Enhance wasm loader and interpreter, enhance code security and update document (#149)

core/iwasm/lib/native/base/runtime_lib.h

@@ -10,6 +10,7 @@
 #include "runtime_timer.h"
 
 void init_wasm_timer();
+void exit_wasm_timer();
 timer_ctx_t get_wasm_timer_ctx();
 timer_ctx_t create_wasm_timer_ctx(unsigned int module_id, int prealloc_num);
 void destroy_module_timer_ctx(unsigned int module_id);

core/iwasm/lib/native/base/timer_wrapper.c

@@ -10,6 +10,8 @@
 #include "bh_thread.h"
 #include "bh_time.h"
 
+static bool timer_thread_run = true;
+
 bh_list g_timer_ctx_list;
 korp_cond g_timer_ctx_list_cond;
 korp_mutex g_timer_ctx_list_mutex;
@@ -39,9 +41,9 @@ void wasm_timer_callback(timer_id_t id, unsigned int mod_id)
 
 void * thread_modulers_timer_check(void * arg)
 {
-
     int ms_to_expiry;
-    while (1) {
+
+    while (timer_thread_run) {
         ms_to_expiry = -1;
         vm_mutex_lock(&g_timer_ctx_list_mutex);
         timer_ctx_node_t* elem = (timer_ctx_node_t*)
@@ -64,6 +66,8 @@ void * thread_modulers_timer_check(void * arg)
                              ms_to_expiry);
         vm_mutex_unlock(&g_timer_ctx_list_mutex);
     }
+
+    return NULL;
 }
 
 void wakeup_modules_timer_thread(timer_ctx_t ctx)
@@ -86,6 +90,11 @@ void init_wasm_timer()
                      NULL, BH_APPLET_PRESERVED_STACK_SIZE);
 }
 
+void exit_wasm_timer()
+{
+    timer_thread_run = false;
+}
+
 timer_ctx_t create_wasm_timer_ctx(unsigned int module_id, int prealloc_num)
 {
     timer_ctx_t ctx = create_timer_ctx(wasm_timer_callback,

core/iwasm/lib/native/extension/connection/linux/connection_mgr.c

@@ -29,6 +29,8 @@
 #define MAX_EVENTS 10
 #define IO_BUF_SIZE 256
 
+static bool polling_thread_run = true;
+
 /* Connection type */
 typedef enum conn_type {
     CONN_TYPE_TCP,
@@ -436,7 +438,7 @@ static void post_msg_to_module(sys_connection_t *conn,
 
 static void* polling_thread_routine (void *arg)
 {
-    while (true) {
+    while (polling_thread_run) {
         int i, n;
 
         n = epoll_wait(epollfd, epoll_events, MAX_EVENTS, -1);
@@ -500,8 +502,10 @@ void app_mgr_connection_event_callback(module_data *m_data, bh_message_t msg)
         argv[1] = 0;
         argv[2] = 0;
         if (!wasm_runtime_call_wasm(inst, NULL, func_on_conn_data, 3, argv)) {
+            const char *exception = wasm_runtime_get_exception(inst);
+            bh_assert(exception);
             printf(":Got exception running wasm code: %s\n",
-                    wasm_runtime_get_exception(inst));
+                   exception);
             wasm_runtime_clear_exception(inst);
             return;
         }
@@ -510,9 +514,12 @@ void app_mgr_connection_event_callback(module_data *m_data, bh_message_t msg)
                                                    conn_event->data,
                                                    conn_event->len);
         if (data_offset == 0) {
-            printf("Got exception running wasm code: %s\n",
-                    wasm_runtime_get_exception(inst));
-            wasm_runtime_clear_exception(inst);
+            const char *exception = wasm_runtime_get_exception(inst);
+            if (exception) {
+                printf("Got exception running wasm code: %s\n",
+                       exception);
+                wasm_runtime_clear_exception(inst);
+            }
             return;
         }
 
@@ -520,8 +527,10 @@ void app_mgr_connection_event_callback(module_data *m_data, bh_message_t msg)
         argv[1] = (uint32) data_offset;
         argv[2] = conn_event->len;
         if (!wasm_runtime_call_wasm(inst, NULL, func_on_conn_data, 3, argv)) {
+            const char *exception = wasm_runtime_get_exception(inst);
+            bh_assert(exception);
             printf(":Got exception running wasm code: %s\n",
-                    wasm_runtime_get_exception(inst));
+                   exception);
             wasm_runtime_clear_exception(inst);
             wasm_runtime_module_free(inst, data_offset);
             return;
@@ -566,3 +575,8 @@ fail:
     close(epollfd);
     return false;
 }
+
+void exit_connection_framework()
+{
+    polling_thread_run = false;
+}

core/iwasm/lib/native/extension/gui/wgl.h

@@ -0,0 +1,20 @@
+/*
+ * Copyright (C) 2019 Intel Corporation.  All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+ */
+
+#ifndef WAMR_GRAPHIC_LIBRARY_H
+#define WAMR_GRAPHIC_LIBRARY_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+void wgl_init(void);
+void wgl_exit(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* WAMR_GRAPHIC_LIBRARY_H */

core/iwasm/lib/native/extension/gui/wgl_native_utils.h

@@ -1,4 +1,7 @@
-
+/*
+ * Copyright (C) 2019 Intel Corporation.  All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+ */
 
 #ifndef WAMR_GRAPHIC_LIBRARY_NATIVE_UTILS_H
 #define WAMR_GRAPHIC_LIBRARY_NATIVE_UTILS_H

core/iwasm/lib/native/extension/gui/wgl_obj_wrapper.c

@@ -9,6 +9,7 @@
 #include "bh_list.h"
 #include "bh_thread.h"
 #include "wgl_native_utils.h"
+#include "wgl.h"
 
 
 typedef struct {
@@ -36,6 +37,8 @@ static bh_list g_object_list;
 
 static korp_mutex g_object_list_mutex;
 
+static bool lv_task_handler_thread_run = true;
+
 static void app_mgr_object_event_callback(module_data *m_data, bh_message_t msg)
 {
     uint32 argv[2];
@@ -62,8 +65,10 @@ static void app_mgr_object_event_callback(module_data *m_data, bh_message_t msg)
     argv[0] = object_event->obj_id;
     argv[1] = object_event->event;
     if (!wasm_runtime_call_wasm(inst, NULL, func_on_object_event, 2, argv)) {
+        const char *exception = wasm_runtime_get_exception(inst);
+        bh_assert(exception);
         printf(":Got exception running wasm code: %s\n",
-                wasm_runtime_get_exception(inst));
+                exception);
         wasm_runtime_clear_exception(inst);
         return;
     }
@@ -270,11 +275,13 @@ static void* lv_task_handler_thread_routine (void *arg)
 
     vm_sem_init(&sem, 0);
 
-    while (true) {
+    while (lv_task_handler_thread_run) {
         vm_sem_reltimedwait(&sem, 100);
         lv_task_handler();
     }
 
+    vm_sem_destroy(&sem);
+
     return NULL;
 }
 
@@ -295,6 +302,11 @@ void wgl_init(void)
                      BH_APPLET_PRESERVED_STACK_SIZE);
 }
 
+void wgl_exit(void)
+{
+    lv_task_handler_thread_run = false;
+}
+
 /* -------------------------------------------------------------------------
  * Obj native function wrappers
  * -------------------------------------------------------------------------*/

core/iwasm/lib/native/extension/sensor/sensor_mgr_ref.c

@@ -19,6 +19,7 @@
  */
 static korp_cond cond;
 static korp_mutex mutex;
+static bool sensor_check_thread_run = true;
 
 void app_mgr_sensor_event_callback(module_data *m_data, bh_message_t msg)
 {
@@ -52,9 +53,12 @@ void app_mgr_sensor_event_callback(module_data *m_data, bh_message_t msg)
         sensor_data_offset = wasm_runtime_module_dup_data(inst, payload->data,
                                                           sensor_data_len);
         if (sensor_data_offset == 0) {
-            printf("Got exception running wasm code: %s\n",
-                   wasm_runtime_get_exception(inst));
-            wasm_runtime_clear_exception(inst);
+            const char *exception = wasm_runtime_get_exception(inst);
+            if (exception) {
+                printf("Got exception running wasm code: %s\n",
+                       exception);
+                wasm_runtime_clear_exception(inst);
+            }
             return;
         }
 
@@ -63,8 +67,10 @@ void app_mgr_sensor_event_callback(module_data *m_data, bh_message_t msg)
         argv[2] = sensor_data_len;
 
         if (!wasm_runtime_call_wasm(inst, NULL, func_onSensorEvent, 3, argv)) {
+            const char *exception = wasm_runtime_get_exception(inst);
+            bh_assert(exception);
             printf(":Got exception running wasm code: %s\n",
-                   wasm_runtime_get_exception(inst));
+                   exception);
             wasm_runtime_clear_exception(inst);
             wasm_runtime_module_free(inst, sensor_data_offset);
             return;
@@ -92,7 +98,7 @@ static bool config_test_sensor(void * s, void * config)
 
 static void thread_sensor_check(void * arg)
 {
-    while (1) {
+    while (sensor_check_thread_run) {
         int ms_to_expiry = check_sensor_timers();
         if (ms_to_expiry == -1)
             ms_to_expiry = 5000;
@@ -131,3 +137,8 @@ void init_sensor_framework()
                      BH_APPLET_PRESERVED_STACK_SIZE);
 }
 
+void exit_sensor_framework()
+{
+    sensor_check_thread_run = false;
+}
+

core/iwasm/lib/native/libc/wasi_wrapper.c

@@ -712,8 +712,8 @@ wasi_path_link(wasm_module_inst_t module_inst,
     old_path = (char*)addr_app_to_native(old_path_offset);
     new_path = (char*)addr_app_to_native(new_path_offset);
 
-    return wasmtime_ssp_path_link(wasi_ctx->curfds, old_fd,
-                                  old_flags, old_path, old_path_len,
+    return wasmtime_ssp_path_link(wasi_ctx->curfds, wasi_ctx->prestats,
+                                  old_fd, old_flags, old_path, old_path_len,
                                   new_fd, new_path, new_path_len);
 }
 
@@ -961,8 +961,8 @@ wasi_path_symlink(wasm_module_inst_t module_inst,
     old_path = (char*)addr_app_to_native(old_path_offset);
     new_path = (char*)addr_app_to_native(new_path_offset);
 
-    return wasmtime_ssp_path_symlink(wasi_ctx->curfds, old_path,
-                                     old_path_len, fd, new_path,
+    return wasmtime_ssp_path_symlink(wasi_ctx->curfds, wasi_ctx->prestats,
+                                     old_path, old_path_len, fd, new_path,
                                      new_path_len);
 }
 

core/iwasm/lib/native/libc/wasmtime-wasi-c/sandboxed-system-primitives/include/wasmtime_ssp.h

@@ -661,6 +661,7 @@ __wasi_errno_t wasmtime_ssp_path_create_directory(
 __wasi_errno_t wasmtime_ssp_path_link(
 #if !defined(WASMTIME_SSP_STATIC_CURFDS)
     struct fd_table *curfds,
+    struct fd_prestats *prestats,
 #endif
     __wasi_fd_t old_fd,
     __wasi_lookupflags_t old_flags,
@@ -774,6 +775,7 @@ __wasi_errno_t wasmtime_ssp_path_filestat_set_times(
 __wasi_errno_t wasmtime_ssp_path_symlink(
 #if !defined(WASMTIME_SSP_STATIC_CURFDS)
     struct fd_table *curfds,
+    struct fd_prestats *prestats,
 #endif
     const char *old_path,
     size_t old_path_len,

core/iwasm/lib/native/libc/wasmtime-wasi-c/sandboxed-system-primitives/src/posix.c

@@ -1689,9 +1689,37 @@ __wasi_errno_t wasmtime_ssp_path_create_directory(
   return 0;
 }
 
+static bool
+validate_path(const char *path, struct fd_prestats *pt)
+{
+    size_t i;
+    char path_resolved[PATH_MAX], prestat_dir_resolved[PATH_MAX];
+    char *path_real, *prestat_dir_real;
+
+    if (!(path_real = realpath(path, path_resolved)))
+        /* path doesn't exist, creating a link to this file
+           is allowed: if this file is to be created in
+           the future, WASI will strictly check whether it
+           can be created or not. */
+        return true;
+
+    for (i = 0; i < pt->size; i++) {
+        if (pt->prestats[i].dir) {
+            if (!(prestat_dir_real = realpath(pt->prestats[i].dir,
+                                              prestat_dir_resolved)))
+                return false;
+            if (!strncmp(path_real, prestat_dir_real, strlen(prestat_dir_real)))
+                return true;
+        }
+    }
+
+    return false;
+}
+
 __wasi_errno_t wasmtime_ssp_path_link(
 #if !defined(WASMTIME_SSP_STATIC_CURFDS)
     struct fd_table *curfds,
+    struct fd_prestats *prestats,
 #endif
     __wasi_fd_t old_fd,
     __wasi_lookupflags_t old_flags,
@@ -1715,6 +1743,14 @@ __wasi_errno_t wasmtime_ssp_path_link(
     return error;
   }
 
+  rwlock_rdlock(&prestats->lock);
+  if (!validate_path(old_pa.path, prestats)
+      || !validate_path(new_pa.path, prestats)) {
+      rwlock_unlock(&prestats->lock);
+      return __WASI_EBADF;
+  }
+  rwlock_unlock(&prestats->lock);
+
   int ret = linkat(old_pa.fd, old_pa.path, new_pa.fd, new_pa.path,
                    old_pa.follow ? AT_SYMLINK_FOLLOW : 0);
   if (ret < 0 && errno == ENOTSUP && !old_pa.follow) {
@@ -1723,6 +1759,14 @@ __wasi_errno_t wasmtime_ssp_path_link(
     size_t target_len;
     char *target = readlinkat_dup(old_pa.fd, old_pa.path, &target_len);
     if (target != NULL) {
+      bh_assert(target[target_len] == '\0');
+      rwlock_rdlock(&prestats->lock);
+      if (!validate_path(target, prestats)) {
+          rwlock_unlock(&prestats->lock);
+          bh_free(target);
+          return __WASI_EBADF;
+      }
+      rwlock_unlock(&prestats->lock);
       ret = symlinkat(target, new_pa.fd, new_pa.path);
       bh_free(target);
     }
@@ -2245,6 +2289,7 @@ __wasi_errno_t wasmtime_ssp_path_filestat_set_times(
 __wasi_errno_t wasmtime_ssp_path_symlink(
 #if !defined(WASMTIME_SSP_STATIC_CURFDS)
     struct fd_table *curfds,
+    struct fd_prestats *prestats,
 #endif
     const char *old_path,
     size_t old_path_len,
@@ -2264,6 +2309,14 @@ __wasi_errno_t wasmtime_ssp_path_symlink(
     return error;
   }
 
+  rwlock_rdlock(&prestats->lock);
+  if (!validate_path(target, prestats)) {
+      rwlock_unlock(&prestats->lock);
+      bh_free(target);
+      return __WASI_EBADF;
+  }
+  rwlock_unlock(&prestats->lock);
+
   int ret = symlinkat(target, pa.fd, pa.path);
   path_put(&pa);
   bh_free(target);