fix: ensure v8 pointer compression + sandbox is enabled on 64bit native modules (#34851)

* fix: ensure v8 pointer compression + sandbox is enabled on 64bit native modules

* build: rely on config.gypi to enable pointer compression

* Update .patches

* Update build_ensure_v8_pointer_compression_sandbox_is_enabled_on_64bit.patch

* chore: update patches

Co-authored-by: Samuel Attard <[email protected]>
Co-authored-by: Samuel Attard <[email protected]>
Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>

patches/node/.patches

@@ -43,3 +43,4 @@ macos_avoid_posix_spawnp_cwd_bug_3597.patch
 src_update_importmoduledynamically.patch
 fix_add_v8_enable_reverse_jsargs_defines_in_common_gypi.patch
 json_parse_errors_made_user-friendly.patch
+build_ensure_v8_pointer_compression_sandbox_is_enabled_on_64bit.patch

patches/node/build_ensure_v8_pointer_compression_sandbox_is_enabled_on_64bit.patch

@@ -0,0 +1,49 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Samuel Attard <[email protected]>
+Date: Thu, 7 Jul 2022 14:42:49 -0700
+Subject: build: ensure v8 pointer compression + sandbox is enabled on 64bit
+
+Aligns common.gypi with the current build flag state of //v8.
+
+Specifically enables `V8_ENABLE_SANDBOX`, `V8_SANDBOXED_POINTERS`, `V8_COMPRESS_POINTERS` and `V8_COMPRESS_POINTERS_IN_SHARED_CAGE`.
+
+diff --git a/common.gypi b/common.gypi
+index fd4e0b38eb6ecf81b23186ec663499d1e685fdf8..e20092d15d5f71f3e90a2ce655d660a8fa1e1385 100644
+--- a/common.gypi
++++ b/common.gypi
+@@ -66,6 +66,8 @@
+     'v8_enable_pointer_compression%': 0,
+     'v8_enable_31bit_smis_on_64bit_arch%': 0,
+ 
++    'v8_enable_sandbox%': 0,
++
+     # Disable V8 untrusted code mitigations.
+     # See https://github.com/v8/v8/wiki/Untrusted-code-mitigations
+     'v8_untrusted_code_mitigations': 0,
+@@ -135,6 +137,9 @@
+         'v8_enable_pointer_compression': 0,
+         'v8_enable_31bit_smis_on_64bit_arch': 0,
+       }],
++      ['target_arch in "arm64 x64"', {
++        'v8_enable_sandbox': 0,
++      }],
+       ['target_arch in "ppc64 s390x"', {
+         'v8_enable_backtrace': 1,
+       }],
+@@ -394,9 +399,15 @@
+       ['v8_enable_pointer_compression == 1', {
+         'defines': [
+           'V8_COMPRESS_POINTERS',
+-          'V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE',
++          'V8_COMPRESS_POINTERS_IN_SHARED_CAGE',
+         ],
+       }],
++      ['v8_enable_sandbox == 1', {
++        'defines': [
++          'V8_ENABLE_SANDBOX',
++          'V8_SANDBOXED_POINTERS'
++        ]
++      }],
+       ['v8_enable_pointer_compression == 1 or v8_enable_31bit_smis_on_64bit_arch == 1', {
+         'defines': ['V8_31BIT_SMIS_ON_64BIT_ARCH'],
+       }],

script/generate-config-gypi.py

@@ -14,9 +14,9 @@ NODE_DIR = os.path.join(ELECTRON_DIR, '..', 'third_party', 'electron_node')
 def run_node_configure(target_cpu):
   configure = os.path.join(NODE_DIR, 'configure.py')
   args = ['--dest-cpu', target_cpu]
-  # Enabled in Chromium's V8.
-  if target_cpu in ('arm64', 'x64'):
-    args += ['--experimental-enable-pointer-compression']
+  # Enabled in Chromium's V8, will be disabled on 32bit via
+  # common.gypi rules
+  args += ['--experimental-enable-pointer-compression']
 
   # Work around "No acceptable ASM compiler found" error on some System,
   # it breaks nothing since Electron does not use OpenSSL.