[builtins] Clear c_entry_fp when entering JS and at exception path
c_entry_fp is normally cleared in `LeaveExitFrame`, but we adjust the frame without it in the exception path. This can cause the SafeStackFrameIterator to assume we have an exit frame and iterate over frames incorrectly, which for arm64 can cause pointer authentication failures with CFI enabled. Even without the pointer authentication failure, we iterate over frames incorrectly, so make this change for other architectures too. Also clear c_entry_fp in the beginning of JSEntry, after pushing it on the stack. Not doing this doesn't cause pointer authentication failures, but it will make the SafeStackFrameIterator assume we are executing C++ and miss the JS frames on top. Bug: v8:10026 Change-Id: Ie94834920f51e9f1cc5c1c775596726b61fc0507 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642256Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Cr-Commit-Position: refs/heads/master@{#72458}
Showing
Please
register
or
sign in
to comment