Google Git
Sign in
chromium / v8 / v8 / 6930df0f1cf6671f356886b068d676a45c3543d6
commit6930df0f1cf6671f356886b068d676a45c3543d6[log] [tgz]
authorBruce Dawson <brucedawson@chromium.org>Thu Aug 23 00:10:35 2018
committerCommit Bot <commit-bot@chromium.org>Thu Aug 23 18:27:42 2018
tree93de434a2fbc37c06d870142aee28b95e03421c5
parentadea021bbf90cfc93d032d649f112895a482cb3e [diff]
Use PAGE_TARGETS_INVALID when allocating code pages

PAGE_TARGETS_INVALID tells CFG (Control Flow Guard) to mark all
addresses as invalid indirect branch targets. This makes exploits more
difficult. The benefit is minor because most of the code in the Chrome
process doesn't use the CFG checks, but this will close off a few
weaknesses and is the direction we will want to go in eventually
anyway (with specific targets or call sites opted-in to allowing
calls, using SetProcessValidCallTargets).

PAGE_TARGETS_INVALID may ultimately cause CFG to not allocate memory -
that is implied by Windows Internals 7th Edition - and if that is
implemented then this change will save some modest amount of memory.

PAGE_TARGETS_INVALID was introduced in Windows 10 - according to
Windows Internals Part 1 7th Edition - prior to that it will cause
VirtualAlloc to fail.

Bug: chromium:870054
Change-Id: Ib1784fba37cc0ecb5fe5df595f1519531b3b3a20
Reviewed-on: https://chromium-review.googlesource.com/1186025
Commit-Queue: Bruce Dawson <brucedawson@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55365}
1 file changed
tree: 93de434a2fbc37c06d870142aee28b95e03421c5
  1. benchmarks/
  2. build_overrides/
  3. custom_deps/
  4. docs/
  5. gni/
  6. include/
  7. infra/
  8. samples/
  9. src/
  10. test/
  11. testing/
  12. third_party/
  13. tools/
  14. .clang-format
  15. .editorconfig
  16. .git-blame-ignore-revs
  17. .gitattributes
  18. .gitignore
  19. .gn
  20. .vpython
  21. .ycm_extra_conf.py
  22. AUTHORS
  23. BUILD.gn
  24. ChangeLog
  25. CODE_OF_CONDUCT.md
  26. codereview.settings
  27. DEPS
  28. LICENSE
  29. LICENSE.fdlibm
  30. LICENSE.strongtalk
  31. LICENSE.v8
  32. LICENSE.valgrind
  33. OWNERS
  34. PRESUBMIT.py
  35. README.md
  36. snapshot_toolchain.gni
  37. WATCHLISTS
README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://github.com/v8/v8/wiki

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned on the V8 wiki.