Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Wasmtime: support a notion of "custom code publisher". #9778

Merged
merged 4 commits into from
Dec 11, 2024

Conversation

cfallin
Copy link
Member

@cfallin cfallin commented Dec 10, 2024

In some no_std environments, virtual memory usage is generally prohibited for performance-predictability reasons, but the MMU hardware is still in use for permissions (e.g., W^X write-xor-execute). Occasional changes to page mapping permissions are thus necessary when new modules are loaded dynamically, and are acceptable in that context. Wasmtime needs a way to support "publishing" code (making it executable) in such environments.

Rather than try to segment the signals-based-traps divide further, and piece out the code-publishing parts from the heap parts, and backdoor a path to mprotect in an otherwise no_std build, in this PR I have opted to add a trait an impl of which the embedder can provide to the Config to implement custom actions for "code publish". This otherwise operates properly in a no-signals-based-traps environment, e.g., the module backing memory itself is regularly allocated rather than mmap'd (but is now aligned to the degree requested by the trait impl).

@cfallin cfallin requested review from a team as code owners December 10, 2024 18:15
@cfallin cfallin requested review from fitzgen and removed request for a team December 10, 2024 18:15
crates/wasmtime/Cargo.toml Outdated Show resolved Hide resolved
crates/wasmtime/src/runtime/vm/mmap_vec.rs Show resolved Hide resolved
crates/wasmtime/src/runtime/vm/mmap_vec.rs Outdated Show resolved Hide resolved
@cfallin cfallin force-pushed the custom-code-publisher branch 2 times, most recently from 4056d14 to 6390b84 Compare December 10, 2024 19:15
@cfallin
Copy link
Member Author

cfallin commented Dec 10, 2024

Updated, thanks!

@cfallin cfallin force-pushed the custom-code-publisher branch from 6390b84 to 7f976c4 Compare December 10, 2024 19:23
In some `no_std` environments, virtual memory usage is *generally*
prohibited for performance-predictability reasons, but the MMU
hardware is still in use for permissions (e.g., `W^X`
write-xor-execute). Occasional changes to page mapping permissions are
thus necessary when new modules are loaded dynamically, and are
acceptable in that context. Wasmtime needs a way to support
"publishing" code (making it executable) in such environments.

Rather than try to segment the `signals-based-traps` divide further,
and piece out the code-publishing parts from the heap parts, and
backdoor a path to `mprotect` in an otherwise `no_std` build, in this
PR I have opted to add a trait an impl of which the embedder can
provide to the `Config` to implement custom actions for "code
publish". This otherwise operates properly in a
no-`signals-based-traps` environment, e.g., the module backing memory
itself is regularly allocated rather than mmap'd (but is now aligned
to the degree requested by the trait impl).
@cfallin cfallin force-pushed the custom-code-publisher branch from 7f976c4 to 3545eee Compare December 10, 2024 19:32
Copy link
Member

@alexcrichton alexcrichton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be possible to add a test exercising this trait as well? Perhaps x86_64-linux-specific to avoid rewriting a bunch of logic to make things executable or something like that.

crates/wasmtime/src/engine.rs Outdated Show resolved Hide resolved
crates/wasmtime/src/engine.rs Outdated Show resolved Hide resolved
crates/wasmtime/src/runtime/vm/mmap_vec.rs Outdated Show resolved Hide resolved
crates/wasmtime/src/runtime/vm/mmap_vec.rs Outdated Show resolved Hide resolved
crates/wasmtime/src/compile/runtime.rs Outdated Show resolved Hide resolved
@github-actions github-actions bot added wasmtime:api Related to the API of the `wasmtime` crate itself wasmtime:config Issues related to the configuration of Wasmtime labels Dec 10, 2024
Copy link

Label Messager: wasmtime:config

It looks like you are changing Wasmtime's configuration options. Make sure to
complete this check list:

  • If you added a new Config method, you wrote extensive documentation for
    it.

    Our documentation should be of the following form:

    Short, simple summary sentence.
    
    More details. These details can be multiple paragraphs. There should be
    information about not just the method, but its parameters and results as
    well.
    
    Is this method fallible? If so, when can it return an error?
    
    Can this method panic? If so, when does it panic?
    
    # Example
    
    Optional example here.
    
  • If you added a new Config method, or modified an existing one, you
    ensured that this configuration is exercised by the fuzz targets.

    For example, if you expose a new strategy for allocating the next instance
    slot inside the pooling allocator, you should ensure that at least one of our
    fuzz targets exercises that new strategy.

    Often, all that is required of you is to ensure that there is a knob for this
    configuration option in wasmtime_fuzzing::Config (or one
    of its nested structs).

    Rarely, this may require authoring a new fuzz target to specifically test this
    configuration. See our docs on fuzzing for more details.

  • If you are enabling a configuration option by default, make sure that it
    has been fuzzed for at least two weeks before turning it on by default.


To modify this label's message, edit the .github/label-messager/wasmtime-config.md file.

To add new label messages or remove existing label messages, edit the
.github/label-messager.json configuration file.

Learn more.

Sorry, something went wrong.

@cfallin cfallin force-pushed the custom-code-publisher branch from fbdfd49 to 46514e7 Compare December 10, 2024 22:33
@cfallin cfallin force-pushed the custom-code-publisher branch from 46514e7 to 84bd6dd Compare December 10, 2024 22:39
@cfallin
Copy link
Member Author

cfallin commented Dec 10, 2024

Updated, thanks for feedback! Added a test that uses rustix on non-Windows targets to delegate to mprotect ("custom but actually the same as always" implementation).

@cfallin cfallin enabled auto-merge December 10, 2024 23:43
@cfallin cfallin force-pushed the custom-code-publisher branch from 2dd2b8c to d5f4864 Compare December 10, 2024 23:46
@cfallin cfallin added this pull request to the merge queue Dec 10, 2024
Merged via the queue into bytecodealliance:main with commit 5eee631 Dec 11, 2024
42 checks passed
@cfallin cfallin deleted the custom-code-publisher branch December 11, 2024 00:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
wasmtime:api Related to the API of the `wasmtime` crate itself wasmtime:config Issues related to the configuration of Wasmtime
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants