[wasm] Disable permission switching if MAP_JIT is available

backes · V8 LUCI CQ · commit 2890419fc8fb · 2021-08-11T15:16:12.000Z
The combination of --wasm-write-protect-code-memory and MAP_JIT was not handled correctly. We were trying to unnecessarily switch permissions, and a DCHECK was failing because the writers count was not increased previously (because the {CodeSpaceWriteScope} uses a separate implementation if MAP_JIT is available). This CL fixes the issues by explicitly setting {WasmCodeAllocator::protect_code_memory_} to false if MAP_JIT is being used. R=jkummerow@chromium.org Bug: v8:12070 Change-Id: Ifb05ba01f8e2e7781d7c29fe80d1144a3d65543b Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089159 Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#76233}
diff --git a/src/wasm/wasm-code-manager.cc b/src/wasm/wasm-code-manager.cc
@@ -515,6 +515,7 @@ constexpr size_t WasmCodeAllocator::kMaxCodeSpaceSize;
 
 WasmCodeAllocator::WasmCodeAllocator(std::shared_ptr<Counters> async_counters)
     : protect_code_memory_(
+          !V8_HAS_PTHREAD_JIT_WRITE_PROTECT &&
           FLAG_wasm_write_protect_code_memory &&
           !GetWasmCodeManager()->HasMemoryProtectionKeySupport()),
       async_counters_(std::move(async_counters)) {
diff --git a/src/wasm/wasm-code-manager.h b/src/wasm/wasm-code-manager.h
@@ -560,6 +560,9 @@ class WasmCodeAllocator {
   // End of fields protected by {mutex_}.
   //////////////////////////////////////////////////////////////////////////////
 
+  // {protect_code_memory_} is true if traditional memory permission switching
+  // is used to protect code space. It is false if {MAP_JIT} on Mac or PKU is
+  // being used, or protection is completely disabled.
   const bool protect_code_memory_;
   std::atomic<size_t> committed_code_space_{0};
   std::atomic<size_t> generated_code_size_{0};
