deps: V8: cherry-pick e0a109c #27533

joyeecheung · 2019-05-02T14:52:46Z

Original commit message:

[api] Implement StartupData::CanBeRehashed() for the snapshot blob

This enables the embedder to check if the snapshot generated
from SnapshotCreator::CreateBlob() can be rehashed and the seed
can be recomputed during deserialization.

The lack of this functionality resulted in a temporary vunerability
in Node.js: https://github.com/nodejs/node/pull/27365

Change-Id: I88d52337217c40f79c26438be3c87d2db874d980
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578661
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61175}

Refs: v8/v8@e0a109c

Checklist

make -j4 test (UNIX), or vcbuild test (Windows) passes
commit message follows commit guidelines

nodejs-github-bot · 2019-05-02T14:52:49Z

Lite-CI: https://ci.nodejs.org/job/node-test-pull-request-lite-pipeline/3425

nodejs-github-bot · 2019-05-02T14:53:53Z

CI: https://ci.nodejs.org/job/node-test-pull-request/22889/

joyeecheung · 2019-05-02T14:54:02Z

V8-CI: https://ci.nodejs.org/job/node-test-commit-v8-linux/2266/

joyeecheung · 2019-05-02T16:27:49Z

hmm, somehow on our branch the snapshots generated in the tests are not rehashable https://ci.nodejs.org/job/node-test-commit-v8-linux/2266/

There may be some other commits that we need to backport together? @hashseed

joyeecheung · 2019-05-02T16:29:45Z

Ah, the failures are all Check failed: !blob.CanBeRehashed(), which means the ExtractRehashability() on our branch may be bogus..(because having maps in the snapshot here does fail the pummel/test-hash-seed test)

Original commit message: [api] Implement StartupData::CanBeRehashed() for the snapshot blob This enables the embedder to check if the snapshot generated from SnapshotCreator::CreateBlob() can be rehashed and the seed can be recomputed during deserialization. The lack of this functionality resulted in a temporary vunerability in Node.js: nodejs#27365 Change-Id: I88d52337217c40f79c26438be3c87d2db874d980 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578661 Commit-Queue: Joyee Cheung <joyee@igalia.com> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#61175} Refs: v8/v8@e0a109c

joyeecheung · 2019-06-06T12:10:13Z

OK, looks like somehow the patch was applied incorrectly and the assertions went to the wrong places. I've moved them to be in the correct location.

@targos maybe you want to take another look? (though it's just correcting the patch to be the same as the one in the upstream)

nodejs-github-bot · 2019-06-06T12:10:49Z

CI: https://ci.nodejs.org/job/node-test-pull-request/23658/

joyeecheung · 2019-06-06T12:11:07Z

V8-CI: https://ci.nodejs.org/job/node-test-commit-v8-linux/2361/

nodejs-github-bot · 2019-06-09T14:56:39Z

CI: https://ci.nodejs.org/job/node-test-pull-request/23723/

joyeecheung · 2019-06-09T14:57:12Z

V8-CI: https://ci.nodejs.org/job/node-test-commit-v8-linux/2366

joyeecheung · 2019-06-11T17:31:33Z

Landed in d2634be

Original commit message: [api] Implement StartupData::CanBeRehashed() for the snapshot blob This enables the embedder to check if the snapshot generated from SnapshotCreator::CreateBlob() can be rehashed and the seed can be recomputed during deserialization. The lack of this functionality resulted in a temporary vunerability in Node.js: #27365 Change-Id: I88d52337217c40f79c26438be3c87d2db874d980 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578661 Commit-Queue: Joyee Cheung <joyee@igalia.com> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#61175} Refs: v8/v8@e0a109c PR-URL: #27533 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Refael Ackermann (רפאל פלחי) <refack@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>

nodejs-github-bot added build Issues and PRs related to build files or the CI. v8 engine Issues and PRs related to the V8 dependency. labels May 2, 2019

joyeecheung requested a review from targos May 2, 2019 14:54

targos approved these changes May 2, 2019

View reviewed changes

joyeecheung added 2 commits June 5, 2019 11:35

fixup! deps: V8: cherry-pick e0a109c

0b06ddf

joyeecheung force-pushed the backport-rehash branch from 5d2b2de to 0b06ddf Compare June 6, 2019 12:08

refack approved these changes Jun 6, 2019

View reviewed changes

targos approved these changes Jun 6, 2019

View reviewed changes

Trott approved these changes Jun 6, 2019

View reviewed changes

Trott added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Jun 9, 2019

joyeecheung closed this Jun 11, 2019

BridgeAR mentioned this pull request Jun 17, 2019

v12.5.0 proposal #28268

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps: V8: cherry-pick e0a109c #27533

deps: V8: cherry-pick e0a109c #27533

joyeecheung commented May 2, 2019

nodejs-github-bot commented May 2, 2019

nodejs-github-bot commented May 2, 2019

joyeecheung commented May 2, 2019

joyeecheung commented May 2, 2019

joyeecheung commented May 2, 2019 •

edited

Loading

joyeecheung commented Jun 6, 2019

nodejs-github-bot commented Jun 6, 2019

joyeecheung commented Jun 6, 2019

nodejs-github-bot commented Jun 9, 2019

joyeecheung commented Jun 9, 2019

joyeecheung commented Jun 11, 2019

deps: V8: cherry-pick e0a109c #27533

deps: V8: cherry-pick e0a109c #27533

Conversation

joyeecheung commented May 2, 2019

Checklist

nodejs-github-bot commented May 2, 2019

nodejs-github-bot commented May 2, 2019

joyeecheung commented May 2, 2019

joyeecheung commented May 2, 2019

joyeecheung commented May 2, 2019 • edited Loading

joyeecheung commented Jun 6, 2019

nodejs-github-bot commented Jun 6, 2019

joyeecheung commented Jun 6, 2019

nodejs-github-bot commented Jun 9, 2019

joyeecheung commented Jun 9, 2019

joyeecheung commented Jun 11, 2019

joyeecheung commented May 2, 2019 •

edited

Loading