Add V8::IsUsingSecureVirtualMemoryCage API

V8 can fall back to creating a virtual memory cage that does not have the desired security properties but at least allows V8 to run when caging is enabled. This API allows the embedder to determine which kind of cage is being used, for example for metrics collection. Bug: chromium:1218005 Change-Id: I6988d0a4fce8aeb1361b30fce8c9c2f68f3b92f9 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3220343 Commit-Queue: Samuel Groß <saelo@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#77392}

Add V8::IsUsingSecureVirtualMemoryCage API
V8 can fall back to creating a virtual memory cage that does not have the desired security properties but at least allows V8 to run when caging is enabled. This API allows the embedder to determine which kind of cage is being used, for example for metrics collection. Bug: chromium:1218005 Change-Id: I6988d0a4fce8aeb1361b30fce8c9c2f68f3b92f9 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3220343 Commit-Queue: Samuel Groß <saelo@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#77392}
af1d043c · Samuel Groß · V8 LUCI CQ · a2b9710f · af1d043c · af1d043c
Commit af1d043c authored Oct 14, 2021 by Samuel Groß Committed by V8 LUCI CQ Oct 14, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 24 additions and 1 deletion

v8-initialization.h include/v8-initialization.h +10 -0

api.cc src/api/api.cc +14 -1

No files found.
--- a/include/v8-initialization.h
+++ b/include/v8-initialization.h
@@ -227,6 +227,16 @@ class V8_EXPORT V8 {
   * this returns zero.
   */
  static size_t GetVirtualMemoryCageSizeInBytes();
+
+  /**
+   * Returns whether the virtual memory cage is configured securely.
+   *
+   * If V8 cannot create a proper virtual memory cage, it will fall back to
+   * creating a cage that doesn't have the desired security properties but at
+   * least still allows V8 to function. This API can be used to determine if
+   * such an insecure cage is being used, in which case it will return false.
+   */
+  static bool IsUsingSecureVirtualMemoryCage();
 #endif

  /**

--- a/src/api/api.cc
+++ b/src/api/api.cc
@@ -6110,7 +6110,9 @@ const char* v8::V8::GetVersion() { return i::Version::GetVersion(); }

 #ifdef V8_VIRTUAL_MEMORY_CAGE
 PageAllocator* v8::V8::GetVirtualMemoryCagePageAllocator() {
-  CHECK(i::GetProcessWideVirtualMemoryCage()->is_initialized());
+  Utils::ApiCheck(i::GetProcessWideVirtualMemoryCage()->is_initialized(),
+                  "v8::V8::GetVirtualMemoryCagePageAllocator",
+                  "The virtual memory cage must be initialized first.");
  return i::GetProcessWideVirtualMemoryCage()->page_allocator();
 }

@@ -6121,6 +6123,17 @@ size_t v8::V8::GetVirtualMemoryCageSizeInBytes() {
    return i::GetProcessWideVirtualMemoryCage()->size();
  }
 }
+
+bool v8::V8::IsUsingSecureVirtualMemoryCage() {
+  Utils::ApiCheck(i::GetProcessWideVirtualMemoryCage()->is_initialized(),
+                  "v8::V8::IsUsingSecureVirtualMemoryCage",
+                  "The virtual memory cage must be initialized first.");
+  // TODO(saelo) For now, we only treat a fake cage as insecure. Once we use
+  // caged pointers that assume that the cage has a constant size, we'll also
+  // treat cages smaller than the default size as insecure because caged
+  // pointers can then access memory outside of them.
+  return !i::GetProcessWideVirtualMemoryCage()->is_fake_cage();
+}
 #endif

 void V8::GetSharedMemoryStatistics(SharedMemoryStatistics* statistics) {