Skip to content

Wasmtime: support a notion of "custom code publisher".#9778

Merged
cfallin merged 4 commits into
bytecodealliance:mainfrom
cfallin:custom-code-publisher
Dec 11, 2024
Merged

Wasmtime: support a notion of "custom code publisher".#9778
cfallin merged 4 commits into
bytecodealliance:mainfrom
cfallin:custom-code-publisher

Conversation

@cfallin
Copy link
Copy Markdown
Member

@cfallin cfallin commented Dec 10, 2024
edited
Loading

In some no_std environments, virtual memory usage is generally prohibited for performance-predictability reasons, but the MMU hardware is still in use for permissions (e.g., W^X write-xor-execute). Occasional changes to page mapping permissions are thus necessary when new modules are loaded dynamically, and are acceptable in that context. Wasmtime needs a way to support "publishing" code (making it executable) in such environments.

Rather than try to segment the signals-based-traps divide further, and piece out the code-publishing parts from the heap parts, and backdoor a path to mprotect in an otherwise no_std build, in this PR I have opted to add a trait an impl of which the embedder can provide to the Config to implement custom actions for "code publish". This otherwise operates properly in a no-signals-based-traps environment, e.g., the module backing memory itself is regularly allocated rather than mmap'd (but is now aligned to the degree requested by the trait impl).

@cfallin cfallin requested review from a team as code owners December 10, 2024 18:15
@cfallin cfallin requested review from fitzgen and removed request for a team December 10, 2024 18:15
alexcrichton
alexcrichton reviewed Dec 10, 2024
View reviewed changes
Comment thread crates/wasmtime/Cargo.toml Outdated
Comment thread crates/wasmtime/src/runtime/vm/mmap_vec.rs
Comment thread crates/wasmtime/src/runtime/vm/mmap_vec.rs
@cfallin cfallin force-pushed the custom-code-publisher branch 2 times, most recently from 4056d14 to 6390b84 Compare December 10, 2024 19:15
@cfallin
Copy link
Copy Markdown
Member Author

cfallin commented Dec 10, 2024

Updated, thanks!

@cfallin cfallin force-pushed the custom-code-publisher branch from 6390b84 to 7f976c4 Compare December 10, 2024 19:23
@cfallin
Wasmtime: support a notion of "custom code publisher".
3545eee 
In some `no_std` environments, virtual memory usage is *generally*
prohibited for performance-predictability reasons, but the MMU
hardware is still in use for permissions (e.g., `W^X`
write-xor-execute). Occasional changes to page mapping permissions are
thus necessary when new modules are loaded dynamically, and are
acceptable in that context. Wasmtime needs a way to support
"publishing" code (making it executable) in such environments.

Rather than try to segment the `signals-based-traps` divide further,
and piece out the code-publishing parts from the heap parts, and
backdoor a path to `mprotect` in an otherwise `no_std` build, in this
PR I have opted to add a trait an impl of which the embedder can
provide to the `Config` to implement custom actions for "code
publish". This otherwise operates properly in a
no-`signals-based-traps` environment, e.g., the module backing memory
itself is regularly allocated rather than mmap'd (but is now aligned
to the degree requested by the trait impl).
@cfallin cfallin force-pushed the custom-code-publisher branch from 7f976c4 to 3545eee Compare December 10, 2024 19:32
alexcrichton
alexcrichton approved these changes Dec 10, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@alexcrichton alexcrichton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be possible to add a test exercising this trait as well? Perhaps x86_64-linux-specific to avoid rewriting a bunch of logic to make things executable or something like that.

Comment thread crates/wasmtime/src/engine.rs Outdated
Comment thread crates/wasmtime/src/engine.rs Outdated
Comment thread crates/wasmtime/src/runtime/vm/mmap_vec.rs Outdated
Comment thread crates/wasmtime/src/runtime/vm/mmap_vec.rs Outdated
Comment thread crates/wasmtime/src/compile/runtime.rs Outdated
@github-actions github-actions Bot added wasmtime:api Related to the API of the `wasmtime` crate itself wasmtime:config Issues related to the configuration of Wasmtime labels Dec 10, 2024
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Dec 10, 2024

Label Messager: wasmtime:config

It looks like you are changing Wasmtime's configuration options. Make sure to
complete this check list:

  • If you added a new Config method, you wrote extensive documentation for
    it.

    Details

    Our documentation should be of the following form:

    Short, simple summary sentence.

More details. These details can be multiple paragraphs. There should be
information about not just the method, but its parameters and results as
well.

Is this method fallible? If so, when can it return an error?

Can this method panic? If so, when does it panic?

# Example

Optional example here.

  • If you added a new Config method, or modified an existing one, you
    ensured that this configuration is exercised by the fuzz targets.

    Details

    For example, if you expose a new strategy for allocating the next instance
    slot inside the pooling allocator, you should ensure that at least one of our
    fuzz targets exercises that new strategy.

    Often, all that is required of you is to ensure that there is a knob for this
    configuration option in wasmtime_fuzzing::Config (or one
    of its nested structs).

    Rarely, this may require authoring a new fuzz target to specifically test this
    configuration. See our docs on fuzzing for more details.

  • If you are enabling a configuration option by default, make sure that it
    has been fuzzed for at least two weeks before turning it on by default.

Details

To modify this label's message, edit the .github/label-messager/wasmtime-config.md file.

To add new label messages or remove existing label messages, edit the
.github/label-messager.json configuration file.

Learn more.

@cfallin cfallin force-pushed the custom-code-publisher branch from fbdfd49 to 46514e7 Compare December 10, 2024 22:33
@cfallin cfallin force-pushed the custom-code-publisher branch from 46514e7 to 84bd6dd Compare December 10, 2024 22:39
@cfallin
Copy link
Copy Markdown
Member Author

cfallin commented Dec 10, 2024

Updated, thanks for feedback! Added a test that uses rustix on non-Windows targets to delegate to mprotect ("custom but actually the same as always" implementation).

@cfallin cfallin enabled auto-merge December 10, 2024 23:43
@cfallin cfallin force-pushed the custom-code-publisher branch from 2dd2b8c to d5f4864 Compare December 10, 2024 23:46
@cfallin cfallin added this pull request to the merge queue Dec 10, 2024
Merged via the queue into bytecodealliance:main with commit 5eee631 Dec 11, 2024
@cfallin cfallin deleted the custom-code-publisher branch December 11, 2024 00:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexcrichton alexcrichton alexcrichton approved these changes

@fitzgen fitzgen Awaiting requested review from fitzgen fitzgen is a code owner automatically assigned from bytecodealliance/wasmtime-core-reviewers

Assignees

No one assigned

Labels

wasmtime:api Related to the API of the `wasmtime` crate itself wasmtime:config Issues related to the configuration of Wasmtime

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cfallin @alexcrichton