feat: add V8 sandbox mode support

max-lt · max-lt · commit a5970d279206 · 2026-01-28T20:16:14.000+01:00
- Add v8_helpers module with create_array_buffer_from_vec() helper
  that handles sandbox vs non-sandbox memory allocation differences
- Make CustomAllocator conditional (not available in sandbox mode)
- Update all backing store usages to use the new helper
- Skip memory limit tests in sandbox mode (V8 manages memory)
- Add "sandbox" feature flag (default enabled)
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -3,10 +3,15 @@ members = ["gc-derive"]
 
 [package]
 name = "openworkers-runtime-v8"
-version = "0.11.1"
+version = "0.11.2"
 edition = "2024"
 license = "MIT"
 
+[features]
+default = []
+ptrcomp = ["v8/v8_enable_pointer_compression"]
+sandbox = ["v8/v8_enable_sandbox", "serde_v8/v8_enable_sandbox"]
+
 [dependencies]
 
 # GC derive macro (internal)
@@ -16,9 +21,7 @@ gc-derive = { package = "openworkers-runtime-v8-gc-derive", path = "gc-derive" }
 openworkers-core = { git = "https://github.com/openworkers/openworkers-core", tag = "v0.11.0" }
 
 # V8 JavaScript engine (fork with UnenteredIsolate + Locker support for pooling)
-# Local dev: v8 = { path = "../rusty_v8", features = ["v8_enable_pointer_compression"] }
-# After PR merge: v8 = { version = "...", features = ["v8_enable_pointer_compression"] }
-v8 = { package = "openworkers-v8", version = "142.2.3", features = ["v8_enable_pointer_compression"] }
+v8 = { package = "openworkers-v8", version = "142.2.4" }
 
 # Async runtime
 tokio = { version = "1.49.0", features = ["full"] }
@@ -33,7 +36,7 @@ serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 
 # V8 serialization (for automatic Rust <-> JS type conversion)
-serde_v8 = { package = "openworkers-serde-v8", version = "0.3.0" }
+serde_v8 = { package = "openworkers-serde-v8", version = "0.4.0" }
 
 # V8 Glue - binding macros
 glue_v8 = { package = "openworkers-glue-v8", version = "0.5.0" }
diff --git a/src/execution_helpers.rs b/src/execution_helpers.rs
@@ -281,8 +281,7 @@ pub fn trigger_fetch_handler(
             // Buffered body - pass as Uint8Array for binary support
             let len = body_bytes.len();
             let vec: Vec<u8> = body_bytes.into(); // zero-copy if uniquely owned
-            let backing_store = v8::ArrayBuffer::new_backing_store_from_vec(vec).make_shared();
-            let array_buffer = v8::ArrayBuffer::with_backing_store(scope, &backing_store);
+            let array_buffer = crate::v8_helpers::create_array_buffer_from_vec(scope, vec);
             let uint8_array = v8::Uint8Array::new(scope, array_buffer, 0, len).unwrap();
 
             let body_key = v8::String::new(scope, "body").unwrap();
diff --git a/src/lib.rs b/src/lib.rs
@@ -47,6 +47,7 @@ pub mod security;
 pub mod shared_isolate;
 pub mod snapshot;
 pub mod thread_pinned_pool;
+pub mod v8_helpers;
 pub mod worker;
 pub mod worker_future;
 
diff --git a/src/locker_managed_isolate.rs b/src/locker_managed_isolate.rs
@@ -11,7 +11,9 @@ use std::sync::atomic::AtomicBool;
 use v8;
 
 use crate::gc::DeferredDestructionQueue;
-use crate::security::{CustomAllocator, HeapLimitState, install_heap_limit_callback};
+#[cfg(not(feature = "sandbox"))]
+use crate::security::CustomAllocator;
+use crate::security::{HeapLimitState, install_heap_limit_callback};
 use openworkers_core::RuntimeLimits;
 
 /// A reusable V8 isolate that requires explicit locking via v8::Locker
@@ -52,18 +54,30 @@ impl LockerManagedIsolate {
         let heap_initial = limits.heap_initial_mb * 1024 * 1024;
         let heap_max = limits.heap_max_mb * 1024 * 1024;
 
-        // Create custom ArrayBuffer allocator to enforce memory limits on external memory
-        // This is critical: V8 heap limits don't cover ArrayBuffers, Uint8Array, etc.
-        let array_buffer_allocator = CustomAllocator::new(heap_max, Arc::clone(&memory_limit_hit));
-
         // Load snapshot (centralized, handles empty file case)
         let snapshot_ref = crate::platform::get_snapshot();
 
         // Create isolate with UnenteredIsolate (no auto-enter!)
-        let mut params = v8::CreateParams::default()
+        // In sandbox mode, V8 manages memory allocation, so we use the default allocator.
+        // In non-sandbox mode, we use a custom allocator to enforce memory limits.
+        #[cfg(not(feature = "sandbox"))]
+        let params = {
+            // Create custom ArrayBuffer allocator to enforce memory limits on external memory
+            // This is critical: V8 heap limits don't cover ArrayBuffers, Uint8Array, etc.
+            let array_buffer_allocator =
+                CustomAllocator::new(heap_max, Arc::clone(&memory_limit_hit));
+            v8::CreateParams::default()
+                .heap_limits(heap_initial, heap_max)
+                .array_buffer_allocator(array_buffer_allocator.into_v8_allocator())
+                .allow_atomics_wait(false)
+        };
+
+        #[cfg(feature = "sandbox")]
+        let params = v8::CreateParams::default()
             .heap_limits(heap_initial, heap_max)
-            .array_buffer_allocator(array_buffer_allocator.into_v8_allocator())
-            .allow_atomics_wait(false); // Security: prevent Atomics.wait() from blocking
+            .allow_atomics_wait(false);
+
+        let mut params = params;
 
         if let Some(snapshot_data) = snapshot_ref {
             params = params.snapshot_blob((*snapshot_data).into());
diff --git a/src/runtime/callback_handlers.rs b/src/runtime/callback_handlers.rs
@@ -61,13 +61,11 @@ pub fn populate_stream_chunk_result(
             let done_val = v8::Boolean::new(scope, false);
             result_obj.set(scope, done_key.into(), done_val.into());
 
-            // Create Uint8Array from bytes using backing store transfer
+            // Create Uint8Array from bytes
             // Use Vec::from(bytes) instead of to_vec() - avoids copy if Bytes is uniquely owned
             let vec: Vec<u8> = bytes.into();
             let len = vec.len();
-            let backing_store = v8::ArrayBuffer::new_backing_store_from_vec(vec);
-            let array_buffer =
-                v8::ArrayBuffer::with_backing_store(scope, &backing_store.make_shared());
+            let array_buffer = crate::v8_helpers::create_array_buffer_from_vec(scope, vec);
             let uint8_array = v8::Uint8Array::new(scope, array_buffer, 0, len).unwrap();
 
             let value_key = v8::String::new(scope, "value").unwrap();
@@ -107,9 +105,7 @@ pub fn populate_storage_result(
 
             if let Some(body) = maybe_body {
                 let len = body.len();
-                let backing_store = v8::ArrayBuffer::new_backing_store_from_vec(body);
-                let array_buffer =
-                    v8::ArrayBuffer::with_backing_store(scope, &backing_store.make_shared());
+                let array_buffer = crate::v8_helpers::create_array_buffer_from_vec(scope, body);
                 let uint8_array = v8::Uint8Array::new(scope, array_buffer, 0, len).unwrap();
                 let body_key = v8::String::new(scope, "body").unwrap();
                 result_obj.set(scope, body_key.into(), uint8_array.into());
diff --git a/src/runtime/crypto.rs b/src/runtime/crypto.rs
@@ -141,9 +141,8 @@ fn setup_digest(scope: &mut v8::PinScope, subtle_obj: v8::Local<v8::Object>) {
             let result_bytes = result.as_ref();
 
             // Create ArrayBuffer with result
-            let backing_store = v8::ArrayBuffer::new_backing_store_from_vec(result_bytes.to_vec());
             let array_buffer =
-                v8::ArrayBuffer::with_backing_store(scope, &backing_store.make_shared());
+                crate::v8_helpers::create_array_buffer_from_vec(scope, result_bytes.to_vec());
 
             retval.set(array_buffer.into());
         },
@@ -241,9 +240,8 @@ fn setup_hmac(scope: &mut v8::PinScope, subtle_obj: v8::Local<v8::Object>) {
             let tag = hmac::sign(&key, &data);
             let result_bytes = tag.as_ref();
 
-            let backing_store = v8::ArrayBuffer::new_backing_store_from_vec(result_bytes.to_vec());
             let array_buffer =
-                v8::ArrayBuffer::with_backing_store(scope, &backing_store.make_shared());
+                crate::v8_helpers::create_array_buffer_from_vec(scope, result_bytes.to_vec());
 
             retval.set(array_buffer.into());
         },
@@ -506,18 +504,16 @@ fn setup_ecdsa(scope: &mut v8::PinScope, subtle_obj: v8::Local<v8::Object>) {
             let result = v8::Object::new(scope);
 
             // Private key (PKCS#8 format)
-            let private_backing =
-                v8::ArrayBuffer::new_backing_store_from_vec(pkcs8_bytes.as_ref().to_vec());
-            let private_buffer =
-                v8::ArrayBuffer::with_backing_store(scope, &private_backing.make_shared());
+            let private_buffer = crate::v8_helpers::create_array_buffer_from_vec(
+                scope,
+                pkcs8_bytes.as_ref().to_vec(),
+            );
             let private_key_str = v8::String::new(scope, "privateKey").unwrap();
             result.set(scope, private_key_str.into(), private_buffer.into());
 
             // Public key (uncompressed point format)
-            let public_backing =
-                v8::ArrayBuffer::new_backing_store_from_vec(public_key_bytes.to_vec());
             let public_buffer =
-                v8::ArrayBuffer::with_backing_store(scope, &public_backing.make_shared());
+                crate::v8_helpers::create_array_buffer_from_vec(scope, public_key_bytes.to_vec());
             let public_key_str = v8::String::new(scope, "publicKey").unwrap();
             result.set(scope, public_key_str.into(), public_buffer.into());
 
@@ -585,9 +581,8 @@ fn setup_ecdsa(scope: &mut v8::PinScope, subtle_obj: v8::Local<v8::Object>) {
                 }
             };
 
-            let backing_store = v8::ArrayBuffer::new_backing_store_from_vec(sig.as_ref().to_vec());
             let array_buffer =
-                v8::ArrayBuffer::with_backing_store(scope, &backing_store.make_shared());
+                crate::v8_helpers::create_array_buffer_from_vec(scope, sig.as_ref().to_vec());
 
             retval.set(array_buffer.into());
         },
@@ -929,9 +924,7 @@ fn setup_rsa(scope: &mut v8::PinScope, subtle_obj: v8::Local<v8::Object>) {
 
             match key_pair.sign(padding, &rng, &data, &mut sig) {
                 Ok(_) => {
-                    let backing_store = v8::ArrayBuffer::new_backing_store_from_vec(sig);
-                    let array_buffer =
-                        v8::ArrayBuffer::with_backing_store(scope, &backing_store.make_shared());
+                    let array_buffer = crate::v8_helpers::create_array_buffer_from_vec(scope, sig);
                     retval.set(array_buffer.into());
                 }
                 Err(_) => {
diff --git a/src/runtime/mod.rs b/src/runtime/mod.rs
@@ -15,7 +15,9 @@ use std::sync::atomic::AtomicBool;
 use tokio::sync::{Notify, mpsc};
 use v8;
 
-use crate::security::{CustomAllocator, HeapLimitState, install_heap_limit_callback};
+#[cfg(not(feature = "sandbox"))]
+use crate::security::CustomAllocator;
+use crate::security::{HeapLimitState, install_heap_limit_callback};
 use bindings::LogCallback;
 use openworkers_core::{DatabaseResult, KvResult, RuntimeLimits, StorageResult, WorkerCode};
 
@@ -129,18 +131,30 @@ impl Runtime {
         let heap_initial = limits.heap_initial_mb * 1024 * 1024;
         let heap_max = limits.heap_max_mb * 1024 * 1024;
 
-        // Create custom ArrayBuffer allocator to enforce memory limits on external memory
-        // This is critical: V8 heap limits don't cover ArrayBuffers, Uint8Array, etc.
-        let array_buffer_allocator = CustomAllocator::new(heap_max, Arc::clone(&memory_limit_hit));
-
         // Load snapshot (centralized, handles empty file case)
         let snapshot_ref = crate::platform::get_snapshot();
 
-        // Create isolate with custom allocator and heap limits
-        let mut params = v8::CreateParams::default()
+        // Create isolate params
+        // In sandbox mode, V8 manages memory allocation, so we use the default allocator.
+        // In non-sandbox mode, we use a custom allocator to enforce memory limits.
+        #[cfg(not(feature = "sandbox"))]
+        let params = {
+            // Create custom ArrayBuffer allocator to enforce memory limits on external memory
+            // This is critical: V8 heap limits don't cover ArrayBuffers, Uint8Array, etc.
+            let array_buffer_allocator =
+                CustomAllocator::new(heap_max, Arc::clone(&memory_limit_hit));
+            v8::CreateParams::default()
+                .heap_limits(heap_initial, heap_max)
+                .array_buffer_allocator(array_buffer_allocator.into_v8_allocator())
+                .allow_atomics_wait(false)
+        };
+
+        #[cfg(feature = "sandbox")]
+        let params = v8::CreateParams::default()
             .heap_limits(heap_initial, heap_max)
-            .array_buffer_allocator(array_buffer_allocator.into_v8_allocator())
-            .allow_atomics_wait(false); // Security: prevent Atomics.wait() from blocking
+            .allow_atomics_wait(false);
+
+        let mut params = params;
 
         if let Some(snapshot_data) = snapshot_ref {
             params = params.snapshot_blob((*snapshot_data).into());
diff --git a/src/security/mod.rs b/src/security/mod.rs
@@ -27,12 +27,14 @@
 //! let _cpu = CpuEnforcer::new(isolate_handle.clone(), 50); // 50ms
 //! ```
 
+#[cfg(not(feature = "sandbox"))]
 mod array_buffer_allocator;
 mod cpu_enforcer;
 mod cpu_timer;
 mod heap_limit;
 mod timeout_guard;
 
+#[cfg(not(feature = "sandbox"))]
 pub use array_buffer_allocator::CustomAllocator;
 pub use cpu_enforcer::CpuEnforcer;
 pub use cpu_timer::{CpuTimer, get_thread_cpu_time};
diff --git a/src/shared_isolate.rs b/src/shared_isolate.rs
@@ -4,6 +4,7 @@ use std::sync::Arc;
 use std::sync::atomic::AtomicBool;
 use v8;
 
+#[cfg(not(feature = "sandbox"))]
 use crate::security::CustomAllocator;
 use openworkers_core::RuntimeLimits;
 
@@ -37,18 +38,30 @@ impl SharedIsolate {
         let heap_initial = limits.heap_initial_mb * 1024 * 1024;
         let heap_max = limits.heap_max_mb * 1024 * 1024;
 
-        // Create custom ArrayBuffer allocator to enforce memory limits on external memory
-        // This is critical: V8 heap limits don't cover ArrayBuffers, Uint8Array, etc.
-        let array_buffer_allocator = CustomAllocator::new(heap_max, Arc::clone(&memory_limit_hit));
-
         // Load snapshot (centralized, handles empty file case)
         let snapshot_ref = crate::platform::get_snapshot();
 
-        // Create isolate with custom allocator and heap limits
-        let mut params = v8::CreateParams::default()
+        // Create isolate params
+        // In sandbox mode, V8 manages memory allocation, so we use the default allocator.
+        // In non-sandbox mode, we use a custom allocator to enforce memory limits.
+        #[cfg(not(feature = "sandbox"))]
+        let params = {
+            // Create custom ArrayBuffer allocator to enforce memory limits on external memory
+            // This is critical: V8 heap limits don't cover ArrayBuffers, Uint8Array, etc.
+            let array_buffer_allocator =
+                CustomAllocator::new(heap_max, Arc::clone(&memory_limit_hit));
+            v8::CreateParams::default()
+                .heap_limits(heap_initial, heap_max)
+                .array_buffer_allocator(array_buffer_allocator.into_v8_allocator())
+                .allow_atomics_wait(false)
+        };
+
+        #[cfg(feature = "sandbox")]
+        let params = v8::CreateParams::default()
             .heap_limits(heap_initial, heap_max)
-            .array_buffer_allocator(array_buffer_allocator.into_v8_allocator())
-            .allow_atomics_wait(false); // Security: prevent Atomics.wait() from blocking
+            .allow_atomics_wait(false);
+
+        let mut params = params;
 
         if let Some(snapshot_data) = snapshot_ref {
             params = params.snapshot_blob((*snapshot_data).into());
diff --git a/src/v8_helpers.rs b/src/v8_helpers.rs
diff --git a/tests/memory_limit_test.rs b/tests/memory_limit_test.rs
