Skip to content

[33.0.2] backport fd_renumber fixes#11279

Merged
rvolosatovs merged 7 commits into
bytecodealliance:release-33.0.0from
rvolosatovs:backport/33/fd-renumber
Jul 18, 2025
Merged

[33.0.2] backport fd_renumber fixes#11279
rvolosatovs merged 7 commits into
bytecodealliance:release-33.0.0from
rvolosatovs:backport/33/fd-renumber

Conversation

@rvolosatovs
Copy link
Copy Markdown
Member

@rvolosatovs rvolosatovs commented Jul 18, 2025

This a security advisory fix PR moved from https://github.com/bytecodealliance/wasmtime-ghsa-fm79-3f68-h2fc/pull/5

this includes #11277 and #11276

@rvolosatovs
fix(wasip1): prevent duplicate FD usage
7456336 
The implementation assumed that only the runtime could ever issue FDs,
however that's not the case in p1, where guests can choose arbitrary
FDs to use (e.g. via `fd_renumber`).

Due to incorrect accounting, guests could "mark" arbitrary FDs as "free"
and trigger a panic in the host by requesting a new FD.

Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net>
@rvolosatovs
test(wasip1): expand fd_renumber test
33f71bd 
Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net>
@rvolosatovs
refactor(wasip1): do not modify descriptors on fd_renumber(n, n)
101778c 
Since `remove` is now only used once, remove it.

As a sideffect, this makes the implementation more explicit .

Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net>
@rvolosatovs
fix(wasip1-adapter): prevent unreachable panic on fd_renumber
f9c494e 
Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net>
@rvolosatovs
doc: add release notes
1057d8a 
Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net>
@rvolosatovs
doc: reference the CVE
9504738 
prtest:full

Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net>
@rvolosatovs
doc: add PR reference
74a6761 
prtest:full

Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net>
@rvolosatovs rvolosatovs requested review from a team as code owners July 18, 2025 11:59
@rvolosatovs rvolosatovs requested review from dicej and removed request for a team July 18, 2025 11:59
@github-actions github-actions Bot added wasi Issues pertaining to WASI wasmtime:docs Issues related to Wasmtime's documentation labels Jul 18, 2025
@rvolosatovs rvolosatovs merged commit e43545e into bytecodealliance:release-33.0.0 Jul 18, 2025
160 checks passed
@rvolosatovs rvolosatovs deleted the backport/33/fd-renumber branch July 18, 2025 17:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pchickey pchickey pchickey approved these changes

@dicej dicej Awaiting requested review from dicej dicej is a code owner automatically assigned from bytecodealliance/wasmtime-core-reviewers

Assignees

No one assigned

Labels

wasi Issues pertaining to WASI wasmtime:docs Issues related to Wasmtime's documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rvolosatovs @pchickey