fix: ensure v8 pointer compression + sandbox is enabled on 64bit native modules (#34844)

* fix: ensure v8 pointer compression + sandbox is enabled on 64bit native modules

* build: rely on config.gypi to enable pointer compression
This commit is contained in:
Samuel Attard 2022-07-08 01:06:06 -07:00 committed by GitHub
parent 1941c88442
commit eba9d3fc79
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 53 additions and 3 deletions

View file

@ -45,3 +45,4 @@ fix_add_v8_enable_reverse_jsargs_defines_in_common_gypi.patch
json_parse_errors_made_user-friendly.patch
build_define_libcpp_abi_namespace_as_cr_to_align_with_chromium.patch
support_v8_sandboxed_pointers.patch
build_ensure_v8_pointer_compression_sandbox_is_enabled_on_64bit.patch

View file

@ -0,0 +1,49 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Samuel Attard <sattard@salesforce.com>
Date: Thu, 7 Jul 2022 14:42:49 -0700
Subject: build: ensure v8 pointer compression + sandbox is enabled on 64bit
Aligns common.gypi with the current build flag state of //v8.
Specifically enables `V8_ENABLE_SANDBOX`, `V8_SANDBOXED_POINTERS`, `V8_COMPRESS_POINTERS` and `V8_COMPRESS_POINTERS_IN_SHARED_CAGE`.
diff --git a/common.gypi b/common.gypi
index 559b7f7c220cb98946285bb15d0d63e203bbcea4..b0cba989da8d9b5bd7e1050510bb09646622f88c 100644
--- a/common.gypi
+++ b/common.gypi
@@ -66,6 +66,8 @@
'v8_enable_pointer_compression%': 0,
'v8_enable_31bit_smis_on_64bit_arch%': 0,
+ 'v8_enable_sandbox%': 0,
+
# Disable V8 untrusted code mitigations.
# See https://github.com/v8/v8/wiki/Untrusted-code-mitigations
'v8_untrusted_code_mitigations': 0,
@@ -135,6 +137,9 @@
'v8_enable_pointer_compression': 0,
'v8_enable_31bit_smis_on_64bit_arch': 0,
}],
+ ['target_arch in "arm64 x64"', {
+ 'v8_enable_sandbox': 1,
+ }],
['target_arch in "ppc64 s390x"', {
'v8_enable_backtrace': 1,
}],
@@ -395,9 +400,15 @@
['v8_enable_pointer_compression == 1', {
'defines': [
'V8_COMPRESS_POINTERS',
- 'V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE',
+ 'V8_COMPRESS_POINTERS_IN_SHARED_CAGE',
],
}],
+ ['v8_enable_sandbox == 1', {
+ 'defines': [
+ 'V8_ENABLE_SANDBOX',
+ 'V8_SANDBOXED_POINTERS'
+ ]
+ }],
['v8_enable_pointer_compression == 1 or v8_enable_31bit_smis_on_64bit_arch == 1', {
'defines': ['V8_31BIT_SMIS_ON_64BIT_ARCH'],
}],

View file

@ -14,9 +14,9 @@ NODE_DIR = os.path.join(ELECTRON_DIR, '..', 'third_party', 'electron_node')
def run_node_configure(target_cpu):
configure = os.path.join(NODE_DIR, 'configure.py')
args = ['--dest-cpu', target_cpu]
# Enabled in Chromium's V8.
if target_cpu in ('arm64', 'x64'):
args += ['--experimental-enable-pointer-compression']
# Enabled in Chromium's V8, will be disabled on 32bit via
# common.gypi rules
args += ['--experimental-enable-pointer-compression']
# Work around "No acceptable ASM compiler found" error on some System,
# it breaks nothing since Electron does not use OpenSSL.