Reland "[wx] Keep the execute bit while making code writable"

Using RW to update code perturbs SMC snooping on some CPUs.
This reland fixes Apple Silicon and jitless by forcing the flag off.

Change-Id: Ie2cc2e4fac333cad24a129e59cbcb6b13590d6d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2759515
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73425}

include/v8-platform.h

@@ -408,7 +408,6 @@ class PageAllocator {
     kNoAccess,
     kRead,
     kReadWrite,
-    // TODO(hpayer): Remove this flag. Memory should never be rwx.
     kReadWriteExecute,
     kReadExecute,
     // Set this when reserving memory that will later require kReadWriteExecute

src/flags/flag-definitions.h

@@ -424,7 +424,6 @@ DEFINE_BOOL(future, FUTURE_BOOL,
             "Implies all staged features that we want to ship in the "
             "not-too-far future")
 
-DEFINE_WEAK_IMPLICATION(future, write_protect_code_memory)
 DEFINE_WEAK_IMPLICATION(future, finalize_streaming_on_background)
 DEFINE_WEAK_IMPLICATION(future, super_ic)
 DEFINE_WEAK_IMPLICATION(future, turbo_inline_js_wasm_calls)
@@ -606,12 +605,21 @@ DEFINE_STRING(sparkplug_filter, "*", "filter for Sparkplug baseline compiler")
 DEFINE_BOOL(trace_baseline, false, "trace baseline compilation")
 #if !defined(V8_OS_MACOSX) || !defined(V8_HOST_ARCH_ARM64)
 // Don't disable --write-protect-code-memory on Apple Silicon.
-DEFINE_NEG_IMPLICATION(sparkplug, write_protect_code_memory)
+DEFINE_WEAK_VALUE_IMPLICATION(sparkplug, write_protect_code_memory, false)
 #endif
 
 #undef FLAG
 #define FLAG FLAG_FULL
 
+#if !defined(V8_OS_MACOSX) || !defined(V8_HOST_ARCH_ARM64)
+DEFINE_BOOL(write_code_using_rwx, true,
+            "flip permissions to rwx to write page instead of rw")
+DEFINE_NEG_IMPLICATION(jitless, write_code_using_rwx)
+#else
+DEFINE_BOOL_READONLY(write_code_using_rwx, false,
+                     "flip permissions to rwx to write page instead of rw")
+#endif
+
 // Flags for concurrent recompilation.
 DEFINE_BOOL(concurrent_recompilation, true,
             "optimizing hot functions asynchronously on a separate thread")

src/heap/memory-chunk.cc

@@ -90,8 +90,13 @@ void MemoryChunk::SetReadAndWritable() {
     size_t page_size = MemoryAllocator::GetCommitPageSize();
     DCHECK(IsAligned(unprotect_start, page_size));
     size_t unprotect_size = RoundUp(area_size(), page_size);
+    // We may use RWX pages to write code. Some CPUs have optimisations to push
+    // updates to code to the icache through a fast path, and they may filter
+    // updates based on the written memory being executable.
     CHECK(reservation_.SetPermissions(unprotect_start, unprotect_size,
-                                      PageAllocator::kReadWrite));
+                                      FLAG_write_code_using_rwx
+                                          ? PageAllocator::kReadWriteExecute
+                                          : PageAllocator::kReadWrite));
   }
 }