nijinlong1
/
sledge-serverles-framwork
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor: Strip out sandbox fds

Browse Source
master
Sean McBride 4 years ago
parent dd627856d4
commit 938f1a8950
6 changed files with 16 additions and 490 deletions
Show Stats Download Patch File Download Diff File

66
runtime/include/sandbox_functions.h
Unescape View File

@ -28,24 +28,6 @@ sandbox_close_http(struct sandbox *sandbox)
client_socket_close(sandbox->client_socket_descriptor, &sandbox->client_address);
}
/**
* Initializes a sandbox fd ready for use with the proper preopen magic
* @param sandbox
* @return index of handle we preopened or -1 on error (sandbox is null or all io_handles are exhausted)
*/
static inline int
sandbox_initialize_file_descriptor(struct sandbox *sandbox)
{
if (!sandbox) return -1;
int sandbox_fd;
for (sandbox_fd = 0; sandbox_fd < SANDBOX_MAX_FD_COUNT; sandbox_fd++) {
if (sandbox->file_descriptors[sandbox_fd] < 0) break;
}
if (sandbox_fd == SANDBOX_MAX_FD_COUNT) return -1;
sandbox->file_descriptors[sandbox_fd] = SANDBOX_FILE_DESCRIPTOR_PREOPEN_MAGIC;
return sandbox_fd;
}
/**
* Free Linear Memory, leaving stack in place
* @param sandbox
@ -70,20 +52,6 @@ sandbox_get_module(struct sandbox *sandbox)
return sandbox->module;
}
/**
* Resolve a sandbox's fd to the host fd it maps to
* @param sandbox
* @param sandbox_fd index into the sandbox's fd table
* @returns file descriptor or -1 in case of error
*/
static inline int
sandbox_get_file_descriptor(struct sandbox *sandbox, int sandbox_fd)
{
if (!sandbox) return -1;
if (sandbox_fd >= SANDBOX_MAX_FD_COUNT || sandbox_fd < 0) return -1;
return sandbox->file_descriptors[sandbox_fd];
}
static inline uint64_t
sandbox_get_priority(void *element)
{
@ -91,40 +59,6 @@ sandbox_get_priority(void *element)
return sandbox->absolute_deadline;
};
/**
* Maps a sandbox fd to an underlying host fd
* Returns error condition if the file_descriptor to set does not contain sandbox preopen magic
* @param sandbox
* @param sandbox_fd index of the sandbox fd we want to set
* @param file_descriptor the file descripter we want to set it to
* @returns the index that was set or -1 in case of error
*/
static inline int
sandbox_set_file_descriptor(struct sandbox *sandbox, int sandbox_fd, int host_fd)
{
if (!sandbox) return -1;
if (sandbox_fd >= SANDBOX_MAX_FD_COUNT || sandbox_fd < 0) return -1;
if (host_fd < 0 || sandbox->file_descriptors[sandbox_fd] != SANDBOX_FILE_DESCRIPTOR_PREOPEN_MAGIC) return -1;
sandbox->file_descriptors[sandbox_fd] = host_fd;
return sandbox_fd;
}
/**
* Map the host stdin, stdout, stderr to the sandbox
* @param sandbox - the sandbox on which we are initializing stdio
*/
static inline void
sandbox_initialize_stdio(struct sandbox *sandbox)
{
int sandbox_fd, rc;
for (int host_fd = 0; host_fd <= 2; host_fd++) {
sandbox_fd = sandbox_initialize_file_descriptor(sandbox);
assert(sandbox_fd == host_fd);
rc = sandbox_set_file_descriptor(sandbox, sandbox_fd, host_fd);
assert(rc != -1);
}
}
static inline void
sandbox_open_http(struct sandbox *sandbox)
{

3
runtime/include/sandbox_set_as_initialized.h
Unescape View File

@ -38,9 +38,6 @@ sandbox_set_as_initialized(struct sandbox *sandbox, struct sandbox_request *sand
arch_context_init(&sandbox->ctxt, (reg_t)current_sandbox_start,
(reg_t)sandbox->stack_start + sandbox->stack_size);
/* Mark sandbox fds as invalid by setting to -1 */
for (int i = 0; i < SANDBOX_MAX_FD_COUNT; i++) sandbox->file_descriptors[i] = -1;
/* Initialize Parsec control structures */
ps_list_init_d(sandbox);

1
runtime/include/sandbox_types.h
Unescape View File

@ -75,7 +75,6 @@ struct sandbox {
void * arguments; /* arguments from request, must be of module->argument_count size. */
int32_t return_value;
int file_descriptors[SANDBOX_MAX_FD_COUNT];
struct sockaddr client_address; /* client requesting connection! */
int client_socket_descriptor;

2
runtime/src/current_sandbox.c
Unescape View File

@ -66,8 +66,6 @@ current_sandbox_start(void)
char *error_message = "";
sandbox_initialize_stdio(sandbox);
sandbox_open_http(sandbox);
if (sandbox_receive_request(sandbox) < 0) {

420
runtime/src/libc/syscall.c
Unescape View File

@ -20,12 +20,7 @@
#define GID 0xFE
// Elf auxilary vector values (see google for what those are)
// #define AT_NULL 0
// #define AT_IGNORE 1
// #define AT_EXECFD 2
// #define AT_PHDR 3
#define AT_PHENT 4
// #define AT_PHNUM 5
#define AT_PHENT 4
#define AT_PAGESZ 6
#define AT_BASE 7
#define AT_FLAGS 8
@ -149,24 +144,7 @@ wasm_write(int32_t fd, int32_t buf_offset, int32_t buf_size)
return l;
}
int f = sandbox_get_file_descriptor(s, fd);
char *buf = worker_thread_get_memory_ptr_void(buf_offset, buf_size);
int32_t res = 0;
while (res < buf_size) {
int32_t length_written = (int32_t)write(f, buf, buf_size);
if (length_written < 0) {
if (errno == EAGAIN)
scheduler_block();
else {
/* All other errors */
debuglog("Error reading socket %d - %s\n", fd, strerror(errno));
goto err;
}
}
res += length_written;
}
int res = ENOTSUP;
done:
return res;
@ -175,17 +153,12 @@ err:
goto done;
}
#define WO_RDONLY 00
#define WO_WRONLY 01
#define WO_RDWR 02
#define WO_CREAT 0100
#define WO_EXCL 0200
// #define WO_NOCTTY 0400
// #define WO_TRUNC 01000
#define WO_APPEND 02000
// #define WO_NONBLOCK 04000
// #define WO_DSYNC 010000
// #define WO_SYNC 04010000
#define WO_RDONLY 00
#define WO_WRONLY 01
#define WO_RDWR 02
#define WO_CREAT 0100
#define WO_EXCL 0200
#define WO_APPEND 02000
#define WO_RSYNC 04010000
#define WO_DIRECTORY 0200000
#define WO_NOFOLLOW 0400000
@ -198,203 +171,23 @@ wasm_open(int32_t path_off, int32_t flags, int32_t mode)
{
char *path = worker_thread_get_memory_string(path_off, MODULE_MAX_PATH_LENGTH);
int iofd = sandbox_initialize_file_descriptor(current_sandbox_get());
if (iofd < 0) return -1;
int32_t modified_flags = 0;
if (flags == WO_RDONLY) {
modified_flags |= O_RDONLY;
// flags ^= WO_RDONLY;
}
if (flags & WO_WRONLY) {
modified_flags |= O_WRONLY;
// flags ^= WO_WRONLY;
}
if (flags & WO_RDWR) {
modified_flags |= O_RDWR;
// flags ^= WO_RDWR;
}
if (flags & WO_APPEND) {
modified_flags |= O_APPEND;
// flags ^= WO_APPEND;
}
if (flags & WO_CREAT) {
modified_flags |= O_CREAT;
// flags ^= WO_CREAT;
}
if (flags & WO_EXCL) {
modified_flags |= O_EXCL;
// flags ^= WO_EXCL;
}
int32_t res = (int32_t)open(path, modified_flags, mode);
if (res == -1) return -errno;
int res = ENOTSUP;
return res;
}
#define SYS_CLOSE 3
int32_t
wasm_close(int32_t io_handle_index)
wasm_close(int32_t fd)
{
struct sandbox *sandbox = current_sandbox_get();
int fd = sandbox_get_file_descriptor(sandbox, io_handle_index);
// Silently disregard client requests to close STDIN, STDOUT, or STDERR
if (fd <= STDERR_FILENO) return 0;
int32_t res = (int32_t)close(fd);
if (res == -1) return -errno;
int res = ENOTSUP;
return res;
}
// What the wasm stat structure looks like
// struct wasm_stat {
// int64_t st_dev;
// uint64_t st_ino;
// uint32_t st_nlink;
// uint32_t st_mode;
// uint32_t st_uid;
// uint32_t st_gid;
// uint32_t __pad0;
// uint64_t st_rdev;
// uint64_t st_size;
// int32_t st_blksize;
// int64_t st_blocks;
// struct {
// int32_t tv_sec;
// int32_t tv_nsec;
// } st_atim;
// struct {
// int32_t tv_sec;
// int32_t tv_nsec;
// } st_mtim;
// struct {
// int32_t tv_sec;
// int32_t tv_nsec;
// } st_ctim;
// int32_t __pad1[3];
// };
// #define SYS_STAT 4
// int32_t
// wasm_stat(uint32_t path_str_offset, int32_t stat_offset)
// {
// char * path = worker_thread_get_memory_string(path_str_offset, MODULE_MAX_PATH_LENGTH);
// struct wasm_stat *stat_ptr = worker_thread_get_memory_ptr_void(stat_offset, sizeof(struct wasm_stat));
// struct stat stat;
// int32_t res = lstat(path, &stat);
// if (res == -1) return -errno;
// *stat_ptr = (struct wasm_stat){
// .st_dev = stat.st_dev,
// .st_ino = stat.st_ino,
// .st_nlink = stat.st_nlink,
// .st_mode = stat.st_mode,
// .st_uid = stat.st_uid,
// .st_gid = stat.st_gid,
// .st_rdev = stat.st_rdev,
// .st_size = stat.st_size,
// .st_blksize = stat.st_blksize,
// .st_blocks = stat.st_blocks,
// };
// stat_ptr->st_atim.tv_sec = stat.st_atim.tv_sec;
// stat_ptr->st_atim.tv_nsec = stat.st_atim.tv_nsec;
// stat_ptr->st_mtim.tv_sec = stat.st_mtim.tv_sec;
// stat_ptr->st_mtim.tv_nsec = stat.st_mtim.tv_nsec;
// stat_ptr->st_ctim.tv_sec = stat.st_ctim.tv_sec;
// stat_ptr->st_ctim.tv_nsec = stat.st_ctim.tv_nsec;
// return res;
// }
// #define SYS_FSTAT 5
// int32_t
// wasm_fstat(int32_t filedes, int32_t stat_offset)
// {
// struct wasm_stat *stat_ptr = worker_thread_get_memory_ptr_void(stat_offset, sizeof(struct wasm_stat));
// struct stat stat;
// int32_t res = fstat(filedes, &stat);
// if (res == -1) return -errno;
// *stat_ptr = (struct wasm_stat){
// .st_dev = stat.st_dev,
// .st_ino = stat.st_ino,
// .st_nlink = stat.st_nlink,
// .st_mode = stat.st_mode,
// .st_uid = stat.st_uid,
// .st_gid = stat.st_gid,
// .st_rdev = stat.st_rdev,
// .st_size = stat.st_size,
// .st_blksize = stat.st_blksize,
// .st_blocks = stat.st_blocks,
// };
// stat_ptr->st_atim.tv_sec = stat.st_atim.tv_sec;
// stat_ptr->st_atim.tv_nsec = stat.st_atim.tv_nsec;
// stat_ptr->st_mtim.tv_sec = stat.st_mtim.tv_sec;
// stat_ptr->st_mtim.tv_nsec = stat.st_mtim.tv_nsec;
// stat_ptr->st_ctim.tv_sec = stat.st_ctim.tv_sec;
// stat_ptr->st_ctim.tv_nsec = stat.st_ctim.tv_nsec;
// return res;
// }
// #define SYS_LSTAT 6
// int32_t
// wasm_lstat(int32_t path_str_offset, int32_t stat_offset)
// {
// char * path = worker_thread_get_memory_string(path_str_offset, MODULE_MAX_PATH_LENGTH);
// struct wasm_stat *stat_ptr = worker_thread_get_memory_ptr_void(stat_offset, sizeof(struct wasm_stat));
// struct stat stat;
// int32_t res = lstat(path, &stat);
// if (res == -1) return -errno;
// *stat_ptr = (struct wasm_stat){
// .st_dev = stat.st_dev,
// .st_ino = stat.st_ino,
// .st_nlink = stat.st_nlink,
// .st_mode = stat.st_mode,
// .st_uid = stat.st_uid,
// .st_gid = stat.st_gid,
// .st_rdev = stat.st_rdev,
// .st_size = stat.st_size,
// .st_blksize = stat.st_blksize,
// .st_blocks = stat.st_blocks,
// };
// stat_ptr->st_atim.tv_sec = stat.st_atim.tv_sec;
// stat_ptr->st_atim.tv_nsec = stat.st_atim.tv_nsec;
// stat_ptr->st_mtim.tv_sec = stat.st_mtim.tv_sec;
// stat_ptr->st_mtim.tv_nsec = stat.st_mtim.tv_nsec;
// stat_ptr->st_ctim.tv_sec = stat.st_ctim.tv_sec;
// stat_ptr->st_ctim.tv_nsec = stat.st_ctim.tv_nsec;
// return res;
// }
#define SYS_LSEEK 8
int32_t
wasm_lseek(int32_t filedes, int32_t file_offset, int32_t whence)
@ -516,17 +309,9 @@ wasm_writev(int32_t fd, int32_t iov_offset, int32_t iovcnt)
}
#define SYS_MREMAP 25
// #define MREMAP_MAYMOVE 1
// #define MREMAP_FIXED 2
int32_t
wasm_mremap(int32_t offset, int32_t old_size, int32_t new_size, int32_t flags)
{
/* Should fit within the 32-bit linear address space */
/* TODO: Improve with errno and handle flags properly */
// debuglog("Offset: %d, Old Size: %d, New Size: %d, May Move: %s, Fixed: %s\n", offset, old_size, new_size,
// (flags & MREMAP_MAYMOVE) == MREMAP_MAYMOVE ? "true" : "false",
// (flags & MREMAP_FIXED) == MREMAP_FIXED ? "true" : "false");
assert(offset >= 0);
assert(offset + old_size <= INT32_MAX);
@ -570,80 +355,13 @@ wasm_getpid()
}
// #define WF_DUPFD 0
// #define WF_GETFD 1
#define WF_SETFD 2
// #define WF_GETFL 3
// #define WF_SETFL 4
// #define WF_SETOWN 8
// #define WF_GETOWN 9
// #define WF_SETSIG 10
#define WF_GETSIG 11
// #define WF_GETLK 5
#define WF_SETLK 6
#define WF_SETLKW 7
// #define SYS_FCNTL 72
// uint32_t
// wasm_fcntl(uint32_t fd, uint32_t cmd, uint32_t arg_or_lock_ptr)
// {
// switch (cmd) {
// case WF_SETFD:
// // return fcntl(fd, F_SETFD, arg_or_lock_ptr);
// return 0;
// case WF_SETLK:
// return 0;
// default:
// panic("Unexpected Command");
// }
// }
// #define SYS_FSYNC 74
// uint32_t
// wasm_fsync(uint32_t filedes)
// {
// uint32_t res = fsync(filedes);
// if (res == -1) return -errno;
// return 0;
// }
// #define SYS_GETCWD 79
// uint32_t
// wasm_getcwd(uint32_t buf_offset, uint32_t buf_size)
// {
// char *buf = worker_thread_get_memory_ptr_void(buf_offset, buf_size);
// char *res = getcwd(buf, buf_size);
// if (!res) return 0;
// return buf_offset;
// }
// #define SYS_UNLINK 87
// uint32_t
// wasm_unlink(uint32_t path_str_offset)
// {
// char * str = worker_thread_get_memory_string(path_str_offset, MODULE_MAX_PATH_LENGTH);
// uint32_t res = unlink(str);
// if (res == -1) return -errno;
// return 0;
// }
// #define SYS_GETEUID 107
// uint32_t
// wasm_geteuid()
// {
// return (uint32_t)geteuid();
// }
#define WF_SETFD 2
#define WF_GETSIG 11
#define WF_SETLK 6
#define WF_SETLKW 7
#define SYS_SET_THREAD_AREA 205
#define SYS_SET_TID_ADDRESS 218
#define SYS_GET_TIME 228
#define SYS_GET_TIME 228
struct wasm_time_spec {
uint64_t sec;
uint32_t nanosec;
@ -691,74 +409,6 @@ wasm_exit_group(int32_t status)
return 0;
}
// #define SYS_FCHOWN 93
// int32_t
// wasm_fchown(int32_t fd, uint32_t owner, uint32_t group)
// {
// return fchown(fd, owner, group);
// }
// networking syscalls
// #define SYS_SOCKET 41
// int32_t
// wasm_socket(int32_t domain, int32_t type, int32_t protocol)
// {
// return socket(domain, type, protocol);
// }
// #define SYS_CONNECT 42
// int32_t
// wasm_connect(int32_t sockfd, int32_t sockaddr_offset, int32_t addrlen)
// {
// return connect(sockfd, worker_thread_get_memory_ptr_void(sockaddr_offset, addrlen), addrlen);
// }
// #define SYS_ACCEPT 43
// int32_t
// wasm_accept(int32_t sockfd, int32_t sockaddr_offset, int32_t addrlen_offset)
// {
// socklen_t *addrlen = worker_thread_get_memory_ptr_void(addrlen_offset, sizeof(socklen_t));
// return accept(sockfd, worker_thread_get_memory_ptr_void(sockaddr_offset, *addrlen), addrlen);
// }
// #define SYS_BIND 49
// int32_t
// wasm_bind(int32_t sockfd, int32_t sockaddr_offset, int32_t addrlen)
// {
// return bind(sockfd, worker_thread_get_memory_ptr_void(sockaddr_offset, addrlen), addrlen);
// }
// #define SYS_LISTEN 50
// int32_t
// wasm_listen(int32_t sockfd, int32_t backlog)
// {
// return listen(sockfd, backlog);
// }
// #define SYS_SENDTO 44
// int32_t
// wasm_sendto(int32_t fd, int32_t buff_offset, int32_t len, int32_t flags, int32_t sockaddr_offset, int32_t
// sockaddr_len)
// {
// char * buf = worker_thread_get_memory_ptr_void(buff_offset, len);
// struct sockaddr *addr = sockaddr_len ? worker_thread_get_memory_ptr_void(sockaddr_offset, sockaddr_len) : NULL;
// return sendto(fd, buf, len, flags, addr, sockaddr_len);
// }
// #define SYS_RECVFROM 45
// int32_t
// wasm_recvfrom(int32_t fd, int32_t buff_offset, int32_t size, int32_t flags, int32_t sockaddr_offset,
// int32_t socklen_offset)
// {
// char * buf = worker_thread_get_memory_ptr_void(buff_offset, size);
// socklen_t * len = worker_thread_get_memory_ptr_void(socklen_offset, sizeof(socklen_t));
// struct sockaddr *addr = *len ? worker_thread_get_memory_ptr_void(sockaddr_offset, *len) : NULL;
// return recvfrom(fd, buf, size, flags, addr, addr ? len : NULL);
// }
int32_t
inner_syscall_handler(int32_t n, int32_t a, int32_t b, int32_t c, int32_t d, int32_t e, int32_t f)
{
@ -800,43 +450,5 @@ inner_syscall_handler(int32_t n, int32_t a, int32_t b, int32_t c, int32_t d, int
debuglog("syscall %d (%d, %d, %d, %d, %d, %d)\n", n, a, b, c, d, e, f);
errno = ENOSYS;
return -1;
/* TODO: The calls below need to be validated / refactored to be non-blocking */
// case SYS_OPEN:
// return wasm_open(a, b, c);
// case SYS_STAT:
// return wasm_stat(a, b);
// case SYS_FSTAT:
// return wasm_fstat(a, b);
// case SYS_LSTAT:
// return wasm_lstat(a, b);
// case SYS_GETPID:
// return wasm_getpid();
// case SYS_FCNTL:
// return wasm_fcntl(a, b, c);
// case SYS_FSYNC:
// return wasm_fsync(a);
// case SYS_UNLINK:
// return wasm_unlink(a);
// case SYS_GETCWD:
// return wasm_getcwd(a, b);
// case SYS_GETEUID:
// return wasm_geteuid();
// case SYS_FCHOWN:
// return wasm_fchown(a, b, c);
// case SYS_SOCKET:
// return wasm_socket(a, b, c);
// case SYS_CONNECT:
// return wasm_connect(a, b, c);
// case SYS_ACCEPT:
// return wasm_accept(a, b, c);
// case SYS_BIND:
// return wasm_bind(a, b, c);
// case SYS_LISTEN:
// return wasm_listen(a, b);
// case SYS_SENDTO:
// return wasm_sendto(a, b, c, d, e, f);
// case SYS_RECVFROM:
// return wasm_recvfrom(a, b, c, d, e, f);
}
}

14
runtime/src/sandbox.c
Unescape View File

@ -8,20 +8,6 @@
#include "sandbox_set_as_error.h"
#include "sandbox_set_as_initialized.h"
/**
* Close the sandbox's ith io_handle
* @param sandbox
* @param sandbox_fd client fd to close
*/
// void
// sandbox_close_file_descriptor(struct sandbox *sandbox, int sandbox_fd)
// {
// if (sandbox_fd >= SANDBOX_MAX_FD_COUNT || sandbox_fd < 0) return;
// /* TODO: Do we actually need to call some sort of close function here? Issue #90 */
// /* Thought: do we need to refcount host fds? */
// sandbox->file_descriptors[sandbox_fd] = -1;
// }
/**
* Allocates a WebAssembly sandbox represented by the following layout
* struct sandbox | Buffer for HTTP Req/Resp | 4GB of Wasm Linear Memory | Guard Page

Write Preview
Loading…
Cancel
Save