deps: cherry-pick V8 changes to extend hash seed to 64-bit #23264

hashseed · 2018-10-04T13:02:57Z

This serves as mitigation for the so-called HashWick vulnerability.

Original commit messages:

  commit 3833fef57368c53c6170559ffa524c8c69f16ee5
    Author: Yang Guo <yangguo@chromium.org>
    Date: Thu Sep 20 11:43:13 2018

    Refactor integer hashing function names

    We now clearly differentiate between:
    - unseeded hash for 32-bit integers
    - unseeded hash for 64-bit integers
    - seeded hash for 32-bit integers
    - seeded hash for strings

    R=bmeurer@chromium.org

    Bug: chromium:680662
    Change-Id: I7459958c4158ee3501c962943dff8f33258bb5ce
    Reviewed-on: https://chromium-review.googlesource.com/1235973
    Commit-Queue: Yang Guo <yangguo@chromium.org>
    Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#56068}

  commit 95a979e02d7154e45b293261a6998c99d71fc238
    Author: Yang Guo <yangguo@chromium.org>
    Date: Thu Sep 20 14:34:48 2018

    Call into C++ to compute seeded integer hash

    R=bmeurer@chromium.org

    Bug: chromium:680662
    Change-Id: I8dace89d576dfcc5833fd539ce698a9ade1cb5a0
    Reviewed-on: https://chromium-review.googlesource.com/1235928
    Commit-Queue: Yang Guo <yangguo@chromium.org>
    Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#56091}

  commit 2c2af0022d5feb9e525a00a76cb15db9f3e38dba
    Author: Yang Guo <yangguo@chromium.org>
    Date: Thu Sep 27 16:37:57 2018

    Use 64-bit for seeded integer hashes

    R=petermarshall@chromium.org

    Bug: chromium:680662
    Change-Id: If48d1043dbe1e1bb695ec890c23e103a6cacf2d4
    Reviewed-on: https://chromium-review.googlesource.com/1244220
    Commit-Queue: Yang Guo <yangguo@chromium.org>
    Reviewed-by: Peter Marshall <petermarshall@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#56271}

Refs: #23259

Checklist

make -j4 test (UNIX), or vcbuild test (Windows) passes
commit message follows commit guidelines

nodejs-github-bot · 2018-10-04T13:02:58Z

@hashseed build started: https://ci.nodejs.org/blue/organizations/jenkins/node-test-pull-request-lite-pipeline/detail/node-test-pull-request-lite-pipeline/1124/pipeline

mcollina

LGTM

This serves as mitigation for the so-called HashWick vulnerability. Original commit messages: commit 3833fef57368c53c6170559ffa524c8c69f16ee5 Author: Yang Guo <yangguo@chromium.org> Date: Thu Sep 20 11:43:13 2018 Refactor integer hashing function names We now clearly differentiate between: - unseeded hash for 32-bit integers - unseeded hash for 64-bit integers - seeded hash for 32-bit integers - seeded hash for strings R=bmeurer@chromium.org Bug: chromium:680662 Change-Id: I7459958c4158ee3501c962943dff8f33258bb5ce Reviewed-on: https://chromium-review.googlesource.com/1235973 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#56068} commit 95a979e02d7154e45b293261a6998c99d71fc238 Author: Yang Guo <yangguo@chromium.org> Date: Thu Sep 20 14:34:48 2018 Call into C++ to compute seeded integer hash R=bmeurer@chromium.org Bug: chromium:680662 Change-Id: I8dace89d576dfcc5833fd539ce698a9ade1cb5a0 Reviewed-on: https://chromium-review.googlesource.com/1235928 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#56091} commit 2c2af0022d5feb9e525a00a76cb15db9f3e38dba Author: Yang Guo <yangguo@chromium.org> Date: Thu Sep 27 16:37:57 2018 Use 64-bit for seeded integer hashes R=petermarshall@chromium.org Bug: chromium:680662 Change-Id: If48d1043dbe1e1bb695ec890c23e103a6cacf2d4 Reviewed-on: https://chromium-review.googlesource.com/1244220 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#56271} Refs: nodejs#23259

mhdawson

LGTM

targos · 2018-10-06T12:22:31Z

CI: https://ci.nodejs.org/job/node-test-pull-request/17660/
V8: https://ci.nodejs.org/job/node-test-commit-v8-linux/1738/

hashseed · 2018-10-08T08:42:26Z

Landed as 314c1fa

This serves as mitigation for the so-called HashWick vulnerability. Original commit messages: commit 3833fef57368c53c6170559ffa524c8c69f16ee5 Author: Yang Guo <yangguo@chromium.org> Date: Thu Sep 20 11:43:13 2018 Refactor integer hashing function names We now clearly differentiate between: - unseeded hash for 32-bit integers - unseeded hash for 64-bit integers - seeded hash for 32-bit integers - seeded hash for strings R=bmeurer@chromium.org Bug: chromium:680662 Change-Id: I7459958c4158ee3501c962943dff8f33258bb5ce Reviewed-on: https://chromium-review.googlesource.com/1235973 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#56068} commit 95a979e02d7154e45b293261a6998c99d71fc238 Author: Yang Guo <yangguo@chromium.org> Date: Thu Sep 20 14:34:48 2018 Call into C++ to compute seeded integer hash R=bmeurer@chromium.org Bug: chromium:680662 Change-Id: I8dace89d576dfcc5833fd539ce698a9ade1cb5a0 Reviewed-on: https://chromium-review.googlesource.com/1235928 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#56091} commit 2c2af0022d5feb9e525a00a76cb15db9f3e38dba Author: Yang Guo <yangguo@chromium.org> Date: Thu Sep 27 16:37:57 2018 Use 64-bit for seeded integer hashes R=petermarshall@chromium.org Bug: chromium:680662 Change-Id: If48d1043dbe1e1bb695ec890c23e103a6cacf2d4 Reviewed-on: https://chromium-review.googlesource.com/1244220 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#56271} Refs: #23259 PR-URL: #23264 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>

hashseed requested review from mcollina, ofrobots and mhdawson October 4, 2018 13:02

nodejs-github-bot added build Issues and PRs related to build files or the CI. v8 engine Issues and PRs related to the V8 dependency. labels Oct 4, 2018

hashseed mentioned this pull request Oct 4, 2018

[v10.x] deps: cherry-pick V8 changes to extend hash seed to 64-bit #23260

Closed

2 tasks

mcollina approved these changes Oct 4, 2018

View reviewed changes

addaleax approved these changes Oct 4, 2018

View reviewed changes

addaleax added security Issues and PRs related to security. backported-to-v10.x labels Oct 4, 2018

ofrobots approved these changes Oct 4, 2018

View reviewed changes

targos added this to Backported in v10.x Oct 5, 2018

mohammed-adil-moughal approved these changes Oct 5, 2018

View reviewed changes

hashseed force-pushed the 64bithash_on_master branch from 33eff96 to c971fd4 Compare October 5, 2018 10:42

jasnell approved these changes Oct 5, 2018

View reviewed changes

mhdawson approved these changes Oct 5, 2018

View reviewed changes

hashseed closed this Oct 8, 2018

hashseed deleted the 64bithash_on_master branch November 20, 2018 08:15

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps: cherry-pick V8 changes to extend hash seed to 64-bit #23264

deps: cherry-pick V8 changes to extend hash seed to 64-bit #23264

hashseed commented Oct 4, 2018

nodejs-github-bot commented Oct 4, 2018

mcollina left a comment

mhdawson left a comment

targos commented Oct 6, 2018

hashseed commented Oct 8, 2018

deps: cherry-pick V8 changes to extend hash seed to 64-bit #23264

deps: cherry-pick V8 changes to extend hash seed to 64-bit #23264

Conversation

hashseed commented Oct 4, 2018

Checklist

nodejs-github-bot commented Oct 4, 2018

mcollina left a comment

Choose a reason for hiding this comment

mhdawson left a comment

Choose a reason for hiding this comment

targos commented Oct 6, 2018

hashseed commented Oct 8, 2018