Skip to content

Fix/win cet maglev crash#62272

Closed
ngtrnhao wants to merge 2 commits intonodejs:mainfrom
ngtrnhao:fix/win-cet-maglev-crash
Closed

Fix/win cet maglev crash#62272
ngtrnhao wants to merge 2 commits intonodejs:mainfrom
ngtrnhao:fix/win-cet-maglev-crash

Conversation

@ngtrnhao
Copy link
Copy Markdown

@ngtrnhao ngtrnhao commented Mar 16, 2026

No description provided.

ngtrnhao added 2 commits March 16, 2026 16:00
@ngtrnhao
src,win: disable Maglev when Windows CET shadow stacks are active
cc61b03 
When a Node.js process runs on a Windows build that enforces hardware
CET (Control-flow Enforcement Technology) shadow stacks but the binary
was not compiled with V8_ENABLE_CET_SHADOW_STACK support, V8's Maglev
deoptimizer reconstructs call stack frames without synchronizing the
hardware shadow stack. When the CPU subsequently executes a RET
instruction, the return address on the regular stack does not match the
address on the shadow stack, causing a STATUS_STACK_BUFFER_OVERRUN
(0xC0000409) termination via __fastfail with no JavaScript stack trace.
Detect active CET shadow stacks at startup via
GetProcessMitigationPolicy(ProcessUserShadowStackPolicy) and
automatically apply --no-maglev when the binary lacks
V8_ENABLE_CET_SHADOW_STACK support. TurboFan remains active so JIT
performance and fetch() are preserved. The detection is a no-op on
platforms without CET and compiles to nothing when
V8_ENABLE_CET_SHADOW_STACK is enabled, making this fully forward-
compatible with future V8 CET support.
Also register --maglev and --no-maglev as kAllowedInEnvvar options so
users can override the auto-detection via NODE_OPTIONS.
Fixes: nodejs#62260
@ngtrnhao
test,win: add NODE_OPTIONS --no-maglev allowlist and CET regression test
1278c47 
Verify that --no-maglev and --maglev are accepted in NODE_OPTIONS
(regression guard for the kAllowedInEnvvar addition in the previous
commit). Add a Windows-specific test that confirms the process starts
cleanly when those flags are passed via the environment variable.
The actual CET hardware auto-disable path requires OS-level shadow stack
enforcement and is covered by manual testing on Windows 11 Insider
builds; this test covers the observable envvar interface.
@nodejs-github-bot
Copy link
Copy Markdown
Collaborator

nodejs-github-bot commented Mar 16, 2026

Review requested:

  • @nodejs/config
  • @nodejs/startup

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. config Issues or PRs related to the config subsystem needs-ci PRs that need a full CI run. labels Mar 16, 2026
@Renegade334
Copy link
Copy Markdown
Member

Renegade334 commented Mar 16, 2026

Issues with the V8 compiler should be reported and fixed in V8. We shouldn't be hacking this at the embedder layer.

@ngtrnhao ngtrnhao closed this Mar 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

c++ Issues and PRs that require attention from people who are familiar with C++. config Issues or PRs related to the config subsystem needs-ci PRs that need a full CI run.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ngtrnhao @nodejs-github-bot @Renegade334