commit	ac9099a96e1d0830cf9df36721deef5f8ee2561a	[log] [tgz]
author	Christos Froussios <cfroussios@chromium.org>	Tue Apr 26 10:15:13 2022
committer	Chromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com>	Tue Apr 26 10:15:13 2022
tree	77dd3d2e9d7e8563cdba9872fb72ee7e33be4261
parent	9e57d06f51291b3938f1985a73456880e8660d72 [diff]

Revert "Map shared memory mappings backing ArrayBuffers into the V8 Sandbox"

This reverts commit e6b8260468792092e1914363c6e0556e616d76c9.

Reason for revert: broke compilation on Win x64 Builder (dbg)
https://ci.chromium.org/ui/p/chromium/builders/ci/Win%20x64%20Builder%20(dbg)/136614/overview

Original change's description:
> Map shared memory mappings backing ArrayBuffers into the V8 Sandbox
>
> When the V8 sandbox is enabled, ArrayBuffers are referenced through
> offsets rather than raw pointers to prevent their abuse by an exploit.
> This requires that all ArrayBuffer backing stores be mapped into the
> sandbox address space. As some ArrayBuffers, for example those created by
> MojoJS, are backed by shared memory, additional logic is required to map
> shared memory into the V8 sandbox. This CL achieves this as follows:
>
> 1. A new SharedMemoryMapper interface is introduced which is responsible
>    for mapping and unmapping shared memory regions. With that, it is
>    then possible to customize the mapping/unmapping logic by passing a
>    custom SharedMemoryMapper to *SharedMemoryRegion::Map.
> 2. A subclass, ArrayBufferSharedMemoryMapper is provided which maps the
>    shared memory regions into the V8 sandbox when that is enabled.
> 3. A new ArrayBufferContents constructor is created which accepts a
>    shared memory region as arguments and takes care of mapping it using
>    the appropriate SharedMemoryMapper. This constructor is now used when
>    mapping shared memory for MojoJS.
>
> Bug: 1218005
> Change-Id: Ifce853f85397f8395746904e6a4d3fe30ffd318f
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3596033
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Daniel Cheng <dcheng@chromium.org>
> Owners-Override: Daniel Cheng <dcheng@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#996070}

Bug: 1218005
Change-Id: I634baf628db2f6c462e6d62d3c29d634cd300c44
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3607950
Auto-Submit: Christos Froussios <cfroussios@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Christos Froussios <cfroussios@chromium.org>
Commit-Queue: Christos Froussios <cfroussios@chromium.org>
Owners-Override: Christos Froussios <cfroussios@chromium.org>
Cr-Commit-Position: refs/heads/main@{#996082}

31 files changed

tree: 77dd3d2e9d7e8563cdba9872fb72ee7e33be4261

README.md

Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.

If you found a bug, please file it at https://crbug.com/new.