Commit 0da245a8 authored by Anton Bikineev's avatar Anton Bikineev Committed by V8 LUCI CQ

base: Fix races in BoundedPageAllocator

Due to missing locks, there is a race between AllocatePagesAt (or
ReserveForSharedMemoryMapping) and other functions that modify
std::sets in RegionAllocator (e.g. AllocatePages or ReleasePages).

The CL adds locks to AllocatePagesAt and ReserveForSharedMemoryMapping.

Bug: chromium:1232067
Change-Id: I0ec503ab1ab432952ea067eb916299ea88566879
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056985
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75981}
parent 9bd74dfd
...@@ -49,11 +49,16 @@ bool BoundedPageAllocator::AllocatePagesAt(Address address, size_t size, ...@@ -49,11 +49,16 @@ bool BoundedPageAllocator::AllocatePagesAt(Address address, size_t size,
PageAllocator::Permission access) { PageAllocator::Permission access) {
CHECK(IsAligned(address, allocate_page_size_)); CHECK(IsAligned(address, allocate_page_size_));
CHECK(IsAligned(size, allocate_page_size_)); CHECK(IsAligned(size, allocate_page_size_));
CHECK(region_allocator_.contains(address, size));
if (!region_allocator_.AllocateRegionAt(address, size)) { {
return false; MutexGuard guard(&mutex_);
CHECK(region_allocator_.contains(address, size));
if (!region_allocator_.AllocateRegionAt(address, size)) {
return false;
}
} }
CHECK(page_allocator_->SetPermissions(reinterpret_cast<void*>(address), size, CHECK(page_allocator_->SetPermissions(reinterpret_cast<void*>(address), size,
access)); access));
return true; return true;
...@@ -64,14 +69,18 @@ bool BoundedPageAllocator::ReserveForSharedMemoryMapping(void* ptr, ...@@ -64,14 +69,18 @@ bool BoundedPageAllocator::ReserveForSharedMemoryMapping(void* ptr,
Address address = reinterpret_cast<Address>(ptr); Address address = reinterpret_cast<Address>(ptr);
CHECK(IsAligned(address, allocate_page_size_)); CHECK(IsAligned(address, allocate_page_size_));
CHECK(IsAligned(size, commit_page_size_)); CHECK(IsAligned(size, commit_page_size_));
CHECK(region_allocator_.contains(address, size));
{
// Region allocator requires page size rather than commit size so just over- MutexGuard guard(&mutex_);
// allocate there since any extra space couldn't be used anyway. CHECK(region_allocator_.contains(address, size));
size_t region_size = RoundUp(size, allocate_page_size_);
if (!region_allocator_.AllocateRegionAt( // Region allocator requires page size rather than commit size so just over-
address, region_size, RegionAllocator::RegionState::kExcluded)) { // allocate there since any extra space couldn't be used anyway.
return false; size_t region_size = RoundUp(size, allocate_page_size_);
if (!region_allocator_.AllocateRegionAt(
address, region_size, RegionAllocator::RegionState::kExcluded)) {
return false;
}
} }
CHECK(page_allocator_->SetPermissions(ptr, size, CHECK(page_allocator_->SetPermissions(ptr, size,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment