PR-URL: https://github.com/nodejs/node/pull/51796
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
PR-URL: https://github.com/nodejs/node/pull/51810
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Within Node.js, attempt to determine if libuv is using io_uring. If it
is, disable process.setuid() and other user identity setters.
We cannot fully prevent users from changing the process's user identity,
but this should still prevent some accidental, dangerous scenarios.
PR-URL: https://github.com/nodejs-private/node-private/pull/528
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
CVE-ID: CVE-2024-22017
setuid() does not affect libuv's internal io_uring operations if
initialized before the call to setuid(). This potentially allows the
process to perform privileged operations despite presumably having
dropped such privileges through a call to setuid(). Similar concerns
apply to other functions that modify the process's user identity.
This commit changes libuv's io_uring behavior from opt-out (through
UV_USE_IO_URING=0) to opt-in (through UV_USE_IO_URING=1) until we figure
out a better long-term solution.
PR-URL: https://github.com/nodejs-private/node-private/pull/528
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
CVE-ID: CVE-2024-22017
PR-URL: https://github.com/nodejs/node/pull/51582
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
PR-URL: https://github.com/nodejs/node/pull/51630
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/51580
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/51614
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
PR-URL: https://github.com/nodejs/node/pull/51614
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Original commit message:
[api] Add v8::ScriptCompiler::CachedData::CompatibilityCheck()
This patch adds a new API v8::ScriptCompiler::CachedData::CompatibilityCheck()
in order to allow embedders to check if the code cache can be used in
the current isolate without looking up for the source code. It also returns more detailed reasons about why the code cache cannot be used
when it's bound to be rejected. This makes it possible to enforce
portability checks in case code code becomes CPU-dependent in the
future.
Refs: https://github.com/nodejs/node/issues/42566#issuecomment-1735862123
Change-Id: Ia1d677b949050add961af6fbf62c44342c061312
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4905290
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#90833}
Refs: efb1133eb8
PR-URL: https://github.com/nodejs/node/pull/51551
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/51584
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/51461
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
This should get rid of the following GCC warning:
ISO C90 does not support ‘long long’ [-Wlong-long]
PR-URL: https://github.com/nodejs/node/pull/51410
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
PR-URL: https://github.com/nodejs/node/pull/51385
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
- update uvwasi to 0.0.20
- adjust tests to reflect udpated behaviour from
https://github.com/nodejs/uvwasi/pull/224 included
in uvwasi 0.0.20
Signed-off-by: Michael Dawson <midawson@redhat.com>
PR-URL: https://github.com/nodejs/node/pull/51355
Reviewed-By: Guy Bedford <guybedford@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/51400
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/51278
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/51313
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Original commit message:
[maglev] fix non-ptr-compr compilation on old compilers
When pointer compression is disabled, the preprocessor expands some
static asserts to static_assert(false), which doesn't compile on
compilers not implementing the C++ defect report CWG2518, notably clang
before version 17 and gcc before version 13.
Adding in part of the template parameter to the static assert prevents
it from being evaluated immediately which fixes the compilation.
Test: compiled with gcc-11 and clang-14 without pointer compression.
Change-Id: I95ce29bdb1278e6dad9e592d6f9476395f8aeb59
Fixed: v8:14355
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5022760
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#91553}
Refs: de611e69ad
PR-URL: https://github.com/nodejs/node/pull/51200
Refs: https://github.com/nodejs/node/issues/50690
Reviewed-By: Yagiz Nizipli <yagiz.nizipli@sentry.io>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
PR-URL: https://github.com/nodejs/node/pull/50115
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Original commit message:
[heap-profiler]: expose QueryObjects() to v8::HeapProfiler
This allows embedders to use this API for testing memory leaks more
reliably. See https://github.com/nodejs/node/pull/50572 for an
example about how the API can be used.
Change-Id: Ic3d1268e2b331c37e8ec92997b764b9b5486f8c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5006373
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#91123}
Refs: 0fd478bcda
PR-URL: https://github.com/nodejs/node/pull/50572
Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
PR-URL: https://github.com/nodejs/node/pull/50115
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Original commit message:
[gcc] Add include for TurboShaft
Include <limits> for std::numeric_limits.
Bug: chromium:819294
Change-Id: I26a71ed4bad1858d2f5ed5d7dcd529e9cae60f37
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4889285
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#90347}
Refs: 8f0b94671d
PR-URL: https://github.com/nodejs/node/pull/50654
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/50115
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Original commit message:
[logging] Bugfix: LinuxPerfBasicLogger should log JS functions
This patch fixes a typo that was introduced in commit
c51041f45400928cd64fbc8f389c0dd0dd15f82f /
https://chromium-review.googlesource.com/c/v8/v8/+/2336793, which reversed the behavior of the perf_basic_prof_only_functions flag.
This also refactors the equivalent guard in LinuxPerfJitLogger to use the same inline CodeKind API for identifying JS Functions. This is unrelated to the bug, but it seems a fair rider to add on here.
Bug: v8:14387
Change-Id: I25766b0d45f4c65dfec5ae01e094a1ed94111054
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4954225
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#90501}
Refs: f7d000a7ae
PR-URL: https://github.com/nodejs/node/pull/50302
Reviewed-By: Vinícius Lourenço Claro Cardoso <contact@viniciusl.com.br>
Reviewed-By: Debadree Chatterjee <debadree333@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/50115
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Original commit message:
[api] add line breaks to the output of Message::PrintCurrentStackTrace
Previously this prints the stack trace without line breaks and it
can be difficult to read. This also affects
--abort-on-uncaught-exception. This patch adds line breaks to the
output to improve readability.
Change-Id: I4c44b529f8c829329f784b0859b1d13c9ec56838
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4925009
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#90360}
Refs: 25902244ad
PR-URL: https://github.com/nodejs/node/pull/50156
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Debadree Chatterjee <debadree333@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/50115
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
We are not ready to compile with C++20 support yet.
This is only a DCHECK that can be removed without affecting the behavior
of release builds.
PR-URL: https://github.com/nodejs/node/pull/49639
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/50115
Reviewed-By: Michael Dawson <midawson@redhat.com>
