Flush ICache on startup deserialization after marking memory executable

Tentative fix for Android invoke crashers with write protection code enabled. Bug: chromium:842862 Change-Id: If238b25b239b50c597f3745aa683f564a717434f Reviewed-on: https://chromium-review.googlesource.com/1061513Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#53209}

Flush ICache on startup deserialization after marking memory executable
Tentative fix for Android invoke crashers with write protection code enabled. Bug: chromium:842862 Change-Id: If238b25b239b50c597f3745aa683f564a717434f Reviewed-on: https://chromium-review.googlesource.com/1061513Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#53209}
05bcb12e · Camillo Bruni · Commit Bot · c865c9f5 · 05bcb12e · 05bcb12e
Commit 05bcb12e authored May 16, 2018 by Camillo Bruni Committed by Commit Bot May 16, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 5 deletions

isolate.cc src/isolate.cc +4 -0

startup-deserializer.cc src/snapshot/startup-deserializer.cc +0 -4

startup-deserializer.h src/snapshot/startup-deserializer.h +2 -1

No files found.
--- a/src/isolate.cc
+++ b/src/isolate.cc
@@ -3082,6 +3082,10 @@ bool Isolate::Init(StartupDeserializer* des) {

    heap_.NotifyDeserializationComplete();
  }
+  // Flush the instruction cache for the entire code-space. Must happen after
+  // builtins deserialization and setting the memory executable again.
+  if (!create_heap_objects) des->FlushICacheForNewIsolate();
+
  delete setup_delegate_;
  setup_delegate_ = nullptr;


--- a/src/snapshot/startup-deserializer.cc
+++ b/src/snapshot/startup-deserializer.cc
@@ -45,10 +45,6 @@ void StartupDeserializer::DeserializeInto(Isolate* isolate) {
    // Deserialize eager builtins from the builtin snapshot. Note that deferred
    // objects must have been deserialized prior to this.
    builtin_deserializer.DeserializeEagerBuiltinsAndHandlers();
-
-    // Flush the instruction cache for the entire code-space. Must happen after
-    // builtins deserialization.
-    FlushICacheForNewIsolate();
  }

  isolate->heap()->set_native_contexts_list(isolate->heap()->undefined_value());

--- a/src/snapshot/startup-deserializer.h
+++ b/src/snapshot/startup-deserializer.h
@@ -21,8 +21,9 @@ class StartupDeserializer final : public Deserializer<> {
  // Deserialize the snapshot into an empty heap.
  void DeserializeInto(Isolate* isolate);

- private:
  void FlushICacheForNewIsolate();
+
+ private:
  void PrintDisassembledCodeObjects();

  // Rehash after deserializing an isolate.