Bug 1670878: Instantiating a large number of wasm library sandboxes crashes due to overuse of file descriptors r=tjr

Instantiating a wasm library duplicates a file descriptor for /dev/null 3 times to be used as input, output and error streams for the wasm sandboxed code. When a lot of sandboxes are created and destroyed, a lot of descriptors are duplicated and closed. While this should be fine, POSIX does not seem to happy with the opening and closing of many file descriptors --- this could perhaps be some strange interaction with Firefox's seccomp filters and cross-process file descriptor handling as it is difficult to repro this outside of firefox. However, the simpler fix here was to just eliminate the duplication of /dev/null and return an error when input, output or error streams are accessed by wasm sandboxed code. This means calls to printf will fail, but no code I know off actually checks the int error code returned by printf and this change is certainly compatible with existing sandboxed components. Differential Revision: https://phabricator.services.mozilla.com/D99160
2024-10-08 10:44:56 +00:00 · 2020-12-09 21:54:03 +00:00 · 2020-12-09 21:54:03 +00:00 · d475a75904
commit d475a75904
parent 23a095d859
15 changed files with 39 additions and 29 deletions
--- a/.cargo/config.in
+++ b/.cargo/config.in
@ -85,12 +85,12 @@ rev = "64af847bc5fdcb6d2438bec8a6030812a80519a5"
 [source."https://github.com/PLSysSec/rlbox_lucet_sandbox/"]
 git = "https://github.com/PLSysSec/rlbox_lucet_sandbox/"
 replace-with = "vendored-sources"
-rev = "ed8bac8812e9f335d5fadd0f4ece96981aba88a3"
+rev = "f3cace4fb8b53db0849c62af4fa62bade5a620f7"

 [source."https://github.com/PLSysSec/lucet_sandbox_compiler"]
 git = "https://github.com/PLSysSec/lucet_sandbox_compiler"
 replace-with = "vendored-sources"
-rev = "477d8fc53a64705a9d3fbcce9de92f4988558525"
+rev = "cd07861d1c92147b35b538e6f94fde7d1986f9ad"

 [source."https://github.com/ChunMinChang/cubeb-coreaudio-rs"]
 git = "https://github.com/ChunMinChang/cubeb-coreaudio-rs"
--- a/Cargo.lock
+++ b/Cargo.lock
@ -804,7 +804,7 @@ source = "git+https://github.com/mozilla-spidermonkey/wasmtime?rev=3b01b4b850baf
 [[package]]
 name = "cranelift-entity"
 version = "0.41.0"
-source = "git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=477d8fc53a64705a9d3fbcce9de92f4988558525#477d8fc53a64705a9d3fbcce9de92f4988558525"
+source = "git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=cd07861d1c92147b35b538e6f94fde7d1986f9ad#cd07861d1c92147b35b538e6f94fde7d1986f9ad"

 [[package]]
 name = "cranelift-entity"
@ -2832,7 +2832,7 @@ dependencies = [
 [[package]]
 name = "lucet-module-wasmsbx"
 version = "0.1.1"
-source = "git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=477d8fc53a64705a9d3fbcce9de92f4988558525#477d8fc53a64705a9d3fbcce9de92f4988558525"
+source = "git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=cd07861d1c92147b35b538e6f94fde7d1986f9ad#cd07861d1c92147b35b538e6f94fde7d1986f9ad"
 dependencies = [
 "bincode",
 "byteorder",
@ -2848,7 +2848,7 @@ dependencies = [
 [[package]]
 name = "lucet-runtime-internals-wasmsbx"
 version = "0.1.1"
-source = "git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=477d8fc53a64705a9d3fbcce9de92f4988558525#477d8fc53a64705a9d3fbcce9de92f4988558525"
+source = "git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=cd07861d1c92147b35b538e6f94fde7d1986f9ad#cd07861d1c92147b35b538e6f94fde7d1986f9ad"
 dependencies = [
 "bincode",
 "bitflags",
@ -2870,7 +2870,7 @@ dependencies = [
 [[package]]
 name = "lucet-runtime-wasmsbx"
 version = "0.1.1"
-source = "git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=477d8fc53a64705a9d3fbcce9de92f4988558525#477d8fc53a64705a9d3fbcce9de92f4988558525"
+source = "git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=cd07861d1c92147b35b538e6f94fde7d1986f9ad#cd07861d1c92147b35b538e6f94fde7d1986f9ad"
 dependencies = [
 "cc",
 "libc",
@ -2883,10 +2883,11 @@ dependencies = [
 [[package]]
 name = "lucet-wasi-wasmsbx"
 version = "0.1.1"
-source = "git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=477d8fc53a64705a9d3fbcce9de92f4988558525#477d8fc53a64705a9d3fbcce9de92f4988558525"
+source = "git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=cd07861d1c92147b35b538e6f94fde7d1986f9ad#cd07861d1c92147b35b538e6f94fde7d1986f9ad"
 dependencies = [
 "cast",
 "failure",
+ "lazy_static",
 "libc",
 "lucet-module-wasmsbx",
 "lucet-runtime-internals-wasmsbx",
@ -4291,7 +4292,7 @@ dependencies = [
 [[package]]
 name = "rlbox_lucet_sandbox"
 version = "0.1.0"
-source = "git+https://github.com/PLSysSec/rlbox_lucet_sandbox/?rev=ed8bac8812e9f335d5fadd0f4ece96981aba88a3#ed8bac8812e9f335d5fadd0f4ece96981aba88a3"
+source = "git+https://github.com/PLSysSec/rlbox_lucet_sandbox/?rev=f3cace4fb8b53db0849c62af4fa62bade5a620f7#f3cace4fb8b53db0849c62af4fa62bade5a620f7"
 dependencies = [
 "failure",
 "goblin",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -75,7 +75,7 @@ opt-level = 1
 chardetng = { git = "https://github.com/hsivonen/chardetng", rev="7d5e0608d3e012bdfea3bd199111e3546607dd31" }
 libudev-sys = { path = "dom/webauthn/libudev-sys" }
 packed_simd = { git = "https://github.com/hsivonen/packed_simd", rev="0917fe780032a6bbb23d71be545f9c1834128d75" }
-rlbox_lucet_sandbox = { git = "https://github.com/PLSysSec/rlbox_lucet_sandbox/", rev="ed8bac8812e9f335d5fadd0f4ece96981aba88a3" }
+rlbox_lucet_sandbox = { git = "https://github.com/PLSysSec/rlbox_lucet_sandbox/", rev="f3cace4fb8b53db0849c62af4fa62bade5a620f7" }
 nix = { git = "https://github.com/shravanrn/nix/", branch = "r0.13.1", rev="4af6c367603869a30fddb5ffb0aba2b9477ba92e" }
 spirv_cross = { git = "https://github.com/kvark/spirv_cross", branch = "wgpu4", rev = "e9eff10f964957e7a001c5f712effe17ce09aa99" }
 # failure's backtrace feature might break our builds, see bug 1608157.
--- a/taskcluster/ci/fetch/toolchains.yml
+++ b/taskcluster/ci/fetch/toolchains.yml
@ -471,7 +471,7 @@ lucetc-source:
    fetch:
        type: git
        repo: https://github.com/PLSysSec/lucet_sandbox_compiler/
-        revision: 477d8fc53a64705a9d3fbcce9de92f4988558525
+        revision: cd07861d1c92147b35b538e6f94fde7d1986f9ad

 dump-syms:
    description: dump_syms source code
--- a/third_party/rust/lucet-runtime-internals-wasmsbx/.cargo-checksum.json
+++ b/third_party/rust/lucet-runtime-internals-wasmsbx/.cargo-checksum.json
@ -1 +1 @@
-{"files":{"Cargo.toml":"6f7c26dba788329c4d904bf2dce313de7626f18fc99088984068901ce87936d2","build.rs":"ae539feaad828d15cbe4924e8de5ae38c7d0086200a5c4d494edf8e8e28c074e","src/alloc/mod.rs":"6aac9fa3fd238de17d6270fab6e9677ade40dbbff9d700494f9a78084da1ccd3","src/alloc/tests.rs":"3aada1196dae1b03106e63f6892b9fc019cf9627b99b278765668c56df82bc79","src/c_api.rs":"cb42793d891597ac903636d4726d64a94507a583d44bd350571ce104db4fcc0a","src/context/context_asm.S":"6b0fe86e5e7f3699482d94819f67ead933aaf91da89f79da0d8a75fa71ba4380","src/context/mod.rs":"98452bfad053d4cd4143afed620233538688cf2bac857b0c4569f42ee8d6d844","src/context/tests/c_child.c":"a9ad91367ac37e7406a587f971858aa7758913f634ea7ae88fccc7f487a3c4fc","src/context/tests/c_child.rs":"33c0472401795d61af2a706cc69d62b69225159a10cfc55e4b0c6e15321f0964","src/context/tests/mod.rs":"5d1bc979aaea2870a8c3a3db66cde21d16d9aab20b898da2c67d6aa1f1f5c292","src/context/tests/rust_child.rs":"ed69940a0b426eef5f9524f06ca215d0952cf4b00d8ebcf8837077849502d075","src/embed_ctx.rs":"57ae60c1a50cf84af23dc529a154db21cbb58c52c8067b9f87069dd600b99473","src/error.rs":"fd09389d5112b04ea76ffed0a7b2a8180c524cded90e33e36399a690c5714e2e","src/hostcall_macros.rs":"b4a2fdd876eee50bec4188f7d9f7c708d71600974cc2b52ff38c7daaa63cb225","src/instance.rs":"04bf1dddd9a980579b3baef77b83f19e8187a085aee6276a0fd4e60af7918e7a","src/instance/siginfo_ext.c":"8ee3a54ef2b93041ca07ecce70ebeb8d421c8ad1257122d9e8ef064d2d45a4a4","src/instance/siginfo_ext.rs":"529b4cc7ce6eea140c17a97477cc862f9d224e40cc24687223a478696d27b971","src/instance/signals.rs":"37d7cff815169fdab680d2931f6236d4e912c34621b9c99192b0147450bb6bc1","src/instance/state.rs":"490278c7222fc22248c8f545364a5d522da721c35f5b5e814658dc90e8ed77bd","src/lib.rs":"0c97e40191f17826feccff762898a0f4cafd1ed45cc3e81c07f9f446e263a422","src/module.rs":"29b54cc59cf308d712d9ecf4d595ef10645213e8ea62ec7f3a12adb27089fb47","src/module/dl.rs":"828838d35596e9c4399a5cfc857d680484b953f6ebed17b5dfd8ddf3e77adf82","src/module/mock.rs":"bf397a32bc1f567a5597f92d017a04f5c480e1b07f21b8843b49b49f6dde111a","src/module/sparse_page_data.rs":"84ef79aa4707e5c84d72a38c5ead18156b16ab29c617540e652e851c744449dc","src/region/mmap.rs":"fd41806035e26320136eb770960d514770eab8a4c933b8f17b4c605d02cf421f","src/region/mod.rs":"d2bf8b8c769542299bae9e5ed5d334ca7b431dfd52619ae1487d1494653dfc82","src/sysdeps/linux.rs":"124cc2f0fb0856e23274facdab8ca4631f04cdf8e494d9a4531979efe4ba4ad9","src/sysdeps/macos.rs":"8dc632a9aab98993140a6faefb7c2e313d80e6b9db2e45f54e8d6604cd752a6f","src/sysdeps/mod.rs":"9caed471a08f5f7d39c836a649d0f61d7a84095cee7589cdfc1eafe10eaa866c","src/test_helpers.rs":"72d1aeb9ca9c512aadcecac7ad0869c883c13134fced9f625075dc5e2741c55d","src/val.rs":"503891cd17892349b931d49ed3cdc0c9fc572da47d4c8f8f94fee30f5f4543a6","src/vmctx.rs":"b401df03b483c827d694f5f9024cf54b40987cff025dd8f292137e8396f56e6e"},"package":null}
+{"files":{"Cargo.toml":"6f7c26dba788329c4d904bf2dce313de7626f18fc99088984068901ce87936d2","build.rs":"ae539feaad828d15cbe4924e8de5ae38c7d0086200a5c4d494edf8e8e28c074e","src/alloc/mod.rs":"6aac9fa3fd238de17d6270fab6e9677ade40dbbff9d700494f9a78084da1ccd3","src/alloc/tests.rs":"3aada1196dae1b03106e63f6892b9fc019cf9627b99b278765668c56df82bc79","src/c_api.rs":"cb42793d891597ac903636d4726d64a94507a583d44bd350571ce104db4fcc0a","src/context/context_asm.S":"6b0fe86e5e7f3699482d94819f67ead933aaf91da89f79da0d8a75fa71ba4380","src/context/mod.rs":"98452bfad053d4cd4143afed620233538688cf2bac857b0c4569f42ee8d6d844","src/context/tests/c_child.c":"a9ad91367ac37e7406a587f971858aa7758913f634ea7ae88fccc7f487a3c4fc","src/context/tests/c_child.rs":"33c0472401795d61af2a706cc69d62b69225159a10cfc55e4b0c6e15321f0964","src/context/tests/mod.rs":"5d1bc979aaea2870a8c3a3db66cde21d16d9aab20b898da2c67d6aa1f1f5c292","src/context/tests/rust_child.rs":"ed69940a0b426eef5f9524f06ca215d0952cf4b00d8ebcf8837077849502d075","src/embed_ctx.rs":"57ae60c1a50cf84af23dc529a154db21cbb58c52c8067b9f87069dd600b99473","src/error.rs":"fd09389d5112b04ea76ffed0a7b2a8180c524cded90e33e36399a690c5714e2e","src/hostcall_macros.rs":"b4a2fdd876eee50bec4188f7d9f7c708d71600974cc2b52ff38c7daaa63cb225","src/instance.rs":"04bf1dddd9a980579b3baef77b83f19e8187a085aee6276a0fd4e60af7918e7a","src/instance/siginfo_ext.c":"8ee3a54ef2b93041ca07ecce70ebeb8d421c8ad1257122d9e8ef064d2d45a4a4","src/instance/siginfo_ext.rs":"529b4cc7ce6eea140c17a97477cc862f9d224e40cc24687223a478696d27b971","src/instance/signals.rs":"37d7cff815169fdab680d2931f6236d4e912c34621b9c99192b0147450bb6bc1","src/instance/state.rs":"490278c7222fc22248c8f545364a5d522da721c35f5b5e814658dc90e8ed77bd","src/lib.rs":"0c97e40191f17826feccff762898a0f4cafd1ed45cc3e81c07f9f446e263a422","src/module.rs":"29b54cc59cf308d712d9ecf4d595ef10645213e8ea62ec7f3a12adb27089fb47","src/module/dl.rs":"cb0a3f4b42ee57783fe37124879069946561ceecc0948eb00659d029f86f3d6c","src/module/mock.rs":"bf397a32bc1f567a5597f92d017a04f5c480e1b07f21b8843b49b49f6dde111a","src/module/sparse_page_data.rs":"84ef79aa4707e5c84d72a38c5ead18156b16ab29c617540e652e851c744449dc","src/region/mmap.rs":"62457218db8a18f7db81861670cf9e0d24dedb06484e5ea42a1bec3bf9ea57a7","src/region/mod.rs":"d2bf8b8c769542299bae9e5ed5d334ca7b431dfd52619ae1487d1494653dfc82","src/sysdeps/linux.rs":"124cc2f0fb0856e23274facdab8ca4631f04cdf8e494d9a4531979efe4ba4ad9","src/sysdeps/macos.rs":"8dc632a9aab98993140a6faefb7c2e313d80e6b9db2e45f54e8d6604cd752a6f","src/sysdeps/mod.rs":"9caed471a08f5f7d39c836a649d0f61d7a84095cee7589cdfc1eafe10eaa866c","src/test_helpers.rs":"72d1aeb9ca9c512aadcecac7ad0869c883c13134fced9f625075dc5e2741c55d","src/val.rs":"503891cd17892349b931d49ed3cdc0c9fc572da47d4c8f8f94fee30f5f4543a6","src/vmctx.rs":"b401df03b483c827d694f5f9024cf54b40987cff025dd8f292137e8396f56e6e"},"package":null}
--- a/third_party/rust/lucet-runtime-internals-wasmsbx/src/module/dl.rs
+++ b/third_party/rust/lucet-runtime-internals-wasmsbx/src/module/dl.rs
@ -4,7 +4,7 @@ use libc::c_void;
 use libloading::Library;
 use lucet_module::{
    FunctionHandle, FunctionIndex, FunctionPointer, FunctionSpec, ModuleData, ModuleFeatures,
-    ModuleSignature, SerializedModule, Signature, LUCET_MODULE_SYM,
+    SerializedModule, Signature, LUCET_MODULE_SYM,
 };
 #[cfg(feature = "signature_checking")]
 use lucet_module::{ModuleSignature, PublicKey};
--- a/third_party/rust/lucet-runtime-internals-wasmsbx/src/region/mmap.rs
+++ b/third_party/rust/lucet-runtime-internals-wasmsbx/src/region/mmap.rs
@ -89,7 +89,7 @@ impl RegionInternal for MmapRegion {
            // make the sigstack read/writable
            (slot.sigstack, limits.signal_stack_size),
        ]
-        .into_iter()
+        .iter()
        {
            // eprintln!("setting r/w {:p}[{:x}]", *ptr, len);
            unsafe { mprotect(*ptr, *len, ProtFlags::PROT_READ | ProtFlags::PROT_WRITE)? };
@ -138,7 +138,7 @@ impl RegionInternal for MmapRegion {
            (slot.globals, slot.limits.globals_size),
            (slot.sigstack, slot.limits.signal_stack_size),
        ]
-        .into_iter()
+        .iter()
        {
            // eprintln!("setting none {:p}[{:x}]", *ptr, len);
            unsafe {
--- a/third_party/rust/lucet-wasi-wasmsbx/.cargo-checksum.json
+++ b/third_party/rust/lucet-wasi-wasmsbx/.cargo-checksum.json
@ -1 +1 @@
-{"files":{"Cargo.toml":"5b15219ca238492bc5c6d3a7333ddd6697c40a929254aec62252b8a1ab50b630","LICENSE":"268872b9816f90fd8e85db5a28d33f8150ebb8dd016653fb39ef1f94f2686bc5","LICENSE.cloudabi-utils":"86a34251f0aab76b7dc3daf8d252afbdf481ea94aa5b46d020205178b7e2eac1","LICENSE.wasmtime":"a6c48161a09acc75a0e25503bab66a731eb5fba5392ed4bb4743e4ba5085327a","bindings.json":"08df8aaa3e5610f1e2f2d2c0a6399d80a7c0842ae871367e932a2b3ec741a289","build.rs":"593173ad03963afcbef43f1843be6f04cde1df3eae0298ca20bf881019dd350a","examples/.gitignore":"44575cf5b28512d75644bf54a517dcef304ff809fd511747621b4d64f19aac66","examples/Makefile":"d2d2ceeb1bc4435189ea9a2710b6f5f5331ce6aa73ae8a4f4edcca215058a9b4","examples/README.md":"f2a5be6cc88d511c9f4d3bfefdd42dcb2ace813bc23f6a4430b6b543f7373341","examples/hello.c":"9cbc0d3173e02309e15372835fa849d196b2a202d81806fea60378e1878d0c53","examples/pseudoquine.c":"8fd696f8e1b8fb86188564a05f4776875ead31d785a12e3aa4af9d9c1b46d5b5","include/lucet_wasi.h":"497f712c64f753ebdf73ab05b0b340d50094f9c59bb8637ccbf99d895cd20966","src/bindings.rs":"edbeb51d1a93fd31039ee1f1dc7c1b6c0bded2cf5dad10039e8b7da81a4d4a12","src/c_api.rs":"a9c73070a88a461882a28e3e2adfd773f569b964c7ffabde39a3cef907782f71","src/ctx.rs":"578f87c35cce12eaebec95d03e31954c3e6cd0afa214a0fec068f03814eb0cc7","src/fdentry.rs":"94a8480fa587e5586327dfd6b66d8a6a3ef1f8091ba8deb335bf45642f4f98e6","src/host.rs":"6f05f8fea2afed827abfc3c008a5854a8023d91d066580ecfb49e5c8036ef3a3","src/hostcalls/fs.rs":"4726e6f695f7d1d4e371ec52c57f4e36b0ba0d2302fc008b21a301f5fd7a5c97","src/hostcalls/fs_helpers.rs":"474bce0a1f15fa23b0b0b8aa83143d993dd2cbd7cdfc38c118d452d04e80caea","src/hostcalls/misc.rs":"83d087891d92af08cfa2d2e0c5f41cc47cb8219460f6dbcc8666b418dfef206e","src/hostcalls/mod.rs":"4c5d3f65c69503e11e647770879026c37c0e5e01a99b7116c8fb9411b4797187","src/hostcalls/timers.rs":"e65d6a491256b5d6051b6816f6c5049ba3cdc6142651bac81f34d659c1c2a104","src/lib.rs":"5554e1a3f0cd3756173ece6435a0d01b2f520b3401cd5fc33180a04fb9f69bbe","src/memory.rs":"0a09026b15d27f99d74e560cd94795f645cba414a8491bc961987fab9d9da69b","src/wasi_host.rs":"cacbdac28304a837b11e5ad400ae9de3ee79c0284be335e64606ecdfe426ad6e","src/wasm32.rs":"13a5dc6e59784662f1e55eccb457cbbae241a96f70cfa72c41d55858ca05b980","tests/guests/cant_dotdot.c":"609b8cece9443e375a0b38a7e43651b179f66ee9c686edba6696fe1bcd45b111","tests/guests/clock_getres.c":"f5e41c0a2b05a8d7cdb5b4da6c8b6778b858004c1e9d115503c45a1d976be33b","tests/guests/duplicate_import.wat":"4bd8d7a5c1d1597dbe7648300e94e3fab84d7ab068d56cfb656aa1a208026cee","tests/guests/exitcode.c":"b7c5cec3ead0ed82326c568287a1f3398e71ae7e447ce49a3c4c7114c82495af","tests/guests/follow_symlink.c":"de3143ad2bbbfe834c0c32b54c9fcf144ca4eba5cdcf7588929e5f47225ab616","tests/guests/fs.c":"0dca5232ff5da1b7745e3b44bca39333c01a20ba4eae1a6a0a1c492c71ca1efa","tests/guests/getentropy.c":"5d80bcc68dcf3ba91576969055099d61635ae713c057b3cb36afb122a5f26347","tests/guests/getrusage.c":"8114c103b85eb564d9ab43684958bc1939de3794d314b7c121762f3a2f0434a6","tests/guests/gettimeofday.c":"4a57f376b06f4228017b82695448a0bd213fb91455f5301d689cd87fcff01f06","tests/guests/notdir.c":"bd8f8b24360b7cf8d5dced9d9ba4c15843fcbbae89fecc13e3a457c33a275e28","tests/guests/poll.c":"aefaa9b58ce9906dc379e0bd25fa68dfbf8cdffb48cd5ecde1d67708b83b366d","tests/guests/preopen_populates.c":"f186e4eb4aab6a1d9ec7bc5c49eaea6d9d162e0159dfe8f953bb48ade9b58d43","tests/guests/read_file.c":"1aab9393f005f05b69592826d7c4d384a115d5bca42c66f10a901811b4b1dcac","tests/guests/read_file_twice.c":"04a3dad7a43b93e36efd4e2c822c11b3f129429ec799af304d82b358686c578a","tests/guests/stat.c":"02756933ea7d4337b4fa04344b32968851b02f9d0bd5ea1cb0e2f022e8c65ab0","tests/guests/stdin.c":"66efc4b54f68d1138046f1afefae15f7d4555b2904b4a988818e61e67fe8fefb","tests/guests/symlink_escape.c":"686e047b5c986e29c854bcd93996d027dcdc8721219fa9fa532efc98d2798f5c","tests/guests/symlink_loop.c":"2bbddf3a5edfc6e5f3c0fa82cee4ac92b18804810509e263abd17f5240cd37e5","tests/guests/write_file.c":"9e9b14552c2445cfa6d0aa26b334081a59e6e3428dbb17ceca005a9ba59d3220","tests/test_helpers/mod.rs":"bc18194317611fe1be5c439a7a9e0de75399555c3b6de4275af149fb180456c8","tests/tests.rs":"173a7e0f086f6ed46474686cc3413ee68bbd2ff67004f7790e963a1392c7c46e"},"package":null}
+{"files":{"Cargo.toml":"42e73da184367cdd609f7fb5574de225ee53ae58c0a88fec1f1d091b1e0e72b8","LICENSE":"268872b9816f90fd8e85db5a28d33f8150ebb8dd016653fb39ef1f94f2686bc5","LICENSE.cloudabi-utils":"86a34251f0aab76b7dc3daf8d252afbdf481ea94aa5b46d020205178b7e2eac1","LICENSE.wasmtime":"a6c48161a09acc75a0e25503bab66a731eb5fba5392ed4bb4743e4ba5085327a","bindings.json":"08df8aaa3e5610f1e2f2d2c0a6399d80a7c0842ae871367e932a2b3ec741a289","build.rs":"593173ad03963afcbef43f1843be6f04cde1df3eae0298ca20bf881019dd350a","examples/.gitignore":"44575cf5b28512d75644bf54a517dcef304ff809fd511747621b4d64f19aac66","examples/Makefile":"d2d2ceeb1bc4435189ea9a2710b6f5f5331ce6aa73ae8a4f4edcca215058a9b4","examples/README.md":"f2a5be6cc88d511c9f4d3bfefdd42dcb2ace813bc23f6a4430b6b543f7373341","examples/hello.c":"9cbc0d3173e02309e15372835fa849d196b2a202d81806fea60378e1878d0c53","examples/pseudoquine.c":"8fd696f8e1b8fb86188564a05f4776875ead31d785a12e3aa4af9d9c1b46d5b5","include/lucet_wasi.h":"497f712c64f753ebdf73ab05b0b340d50094f9c59bb8637ccbf99d895cd20966","src/bindings.rs":"edbeb51d1a93fd31039ee1f1dc7c1b6c0bded2cf5dad10039e8b7da81a4d4a12","src/c_api.rs":"a9c73070a88a461882a28e3e2adfd773f569b964c7ffabde39a3cef907782f71","src/ctx.rs":"1c40b0c2dd8afa61090470a11c09ace24f25bca448b95bb1275e37cf8061f109","src/fdentry.rs":"94a8480fa587e5586327dfd6b66d8a6a3ef1f8091ba8deb335bf45642f4f98e6","src/host.rs":"6f05f8fea2afed827abfc3c008a5854a8023d91d066580ecfb49e5c8036ef3a3","src/hostcalls/fs.rs":"4726e6f695f7d1d4e371ec52c57f4e36b0ba0d2302fc008b21a301f5fd7a5c97","src/hostcalls/fs_helpers.rs":"474bce0a1f15fa23b0b0b8aa83143d993dd2cbd7cdfc38c118d452d04e80caea","src/hostcalls/misc.rs":"83d087891d92af08cfa2d2e0c5f41cc47cb8219460f6dbcc8666b418dfef206e","src/hostcalls/mod.rs":"4c5d3f65c69503e11e647770879026c37c0e5e01a99b7116c8fb9411b4797187","src/hostcalls/timers.rs":"e65d6a491256b5d6051b6816f6c5049ba3cdc6142651bac81f34d659c1c2a104","src/lib.rs":"1e8f0e325385d53393ff2495da0ece4e6b1f955290a8cfdbea368d4a3350fbf2","src/memory.rs":"0a09026b15d27f99d74e560cd94795f645cba414a8491bc961987fab9d9da69b","src/wasi_host.rs":"cacbdac28304a837b11e5ad400ae9de3ee79c0284be335e64606ecdfe426ad6e","src/wasm32.rs":"13a5dc6e59784662f1e55eccb457cbbae241a96f70cfa72c41d55858ca05b980","tests/guests/cant_dotdot.c":"609b8cece9443e375a0b38a7e43651b179f66ee9c686edba6696fe1bcd45b111","tests/guests/clock_getres.c":"f5e41c0a2b05a8d7cdb5b4da6c8b6778b858004c1e9d115503c45a1d976be33b","tests/guests/duplicate_import.wat":"4bd8d7a5c1d1597dbe7648300e94e3fab84d7ab068d56cfb656aa1a208026cee","tests/guests/exitcode.c":"b7c5cec3ead0ed82326c568287a1f3398e71ae7e447ce49a3c4c7114c82495af","tests/guests/follow_symlink.c":"de3143ad2bbbfe834c0c32b54c9fcf144ca4eba5cdcf7588929e5f47225ab616","tests/guests/fs.c":"0dca5232ff5da1b7745e3b44bca39333c01a20ba4eae1a6a0a1c492c71ca1efa","tests/guests/getentropy.c":"5d80bcc68dcf3ba91576969055099d61635ae713c057b3cb36afb122a5f26347","tests/guests/getrusage.c":"8114c103b85eb564d9ab43684958bc1939de3794d314b7c121762f3a2f0434a6","tests/guests/gettimeofday.c":"4a57f376b06f4228017b82695448a0bd213fb91455f5301d689cd87fcff01f06","tests/guests/notdir.c":"bd8f8b24360b7cf8d5dced9d9ba4c15843fcbbae89fecc13e3a457c33a275e28","tests/guests/poll.c":"aefaa9b58ce9906dc379e0bd25fa68dfbf8cdffb48cd5ecde1d67708b83b366d","tests/guests/preopen_populates.c":"f186e4eb4aab6a1d9ec7bc5c49eaea6d9d162e0159dfe8f953bb48ade9b58d43","tests/guests/read_file.c":"1aab9393f005f05b69592826d7c4d384a115d5bca42c66f10a901811b4b1dcac","tests/guests/read_file_twice.c":"04a3dad7a43b93e36efd4e2c822c11b3f129429ec799af304d82b358686c578a","tests/guests/stat.c":"02756933ea7d4337b4fa04344b32968851b02f9d0bd5ea1cb0e2f022e8c65ab0","tests/guests/stdin.c":"66efc4b54f68d1138046f1afefae15f7d4555b2904b4a988818e61e67fe8fefb","tests/guests/symlink_escape.c":"686e047b5c986e29c854bcd93996d027dcdc8721219fa9fa532efc98d2798f5c","tests/guests/symlink_loop.c":"2bbddf3a5edfc6e5f3c0fa82cee4ac92b18804810509e263abd17f5240cd37e5","tests/guests/write_file.c":"9e9b14552c2445cfa6d0aa26b334081a59e6e3428dbb17ceca005a9ba59d3220","tests/test_helpers/mod.rs":"bc18194317611fe1be5c439a7a9e0de75399555c3b6de4275af149fb180456c8","tests/tests.rs":"173a7e0f086f6ed46474686cc3413ee68bbd2ff67004f7790e963a1392c7c46e"},"package":null}
--- a/third_party/rust/lucet-wasi-wasmsbx/Cargo.toml
+++ b/third_party/rust/lucet-wasi-wasmsbx/Cargo.toml
@ -32,6 +32,7 @@ lucet-runtime-internals = { path = "../lucet-runtime/lucet-runtime-internals", v
 lucet-module = { path = "../lucet-module", version = "0.1.1", package="lucet-module-wasmsbx" }
 nix = "0.13"
 rand = "0.7"
+lazy_static = ">=1.4.0"

 [target.'cfg(target_os = "macos")'.dependencies]
 mach = "0.3.2"
--- a/third_party/rust/lucet-wasi-wasmsbx/src/ctx.rs
+++ b/third_party/rust/lucet-wasi-wasmsbx/src/ctx.rs
@ -16,19 +16,19 @@ pub struct WasiCtxBuilder {
    env: HashMap<CString, CString>,
 }

+lazy_static! {
+    static ref DEV_NULL_FILE: File = dev_null();
+}
+
 impl WasiCtxBuilder {
    /// Builder for a new `WasiCtx`.
    pub fn new() -> Self {
-        let null = dev_null();
        WasiCtxBuilder {
            fds: HashMap::new(),
            preopens: HashMap::new(),
            args: vec![],
            env: HashMap::new(),
        }
-        .fd_dup_for_io_desc(0, &null, false /* writeable */)
-        .fd_dup_for_io_desc(1, &null, true  /* writeable */)
-        .fd_dup_for_io_desc(2, &null, true  /* writeable */)
    }

    pub fn args(mut self, args: &[&str]) -> Self {
--- a/third_party/rust/lucet-wasi-wasmsbx/src/lib.rs
+++ b/third_party/rust/lucet-wasi-wasmsbx/src/lib.rs
@ -11,3 +11,6 @@ pub mod wasm32;

 pub use bindings::bindings;
 pub use ctx::{WasiCtx, WasiCtxBuilder};
+
+#[macro_use]
+extern crate lazy_static;
--- a/third_party/rust/rlbox_lucet_sandbox/.cargo-checksum.json
+++ b/third_party/rust/rlbox_lucet_sandbox/.cargo-checksum.json
@ -1 +1 @@
-{"files":{".clang-format":"ff4e345608f7674dd1ee1f37b24d4030b260d82516a747093af141b3076a4164",".clang-tidy":"861bc5b367dc85f5fa103f2de9460e158de97f48c59c51a26784b7c2c481e3b7",".travis.yml":"a49b61a394520c39bb20c420b587e92ea9c8008764fef0368c4747b71b8f1561","CMakeLists.txt":"161ff8596a347890a6448cfe5881e298a76b01da1e1080ec383368de0e1f280a","Cargo.toml":"4620f1ade93dfa5fb6066987cff9b3a6a13a98bb667ae5338ad2082d5df634a3","LICENSE":"891d419ba95ab39090775820f4178421dbdcd241c080003aa44f62445a48615a","README.md":"4134bf685210fea56eb502124013f9b51121635f5269e7f3dbc4450322aaf8c1","c_src/CMakeLists.txt":"7208135bf7f2ca1443fec1ca0a3f992932f5b0635e6eb7da07b126b8520e5ef5","c_src/lucet_sandbox_wrapper.c":"08b2ab265127aca42b02c8a36e5450284d6794d86867a5808f854588183ab9d9","include/lucet_sandbox.h":"8d24bd5fbd4f717f0bb90b238a7b7fbdd212207297ddf1a723cc98ee13180c5b","include/rlbox_lucet_sandbox.hpp":"b8a4b86460e9b666ec92bf23db37578639a368005ccf4aa722032aaca8ae59db","src/callback.rs":"c40f92e017bc8f2f3136304c1f2d3ca683fe80a1bb505c0fa750cc372305020d","src/create.rs":"5d620a050c1990e7215346fe144a7be7c0e4bb396068ac81ae8b21fb1fdb3dca","src/invoke.rs":"d47b167c6048a3221f5e66a4acb5154bc5306bd1053acee56bfb87bb66c78879","src/lib.rs":"677f45b275101c116ea7acf2dafa77f9f1c5e3f379d4da3a9512c71a71878595","src/memory.rs":"8b27396ec4ddba18ac760052e9d11564fdc8c4e68271b817dfd13cefc97cf1a3","src/types.rs":"85907840c233aae0e234bcb5c1e107e76231b6518cc70a1c18be73edc2720742","test/test_lucet_sandbox_glue.cpp":"ea4eb3ace8e9a87550db44f61d065b45f31f1f5b774b4a3e0383e62962c0abf2","test/test_lucet_sandbox_glue_embedder_vars.cpp":"be6abfae367719b12edc5fd8f1de840abed9bb4a2efdebb19ed59e8796fb47b8","test/test_lucet_sandbox_glue_main.cpp":"fde2081cd8b0df3fd73fee1e36dfa5eccfb5bc825072c55a57fcf3048858dbd9","test/test_lucet_sandbox_glue_preload.cpp":"c986ac617327305fcc3ea33114667d4c833ee685c740e482ffde97de4f203e35"},"package":null}
+{"files":{".clang-format":"ff4e345608f7674dd1ee1f37b24d4030b260d82516a747093af141b3076a4164",".clang-tidy":"861bc5b367dc85f5fa103f2de9460e158de97f48c59c51a26784b7c2c481e3b7",".travis.yml":"a49b61a394520c39bb20c420b587e92ea9c8008764fef0368c4747b71b8f1561","CMakeLists.txt":"161ff8596a347890a6448cfe5881e298a76b01da1e1080ec383368de0e1f280a","Cargo.toml":"66ff60962b9b5cfb6b3bf0967d62d12cbdb70214ad310ba3f7201ae6b99f2955","LICENSE":"891d419ba95ab39090775820f4178421dbdcd241c080003aa44f62445a48615a","README.md":"d64cc632f6dc9178efe63cb717a9af3728e5536cc49d977dd2ddb126b6fe28e5","c_src/CMakeLists.txt":"7208135bf7f2ca1443fec1ca0a3f992932f5b0635e6eb7da07b126b8520e5ef5","c_src/lucet_sandbox_wrapper.c":"08b2ab265127aca42b02c8a36e5450284d6794d86867a5808f854588183ab9d9","include/lucet_sandbox.h":"8d24bd5fbd4f717f0bb90b238a7b7fbdd212207297ddf1a723cc98ee13180c5b","include/rlbox_lucet_sandbox.hpp":"b58ffed66d8b3e516c9847ef8da512dd4249b3d6f5ac01b062080b1564c9cddc","src/callback.rs":"c40f92e017bc8f2f3136304c1f2d3ca683fe80a1bb505c0fa750cc372305020d","src/create.rs":"5d620a050c1990e7215346fe144a7be7c0e4bb396068ac81ae8b21fb1fdb3dca","src/invoke.rs":"d47b167c6048a3221f5e66a4acb5154bc5306bd1053acee56bfb87bb66c78879","src/lib.rs":"677f45b275101c116ea7acf2dafa77f9f1c5e3f379d4da3a9512c71a71878595","src/memory.rs":"8b27396ec4ddba18ac760052e9d11564fdc8c4e68271b817dfd13cefc97cf1a3","src/types.rs":"85907840c233aae0e234bcb5c1e107e76231b6518cc70a1c18be73edc2720742","test/test_lucet_sandbox_glue.cpp":"ea4eb3ace8e9a87550db44f61d065b45f31f1f5b774b4a3e0383e62962c0abf2","test/test_lucet_sandbox_glue_embedder_vars.cpp":"be6abfae367719b12edc5fd8f1de840abed9bb4a2efdebb19ed59e8796fb47b8","test/test_lucet_sandbox_glue_main.cpp":"fde2081cd8b0df3fd73fee1e36dfa5eccfb5bc825072c55a57fcf3048858dbd9","test/test_lucet_sandbox_glue_preload.cpp":"c986ac617327305fcc3ea33114667d4c833ee685c740e482ffde97de4f203e35"},"package":null}
--- a/third_party/rust/rlbox_lucet_sandbox/Cargo.toml
+++ b/third_party/rust/rlbox_lucet_sandbox/Cargo.toml
@ -8,10 +8,10 @@ license = "MIT"
 [dependencies]
 failure = ">=0.1.3"                    # Experimental error handling abstraction.
 goblin = ">=0.0.17"                    # An impish, cross-platform, ELF, Mach-o, and PE binary parsing and loading crate
-lucet-wasi = { git = "https://github.com/PLSysSec/lucet_sandbox_compiler", rev="477d8fc53a64705a9d3fbcce9de92f4988558525", package = "lucet-wasi-wasmsbx" }
-lucet-runtime = { git = "https://github.com/PLSysSec/lucet_sandbox_compiler", rev="477d8fc53a64705a9d3fbcce9de92f4988558525", package = "lucet-runtime-wasmsbx" }
-lucet-runtime-internals = { git = "https://github.com/PLSysSec/lucet_sandbox_compiler", rev="477d8fc53a64705a9d3fbcce9de92f4988558525", package = "lucet-runtime-internals-wasmsbx" }
-lucet-module = { git = "https://github.com/PLSysSec/lucet_sandbox_compiler", rev="477d8fc53a64705a9d3fbcce9de92f4988558525", package = "lucet-module-wasmsbx" }
+lucet-wasi = { git = "https://github.com/PLSysSec/lucet_sandbox_compiler", rev="cd07861d1c92147b35b538e6f94fde7d1986f9ad", package = "lucet-wasi-wasmsbx" }
+lucet-runtime = { git = "https://github.com/PLSysSec/lucet_sandbox_compiler", rev="cd07861d1c92147b35b538e6f94fde7d1986f9ad", package = "lucet-runtime-wasmsbx" }
+lucet-runtime-internals = { git = "https://github.com/PLSysSec/lucet_sandbox_compiler", rev="cd07861d1c92147b35b538e6f94fde7d1986f9ad", package = "lucet-runtime-internals-wasmsbx" }
+lucet-module = { git = "https://github.com/PLSysSec/lucet_sandbox_compiler", rev="cd07861d1c92147b35b538e6f94fde7d1986f9ad", package = "lucet-module-wasmsbx" }
 # lucet-wasi = { path = "../lucet_sandbox_compiler/lucet-wasi", package = "lucet-wasi-wasmsbx" }
 # lucet-runtime = { path = "../lucet_sandbox_compiler/lucet-runtime", package = "lucet-runtime-wasmsbx" }
 # lucet-runtime-internals = { path = "../lucet_sandbox_compiler/lucet-runtime/lucet-runtime-internals", package = "lucet-runtime-internals-wasmsbx" }
--- a/third_party/rust/rlbox_lucet_sandbox/README.md
+++ b/third_party/rust/rlbox_lucet_sandbox/README.md
@ -88,10 +88,10 @@ int main()
 }
 ```

- To compile the above example, you must include the rlbox header files in `build/_deps/rlbox-src/code/include`, the integration header files in `include/` and the lucet_sandbox library in `build/cargo/{debug or release}/librlbox_lucet_sandbox.a` (make sure to use the whole archive linker option). For instance, you can compile the above with
+- To compile the above example, you must include the rlbox header files in `build/_deps/rlbox-src/code/include`, the integration header files in `include/` and the lucet_sandbox library in `build/cargo/{debug or release}/librlbox_lucet_sandbox.a` (make sure to use the whole archive and the rdynamic linker options). For instance, you can compile the above with

 ```bash
-g++ -std=c++17 example.cpp -o example -I build/_deps/rlbox-src/code/include -I include -Wl,--whole-archive -l:build/cargo/debug/librlbox_lucet_sandbox.a -Wl,--no-whole-archive
+g++ -std=c++17 example.cpp -o example -I build/_deps/rlbox-src/code/include -I include -Wl,--whole-archive -l:build/cargo/debug/librlbox_lucet_sandbox.a -Wl,--no-whole-archive -Wl,-rdynamic
 ```

 ## Contributing Code
--- a/third_party/rust/rlbox_lucet_sandbox/include/rlbox_lucet_sandbox.hpp
+++ b/third_party/rust/rlbox_lucet_sandbox/include/rlbox_lucet_sandbox.hpp
@ -510,7 +510,12 @@ protected:
    impl_create_sandbox(lucet_module_path, external_loads_exist, allow_stdio);
  }

-  inline void impl_destroy_sandbox() { lucet_drop_module(sandbox); }
+  inline void impl_destroy_sandbox() {
+    if (return_slot_size) {
+      impl_free_in_sandbox(return_slot);
+    }
+    lucet_drop_module(sandbox);
+  }

  template<typename T>
  inline void* impl_get_unsandboxed_pointer(T_PointerType p) const
@ -713,9 +718,9 @@ protected:
        auto ptr =
          reinterpret_cast<T_Arg*>(impl_get_unsandboxed_pointer<T_Arg*>(slot));
        *ptr = arg;
-        allocations[0] = arg;
+        allocations[0] = slot;
        allocations++;
-        return ptr;
+        return slot;
      } else {
        return arg;
      }