cppgc: Add mutex to PageBackend

This guards against concurrent usages of PageBackend::Lookup() from HeapRegistry which can race with adding/removing pages. This race only manifests in debug mode. Change-Id: If34dbc255faeda085e522501ff2995693cd97b2e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3129702 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#76590}

cppgc: Add mutex to PageBackend
This guards against concurrent usages of PageBackend::Lookup() from HeapRegistry which can race with adding/removing pages. This race only manifests in debug mode. Change-Id: If34dbc255faeda085e522501ff2995693cd97b2e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3129702 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#76590}
fc637389 · Michael Lippautz · V8 LUCI CQ · e08e941a · fc637389 · fc637389
Commit fc637389 authored Aug 30, 2021 by Michael Lippautz Committed by V8 LUCI CQ Aug 30, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 1 deletion

page-memory.cc src/heap/cppgc/page-memory.cc +6 -1

page-memory.h src/heap/cppgc/page-memory.h +4 -0

No files found.
--- a/src/heap/cppgc/page-memory.cc
+++ b/src/heap/cppgc/page-memory.cc
@@ -193,6 +193,7 @@ PageBackend::PageBackend(PageAllocator& allocator,
 PageBackend::~PageBackend() = default;

 Address PageBackend::AllocateNormalPageMemory(size_t bucket) {
+  v8::base::MutexGuard guard(&mutex_);
  std::pair<NormalPageMemoryRegion*, Address> result = page_pool_.Take(bucket);
  if (!result.first) {
    auto pmr =
@@ -203,13 +204,15 @@ Address PageBackend::AllocateNormalPageMemory(size_t bucket) {
    }
    page_memory_region_tree_.Add(pmr.get());
    normal_page_memory_regions_.push_back(std::move(pmr));
-    return AllocateNormalPageMemory(bucket);
+    result = page_pool_.Take(bucket);
+    DCHECK(result.first);
  }
  result.first->Allocate(result.second);
  return result.second;
 }

 void PageBackend::FreeNormalPageMemory(size_t bucket, Address writeable_base) {
+  v8::base::MutexGuard guard(&mutex_);
  auto* pmr = static_cast<NormalPageMemoryRegion*>(
      page_memory_region_tree_.Lookup(writeable_base));
  pmr->Free(writeable_base);
@@ -217,6 +220,7 @@ void PageBackend::FreeNormalPageMemory(size_t bucket, Address writeable_base) {
 }

 Address PageBackend::AllocateLargePageMemory(size_t size) {
+  v8::base::MutexGuard guard(&mutex_);
  auto pmr =
      std::make_unique<LargePageMemoryRegion>(allocator_, oom_handler_, size);
  const PageMemory pm = pmr->GetPageMemory();
@@ -227,6 +231,7 @@ Address PageBackend::AllocateLargePageMemory(size_t size) {
 }

 void PageBackend::FreeLargePageMemory(Address writeable_base) {
+  v8::base::MutexGuard guard(&mutex_);
  PageMemoryRegion* pmr = page_memory_region_tree_.Lookup(writeable_base);
  page_memory_region_tree_.Remove(pmr);
  auto size = large_page_memory_regions_.erase(pmr);

--- a/src/heap/cppgc/page-memory.h
+++ b/src/heap/cppgc/page-memory.h
@@ -13,6 +13,7 @@

 #include "include/cppgc/platform.h"
 #include "src/base/macros.h"
+#include "src/base/platform/mutex.h"
 #include "src/heap/cppgc/globals.h"

 namespace cppgc {
@@ -227,6 +228,8 @@ class V8_EXPORT_PRIVATE PageBackend final {
  PageBackend& operator=(const PageBackend&) = delete;

 private:
+  // Guards against concurrent uses of `Lookup()`.
+  mutable v8::base::Mutex mutex_;
  PageAllocator& allocator_;
  FatalOutOfMemoryHandler& oom_handler_;
  NormalPageMemoryPool page_pool_;
@@ -273,6 +276,7 @@ PageMemoryRegion* PageMemoryRegionTree::Lookup(ConstAddress address) const {
 }

 Address PageBackend::Lookup(ConstAddress address) const {
+  v8::base::MutexGuard guard(&mutex_);
  PageMemoryRegion* pmr = page_memory_region_tree_.Lookup(address);
  return pmr ? pmr->Lookup(address) : nullptr;
 }