From 146adabb6e6d432e9f48b9d4eb4b2a7905bafed5 Mon Sep 17 00:00:00 2001 From: Tyler Rockwood Date: Thu, 2 May 2024 20:48:55 +0000 Subject: [PATCH 1/2] wasm: fix async host functions that pass in bad parameters If a guest passes a bad buffer, we could throw in args translation and that would cause a C++ exception to be risen into Rust over an FFI boundary, which is bad (TM) and causes a process abort. Signed-off-by: Tyler Rockwood --- src/v/wasm/wasmtime.cc | 42 +++++++++++++++++++++++++----------------- 1 file changed, 25 insertions(+), 17 deletions(-) diff --git a/src/v/wasm/wasmtime.cc b/src/v/wasm/wasmtime.cc index 919c5137e5d7..0e58b209a30a 100644 --- a/src/v/wasm/wasmtime.cc +++ b/src/v/wasm/wasmtime.cc @@ -1090,23 +1090,31 @@ struct host_function { memory* mem, std::span args, std::span results) { - auto raw = to_raw_values(args); - auto host_params = ffi::extract_parameters(mem, raw, 0); - using FutureType = typename ReturnType::value_type; - if constexpr (std::is_void_v) { - return ss::futurize_apply( - module_func, - std::tuple_cat( - std::make_tuple(host_module), std::move(host_params))); - } else { - return ss::futurize_apply( - module_func, - std::tuple_cat( - std::make_tuple(host_module), std::move(host_params))) - .then([results](FutureType host_future_result) { - results[0] = convert_to_wasmtime( - host_future_result); - }); + try { + auto raw = to_raw_values(args); + auto host_params = ffi::extract_parameters( + mem, raw, 0); + using FutureType = typename ReturnType::value_type; + if constexpr (std::is_void_v) { + return std::apply( + module_func, + std::tuple_cat( + std::make_tuple(host_module), std::move(host_params))); + } else { + return std::apply( + module_func, + std::tuple_cat( + std::make_tuple(host_module), + std::move(host_params))) + .then([results](FutureType host_future_result) { + // This is safe to write too because wasmtime ensures the + // result is kept alive until the future completes. + results[0] = convert_to_wasmtime( + host_future_result); + }); + } + } catch (...) { + return ss::current_exception_as_future(); } } From f069ef9c34dd3d024afb30e220c9b70f554c9d88 Mon Sep 17 00:00:00 2001 From: Tyler Rockwood Date: Thu, 2 May 2024 20:51:59 +0000 Subject: [PATCH 2/2] wasm: cleanup strict stack checking extra function Signed-off-by: Tyler Rockwood --- src/v/wasm/wasmtime.cc | 41 ++++++----------------------------------- 1 file changed, 6 insertions(+), 35 deletions(-) diff --git a/src/v/wasm/wasmtime.cc b/src/v/wasm/wasmtime.cc index 0e58b209a30a..9736ab9c45eb 100644 --- a/src/v/wasm/wasmtime.cc +++ b/src/v/wasm/wasmtime.cc @@ -895,37 +895,6 @@ struct host_function { handle functype{ wasm_functype_new(&inputs, &outputs)}; - if (ssc.enabled()) { - if constexpr (ss::is_future::value) { - handle error( - wasmtime_linker_define_async_func( - linker, - Module::name.data(), - Module::name.size(), - function_name.data(), - function_name.size(), - functype.get(), - &invoke_async_host_fn_with_strict_stack_checking, - /*data=*/ssc.allocator, - /*finalizer=*/nullptr)); - check_error(error.get()); - } else { - handle error( - wasmtime_linker_define_func( - linker, - Module::name.data(), - Module::name.size(), - function_name.data(), - function_name.size(), - functype.get(), - &invoke_sync_host_fn_with_strict_stack_checking, - /*data=*/ssc.allocator, - /*finalizer=*/nullptr)); - check_error(error.get()); - } - return; - } - if constexpr (ss::is_future::value) { handle error( wasmtime_linker_define_async_func( @@ -935,8 +904,9 @@ struct host_function { function_name.data(), function_name.size(), functype.get(), - &invoke_async_host_fn, - /*data=*/nullptr, + ssc.enabled() ? &invoke_async_host_fn_with_strict_stack_checking + : &invoke_async_host_fn, + /*data=*/ssc.allocator, /*finalizer=*/nullptr)); check_error(error.get()); } else { @@ -948,8 +918,9 @@ struct host_function { function_name.data(), function_name.size(), functype.get(), - &invoke_sync_host_fn, - /*data=*/nullptr, + ssc.enabled() ? &invoke_sync_host_fn_with_strict_stack_checking + : &invoke_sync_host_fn, + /*data=*/ssc.allocator, /*finalizer=*/nullptr)); check_error(error.get()); }