Skip to content

Commit

Permalink
build: enable v8's siphash for hash seed creation
Browse files Browse the repository at this point in the history
Triggers the V8_USE_SIPHASH to switch from the internal custom V8
hash seed generation function to an implementation of SipHash. Final
step needed to clear up HashWick.

PR-URL: #26367
Refs: #23259
Refs: https://darksi.de/12.hashwick-v8-vulnerability/
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yang Guo <yangguo@chromium.org>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
  • Loading branch information
rvagg authored and BridgeAR committed Mar 13, 2019
1 parent 300ad04 commit 066fe5a
Show file tree
Hide file tree
Showing 5 changed files with 16 additions and 0 deletions.
3 changes: 3 additions & 0 deletions common.gypi
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,9 @@
# Increment by one for each non-official patch applied to deps/v8.
'v8_embedder_string': '-node.18',

# Turn on SipHash for hash seed generation, addresses HashWick
'v8_use_siphash': 'true',

# Enable disassembler for `--print-code` v8 options
'v8_enable_disassembler': 1,

Expand Down
6 changes: 6 additions & 0 deletions configure.py
Original file line number Diff line number Diff line change
Expand Up @@ -509,6 +509,11 @@
dest='without_snapshot',
help=optparse.SUPPRESS_HELP)

parser.add_option('--without-siphash',
action='store_true',
dest='without_siphash',
help=optparse.SUPPRESS_HELP)

parser.add_option('--code-cache-path',
action='store',
dest='code_cache_path',
Expand Down Expand Up @@ -1178,6 +1183,7 @@ def configure_v8(o):
o['variables']['v8_random_seed'] = 0 # Use a random seed for hash tables.
o['variables']['v8_promise_internal_field_count'] = 1 # Add internal field to promises for async hooks.
o['variables']['v8_use_snapshot'] = 'false' if options.without_snapshot else 'true'
o['variables']['v8_use_siphash'] = 'false' if options.without_siphash else 'true'
o['variables']['v8_trace_maps'] = 1 if options.trace_maps else 0
o['variables']['node_use_v8_platform'] = b(not options.without_v8_platform)
o['variables']['node_use_bundled_v8'] = b(not options.without_bundled_v8)
Expand Down
3 changes: 3 additions & 0 deletions deps/v8/gypfiles/features.gypi
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,9 @@
['v8_use_snapshot=="true" and v8_use_external_startup_data==1', {
'defines': ['V8_USE_EXTERNAL_STARTUP_DATA',],
}],
['v8_use_siphash=="true"', {
'defines': ['V8_USE_SIPHASH',],
}],
['dcheck_always_on!=0', {
'defines': ['DEBUG',],
}],
Expand Down
3 changes: 3 additions & 0 deletions deps/v8/gypfiles/v8.gyp
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@
'v8_enable_verify_predictable=<(v8_enable_verify_predictable)',
'v8_target_cpu=<(v8_target_arch)',
'v8_use_snapshot=<(v8_use_snapshot)',
'v8_use_siphash=<(v8_use_siphash)',
]
},
'conditions': [
Expand Down Expand Up @@ -1432,6 +1433,8 @@
'../src/string-stream.h',
'../src/strtod.cc',
'../src/strtod.h',
'../src/third_party/siphash/halfsiphash.cc',
'../src/third_party/siphash/halfsiphash.h',
'../src/third_party/utf8-decoder/utf8-decoder.h',
'../src/tracing/trace-event.cc',
'../src/tracing/trace-event.h',
Expand Down
1 change: 1 addition & 0 deletions node.gyp
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
{
'variables': {
'v8_use_snapshot%': 'false',
'v8_use_siphash%': 'true',
'v8_trace_maps%': 0,
'node_use_dtrace%': 'false',
'node_use_etw%': 'false',
Expand Down

0 comments on commit 066fe5a

Please sign in to comment.