From 8e169b600b1d694bdc4d6e665db8ec44ed2ab6e8 Mon Sep 17 00:00:00 2001
From: Benjamin Pasero <benjpas@microsoft.com>
Date: Mon, 17 Dec 2018 17:44:53 +0100
Subject: [PATCH] electron 3.0.x: use the --no-untrusted-code-mitigations flag

Since Electron 3 we use a V8 version that comes with untrusted code mitigations enabled by default (https://v8.dev/docs/untrusted-code-mitigations). This comes at a performance cost according to the blog. Since we do not execute untrusted code, we disable these mitigations.
---
 src/main.js                          | 11 +++++++++++
 src/vs/base/parts/ipc/node/ipc.cp.ts |  5 +++++
 2 files changed, 16 insertions(+)

diff --git a/src/main.js b/src/main.js
index f35df3d89b1..7df35af8038 100644
--- a/src/main.js
+++ b/src/main.js
@@ -164,14 +164,25 @@ function configureCommandlineSwitches(cliArgs, nodeCachedDataDir) {
  * @returns {string}
  */
 function resolveJSFlags(cliArgs, ...jsFlags) {
+
+	// Add any existing JS flags we already got from the command line
 	if (cliArgs['js-flags']) {
 		jsFlags.push(cliArgs['js-flags']);
 	}
 
+	// Support max-memory flag
 	if (cliArgs['max-memory'] && !/max_old_space_size=(\d+)/g.exec(cliArgs['js-flags'])) {
 		jsFlags.push(`--max_old_space_size=${cliArgs['max-memory']}`);
 	}
 
+	// Since Electron 3 we use a V8 version that comes with untrusted code mitigations
+	// enabled by default (https://v8.dev/docs/untrusted-code-mitigations). This comes
+	// at a performance cost according to the blog. Since we do not execute untrusted
+	// code, we disable these mitigations.
+	// TODO@Ben revisit this for later Electron versions, search for more usages of
+	// --no-untrusted-code-mitigations
+	jsFlags.push('--no-untrusted-code-mitigations');
+
 	return jsFlags.length > 0 ? jsFlags.join(' ') : null;
 }
 
diff --git a/src/vs/base/parts/ipc/node/ipc.cp.ts b/src/vs/base/parts/ipc/node/ipc.cp.ts
index 2217c707d22..99bd89dbaf1 100644
--- a/src/vs/base/parts/ipc/node/ipc.cp.ts
+++ b/src/vs/base/parts/ipc/node/ipc.cp.ts
@@ -196,6 +196,11 @@ export class Client implements IChannelClient, IDisposable {
 				forkOpts.execArgv = ['--nolazy', '--inspect-brk=' + this.options.debugBrk];
 			}
 
+			if (!Array.isArray(forkOpts.execArgv)) {
+				forkOpts.execArgv = [];
+			}
+			forkOpts.execArgv.push('--no-untrusted-code-mitigations');
+
 			this.child = fork(this.modulePath, args, forkOpts);
 
 			const onMessageEmitter = new Emitter<Buffer>();
-- 
GitLab