OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2025-12-06 12:20:27 +01:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

src: remove uv__node_patch_is_using_io_uring

Browse Source 
As now the `SQPOLL` ring used in the libuv io_uring implementation is
disabled by default.
Also modify `UvMightBeUsingIoUring()` to just handle the case where
`Node.js` is dynamically linked to a `libuv` version which has the
`SQPOLL` ring enabled.

PR-URL: https://github.com/nodejs/node/pull/55114
Refs: https://github.com/libuv/libuv/releases/tag/v1.49.0
Refs: https://github.com/libuv/libuv/releases/tag/v1.49.1
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
This commit is contained in:
Santiago Gimeno 2024-08-08 16:05:48 +02:00 committed by Node.js GitHub Bot
parent d6175b35ad
commit f97865fab4
2 changed files with 5 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/node_credentials.cc
View File

@ -228,31 +228,13 @@ static gid_t gid_by_name(Isolate* isolate, Local<Value> value) {
} }
} }
#ifdef __linux__
extern "C" {
int uv__node_patch_is_using_io_uring(void);
int uv__node_patch_is_using_io_uring(void) __attribute__((weak));
typedef int (*is_using_io_uring_fn)(void);
}
#endif // __linux__
static bool UvMightBeUsingIoUring() { static bool UvMightBeUsingIoUring() {
#ifdef __linux__ #ifdef __linux__
// Support for io_uring is only included in libuv 1.45.0 and later, and only // Support for io_uring is only included in libuv 1.45.0 and later. Starting
// on Linux (and Android, but there it is always disabled). The patch that we // with 1.49.0 is disabled by default. Check the version in case Node.js is
// apply to libuv to work around the io_uring security issue adds a function // dynamically to an io_uring-enabled version of libuv.
// that tells us whether io_uring is being used. If that function is not unsigned int version = uv_version();
// present, we assume that we are dynamically linking against an unpatched return version >= 0x012d00u && version < 0x013100u;
// version.
static std::atomic<is_using_io_uring_fn> check =
uv__node_patch_is_using_io_uring;
if (check == nullptr) {
check = reinterpret_cast<is_using_io_uring_fn>(
dlsym(RTLD_DEFAULT, "uv__node_patch_is_using_io_uring"));
}
return uv_version() >= 0x012d00u && (check == nullptr || (*check)());
#else #else
return false; return false;
#endif #endif

43
test/parallel/test-process-setuid-io-uring.js
View File

@ -1,43 +0,0 @@
'use strict';
const common = require('../common');
const assert = require('node:assert');
const { execFileSync } = require('node:child_process');
if (!common.isLinux) {
common.skip('test is Linux specific');
}
if (process.arch !== 'x64' && process.arch !== 'arm64') {
common.skip('io_uring support on this architecture is uncertain');
}
const kv = /^(\d+)\.(\d+)\.(\d+)/.exec(execFileSync('uname', ['-r'])).slice(1).map((n) => parseInt(n, 10));
if (((kv[0] << 16) | (kv[1] << 8) | kv[2]) < 0x050ABA) {
common.skip('io_uring is likely buggy due to old kernel');
}
const userIdentitySetters = [
['setuid', [1000]],
['seteuid', [1000]],
['setgid', [1000]],
['setegid', [1000]],
['setgroups', [[1000]]],
['initgroups', ['nodeuser', 1000]],
];
for (const [fnName, args] of userIdentitySetters) {
const call = `process.${fnName}(${args.map((a) => JSON.stringify(a)).join(', ')})`;
const code = `try { ${call}; } catch (err) { console.log(err); }`;
const stdout = execFileSync(process.execPath, ['-e', code], {
encoding: 'utf8',
env: { ...process.env, UV_USE_IO_URING: '1' },
});
const msg = new RegExp(`^Error: ${fnName}\\(\\) disabled: io_uring may be enabled\\. See CVE-[X0-9]{4}-`);
assert.match(stdout, msg);
assert.match(stdout, /code: 'ERR_INVALID_STATE'/);
console.log(call, stdout.slice(0, stdout.indexOf('\n')));
}