"Illegal instruction" crash when doing base64 on x86_64 machines with AVX(2) support but "gather data sampling" mitigations enabled

[hardfalcon]

Version

v21.1.0

Platform

Linux myhost 6.5.10-hardened1-1.1-hardened #1 SMP PREEMPT_DYNAMIC Sat, 04 Nov 2023 06:54:38 +0000 x86_64 GNU/Linux

Subsystem

base64

What steps will reproduce the bug?

On systems with a CPU that supports AVX or AVX2, but where the Linux kernel's "gather data sampling" mitigations are enabled (which then disables support for AVX, AVX2 and possibly SSE3), using somestring.toString("base64") leads to an illegal instruction, for example:

$ echo 'console.log(Buffer.from("test", "utf8").toString("base64"));' | node
Illegal instruction (core dumped)

Using gdb points towards the culprit being base64_stream_encode_avx2(), and I think this change would fix the issue.

How often does it reproduce? Is there a required condition?

See above.

What is the expected behavior? Why is that the expected behavior?

Node shouldn't crash but rather use a base64 routine that doesn't trigger an illegal instruction crash.

What do you see instead?

Node crashes with an illegal instruction.

Additional information

This also affects LTS releases of node, and other software using node, for example electron or lightdm-webkit2-greeter.

[hardfalcon]

In case it helps: Upstream have merged the fix, so you could use simply use the corresponding commit from their repo.

[Uzlopak]

The problem is that base64 did not released a new version. So base64 0.5 is not containing the bugfix

[hardfalcon]

I'm not the maintainer of that base64 library (of which you carry your own copy in your git tree anyway).

I've given you

• a precise bug report,
• a very concise description of how to reproduce the bug on the affected hardware,
• a trivial patch that
  • has been merged by upstream,
  • and that fixes this obvious bug.

[Uzlopak]

And I gave you a reason why the automatic update of base64 in nodejs is not triggered, because the version did not change.

[marco-ippolito]

@hardfalcon until base64 releases a patch for this, it probably will not be fixed. you can try to apply the patch to our copy, but I'm not sure if it's going to be approved

[bnoordhuis]

It's acceptable to float patches that have been merged upstream, it's just not preferable. I've asked upstream to make a release.

[bnoordhuis]

Upstream did a release. I believe that means our auto-updater should pick it up Real Soon Now.

[hardfalcon]

In case anybody cares: This bug also affects older node versions (including the v18.x and v20.x branches, which contain the same base64 library.