Bug 1829050 - Enable STL wrapping (and thus infallible new) for wasm-sandboxed code. r=firefox-build-system-reviewers,shravanrn,andi

Differential Revision: https://phabricator.services.mozilla.com/D175981
2024-10-08 10:44:56 +00:00 · 2023-05-08 21:10:19 +00:00 · 2023-05-08 21:10:19 +00:00 · e120474d55
commit e120474d55
parent 1669ae5659
6 changed files with 48 additions and 24 deletions
--- a/config/external/rlbox_wasm2c_sandbox/rlbox_wasm2c_thread_locals.cpp
+++ b/config/external/rlbox_wasm2c_sandbox/rlbox_wasm2c_thread_locals.cpp
@ -8,6 +8,8 @@
 // For MOZ_CRASH_UNSAFE_PRINTF
 #  include "mozilla/Assertions.h"

+#  include "mozilla/mozalloc_oom.h"
+
 // Load general firefox configuration of RLBox
 #  include "mozilla/rlbox/rlbox_config.h"
 #  include "mozilla/rlbox/rlbox_wasm2c_tls.hpp"
@ -34,6 +36,13 @@ void moz_wasm2c_memgrow_failed() {
  CrashReporter::AnnotateCrashReport(
      CrashReporter::Annotation::WasmLibrarySandboxMallocFailed, true);
 }
+
+// This function is called when mozalloc_handle_oom is called from within
+// the sandbox. We redirect to that function, ignoring the ctx argument, which
+// is the sandbox itself.
+void w2c_env_mozalloc_handle_oom(void* ctx, uint32_t size) {
+  mozalloc_handle_oom(size);
+}
 }

 #endif
--- a/memory/mozalloc/mozalloc.cpp
+++ b/memory/mozalloc/mozalloc.cpp
@ -103,11 +103,12 @@ void* moz_xmemdup(const void* ptr, size_t size) {
  return newPtr;
 }

-#ifndef HAVE_MEMALIGN
+#ifndef __wasm__
+#  ifndef HAVE_MEMALIGN
 // We always have a definition of memalign, but system headers don't
 // necessarily come with a declaration.
 extern "C" void* memalign(size_t, size_t);
-#endif
+#  endif

 void* moz_xmemalign(size_t boundary, size_t size) {
  void* ptr = memalign_impl(boundary, size);
@ -118,6 +119,7 @@ void* moz_xmemalign(size_t boundary, size_t size) {
  // non-NULL ptr or errno == EINVAL
  return ptr;
 }
+#endif

 size_t moz_malloc_usable_size(void* ptr) {
  if (!ptr) return 0;
--- a/memory/mozalloc/mozalloc_oom.h
+++ b/memory/mozalloc/mozalloc_oom.h
@ -14,7 +14,12 @@
 * Called when memory is critically low.  Returns iff it was able to
 * remedy the critical memory situation; if not, it will abort().
 */
-MFBT_API void mozalloc_handle_oom(size_t requestedSize);
+#ifdef __wasm__
+__attribute__((import_module("env")))
+__attribute__((import_name("mozalloc_handle_oom")))
+#endif
+MFBT_API void
+mozalloc_handle_oom(size_t requestedSize);

 extern MFBT_DATA size_t gOOMAllocationSize;

--- a/memory/mozalloc/throw_gcc.h
+++ b/memory/mozalloc/throw_gcc.h
@ -8,39 +8,41 @@
 #ifndef mozilla_throw_gcc_h
 #define mozilla_throw_gcc_h

-#include "mozilla/Attributes.h"
+#ifndef __wasm__

-#include <stdio.h>   // snprintf
-#include <string.h>  // strerror
+#  include "mozilla/Attributes.h"
+
+#  include <stdio.h>   // snprintf
+#  include <string.h>  // strerror

 // For gcc, we define these inline to abort so that we're absolutely
 // certain that (i) no exceptions are thrown from Gecko; (ii) these
 // errors are always terminal and caught by breakpad.

-#include "mozilla/mozalloc_abort.h"
+#  include "mozilla/mozalloc_abort.h"

 // libc++ 4.0.0 and higher use C++11 [[noreturn]] attributes for the functions
 // below, and since clang does not allow mixing __attribute__((noreturn)) and
 // [[noreturn]], we have to explicitly use the latter here.  See bug 1329520.
-#if defined(__clang__)
-#  if __has_feature(cxx_attributes) && defined(_LIBCPP_VERSION) && \
-      _LIBCPP_VERSION >= 4000
-#    define MOZ_THROW_NORETURN [[noreturn]]
+#  if defined(__clang__)
+#    if __has_feature(cxx_attributes) && defined(_LIBCPP_VERSION) && \
+        _LIBCPP_VERSION >= 4000
+#      define MOZ_THROW_NORETURN [[noreturn]]
+#    endif
+#  endif
+#  ifndef MOZ_THROW_NORETURN
+#    define MOZ_THROW_NORETURN MOZ_NORETURN
 #  endif
-#endif
-#ifndef MOZ_THROW_NORETURN
-#  define MOZ_THROW_NORETURN MOZ_NORETURN
-#endif

 // MinGW doesn't appropriately inline these functions in debug builds,
 // so we need to do some extra coercion for it to do so. Bug 1332747
-#ifdef __MINGW32__
-#  define MOZ_THROW_INLINE MOZ_ALWAYS_INLINE_EVEN_DEBUG
-#  define MOZ_THROW_EXPORT
-#else
-#  define MOZ_THROW_INLINE MOZ_ALWAYS_INLINE
-#  define MOZ_THROW_EXPORT MOZ_EXPORT
-#endif
+#  ifdef __MINGW32__
+#    define MOZ_THROW_INLINE MOZ_ALWAYS_INLINE_EVEN_DEBUG
+#    define MOZ_THROW_EXPORT
+#  else
+#    define MOZ_THROW_INLINE MOZ_ALWAYS_INLINE
+#    define MOZ_THROW_EXPORT MOZ_EXPORT
+#  endif

 namespace std {

@ -142,7 +144,9 @@ MOZ_THROW_NORETURN MOZ_EXPORT MOZ_ALWAYS_INLINE void __throw_regex_error(

 }  // namespace std

-#undef MOZ_THROW_NORETURN
-#undef MOZ_THROW_INLINE
+#  undef MOZ_THROW_NORETURN
+#  undef MOZ_THROW_INLINE
+
+#endif

 #endif  // mozilla_throw_gcc_h
--- a/python/mozbuild/mozbuild/frontend/context.py
+++ b/python/mozbuild/mozbuild/frontend/context.py
@ -767,6 +767,7 @@ class WasmFlags(TargetCompileFlags):
                context.config.substs.get("MOZ_FILE_PREFIX_MAP_FLAGS"),
                ("WASM_CFLAGS", "WASM_CXXFLAGS"),
            ),
+            ("STL", context.config.substs.get("STL_FLAGS"), ("WASM_CXXFLAGS",)),
        )

        TargetCompileFlags.__init__(self, context)
--- a/security/rlbox/moz.build
+++ b/security/rlbox/moz.build
@ -5,6 +5,7 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.

 WASM_SOURCES += [
+    "/memory/mozalloc/mozalloc.cpp",
    "/third_party/rlbox_wasm2c_sandbox/c_src/wasm2c_sandbox_wrapper.c",
 ]

@ -47,6 +48,8 @@ AllowCompilerWarnings()
 WASM_DEFINES["MOZILLA_CLIENT"] = True
 WASM_DEFINES["_WASI_EMULATED_PROCESS_CLOCKS"] = True
 WASM_DEFINES["MOZ_IN_WASM_SANDBOX"] = True
+if CONFIG["ENABLE_CLANG_PLUGIN"]:
+    WASM_DEFINES["MOZ_CLANG_PLUGIN"] = True

 SANDBOXED_WASM_LIBRARY_NAME = "rlbox.wasm"