[wasm] Check for write-protection when executing JS

{Invoke} is the central bottleneck for calling into generated code.
Check that at this point, no {CodeSpaceWriteScope} is open, otherwise
the JS code could write to the code space once it gains access to an
arbitrary-write gadget.

R=jkummerow@chromium.org

Bug: v8:11974
Change-Id: Ie323cea442a5ea355a1c975b300a1cc5a6edf433
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487787Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79287}

src/execution/execution.cc

@@ -13,6 +13,7 @@
 
 #if V8_ENABLE_WEBASSEMBLY
 #include "src/compiler/wasm-compiler.h"  // Only for static asserts.
+#include "src/wasm/code-space-access.h"
 #include "src/wasm/wasm-engine.h"
 #endif  // V8_ENABLE_WEBASSEMBLY
 
@@ -281,6 +282,8 @@ V8_WARN_UNUSED_RESULT MaybeHandle<Object> Invoke(Isolate* isolate,
   DCHECK_LE(params.argc, FixedArray::kMaxLength);
 
 #if V8_ENABLE_WEBASSEMBLY
+  // When executing JS code, there should be no {CodeSpaceWriteScope} open.
+  DCHECK(!wasm::CodeSpaceWriteScope::IsInScope());
   // If we have PKU support for Wasm, ensure that code is currently write
   // protected for this thread.
   DCHECK_IMPLIES(wasm::GetWasmCodeManager()->HasMemoryProtectionKeySupport(),