De-globalize use of partitions |
|||||
Issue descriptionPartitions.h defines partitions but they're global to the process. We should be able to create separate sets of partitions in renderers.
,
Jan 6 2018
,
Feb 2 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/eaa730ff5abd585b0b629f07406df6701589e7ff commit eaa730ff5abd585b0b629f07406df6701589e7ff Author: Bill Budge <bbudge@chromium.org> Date: Fri Feb 02 02:17:59 2018 [ArrayBuffer] Give each SecurityOrigin a Partition for ArrayBuffers. - Goes through SecurityOrigin's ArrayBuffer Partition for ArrayBuffers allocated from the V8 side. - Reworks ArrayBufferContents to support multiple partitions for ArrayBuffers. Adds overload of AllocateMemoryOrNull to handle these allocations. Associates a PartitionRootGeneric with each allocation, storing a pointer just before the ArrayBuffer data. Bug: chromium:799573 Change-Id: I712176c715d1fb2511d87892052ba9d2d8084336 Reviewed-on: https://chromium-review.googlesource.com/853120 Reviewed-by: Chris Palmer <palmer@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#533921} [modify] https://crrev.com/eaa730ff5abd585b0b629f07406df6701589e7ff/third_party/WebKit/Source/bindings/core/v8/V8Initializer.cpp [modify] https://crrev.com/eaa730ff5abd585b0b629f07406df6701589e7ff/third_party/WebKit/Source/platform/wtf/typed_arrays/ArrayBufferContents.cpp [modify] https://crrev.com/eaa730ff5abd585b0b629f07406df6701589e7ff/third_party/WebKit/Source/platform/wtf/typed_arrays/ArrayBufferContents.h
,
Feb 10 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/7c8bea61a9e0bd02932fce9d164965f7ade0a124 commit 7c8bea61a9e0bd02932fce9d164965f7ade0a124 Author: Bill Budge <bbudge@chromium.org> Date: Sat Feb 10 07:15:39 2018 Revert "[ArrayBuffer] Give each SecurityOrigin a Partition for ArrayBuffers." This reverts commit eaa730ff5abd585b0b629f07406df6701589e7ff. Reason for revert: performance regression: https://bugs.chromium.org/p/chromium/issues/detail?id=809546 Original change's description: > [ArrayBuffer] Give each SecurityOrigin a Partition for ArrayBuffers. > > - Goes through SecurityOrigin's ArrayBuffer Partition for ArrayBuffers > allocated from the V8 side. > - Reworks ArrayBufferContents to support multiple partitions for > ArrayBuffers. Adds overload of AllocateMemoryOrNull to handle these > allocations. Associates a PartitionRootGeneric with each allocation, > storing a pointer just before the ArrayBuffer data. > > Bug: chromium:799573 > > Change-Id: I712176c715d1fb2511d87892052ba9d2d8084336 > Reviewed-on: https://chromium-review.googlesource.com/853120 > Reviewed-by: Chris Palmer <palmer@chromium.org> > Reviewed-by: Kentaro Hara <haraken@chromium.org> > Commit-Queue: Bill Budge <bbudge@chromium.org> > Cr-Commit-Position: refs/heads/master@{#533921} TBR=palmer@chromium.org,bbudge@chromium.org,nasko@chromium.org,adamk@chromium.org,haraken@chromium.org,mlippautz@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: chromium:799573 Change-Id: Id48e51e7d0c53bcb9df15ab72d8ea99014c82055 Reviewed-on: https://chromium-review.googlesource.com/912108 Reviewed-by: Bill Budge <bbudge@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#535966} [modify] https://crrev.com/7c8bea61a9e0bd02932fce9d164965f7ade0a124/third_party/WebKit/Source/bindings/core/v8/V8Initializer.cpp [modify] https://crrev.com/7c8bea61a9e0bd02932fce9d164965f7ade0a124/third_party/WebKit/Source/platform/wtf/typed_arrays/ArrayBufferContents.cpp [modify] https://crrev.com/7c8bea61a9e0bd02932fce9d164965f7ade0a124/third_party/WebKit/Source/platform/wtf/typed_arrays/ArrayBufferContents.h
,
Feb 16 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/24d177206805f23104204bda88e5a227fcd0a791 commit 24d177206805f23104204bda88e5a227fcd0a791 Author: Bill Budge <bbudge@chromium.org> Date: Fri Feb 16 19:43:55 2018 [page_allocator] Adjust address space when allocating guarded memory. - Linux limits address space. On 64 bit systems, we may allocate multiple guarded memory regions which exceed this limit. Attempt to raise the limit when making large reservations. - Lower the limit when releasing large guarded allocations. Bug: chromium:799573 Change-Id: Ied5694b541780914fc05c5e4f0f9a1338a2901e4 Reviewed-on: https://chromium-review.googlesource.com/922913 Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Cr-Commit-Position: refs/heads/master@{#537385} [modify] https://crrev.com/24d177206805f23104204bda88e5a227fcd0a791/base/allocator/partition_allocator/page_allocator.cc [modify] https://crrev.com/24d177206805f23104204bda88e5a227fcd0a791/base/allocator/partition_allocator/partition_alloc_unittest.cc
,
Feb 16 2018
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/018f119223617830f2d28ef3e3f8393c9c3edbe6 commit 018f119223617830f2d28ef3e3f8393c9c3edbe6 Author: Bill Budge <bbudge@chromium.org> Date: Fri Feb 16 21:52:44 2018 [memory] Add a test for RX page permission. Bug: chromium:799573 Change-Id: I467c74b5b26bc6f1e1a35c1104df12b77f072bac Reviewed-on: https://chromium-review.googlesource.com/923430 Reviewed-by: Eric Holk <eholk@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#51338} [modify] https://crrev.com/018f119223617830f2d28ef3e3f8393c9c3edbe6/test/unittests/allocation-unittest.cc
,
Feb 16 2018
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/95e39b06234e5d44fb91f9fa1f6363a7a3e37caa commit 95e39b06234e5d44fb91f9fa1f6363a7a3e37caa Author: Bill Budge <bbudge@chromium.org> Date: Fri Feb 16 22:51:17 2018 [API] Don't use VM methods of v8::ArrayBuffer::Allocator. - Replaces calls to Allocator Reserve, Free, and SetPermissions with equivalent page allocator calls (allocation.h). - Un-implements these methods to catch usage, in preparation for removing these. Bug: chromium:799573 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: Id233b7a9cfc8e332c64e514f6359e8b670c2d75e Reviewed-on: https://chromium-review.googlesource.com/911883 Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by: Eric Holk <eholk@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51340} [modify] https://crrev.com/95e39b06234e5d44fb91f9fa1f6363a7a3e37caa/src/api.cc [modify] https://crrev.com/95e39b06234e5d44fb91f9fa1f6363a7a3e37caa/src/d8.cc [modify] https://crrev.com/95e39b06234e5d44fb91f9fa1f6363a7a3e37caa/src/objects.cc [modify] https://crrev.com/95e39b06234e5d44fb91f9fa1f6363a7a3e37caa/src/wasm/wasm-memory.cc [modify] https://crrev.com/95e39b06234e5d44fb91f9fa1f6363a7a3e37caa/src/wasm/wasm-objects.cc [modify] https://crrev.com/95e39b06234e5d44fb91f9fa1f6363a7a3e37caa/test/cctest/wasm/test-run-wasm-module.cc [modify] https://crrev.com/95e39b06234e5d44fb91f9fa1f6363a7a3e37caa/test/unittests/value-serializer-unittest.cc
,
Feb 20 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/fe99f023173d7bf01deabaa8be9dfb70a4a9f233 commit fe99f023173d7bf01deabaa8be9dfb70a4a9f233 Author: Bill Budge <bbudge@chromium.org> Date: Tue Feb 20 20:36:30 2018 [wtf] Eliminate ArrayBufferContents page memory methods. - Removes ReserveMemory method. - Removes ReleaseReservedMemory, this is now just base::FreePages. - Removes SetProtection, this is now base::SetPermissions. - Removes dependency on sandbox/linux. base::AllocPages / FreePages now updates address space limits. Bug: chromium:799573 Change-Id: Iabc57c61511dfdc7b7ca2aa93c56ed21a22692f4 Reviewed-on: https://chromium-review.googlesource.com/923173 Reviewed-by: Jeremy Roman <jbroman@chromium.org> Reviewed-by: Kenneth Russell <kbr@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#537868} [modify] https://crrev.com/fe99f023173d7bf01deabaa8be9dfb70a4a9f233/content/gpu/BUILD.gn [modify] https://crrev.com/fe99f023173d7bf01deabaa8be9dfb70a4a9f233/gin/array_buffer.cc [modify] https://crrev.com/fe99f023173d7bf01deabaa8be9dfb70a4a9f233/gin/array_buffer.h [modify] https://crrev.com/fe99f023173d7bf01deabaa8be9dfb70a4a9f233/gin/array_buffer_unittest.cc [modify] https://crrev.com/fe99f023173d7bf01deabaa8be9dfb70a4a9f233/third_party/WebKit/Source/bindings/core/v8/V8Initializer.cpp [modify] https://crrev.com/fe99f023173d7bf01deabaa8be9dfb70a4a9f233/third_party/WebKit/Source/platform/wtf/BUILD.gn [modify] https://crrev.com/fe99f023173d7bf01deabaa8be9dfb70a4a9f233/third_party/WebKit/Source/platform/wtf/DEPS [modify] https://crrev.com/fe99f023173d7bf01deabaa8be9dfb70a4a9f233/third_party/WebKit/Source/platform/wtf/typed_arrays/ArrayBufferContents.cpp [modify] https://crrev.com/fe99f023173d7bf01deabaa8be9dfb70a4a9f233/third_party/WebKit/Source/platform/wtf/typed_arrays/ArrayBufferContents.h
,
Feb 21 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/06e04ffee59f73de73e701ec1cf4ab70649eba44 commit 06e04ffee59f73de73e701ec1cf4ab70649eba44 Author: Maxim Kolosovskiy <kolos@chromium.org> Date: Wed Feb 21 10:01:31 2018 Revert "[wtf] Eliminate ArrayBufferContents page memory methods." This reverts commit fe99f023173d7bf01deabaa8be9dfb70a4a9f233. Reason for revert: failures of webaudio tests See https://bugs.chromium.org/p/chromium/issues/detail?id=814231 Original change's description: > [wtf] Eliminate ArrayBufferContents page memory methods. > > - Removes ReserveMemory method. > - Removes ReleaseReservedMemory, this is now just base::FreePages. > - Removes SetProtection, this is now base::SetPermissions. > - Removes dependency on sandbox/linux. base::AllocPages / FreePages > now updates address space limits. > > Bug: chromium:799573 > Change-Id: Iabc57c61511dfdc7b7ca2aa93c56ed21a22692f4 > Reviewed-on: https://chromium-review.googlesource.com/923173 > Reviewed-by: Jeremy Roman <jbroman@chromium.org> > Reviewed-by: Kenneth Russell <kbr@chromium.org> > Reviewed-by: Kentaro Hara <haraken@chromium.org> > Commit-Queue: Bill Budge <bbudge@chromium.org> > Cr-Commit-Position: refs/heads/master@{#537868} TBR=bbudge@chromium.org,jbroman@chromium.org,kbr@chromium.org,haraken@chromium.org,eholk@chromium.org Change-Id: I69e8cd3871dfdd6ac4db922145b269eedcd30569 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:799573 Reviewed-on: https://chromium-review.googlesource.com/928341 Reviewed-by: Maxim Kolosovskiy <kolos@chromium.org> Commit-Queue: Maxim Kolosovskiy <kolos@chromium.org> Cr-Commit-Position: refs/heads/master@{#538054} [modify] https://crrev.com/06e04ffee59f73de73e701ec1cf4ab70649eba44/content/gpu/BUILD.gn [modify] https://crrev.com/06e04ffee59f73de73e701ec1cf4ab70649eba44/gin/array_buffer.cc [modify] https://crrev.com/06e04ffee59f73de73e701ec1cf4ab70649eba44/gin/array_buffer.h [modify] https://crrev.com/06e04ffee59f73de73e701ec1cf4ab70649eba44/gin/array_buffer_unittest.cc [modify] https://crrev.com/06e04ffee59f73de73e701ec1cf4ab70649eba44/third_party/WebKit/Source/bindings/core/v8/V8Initializer.cpp [modify] https://crrev.com/06e04ffee59f73de73e701ec1cf4ab70649eba44/third_party/WebKit/Source/platform/wtf/BUILD.gn [modify] https://crrev.com/06e04ffee59f73de73e701ec1cf4ab70649eba44/third_party/WebKit/Source/platform/wtf/DEPS [modify] https://crrev.com/06e04ffee59f73de73e701ec1cf4ab70649eba44/third_party/WebKit/Source/platform/wtf/typed_arrays/ArrayBufferContents.cpp [modify] https://crrev.com/06e04ffee59f73de73e701ec1cf4ab70649eba44/third_party/WebKit/Source/platform/wtf/typed_arrays/ArrayBufferContents.h
,
Feb 21 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/2ca35149f44ef4e34d7ca3b3e83e782df049e8e0 commit 2ca35149f44ef4e34d7ca3b3e83e782df049e8e0 Author: Bill Budge <bbudge@chromium.org> Date: Wed Feb 21 23:22:22 2018 Reland "[wtf] Eliminate ArrayBufferContents page memory methods." This is a reland of fe99f023173d7bf01deabaa8be9dfb70a4a9f233. Original change's description: > [wtf] Eliminate ArrayBufferContents page memory methods. > > - Removes ReserveMemory method. > - Removes ReleaseReservedMemory, this is now just base::FreePages. > - Removes SetProtection, this is now base::SetPermissions. > - Removes dependency on sandbox/linux. base::AllocPages / FreePages > now updates address space limits. > > Bug: chromium:799573 > Change-Id: Iabc57c61511dfdc7b7ca2aa93c56ed21a22692f4 > Reviewed-on: https://chromium-review.googlesource.com/923173 > Reviewed-by: Jeremy Roman <jbroman@chromium.org> > Reviewed-by: Kenneth Russell <kbr@chromium.org> > Reviewed-by: Kentaro Hara <haraken@chromium.org> > Commit-Queue: Bill Budge <bbudge@chromium.org> > Cr-Commit-Position: refs/heads/master@{#537868} TBR=kbr@chromium.org Bug: chromium:799573 Change-Id: I62ec635b0f685cc4d33d71fb97fc21ebd3ac0da6 Reviewed-on: https://chromium-review.googlesource.com/928801 Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Reviewed-by: Jeremy Roman <jbroman@chromium.org> Cr-Commit-Position: refs/heads/master@{#538246} [modify] https://crrev.com/2ca35149f44ef4e34d7ca3b3e83e782df049e8e0/content/gpu/BUILD.gn [modify] https://crrev.com/2ca35149f44ef4e34d7ca3b3e83e782df049e8e0/gin/array_buffer.cc [modify] https://crrev.com/2ca35149f44ef4e34d7ca3b3e83e782df049e8e0/gin/array_buffer.h [modify] https://crrev.com/2ca35149f44ef4e34d7ca3b3e83e782df049e8e0/gin/array_buffer_unittest.cc [modify] https://crrev.com/2ca35149f44ef4e34d7ca3b3e83e782df049e8e0/third_party/WebKit/Source/bindings/core/v8/V8Initializer.cpp [modify] https://crrev.com/2ca35149f44ef4e34d7ca3b3e83e782df049e8e0/third_party/WebKit/Source/platform/wtf/BUILD.gn [modify] https://crrev.com/2ca35149f44ef4e34d7ca3b3e83e782df049e8e0/third_party/WebKit/Source/platform/wtf/DEPS [modify] https://crrev.com/2ca35149f44ef4e34d7ca3b3e83e782df049e8e0/third_party/WebKit/Source/platform/wtf/typed_arrays/ArrayBufferContents.cpp [modify] https://crrev.com/2ca35149f44ef4e34d7ca3b3e83e782df049e8e0/third_party/WebKit/Source/platform/wtf/typed_arrays/ArrayBufferContents.h
,
Feb 22 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/3398bc96d2085f09837f011891f7e1cfcb81e425 commit 3398bc96d2085f09837f011891f7e1cfcb81e425 Author: Bill Budge <bbudge@chromium.org> Date: Thu Feb 22 21:40:14 2018 [libfuzzer] Remove deprecated ArrayBuffer::Allocator methods. Bug: chromium:799573 Change-Id: Iea64ddea757fa52394b2192a5a84ff4c8dd2027e Reviewed-on: https://chromium-review.googlesource.com/932701 Reviewed-by: Jonathan Metzman <metzman@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#538571} [modify] https://crrev.com/3398bc96d2085f09837f011891f7e1cfcb81e425/testing/libfuzzer/fuzzers/v8_fuzzer.cc
,
Mar 3 2018
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/9568cea8bf422c5cff5555eb8d9a6b4d02d5876d commit 9568cea8bf422c5cff5555eb8d9a6b4d02d5876d Author: Bill Budge <bbudge@chromium.org> Date: Sat Mar 03 12:00:24 2018 [API] Remove ArrayBuffer::Allocator virtual memory methods. - Removes Reserve, Free (overload) and SetProtection methods. - Updates comment on enum which we still need to distinguish between allocated and reserved ArrayBuffers. Bug: chromium:799573 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I1b4e08f97c22ae6b6af847fbcdde047be62fecf8 Reviewed-on: https://chromium-review.googlesource.com/924603 Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Eric Holk <eholk@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#51714} [modify] https://crrev.com/9568cea8bf422c5cff5555eb8d9a6b4d02d5876d/include/v8.h [modify] https://crrev.com/9568cea8bf422c5cff5555eb8d9a6b4d02d5876d/src/api.cc [modify] https://crrev.com/9568cea8bf422c5cff5555eb8d9a6b4d02d5876d/src/d8.cc [modify] https://crrev.com/9568cea8bf422c5cff5555eb8d9a6b4d02d5876d/test/mkgrokdump/mkgrokdump.cc
,
Mar 20 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/0082d0ec291414df9c813dbfef9c532d667c0ca9 commit 0082d0ec291414df9c813dbfef9c532d667c0ca9 Author: Bill Budge <bbudge@chromium.org> Date: Tue Mar 20 17:06:25 2018 [page_allocator] More page allocator tests. - Move PageAllocator unit tests into their own file. - Add tests for no access, and read only access. Bug: chromium:799573 Change-Id: I57289390d76418446f7204800dcb3703714c08dd Reviewed-on: https://chromium-review.googlesource.com/924746 Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Reviewed-by: Chris Palmer <palmer@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org> Cr-Commit-Position: refs/heads/master@{#544413} [modify] https://crrev.com/0082d0ec291414df9c813dbfef9c532d667c0ca9/base/BUILD.gn [add] https://crrev.com/0082d0ec291414df9c813dbfef9c532d667c0ca9/base/allocator/partition_allocator/page_allocator_unittest.cc [modify] https://crrev.com/0082d0ec291414df9c813dbfef9c532d667c0ca9/base/allocator/partition_allocator/partition_alloc_unittest.cc
,
Mar 20 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/2f9bd6ab09d91b3aaa8b1e667733a3b1fa81c428 commit 2f9bd6ab09d91b3aaa8b1e667733a3b1fa81c428 Author: Wez <wez@chromium.org> Date: Tue Mar 20 18:59:34 2018 [page_allocator] Disable tests under Fuchsia that require POSIX signals. These tests were introduced in https://chromium-review.googlesource.com/c/chromium/src/+/924746 and cause the Fuchsia FYI bots to fail. TBR: bbudge Bug: chromium:799573 Change-Id: I98aafdf0e42814e0cf3642eea2605738e916845a Reviewed-on: https://chromium-review.googlesource.com/971501 Reviewed-by: Wez <wez@chromium.org> Commit-Queue: Wez <wez@chromium.org> Cr-Commit-Position: refs/heads/master@{#544463} [modify] https://crrev.com/2f9bd6ab09d91b3aaa8b1e667733a3b1fa81c428/base/allocator/partition_allocator/page_allocator_unittest.cc
,
Aug 3
This bug has an owner, thus, it's been triaged. Changing status to "assigned".
,
Aug 3
Since this would be a difficult project, and site-isolation is now the preferred approach to prevent side channel attacks, marking this as won't-fix.
,
Nov 10
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by bugdroid1@chromium.org
, Jan 6 2018