src,win: disable Maglev when Windows CET shadow stacks are active

When a Node.js process runs on a Windows build that enforces hardware
CET (Control-flow Enforcement Technology) shadow stacks but the binary
was not compiled with V8_ENABLE_CET_SHADOW_STACK support, V8's Maglev
deoptimizer reconstructs call stack frames without synchronizing the
hardware shadow stack. When the CPU subsequently executes a RET
instruction, the return address on the regular stack does not match the
address on the shadow stack, causing a STATUS_STACK_BUFFER_OVERRUN
(0xC0000409) termination via __fastfail with no JavaScript stack trace.
Detect active CET shadow stacks at startup via
GetProcessMitigationPolicy(ProcessUserShadowStackPolicy) and
automatically apply --no-maglev when the binary lacks
V8_ENABLE_CET_SHADOW_STACK support. TurboFan remains active so JIT
performance and fetch() are preserved. The detection is a no-op on
platforms without CET and compiles to nothing when
V8_ENABLE_CET_SHADOW_STACK is enabled, making this fully forward-
compatible with future V8 CET support.
Also register --maglev and --no-maglev as kAllowedInEnvvar options so
users can override the auto-detection via NODE_OPTIONS.
Fixes: #62260

Author: ngtrnhao

src/node.cc

@@ -119,6 +119,13 @@
 #include <unistd.h>        // STDIN_FILENO, STDERR_FILENO
 #endif
 
+#if defined(_WIN32)
+// For GetProcessMitigationPolicy(), PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY,
+// and IsUserCetAvailableInEnvironment(), used in the CET shadow stack detection
+// in InitializeNodeWithArgsInternal().
+#include <processthreadsapi.h>
+#endif  // defined(_WIN32)
+
 #include "absl/synchronization/mutex.h"
 
 // ========== global C++ headers ==========
@@ -867,6 +874,46 @@ static ExitCode InitializeNodeWithArgsInternal(
   // default value.
   V8::SetFlagsFromString("--rehash-snapshot");
 
+#if defined(_WIN32) && !defined(V8_ENABLE_CET_SHADOW_STACK)
+  // When Windows CET (Control-flow Enforcement Technology) hardware shadow
+  // stacks are active but Node.js was not compiled with
+  // V8_ENABLE_CET_SHADOW_STACK support, V8's Maglev deoptimizer does not
+  // synchronize the hardware shadow stack. This causes a
+  // STATUS_STACK_BUFFER_OVERRUN (0xC0000409) crash when Maglev JIT-compiled
+  // code deoptimizes on Windows versions that enforce CET strictly (e.g.
+  // Windows 11 Insider builds).
+  //
+  // Automatically disable the Maglev tier when CET shadow stacks are active.
+  // TurboFan remains enabled, preserving JIT performance and fetch()
+  // functionality. The user can explicitly re-enable Maglev with --maglev.
+  {
+    using IsUserCetAvailableInEnvironment_t = BOOL(WINAPI*)(DWORD);
+    using GetProcessMitigationPolicy_t =
+        BOOL(WINAPI*)(HANDLE, PROCESS_MITIGATION_POLICY, PVOID, SIZE_T);
+
+    HMODULE kernel32 = ::GetModuleHandleW(L"kernel32.dll");
+    auto fn_is_cet_available =
+        reinterpret_cast<IsUserCetAvailableInEnvironment_t>(
+            ::GetProcAddress(kernel32, "IsUserCetAvailableInEnvironment"));
+    auto fn_get_mitigation_policy =
+        reinterpret_cast<GetProcessMitigationPolicy_t>(
+            ::GetProcAddress(kernel32, "GetProcessMitigationPolicy"));
+
+    if (fn_is_cet_available != nullptr &&
+        fn_get_mitigation_policy != nullptr &&
+        fn_is_cet_available(USER_CET_ENVIRONMENT_WIN32_PROCESS)) {
+      PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY uss_policy{};
+      if (fn_get_mitigation_policy(GetCurrentProcess(),
+                                   ProcessUserShadowStackPolicy,
+                                   &uss_policy,
+                                   sizeof(uss_policy)) &&
+          uss_policy.EnableUserShadowStack) {
+        V8::SetFlagsFromString("--no-maglev");
+      }
+    }
+  }
+#endif  // defined(_WIN32) && !defined(V8_ENABLE_CET_SHADOW_STACK)
+
   HandleEnvOptions(per_process::cli_options->per_isolate->per_env);
 
   std::string node_options;

src/node_options.cc

@@ -1246,6 +1246,14 @@ PerIsolateOptionsParser::PerIsolateOptionsParser(
             "disable runtime allocation of executable memory",
             V8Option{},
             kAllowedInEnvvar);
+  AddOption("--maglev",
+            "enable the Maglev optimizing compiler",
+            V8Option{},
+            kAllowedInEnvvar);
+  AddOption("--no-maglev",
+            "disable the Maglev optimizing compiler",
+            V8Option{},
+            kAllowedInEnvvar);
   AddOption("--report-uncaught-exception",
             "generate diagnostic report on uncaught exceptions",
             &PerIsolateOptions::report_uncaught_exception,