v8
V8 is Google’s open source high-performance JavaScript and WebAssembly engine, written in C++.
Loading...
Searching...
No Matches
check.h
Go to the documentation of this file.
1
// Copyright 2024 the V8 project authors. All rights reserved.
2
// Use of this source code is governed by a BSD-style license that can be
3
// found in the LICENSE file.
4
5
#ifndef V8_SANDBOX_CHECK_H_
6
#define V8_SANDBOX_CHECK_H_
7
8
#include "
src/sandbox/hardware-support.h
"
9
10
// When the sandbox is enabled, a SBXCHECK behaves exactly like a CHECK, but
11
// indicates that the check is required for the sandbox, i.e. prevents a
12
// sandbox bypass. When the sandbox is off, it becomes a DCHECK.
13
//
14
// As an example, consider a scenario where an in-sandbox object stores an
15
// index into an out-of-sandbox array (or a similar data structure). While
16
// under normal circumstances it can be guaranteed that the index will always
17
// be in bounds, with the sandbox attacker model, we have to assume that the
18
// in-sandbox object can be corrupted by an attacker and so the access can go
19
// out-of-bounds. In that case, a SBXCHECK can be used to both prevent memory
20
// corruption outside of the sandbox and document that there is a
21
// security-critical invariant that may be violated when an attacker can
22
// corrupt memory inside the sandbox, but otherwise holds true.
23
#ifdef V8_ENABLE_SANDBOX
24
25
#ifdef DEBUG
26
// It's unsafe to access sandbox memory during a SBXCHECK since such an access
27
// will be inherently racy as we need to assume an attacker can modify the value
28
// inside the sandbox right before and after the check. If you run into this,
29
// you might want to read the value outside of the SBXCHECK first to ensure that
30
// the SBXCHECK and the code that relies on it use the same value. And if in
31
// doubt, feel free to add someone from the security team as a reviewer. If
32
// sandbox hardware support is enabled, we'll block these accesses temporarily
33
// in debug builds.
34
#define BLOCK_SANDBOX_ACCESS_IN_DEBUG_MODE \
35
auto block_access = v8::internal::SandboxHardwareSupport::MaybeBlockAccess()
36
#else
37
#define BLOCK_SANDBOX_ACCESS_IN_DEBUG_MODE
38
#endif
39
40
#define SBXCHECK(condition) \
41
do { \
42
BLOCK_SANDBOX_ACCESS_IN_DEBUG_MODE; \
43
CHECK(condition); \
44
} while (false)
45
46
#define SBXCHECK_WRAPPED(CONDITION, lhs, rhs) \
47
do { \
48
BLOCK_SANDBOX_ACCESS_IN_DEBUG_MODE; \
49
CHECK_##CONDITION(lhs, rhs); \
50
} while (false)
51
52
#define SBXCHECK_EQ(lhs, rhs) SBXCHECK_WRAPPED(EQ, lhs, rhs)
53
#define SBXCHECK_NE(lhs, rhs) SBXCHECK_WRAPPED(NE, lhs, rhs)
54
#define SBXCHECK_GT(lhs, rhs) SBXCHECK_WRAPPED(GT, lhs, rhs)
55
#define SBXCHECK_GE(lhs, rhs) SBXCHECK_WRAPPED(GE, lhs, rhs)
56
#define SBXCHECK_LT(lhs, rhs) SBXCHECK_WRAPPED(LT, lhs, rhs)
57
#define SBXCHECK_LE(lhs, rhs) SBXCHECK_WRAPPED(LE, lhs, rhs)
58
#define SBXCHECK_BOUNDS(index, limit) SBXCHECK_WRAPPED(BOUNDS, index, limit)
59
#define SBXCHECK_IMPLIES(when, then) SBXCHECK_WRAPPED(IMPLIES, when, then)
60
#else
61
#define SBXCHECK(condition) DCHECK(condition)
62
#define SBXCHECK_EQ(lhs, rhs) DCHECK_EQ(lhs, rhs)
63
#define SBXCHECK_NE(lhs, rhs) DCHECK_NE(lhs, rhs)
64
#define SBXCHECK_GT(lhs, rhs) DCHECK_GT(lhs, rhs)
65
#define SBXCHECK_GE(lhs, rhs) DCHECK_GE(lhs, rhs)
66
#define SBXCHECK_LT(lhs, rhs) DCHECK_LT(lhs, rhs)
67
#define SBXCHECK_LE(lhs, rhs) DCHECK_LE(lhs, rhs)
68
#define SBXCHECK_BOUNDS(index, limit) DCHECK_BOUNDS(index, limit)
69
#define SBXCHECK_IMPLIES(when, then) DCHECK_IMPLIES(when, then)
70
#endif
71
72
#endif
// V8_SANDBOX_CHECK_H_
hardware-support.h
src
sandbox
check.h
Generated on Sun Apr 6 2025 21:08:57 for v8 by
1.12.0
1.12.0