Commit f5634b56 authored by Samuel Groß's avatar Samuel Groß Committed by V8 LUCI CQ

[sandbox] Don't use external pointer table for ArrayBuffers

ArrayBuffer backing stores will instead use the virtual memory cage and
be referenced through offsets rather than pointers when the sandbox is
enabled. This will be implemented in an independent CL.

Bug: v8:10391
Change-Id: Icc9781003e53c76dbbf4c84ee165151e4182da4b
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086458Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76348}
parent 366b97a5
...@@ -141,15 +141,12 @@ using ExternalPointer_t = Address; ...@@ -141,15 +141,12 @@ using ExternalPointer_t = Address;
// the same time. // the same time.
enum ExternalPointerTag : uint64_t { enum ExternalPointerTag : uint64_t {
kExternalPointerNullTag = 0x0000000000000000, kExternalPointerNullTag = 0x0000000000000000,
kArrayBufferBackingStoreTag = 0x00ff000000000000, // 0b000000011111111 kExternalStringResourceTag = 0x00ff000000000000, // 0b000000011111111
kTypedArrayExternalPointerTag = 0x017f000000000000, // 0b000000101111111 kExternalStringResourceDataTag = 0x017f000000000000, // 0b000000101111111
kDataViewDataPointerTag = 0x01bf000000000000, // 0b000000110111111 kForeignForeignAddressTag = 0x01bf000000000000, // 0b000000110111111
kExternalStringResourceTag = 0x01df000000000000, // 0b000000111011111 kNativeContextMicrotaskQueueTag = 0x01df000000000000, // 0b000000111011111
kExternalStringResourceDataTag = 0x01ef000000000000, // 0b000000111101111 kEmbedderDataSlotPayloadTag = 0x01ef000000000000, // 0b000000111101111
kForeignForeignAddressTag = 0x01f7000000000000, // 0b000000111110111 kCodeEntryPointTag = 0x01f7000000000000, // 0b000000111110111
kNativeContextMicrotaskQueueTag = 0x01fb000000000000, // 0b000000111111011
kEmbedderDataSlotPayloadTag = 0x01fd000000000000, // 0b000000111111101
kCodeEntryPointTag = 0x01fe000000000000, // 0b000000111111110
}; };
constexpr uint64_t kExternalPointerTagMask = 0xffff000000000000; constexpr uint64_t kExternalPointerTagMask = 0xffff000000000000;
......
...@@ -102,7 +102,6 @@ BUILTIN(DataViewConstructor) { ...@@ -102,7 +102,6 @@ BUILTIN(DataViewConstructor) {
// 13. Set O's [[ByteOffset]] internal slot to offset. // 13. Set O's [[ByteOffset]] internal slot to offset.
Handle<JSDataView>::cast(result)->set_byte_offset(view_byte_offset); Handle<JSDataView>::cast(result)->set_byte_offset(view_byte_offset);
Handle<JSDataView>::cast(result)->AllocateExternalPointerEntries(isolate);
Handle<JSDataView>::cast(result)->set_data_pointer( Handle<JSDataView>::cast(result)->set_data_pointer(
isolate, isolate,
static_cast<uint8_t*>(array_buffer->backing_store()) + view_byte_offset); static_cast<uint8_t*>(array_buffer->backing_store()) + view_byte_offset);
......
...@@ -65,9 +65,8 @@ TNode<JSArrayBuffer> TypedArrayBuiltinsAssembler::AllocateEmptyOnHeapBuffer( ...@@ -65,9 +65,8 @@ TNode<JSArrayBuffer> TypedArrayBuiltinsAssembler::AllocateEmptyOnHeapBuffer(
StoreObjectFieldNoWriteBarrier(buffer, JSArrayBuffer::kByteLengthOffset, StoreObjectFieldNoWriteBarrier(buffer, JSArrayBuffer::kByteLengthOffset,
byte_length); byte_length);
InitializeExternalPointerField(buffer, JSArrayBuffer::kBackingStoreOffset, StoreObjectFieldNoWriteBarrier(buffer, JSArrayBuffer::kBackingStoreOffset,
PointerConstant(nullptr), PointerConstant(nullptr));
kArrayBufferBackingStoreTag);
StoreObjectFieldNoWriteBarrier(buffer, JSArrayBuffer::kExtensionOffset, StoreObjectFieldNoWriteBarrier(buffer, JSArrayBuffer::kExtensionOffset,
IntPtrConstant(0)); IntPtrConstant(0));
for (int offset = JSArrayBuffer::kHeaderSize; for (int offset = JSArrayBuffer::kHeaderSize;
...@@ -404,12 +403,6 @@ void TypedArrayBuiltinsAssembler::DispatchTypedArrayByElementsKind( ...@@ -404,12 +403,6 @@ void TypedArrayBuiltinsAssembler::DispatchTypedArrayByElementsKind(
BIND(&next); BIND(&next);
} }
void TypedArrayBuiltinsAssembler::AllocateJSTypedArrayExternalPointerEntry(
TNode<JSTypedArray> holder) {
InitializeExternalPointerField(
holder, IntPtrConstant(JSTypedArray::kExternalPointerOffset));
}
void TypedArrayBuiltinsAssembler::SetJSTypedArrayOnHeapDataPtr( void TypedArrayBuiltinsAssembler::SetJSTypedArrayOnHeapDataPtr(
TNode<JSTypedArray> holder, TNode<ByteArray> base, TNode<UintPtrT> offset) { TNode<JSTypedArray> holder, TNode<ByteArray> base, TNode<UintPtrT> offset) {
offset = UintPtrAdd(UintPtrConstant(ByteArray::kHeaderSize - kHeapObjectTag), offset = UintPtrAdd(UintPtrConstant(ByteArray::kHeaderSize - kHeapObjectTag),
......
...@@ -83,7 +83,6 @@ class TypedArrayBuiltinsAssembler : public CodeStubAssembler { ...@@ -83,7 +83,6 @@ class TypedArrayBuiltinsAssembler : public CodeStubAssembler {
void DispatchTypedArrayByElementsKind( void DispatchTypedArrayByElementsKind(
TNode<Word32T> elements_kind, const TypedArraySwitchCase& case_function); TNode<Word32T> elements_kind, const TypedArraySwitchCase& case_function);
void AllocateJSTypedArrayExternalPointerEntry(TNode<JSTypedArray> holder);
void SetJSTypedArrayOnHeapDataPtr(TNode<JSTypedArray> holder, void SetJSTypedArrayOnHeapDataPtr(TNode<JSTypedArray> holder,
TNode<ByteArray> base, TNode<ByteArray> base,
TNode<UintPtrT> offset); TNode<UintPtrT> offset);
......
...@@ -62,7 +62,6 @@ transitioning macro AllocateTypedArray(implicit context: Context)( ...@@ -62,7 +62,6 @@ transitioning macro AllocateTypedArray(implicit context: Context)(
typedArray.bit_field.is_length_tracking = isLengthTracking; typedArray.bit_field.is_length_tracking = isLengthTracking;
typedArray.bit_field.is_backed_by_rab = typedArray.bit_field.is_backed_by_rab =
IsResizableArrayBuffer(buffer) && !IsSharedArrayBuffer(buffer); IsResizableArrayBuffer(buffer) && !IsSharedArrayBuffer(buffer);
typed_array::AllocateJSTypedArrayExternalPointerEntry(typedArray);
if constexpr (isOnHeap) { if constexpr (isOnHeap) {
typed_array::SetJSTypedArrayOnHeapDataPtr(typedArray, elements, byteOffset); typed_array::SetJSTypedArrayOnHeapDataPtr(typedArray, elements, byteOffset);
} else { } else {
......
...@@ -161,10 +161,6 @@ macro GetTypedArrayAccessor(elementsKind: ElementsKind): TypedArrayAccessor { ...@@ -161,10 +161,6 @@ macro GetTypedArrayAccessor(elementsKind: ElementsKind): TypedArrayAccessor {
unreachable; unreachable;
} }
extern macro
TypedArrayBuiltinsAssembler::AllocateJSTypedArrayExternalPointerEntry(
JSTypedArray): void;
extern macro TypedArrayBuiltinsAssembler::SetJSTypedArrayOnHeapDataPtr( extern macro TypedArrayBuiltinsAssembler::SetJSTypedArrayOnHeapDataPtr(
JSTypedArray, ByteArray, uintptr): void; JSTypedArray, ByteArray, uintptr): void;
extern macro TypedArrayBuiltinsAssembler::SetJSTypedArrayOffHeapDataPtr( extern macro TypedArrayBuiltinsAssembler::SetJSTypedArrayOffHeapDataPtr(
......
...@@ -13797,9 +13797,8 @@ void CodeStubAssembler::ThrowIfArrayBufferViewBufferIsDetached( ...@@ -13797,9 +13797,8 @@ void CodeStubAssembler::ThrowIfArrayBufferViewBufferIsDetached(
TNode<RawPtrT> CodeStubAssembler::LoadJSArrayBufferBackingStorePtr( TNode<RawPtrT> CodeStubAssembler::LoadJSArrayBufferBackingStorePtr(
TNode<JSArrayBuffer> array_buffer) { TNode<JSArrayBuffer> array_buffer) {
return LoadExternalPointerFromObject(array_buffer, return LoadObjectField<RawPtrT>(array_buffer,
JSArrayBuffer::kBackingStoreOffset, JSArrayBuffer::kBackingStoreOffset);
kArrayBufferBackingStoreTag);
} }
TNode<JSArrayBuffer> CodeStubAssembler::LoadJSArrayBufferViewBuffer( TNode<JSArrayBuffer> CodeStubAssembler::LoadJSArrayBufferViewBuffer(
......
...@@ -1107,15 +1107,14 @@ class V8_EXPORT_PRIVATE CodeStubAssembler ...@@ -1107,15 +1107,14 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
TNode<RawPtrT> LoadJSTypedArrayExternalPointerPtr( TNode<RawPtrT> LoadJSTypedArrayExternalPointerPtr(
TNode<JSTypedArray> holder) { TNode<JSTypedArray> holder) {
return LoadExternalPointerFromObject(holder, return LoadObjectField<RawPtrT>(holder,
JSTypedArray::kExternalPointerOffset, JSTypedArray::kExternalPointerOffset);
kTypedArrayExternalPointerTag);
} }
void StoreJSTypedArrayExternalPointerPtr(TNode<JSTypedArray> holder, void StoreJSTypedArrayExternalPointerPtr(TNode<JSTypedArray> holder,
TNode<RawPtrT> value) { TNode<RawPtrT> value) {
StoreExternalPointerToObject(holder, JSTypedArray::kExternalPointerOffset, StoreObjectFieldNoWriteBarrier<RawPtrT>(
value, kTypedArrayExternalPointerTag); holder, JSTypedArray::kExternalPointerOffset, value);
} }
// Load value from current parent frame by given offset in bytes. // Load value from current parent frame by given offset in bytes.
......
...@@ -416,19 +416,16 @@ FieldAccess AccessBuilder::ForJSTypedArrayBasePointer() { ...@@ -416,19 +416,16 @@ FieldAccess AccessBuilder::ForJSTypedArrayBasePointer() {
// static // static
FieldAccess AccessBuilder::ForJSTypedArrayExternalPointer() { FieldAccess AccessBuilder::ForJSTypedArrayExternalPointer() {
FieldAccess access = {kTaggedBase, FieldAccess access = {
kTaggedBase,
JSTypedArray::kExternalPointerOffset, JSTypedArray::kExternalPointerOffset,
MaybeHandle<Name>(), MaybeHandle<Name>(),
MaybeHandle<Map>(), MaybeHandle<Map>(),
V8_HEAP_SANDBOX_BOOL ? Type::SandboxedExternalPointer() Type::ExternalPointer(),
: Type::ExternalPointer(),
MachineType::Pointer(), MachineType::Pointer(),
kNoWriteBarrier, kNoWriteBarrier,
ConstFieldInfo::None(), ConstFieldInfo::None(),
false, false,
#ifdef V8_HEAP_SANDBOX
kTypedArrayExternalPointerTag
#endif
}; };
return access; return access;
} }
...@@ -440,15 +437,11 @@ FieldAccess AccessBuilder::ForJSDataViewDataPointer() { ...@@ -440,15 +437,11 @@ FieldAccess AccessBuilder::ForJSDataViewDataPointer() {
JSDataView::kDataPointerOffset, JSDataView::kDataPointerOffset,
MaybeHandle<Name>(), MaybeHandle<Name>(),
MaybeHandle<Map>(), MaybeHandle<Map>(),
V8_HEAP_SANDBOX_BOOL ? Type::SandboxedExternalPointer() Type::ExternalPointer(),
: Type::ExternalPointer(),
MachineType::Pointer(), MachineType::Pointer(),
kNoWriteBarrier, kNoWriteBarrier,
ConstFieldInfo::None(), ConstFieldInfo::None(),
false, false,
#ifdef V8_HEAP_SANDBOX
kDataViewDataPointerTag,
#endif
}; };
return access; return access;
} }
......
...@@ -2873,7 +2873,6 @@ Handle<JSTypedArray> Factory::NewJSTypedArray(ExternalArrayType type, ...@@ -2873,7 +2873,6 @@ Handle<JSTypedArray> Factory::NewJSTypedArray(ExternalArrayType type,
map, empty_byte_array(), buffer, byte_offset, byte_length)); map, empty_byte_array(), buffer, byte_offset, byte_length));
JSTypedArray raw = *typed_array; JSTypedArray raw = *typed_array;
DisallowGarbageCollection no_gc; DisallowGarbageCollection no_gc;
raw.AllocateExternalPointerEntries(isolate());
raw.set_length(length); raw.set_length(length);
raw.SetOffHeapDataPtr(isolate(), buffer->backing_store(), byte_offset); raw.SetOffHeapDataPtr(isolate(), buffer->backing_store(), byte_offset);
raw.set_is_length_tracking(false); raw.set_is_length_tracking(false);
...@@ -2888,7 +2887,6 @@ Handle<JSDataView> Factory::NewJSDataView(Handle<JSArrayBuffer> buffer, ...@@ -2888,7 +2887,6 @@ Handle<JSDataView> Factory::NewJSDataView(Handle<JSArrayBuffer> buffer,
isolate()); isolate());
Handle<JSDataView> obj = Handle<JSDataView>::cast(NewJSArrayBufferView( Handle<JSDataView> obj = Handle<JSDataView>::cast(NewJSArrayBufferView(
map, empty_fixed_array(), buffer, byte_offset, byte_length)); map, empty_fixed_array(), buffer, byte_offset, byte_length));
obj->AllocateExternalPointerEntries(isolate());
obj->set_data_pointer( obj->set_data_pointer(
isolate(), static_cast<uint8_t*>(buffer->backing_store()) + byte_offset); isolate(), static_cast<uint8_t*>(buffer->backing_store()) + byte_offset);
return obj; return obj;
......
...@@ -30,10 +30,6 @@ ACCESSORS(JSTypedArray, base_pointer, Object, kBasePointerOffset) ...@@ -30,10 +30,6 @@ ACCESSORS(JSTypedArray, base_pointer, Object, kBasePointerOffset)
RELEASE_ACQUIRE_ACCESSORS(JSTypedArray, base_pointer, Object, RELEASE_ACQUIRE_ACCESSORS(JSTypedArray, base_pointer, Object,
kBasePointerOffset) kBasePointerOffset)
void JSArrayBuffer::AllocateExternalPointerEntries(Isolate* isolate) {
InitExternalPointerField(kBackingStoreOffset, isolate);
}
size_t JSArrayBuffer::byte_length() const { size_t JSArrayBuffer::byte_length() const {
return ReadField<size_t>(kByteLengthOffset); return ReadField<size_t>(kByteLengthOffset);
} }
...@@ -43,27 +39,20 @@ void JSArrayBuffer::set_byte_length(size_t value) { ...@@ -43,27 +39,20 @@ void JSArrayBuffer::set_byte_length(size_t value) {
} }
DEF_GETTER(JSArrayBuffer, backing_store, void*) { DEF_GETTER(JSArrayBuffer, backing_store, void*) {
Isolate* isolate = GetIsolateForHeapSandbox(*this); return reinterpret_cast<void*>(ReadField<Address>(kBackingStoreOffset));
Address value = ReadExternalPointerField(kBackingStoreOffset, isolate,
kArrayBufferBackingStoreTag);
return reinterpret_cast<void*>(value);
} }
void JSArrayBuffer::set_backing_store(Isolate* isolate, void* value) { void JSArrayBuffer::set_backing_store(Isolate* isolate, void* value) {
DCHECK(isolate->IsValidBackingStorePointer(value)); DCHECK(isolate->IsValidBackingStorePointer(value));
WriteExternalPointerField(kBackingStoreOffset, isolate, WriteField<Address>(kBackingStoreOffset, reinterpret_cast<Address>(value));
reinterpret_cast<Address>(value),
kArrayBufferBackingStoreTag);
} }
uint32_t JSArrayBuffer::GetBackingStoreRefForDeserialization() const { uint32_t JSArrayBuffer::GetBackingStoreRefForDeserialization() const {
return static_cast<uint32_t>( return static_cast<uint32_t>(ReadField<Address>(kBackingStoreOffset));
ReadField<ExternalPointer_t>(kBackingStoreOffset));
} }
void JSArrayBuffer::SetBackingStoreRefForSerialization(uint32_t ref) { void JSArrayBuffer::SetBackingStoreRefForSerialization(uint32_t ref) {
WriteField<ExternalPointer_t>(kBackingStoreOffset, WriteField<Address>(kBackingStoreOffset, static_cast<Address>(ref));
static_cast<ExternalPointer_t>(ref));
} }
ArrayBufferExtension* JSArrayBuffer::extension() const { ArrayBufferExtension* JSArrayBuffer::extension() const {
...@@ -239,10 +228,6 @@ size_t JSTypedArray::GetLength() const { ...@@ -239,10 +228,6 @@ size_t JSTypedArray::GetLength() const {
return GetLengthOrOutOfBounds(out_of_bounds); return GetLengthOrOutOfBounds(out_of_bounds);
} }
void JSTypedArray::AllocateExternalPointerEntries(Isolate* isolate) {
InitExternalPointerField(kExternalPointerOffset, isolate);
}
size_t JSTypedArray::length() const { size_t JSTypedArray::length() const {
DCHECK(!is_length_tracking()); DCHECK(!is_length_tracking());
DCHECK(!is_backed_by_rab()); DCHECK(!is_backed_by_rab());
...@@ -258,19 +243,16 @@ void JSTypedArray::set_length(size_t value) { ...@@ -258,19 +243,16 @@ void JSTypedArray::set_length(size_t value) {
} }
DEF_GETTER(JSTypedArray, external_pointer, Address) { DEF_GETTER(JSTypedArray, external_pointer, Address) {
Isolate* isolate = GetIsolateForHeapSandbox(*this); return ReadField<Address>(kExternalPointerOffset);
return ReadExternalPointerField(kExternalPointerOffset, isolate,
kTypedArrayExternalPointerTag);
} }
DEF_GETTER(JSTypedArray, external_pointer_raw, ExternalPointer_t) { DEF_GETTER(JSTypedArray, external_pointer_raw, Address) {
return ReadField<ExternalPointer_t>(kExternalPointerOffset); return ReadField<Address>(kExternalPointerOffset);
} }
void JSTypedArray::set_external_pointer(Isolate* isolate, Address value) { void JSTypedArray::set_external_pointer(Isolate* isolate, Address value) {
DCHECK(isolate->IsValidBackingStorePointer(reinterpret_cast<void*>(value))); DCHECK(isolate->IsValidBackingStorePointer(reinterpret_cast<void*>(value)));
WriteExternalPointerField(kExternalPointerOffset, isolate, value, WriteField<Address>(kExternalPointerOffset, value);
kTypedArrayExternalPointerTag);
} }
Address JSTypedArray::ExternalPointerCompensationForOnHeapArray( Address JSTypedArray::ExternalPointerCompensationForOnHeapArray(
...@@ -284,14 +266,12 @@ Address JSTypedArray::ExternalPointerCompensationForOnHeapArray( ...@@ -284,14 +266,12 @@ Address JSTypedArray::ExternalPointerCompensationForOnHeapArray(
uint32_t JSTypedArray::GetExternalBackingStoreRefForDeserialization() const { uint32_t JSTypedArray::GetExternalBackingStoreRefForDeserialization() const {
DCHECK(!is_on_heap()); DCHECK(!is_on_heap());
return static_cast<uint32_t>( return static_cast<uint32_t>(ReadField<Address>(kExternalPointerOffset));
ReadField<ExternalPointer_t>(kExternalPointerOffset));
} }
void JSTypedArray::SetExternalBackingStoreRefForSerialization(uint32_t ref) { void JSTypedArray::SetExternalBackingStoreRefForSerialization(uint32_t ref) {
DCHECK(!is_on_heap()); DCHECK(!is_on_heap());
WriteField<ExternalPointer_t>(kExternalPointerOffset, WriteField<Address>(kExternalPointerOffset, static_cast<Address>(ref));
static_cast<ExternalPointer_t>(ref));
} }
void JSTypedArray::RemoveExternalPointerCompensationForSerialization( void JSTypedArray::RemoveExternalPointerCompensationForSerialization(
...@@ -392,20 +372,12 @@ MaybeHandle<JSTypedArray> JSTypedArray::Validate(Isolate* isolate, ...@@ -392,20 +372,12 @@ MaybeHandle<JSTypedArray> JSTypedArray::Validate(Isolate* isolate,
} }
DEF_GETTER(JSDataView, data_pointer, void*) { DEF_GETTER(JSDataView, data_pointer, void*) {
Isolate* isolate = GetIsolateForHeapSandbox(*this); return reinterpret_cast<void*>(ReadField<Address>(kDataPointerOffset));
return reinterpret_cast<void*>(ReadExternalPointerField(
kDataPointerOffset, isolate, kDataViewDataPointerTag));
}
void JSDataView::AllocateExternalPointerEntries(Isolate* isolate) {
InitExternalPointerField(kDataPointerOffset, isolate);
} }
void JSDataView::set_data_pointer(Isolate* isolate, void* value) { void JSDataView::set_data_pointer(Isolate* isolate, void* value) {
DCHECK(isolate->IsValidBackingStorePointer(value)); DCHECK(isolate->IsValidBackingStorePointer(value));
WriteExternalPointerField(kDataPointerOffset, isolate, WriteField<Address>(kDataPointerOffset, reinterpret_cast<Address>(value));
reinterpret_cast<Address>(value),
kDataViewDataPointerTag);
} }
} // namespace internal } // namespace internal
......
...@@ -55,7 +55,6 @@ void JSArrayBuffer::Setup(SharedFlag shared, ResizableFlag resizable, ...@@ -55,7 +55,6 @@ void JSArrayBuffer::Setup(SharedFlag shared, ResizableFlag resizable,
SetEmbedderField(i, Smi::zero()); SetEmbedderField(i, Smi::zero());
} }
set_extension(nullptr); set_extension(nullptr);
AllocateExternalPointerEntries(GetIsolate());
if (!backing_store) { if (!backing_store) {
set_backing_store(GetIsolate(), nullptr); set_backing_store(GetIsolate(), nullptr);
set_byte_length(0); set_byte_length(0);
......
...@@ -32,12 +32,6 @@ class JSArrayBuffer ...@@ -32,12 +32,6 @@ class JSArrayBuffer
static constexpr size_t kMaxByteLength = kMaxSafeInteger; static constexpr size_t kMaxByteLength = kMaxSafeInteger;
#endif #endif
// When soft sandbox is enabled, creates entries in external pointer table for
// all JSArrayBuffer's fields that require soft sandbox protection (backing
// store pointer, backing store length, etc.).
// When sandbox is not enabled, it's a no-op.
inline void AllocateExternalPointerEntries(Isolate* isolate);
// [byte_length]: length in bytes // [byte_length]: length in bytes
DECL_PRIMITIVE_ACCESSORS(byte_length, size_t) DECL_PRIMITIVE_ACCESSORS(byte_length, size_t)
...@@ -283,12 +277,6 @@ class JSTypedArray ...@@ -283,12 +277,6 @@ class JSTypedArray
V8_EXPORT_PRIVATE Handle<JSArrayBuffer> GetBuffer(); V8_EXPORT_PRIVATE Handle<JSArrayBuffer> GetBuffer();
// When soft sandbox is enabled, creates entries in external pointer table for
// all JSTypedArray's fields that require soft sandbox protection (external
// pointer, offset, length, etc.).
// When sandbox is not enabled, it's a no-op.
inline void AllocateExternalPointerEntries(Isolate* isolate);
// The `DataPtr` is `base_ptr + external_pointer`, and `base_ptr` is nullptr // The `DataPtr` is `base_ptr + external_pointer`, and `base_ptr` is nullptr
// for off-heap typed arrays. // for off-heap typed arrays.
static constexpr bool kOffHeapDataPtrEqualsExternalPointer = true; static constexpr bool kOffHeapDataPtrEqualsExternalPointer = true;
...@@ -392,12 +380,6 @@ class JSDataView ...@@ -392,12 +380,6 @@ class JSDataView
DECL_GETTER(data_pointer, void*) DECL_GETTER(data_pointer, void*)
inline void set_data_pointer(Isolate* isolate, void* value); inline void set_data_pointer(Isolate* isolate, void* value);
// When soft sandbox is enabled, creates entries in external pointer table for
// all JSDataView's fields that require soft sandbox protection (data pointer,
// offset, length, etc.).
// When sandbox is not enabled, it's a no-op.
inline void AllocateExternalPointerEntries(Isolate* isolate);
// Dispatched behavior. // Dispatched behavior.
DECL_PRINTER(JSDataView) DECL_PRINTER(JSDataView)
DECL_VERIFIER(JSDataView) DECL_VERIFIER(JSDataView)
......
...@@ -61,7 +61,6 @@ void ContextDeserializer::SetupOffHeapArrayBufferBackingStores() { ...@@ -61,7 +61,6 @@ void ContextDeserializer::SetupOffHeapArrayBufferBackingStores() {
for (Handle<JSArrayBuffer> buffer : new_off_heap_array_buffers()) { for (Handle<JSArrayBuffer> buffer : new_off_heap_array_buffers()) {
uint32_t store_index = buffer->GetBackingStoreRefForDeserialization(); uint32_t store_index = buffer->GetBackingStoreRefForDeserialization();
auto bs = backing_store(store_index); auto bs = backing_store(store_index);
buffer->AllocateExternalPointerEntries(isolate());
// TODO(v8:11111): Support RAB / GSAB. // TODO(v8:11111): Support RAB / GSAB.
CHECK(!buffer->is_resizable()); CHECK(!buffer->is_resizable());
SharedFlag shared = SharedFlag shared =
......
...@@ -482,7 +482,6 @@ void Deserializer<IsolateT>::PostProcessNewObject(Handle<Map> map, ...@@ -482,7 +482,6 @@ void Deserializer<IsolateT>::PostProcessNewObject(Handle<Map> map,
// a numbered reference to an already deserialized backing store. // a numbered reference to an already deserialized backing store.
backing_store = backing_stores_[store_index]->buffer_start(); backing_store = backing_stores_[store_index]->buffer_start();
} }
data_view->AllocateExternalPointerEntries(main_thread_isolate());
data_view->set_data_pointer( data_view->set_data_pointer(
main_thread_isolate(), main_thread_isolate(),
reinterpret_cast<uint8_t*>(backing_store) + data_view->byte_offset()); reinterpret_cast<uint8_t*>(backing_store) + data_view->byte_offset());
...@@ -491,7 +490,6 @@ void Deserializer<IsolateT>::PostProcessNewObject(Handle<Map> map, ...@@ -491,7 +490,6 @@ void Deserializer<IsolateT>::PostProcessNewObject(Handle<Map> map,
// Fixup typed array pointers. // Fixup typed array pointers.
if (typed_array->is_on_heap()) { if (typed_array->is_on_heap()) {
Address raw_external_pointer = typed_array->external_pointer_raw(); Address raw_external_pointer = typed_array->external_pointer_raw();
typed_array->AllocateExternalPointerEntries(main_thread_isolate());
typed_array->SetOnHeapDataPtr( typed_array->SetOnHeapDataPtr(
main_thread_isolate(), HeapObject::cast(typed_array->base_pointer()), main_thread_isolate(), HeapObject::cast(typed_array->base_pointer()),
raw_external_pointer); raw_external_pointer);
...@@ -503,7 +501,6 @@ void Deserializer<IsolateT>::PostProcessNewObject(Handle<Map> map, ...@@ -503,7 +501,6 @@ void Deserializer<IsolateT>::PostProcessNewObject(Handle<Map> map,
auto start = backing_store auto start = backing_store
? reinterpret_cast<byte*>(backing_store->buffer_start()) ? reinterpret_cast<byte*>(backing_store->buffer_start())
: nullptr; : nullptr;
typed_array->AllocateExternalPointerEntries(main_thread_isolate());
typed_array->SetOffHeapDataPtr(main_thread_isolate(), start, typed_array->SetOffHeapDataPtr(main_thread_isolate(), start,
typed_array->byte_offset()); typed_array->byte_offset());
} }
...@@ -513,7 +510,6 @@ void Deserializer<IsolateT>::PostProcessNewObject(Handle<Map> map, ...@@ -513,7 +510,6 @@ void Deserializer<IsolateT>::PostProcessNewObject(Handle<Map> map,
if (buffer->GetBackingStoreRefForDeserialization() != kNullRefSentinel) { if (buffer->GetBackingStoreRefForDeserialization() != kNullRefSentinel) {
new_off_heap_array_buffers_.push_back(buffer); new_off_heap_array_buffers_.push_back(buffer);
} else { } else {
buffer->AllocateExternalPointerEntries(main_thread_isolate());
buffer->set_backing_store(main_thread_isolate(), nullptr); buffer->set_backing_store(main_thread_isolate(), nullptr);
} }
} else if (InstanceTypeChecker::IsBytecodeArray(instance_type)) { } else if (InstanceTypeChecker::IsBytecodeArray(instance_type)) {
......
...@@ -521,10 +521,6 @@ void Serializer::ObjectSerializer::SerializeJSArrayBuffer() { ...@@ -521,10 +521,6 @@ void Serializer::ObjectSerializer::SerializeJSArrayBuffer() {
ArrayBufferExtension* extension = buffer->extension(); ArrayBufferExtension* extension = buffer->extension();
// The embedder-allocated backing store only exists for the off-heap case. // The embedder-allocated backing store only exists for the off-heap case.
#ifdef V8_HEAP_SANDBOX
uint32_t external_pointer_entry =
buffer->GetBackingStoreRefForDeserialization();
#endif
if (backing_store != nullptr) { if (backing_store != nullptr) {
uint32_t ref = SerializeBackingStore(backing_store, byte_length); uint32_t ref = SerializeBackingStore(backing_store, byte_length);
buffer->SetBackingStoreRefForSerialization(ref); buffer->SetBackingStoreRefForSerialization(ref);
...@@ -538,11 +534,7 @@ void Serializer::ObjectSerializer::SerializeJSArrayBuffer() { ...@@ -538,11 +534,7 @@ void Serializer::ObjectSerializer::SerializeJSArrayBuffer() {
SerializeObject(); SerializeObject();
#ifdef V8_HEAP_SANDBOX
buffer->SetBackingStoreRefForSerialization(external_pointer_entry);
#else
buffer->set_backing_store(isolate(), backing_store); buffer->set_backing_store(isolate(), backing_store);
#endif
buffer->set_extension(extension); buffer->set_extension(extension);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment