From b3d801b4d48214b21e7fdd5d62d35c76a22749ea Mon Sep 17 00:00:00 2001
From: Clemens Backes <clemensb@chromium.org>
Date: Mon, 28 Nov 2022 21:11:49 +0000
Subject: [PATCH] [v8] Disable Wasm code protection by default
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

V8 has an implication that makes lazy compilation disable mprotect-based
code protection (see https://crrev.com/c/3627596).
This implication is ignored in Chrome though since the flag is currently
explicitly enabled. Since lazy compilation is now enabled by default
(https://crrev.com/c/4023373), we should disable code protection.

Note that protection via PKU (which is much stronger and faster) is
still enabled.

R=​ahaas@chromium.org, jam@chromium.org

(cherry picked from commit 9a483611c595d3665abb24b00a2405693f92adf1)

Bug: v8:12852
Change-Id: I55c0959ecdc85aa2253f40f443ce85a449adb4a2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4023869
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Commit-Queue: John Abd-El-Malek <jam@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1072399}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4061295
Reviewed-by: Prudhvikumar Bommana <pbommana@google.com>
Commit-Queue: Prudhvikumar Bommana <pbommana@google.com>
Owners-Override: Prudhvikumar Bommana <pbommana@google.com>
Commit-Queue: Srinivas Sista <srinivassista@chromium.org>
Cr-Commit-Position: refs/branch-heads/5359@{#1014}
Cr-Branched-From: 27d3765d341b09369006d030f83f582a29eb57ae-refs/heads/main@{#1058933}
---
 content/public/common/content_features.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc
index d57db0aa742ba6..a99e48ae635e62 100644
--- a/content/public/common/content_features.cc
+++ b/content/public/common/content_features.cc
@@ -1226,7 +1226,7 @@ BASE_FEATURE(kWebAssemblyBaseline,
 // Enable memory protection for code JITed for WebAssembly.
 BASE_FEATURE(kWebAssemblyCodeProtection,
              "WebAssemblyCodeProtection",
-             base::FEATURE_ENABLED_BY_DEFAULT);
+             base::FEATURE_DISABLED_BY_DEFAULT);
 
 #if (BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)) && defined(ARCH_CPU_X86_64)
 // Use memory protection keys in userspace (PKU) (if available) to protect code