[API] Add ThreadIsolatedAllocator to Platform
The ThreadIsolatedAllocator will be used for in-process isolation to allocate memory with per-thread permission checks (e.g. using pkeys on x64).
The implementation type needs to be exposed in the API since the caller needs to change thread permissions before calling Allocate. E.g. for pkeys, v8 needs to know which pkey is used to tag the allocator's memory.
Change-Id: Id9b4f8c5e8940c5c0fc6d1c7f81ffc86bc36a5cb
Bug: v8:13355
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4510275
Commit-Queue: Stephen Röttger <sroettger@google.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#87563}
diff --git a/include/v8-platform.h b/include/v8-platform.h
index e34a8db..9811c6e 100644
--- a/include/v8-platform.h
+++ b/include/v8-platform.h
@@ -571,6 +571,34 @@
virtual bool CanAllocateSharedPages() { return false; }
};
+/**
+ * An allocator that uses per-thread permissions to protect the memory.
+ *
+ * The implementation is platform/hardware specific, e.g. using pkeys on x64.
+ *
+ * INTERNAL ONLY: This interface has not been stabilised and may change
+ * without notice from one release to another without being deprecated first.
+ */
+class ThreadIsolatedAllocator {
+ public:
+ virtual ~ThreadIsolatedAllocator() = default;
+
+ virtual void* Allocate(size_t size) = 0;
+
+ virtual void Free(void* object) = 0;
+
+ enum class Type {
+ kPkey,
+ };
+
+ virtual Type Type() const = 0;
+
+ /**
+ * Return the pkey used to implement the thread isolation if Type == kPkey.
+ */
+ virtual int Pkey() const { return -1; }
+};
+
// Opaque type representing a handle to a shared memory region.
using PlatformSharedMemoryHandle = intptr_t;
static constexpr PlatformSharedMemoryHandle kInvalidSharedMemoryHandle = -1;
@@ -975,6 +1003,16 @@
virtual PageAllocator* GetPageAllocator() = 0;
/**
+ * Allows the embedder to provide an allocator that uses per-thread memory
+ * permissions to protect allocations.
+ * Returning nullptr will cause V8 to disable protections that rely on this
+ * feature.
+ */
+ virtual ThreadIsolatedAllocator* GetThreadIsolatedAllocator() {
+ return nullptr;
+ }
+
+ /**
* Allows the embedder to specify a custom allocator used for zones.
*/
virtual ZoneBackingAllocator* GetZoneBackingAllocator() {