[PartitionAlloc] Uncommit the 1st page in direct map

Until now the 1st page was uncommitted only on 32-bit architectures, which looks like a mistake. It isn't used on 64-bit either and it should be uncommitted there too, in order not to waste space. Change-Id: I107dd8c064f92546bfaad01ea00747b721751172 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2533214Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Bartek Nowierski <bartekn@chromium.org> Auto-Submit: Bartek Nowierski <bartekn@chromium.org> Cr-Commit-Position: refs/heads/master@{#826674}

[PartitionAlloc] Uncommit the 1st page in direct map
Until now the 1st page was uncommitted only on 32-bit architectures, which looks like a mistake. It isn't used on 64-bit either and it should be uncommitted there too, in order not to waste space. Change-Id: I107dd8c064f92546bfaad01ea00747b721751172 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2533214Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Bartek Nowierski <bartekn@chromium.org> Auto-Submit: Bartek Nowierski <bartekn@chromium.org> Cr-Commit-Position: refs/heads/master@{#826674}
b8fc6bbd · Bartek Nowierski · Commit Bot · 935aa775 · b8fc6bbd
Commit b8fc6bbd authored Nov 12, 2020 by Bartek Nowierski Committed by Commit Bot Nov 12, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 3 deletions

base/allocator/partition_allocator/partition_bucket.cc base/allocator/partition_allocator/partition_bucket.cc +5 -3

No files found.
--- a/base/allocator/partition_allocator/partition_bucket.cc
+++ b/base/allocator/partition_allocator/partition_bucket.cc
@@ -35,10 +35,12 @@ PartitionDirectMap(PartitionRoot<thread_safe>* root, int flags, size_t raw_size)
  // Because we need to fake looking like a super page, we need to allocate
  // a bunch of system pages more than "size":
  // - The first few system pages are the partition page in which the super
-  // page metadata is stored. We fault just one system page out of a partition
+  // page metadata is stored. We commit just one system page out of a partition
  // page sized clump.
  // - We add a trailing guard page on 32-bit (on 64-bit we rely on the
-  // massive address space plus randomization instead).
+  // massive address space plus randomization instead; additionally GigaCage
+  // guarantees that the region is in the company of regions that have leading
+  // guard pages).
  size_t map_size = size + PartitionPageSize();
 #if !defined(ARCH_CPU_64_BITS)
  map_size += SystemPageSize();
@@ -68,11 +70,11 @@ PartitionDirectMap(PartitionRoot<thread_safe>* root, int flags, size_t raw_size)
  root->IncreaseCommittedPages(committed_page_size);
  char* slot = ptr + PartitionPageSize();
+  SetSystemPagesAccess(ptr, SystemPageSize(), PageInaccessible);
  SetSystemPagesAccess(ptr + (SystemPageSize() * 2),
                       PartitionPageSize() - (SystemPageSize() * 2),
                       PageInaccessible);
 #if !defined(ARCH_CPU_64_BITS)
-  SetSystemPagesAccess(ptr, SystemPageSize(), PageInaccessible);
  SetSystemPagesAccess(slot + size, SystemPageSize(), PageInaccessible);
 #endif