[PA] Check if giga cage is enabled before calling IsManagedByPartitionAllocNormalBuckets

If GigaCage isn't enabled, this DCHECK gets triggered
PartitionRoot()->PartitionRefCountPointer()->DCheckGetSlotOffsetsZero()->PartitionGetSlotOffset()->DCheckIfManagedByPartitionAllocNormalBuckets()
We should check IsPartitionAllocGigaCageEnabled before calling IsManagedByPartitionAllocNormalBuckets.

Also removed, PartitionRefCountPointerNoDCheck() as it would no longer be needed.

Bug: 1073933
Change-Id: Ida270d718f0299837d1b506966d46512a8c60f24
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2631980
Commit-Queue: Keishi Hattori <keishi@chromium.org>
Reviewed-by: Bartek Nowierski <bartekn@chromium.org>
Cr-Commit-Position: refs/heads/master@{#844570}

base/allocator/partition_allocator/partition_ref_count.h

@@ -118,11 +118,6 @@ ALWAYS_INLINE PartitionRefCount* PartitionRefCountPointer(void* slot_start) {
   return reinterpret_cast<PartitionRefCount*>(slot_start);
 }
 
-ALWAYS_INLINE PartitionRefCount* PartitionRefCountPointerNoDCheck(
-    void* slot_start) {
-  return reinterpret_cast<PartitionRefCount*>(slot_start);
-}
-
 #else  // ENABLE_REF_COUNTER_FOR_BACKUP_REF_PTR
 
 static constexpr size_t kInSlotRefCountBufferSize = 0;

base/allocator/partition_allocator/partition_root.cc

@@ -314,7 +314,9 @@ static void PartitionDumpBucketStats(
 
 #if DCHECK_IS_ON()
 void DCheckIfManagedByPartitionAllocNormalBuckets(const void* ptr) {
-  PA_DCHECK(IsManagedByPartitionAllocNormalBuckets(ptr));
+  if (features::IsPartitionAllocGigaCageEnabled()) {
+    PA_DCHECK(IsManagedByPartitionAllocNormalBuckets(ptr));
+  }
 }
 #endif
 

base/allocator/partition_allocator/partition_root.h

@@ -697,7 +697,7 @@ ALWAYS_INLINE void* PartitionAllocGetSlotStart(void* ptr) {
 // TODO(glazunov): Simplify the function once the non-thread-safe PartitionRoot
 // is no longer used.
 ALWAYS_INLINE void PartitionAllocFreeForRefCounting(void* slot_start) {
-  PA_DCHECK(!internal::PartitionRefCountPointerNoDCheck(slot_start)->IsAlive());
+  PA_DCHECK(!internal::PartitionRefCountPointer(slot_start)->IsAlive());
 
   auto* slot_span =
       SlotSpanMetadata<ThreadSafe>::FromPointerNoAlignmentCheck(slot_start);
@@ -892,7 +892,7 @@ ALWAYS_INLINE void PartitionRoot<thread_safe>::FreeNoHooksImmediate(
 #if ENABLE_REF_COUNT_FOR_BACKUP_REF_PTR
   if (allow_ref_count) {
     if (LIKELY(!slot_span->bucket->is_direct_mapped())) {
-      auto* ref_count = internal::PartitionRefCountPointerNoDCheck(slot_start);
+      auto* ref_count = internal::PartitionRefCountPointer(slot_start);
       // If we are holding the last reference to the allocation, it can be freed
       // immediately. Otherwise, defer the operation and zap the memory to turn
       // potential use-after-free issues into unexploitable crashes.