fix multi-arch build. Bug: v8:11880 Change-Id: I4e56370598117fec2a0131e5638d4bac3d84c52f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3412083Reviewed-by: Samuel Groß <saelo@chromium.org> Auto-Submit: Igor Sheludko <ishell@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#78759}
019be504 · Igor Sheludko · V8 LUCI CQ · 9ccdfe13 · 019be504 · 019be504
Commit 019be504 authored Jan 25, 2022 by Igor Sheludko Committed by V8 LUCI CQ Jan 25, 2022
5 changed files
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -450,6 +450,7 @@ if (v8_multi_arch_build &&
    "clang_x64_pointer_compression") {
  v8_enable_pointer_compression = !v8_enable_pointer_compression
  v8_enable_pointer_compression_shared_cage = v8_enable_pointer_compression
+  v8_enable_external_code_space = v8_enable_pointer_compression
 }
 # Check if it is a Chromium build and activate PAC/BTI if needed.
@@ -516,10 +517,6 @@ assert(!v8_enable_sandboxed_pointers || v8_enable_sandbox,
 assert(!v8_enable_sandboxed_external_pointers || v8_enable_sandbox,
       "Sandboxed external pointers require the sandbox")
-assert(
-    !v8_enable_sandboxed_external_pointers || !v8_enable_external_code_space,
-    "Sandboxed external pointers are not compatible with external code space YET")
 assert(
    !v8_enable_pointer_compression_shared_cage || v8_enable_pointer_compression,
    "Can't share a pointer compression cage if pointers aren't compressed")

--- a/src/compiler/wasm-compiler.cc
+++ b/src/compiler/wasm-compiler.cc
@@ -3224,8 +3224,8 @@ Node* WasmGraphBuilder::BuildIndirectCall(
  }
 }
-Node* WasmGraphBuilder::BuildLoadExternalPointerFromObject(Node* object,
+Node* WasmGraphBuilder::BuildLoadExternalPointerFromObject(
-                                                           int offset) {
+    Node* object, int offset, ExternalPointerTag tag) {
 #ifdef V8_SANDBOXED_EXTERNAL_POINTERS
  Node* external_pointer = gasm_->LoadFromObject(
      MachineType::Uint32(), object, wasm::ObjectAccess::ToTagged(offset));
@@ -3237,8 +3237,7 @@ Node* WasmGraphBuilder::BuildLoadExternalPointerFromObject(Node* object,
  Node* scaled_index = gasm_->Int32Mul(
      external_pointer, gasm_->Int32Constant(kSystemPointerSize));
  Node* decoded_ptr = gasm_->Load(MachineType::Pointer(), table, scaled_index);
-  Node* tag = gasm_->IntPtrConstant(~kForeignForeignAddressTag);
+  return gasm_->WordAnd(decoded_ptr, gasm_->IntPtrConstant(~tag));
-  return gasm_->WordAnd(decoded_ptr, tag);
 #else
  return gasm_->LoadFromObject(MachineType::Pointer(), object,
                               wasm::ObjectAccess::ToTagged(offset));
@@ -3286,11 +3285,9 @@ Node* WasmGraphBuilder::BuildCallRef(const wasm::FunctionSig* real_sig,
        wasm::ObjectAccess::ToTagged(WasmInternalFunction::kCodeOffset));
    Node* call_target;
    if (V8_EXTERNAL_CODE_SPACE_BOOL) {
-      CHECK(!V8_SANDBOXED_EXTERNAL_POINTERS_BOOL);  // Not supported yet.
+      call_target = BuildLoadExternalPointerFromObject(
-      call_target = gasm_->LoadImmutableFromObject(
+          wrapper_code, CodeDataContainer::kCodeEntryPointOffset,
-          MachineType::Pointer(), wrapper_code,
+          kCodeEntryPointTag);
-          wasm::ObjectAccess::ToTagged(
-              CodeDataContainer::kCodeEntryPointOffset));
    } else {
      call_target = gasm_->IntAdd(

--- a/src/compiler/wasm-compiler.h
+++ b/src/compiler/wasm-compiler.h
@@ -776,7 +776,9 @@ class WasmGraphBuilder {
  Node* BuildMultiReturnFixedArrayFromIterable(const wasm::FunctionSig* sig,
                                               Node* iterable, Node* context);
-  Node* BuildLoadExternalPointerFromObject(Node* object, int offset);
+  Node* BuildLoadExternalPointerFromObject(
+      Node* object, int offset,
+      ExternalPointerTag tag = kForeignForeignAddressTag);
  Node* BuildLoadCallTargetFromExportedFunctionData(Node* function_data);

--- a/src/objects/code-inl.h
+++ b/src/objects/code-inl.h
@@ -914,7 +914,7 @@ ACCESSORS(CodeDataContainer, next_code_link, Object, kNextCodeLinkOffset)
 PtrComprCageBase CodeDataContainer::code_cage_base() const {
 #ifdef V8_EXTERNAL_CODE_SPACE
-  CHECK(!V8_SANDBOXED_EXTERNAL_POINTERS_BOOL);
+  // TODO(v8:10391): consider protecting this value with the sandbox.
  Address code_cage_base_hi =
      ReadField<Tagged_t>(kCodeCageBaseUpper32BitsOffset);
  return PtrComprCageBase(code_cage_base_hi << 32);
@@ -925,7 +925,6 @@ PtrComprCageBase CodeDataContainer::code_cage_base() const {
 void CodeDataContainer::set_code_cage_base(Address code_cage_base) {
 #ifdef V8_EXTERNAL_CODE_SPACE
-  CHECK(!V8_SANDBOXED_EXTERNAL_POINTERS_BOOL);
  Tagged_t code_cage_base_hi = static_cast<Tagged_t>(code_cage_base >> 32);
  WriteField<Tagged_t>(kCodeCageBaseUpper32BitsOffset, code_cage_base_hi);
 #else

--- a/src/objects/objects-body-descriptors-inl.h
+++ b/src/objects/objects-body-descriptors-inl.h
@@ -965,7 +965,8 @@ class CodeDataContainer::BodyDescriptor final : public BodyDescriptorBase {
    if (V8_EXTERNAL_CODE_SPACE_BOOL) {
      v->VisitCodePointer(obj, obj.RawCodeField(kCodeOffset));
-      v->VisitExternalPointer(obj, obj.RawExternalPointerField(kCodeOffset));
+      v->VisitExternalPointer(
+          obj, obj.RawExternalPointerField(kCodeEntryPointOffset));
    }
  }