Skip to content

Commit 25e22b6

Browse files
thibaudmichaudV8 LUCI CQ
thibaudmichaud
authored and
V8 LUCI CQ
committed
[wasm][jspi] Reintroduce an SBXCHECK
Reintroduce an SBXCHECK to ensure that we always suspend/return to the immediate parent stack. Returning should already be safe because the StackMemory chain lives outside of the sandbox, but suspending is still unsafe because it uses the in-sandbox WasmSuspenderObject chain which can be corrupted. This is a short-term fix. A more robust solution will be to move the WasmSuspenderObjects outside of the sandbox, like we did with the WasmContinuationObjects (https://crrev.com/c/6426203). [email protected] Fixed: chromium:422645418 Change-Id: I08a60303ff65a07ae0ae4bd2f1e8758b174fba1a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6623289 Reviewed-by: Jakob Kummerow <[email protected]> Commit-Queue: Thibaud Michaud <[email protected]> Cr-Commit-Position: refs/heads/main@{#100689}
1 parent d7d46a7 commit 25e22b6

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

src/execution/isolate.cc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3942,7 +3942,7 @@ void Isolate::SwitchStacks(wasm::StackMemory* from, wasm::StackMemory* to) {
39423942
// TODO(388533754): This check won't hold anymore with core stack-switching.
39433943
// Instead, we will need to validate all the intermediate stacks and also
39443944
// check that they don't hold central stack frames.
3945-
DCHECK_EQ(from->jmpbuf()->parent, to);
3945+
SBXCHECK_EQ(from->jmpbuf()->parent, to);
39463946
}
39473947
uintptr_t limit = reinterpret_cast<uintptr_t>(to->jmpbuf()->stack_limit);
39483948
stack_guard()->SetStackLimitForStackSwitching(limit);

0 commit comments

Comments
 (0)