From c734a8ad93f1cec164b7ec7279c0cc244f6f833f Mon Sep 17 00:00:00 2001 From: "trop[bot]" <37223003+trop[bot]@users.noreply.github.com> Date: Thu, 16 Nov 2023 04:11:32 +0000 Subject: [PATCH 1/2] fix: add patch for simdutf base64 crash Co-authored-by: Samuel Attard --- patches/node/.patches | 4 ++++ patches/node/fix_avx_detection.patch | 33 ++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 patches/node/fix_avx_detection.patch diff --git a/patches/node/.patches b/patches/node/.patches index 50b716c3d5bcf..d764d1c0cce3e 100644 --- a/patches/node/.patches +++ b/patches/node/.patches @@ -49,3 +49,7 @@ net_use_asserts_in_js_socket_stream_to_catch_races_in_future.patch lib_fix_broadcastchannel_initialization_location.patch fix_handle_possible_disabled_sharedarraybuffer.patch win_process_avoid_assert_after_spawning_store_app_4152.patch +test_fix_edge_snapshot_stack_traces.patch +chore_remove_use_of_deprecated_kmaxlength.patch +api_remove_allcan_read_write.patch +fix_avx_detection.patch diff --git a/patches/node/fix_avx_detection.patch b/patches/node/fix_avx_detection.patch new file mode 100644 index 0000000000000..fd472e468fda2 --- /dev/null +++ b/patches/node/fix_avx_detection.patch @@ -0,0 +1,33 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Samuel Attard +Date: Wed, 15 Nov 2023 13:31:14 -0800 +Subject: Fix AVX detection + +The old/faulty code would try to use AVX/AVX2 if either the SSE bit or +the AVX bit were set in XCR0, but did not check if both bits were set. + +In most cases, this still worked, but on some machines, enabling linux +kernel mitigations for the "gather data sampling" vulnerability results +in only the SSE bit but not the AVX bit being set, thus resulting in an +illegal instruction and crashing the application. + +Fix this by checking that both bits are set. + +Fixes: 4bbb590 ("Proper check of CPU's AVX2 feature support (with MSVC support)") +Signed-off-by: Pascal Ernster + +Cherry-Picked from https://github.com/aklomp/base64/commit/9003f9b183327df80fda97aa82dfc8054e1d3dce + +diff --git a/deps/base64/base64/lib/codec_choose.c b/deps/base64/base64/lib/codec_choose.c +index 6a07d6a74cc24f61cf2b16d13c075234d5c7e2a3..f4215f1ef9d42087ef6735e6817c714ecc43a0ca 100644 +--- a/deps/base64/base64/lib/codec_choose.c ++++ b/deps/base64/base64/lib/codec_choose.c +@@ -194,7 +194,7 @@ codec_choose_x86 (struct codec *codec) + if (ecx & bit_XSAVE_XRSTORE) { + uint64_t xcr_mask; + xcr_mask = _xgetbv(_XCR_XFEATURE_ENABLED_MASK); +- if (xcr_mask & _XCR_XMM_AND_YMM_STATE_ENABLED_BY_OS) { ++ if ((xcr_mask & _XCR_XMM_AND_YMM_STATE_ENABLED_BY_OS) == _XCR_XMM_AND_YMM_STATE_ENABLED_BY_OS) { // check multiple bits at once + #if HAVE_AVX2 + if (max_level >= 7) { + __cpuid_count(7, 0, eax, ebx, ecx, edx); From 1e20832a7aa603dd5c55dc9041775c142ef373d7 Mon Sep 17 00:00:00 2001 From: John Kleinschmidt Date: Mon, 27 Nov 2023 13:02:38 -0500 Subject: [PATCH 2/2] chore: update .patches after trop --- patches/node/.patches | 3 --- 1 file changed, 3 deletions(-) diff --git a/patches/node/.patches b/patches/node/.patches index d764d1c0cce3e..23d6579d8ebd1 100644 --- a/patches/node/.patches +++ b/patches/node/.patches @@ -49,7 +49,4 @@ net_use_asserts_in_js_socket_stream_to_catch_races_in_future.patch lib_fix_broadcastchannel_initialization_location.patch fix_handle_possible_disabled_sharedarraybuffer.patch win_process_avoid_assert_after_spawning_store_app_4152.patch -test_fix_edge_snapshot_stack_traces.patch -chore_remove_use_of_deprecated_kmaxlength.patch -api_remove_allcan_read_write.patch fix_avx_detection.patch