Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Module::deserialize_open_file #9571

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Add Module::deserialize_open_file #9571

wants to merge 9 commits into from
+117 −47

Conversation

adambratschikaye
Copy link
Contributor

Add an API to deserialize a Module from an already opened file. This can be useful in situations where wasmtime is running in a sandboxed environment with limited access to the file system. Then another process can handle opening the files and passing them to wasmtime.

@adambratschikaye
Add Module::deserialize_open_file
cac7bb3 
Add an API to deserialize a `Module` from an already opened file. This
can be useful in situations where `wasmtime` is running in a sandboxed
environment with limited access to the file system. Then another process
can handle opening the files and passing them to `wasmtime`.
@adambratschikaye adambratschikaye changed the title Add Module::from_trusted_open_file Add Module::deserialize_open_file Nov 6, 2024
@adambratschikaye adambratschikaye marked this pull request as ready for review November 6, 2024 15:02
@adambratschikaye adambratschikaye requested a review from a team as a code owner November 6, 2024 15:02
@adambratschikaye adambratschikaye requested review from fitzgen and bjorn3 and removed request for a team November 6, 2024 15:02
fitzgen
fitzgen approved these changes Nov 6, 2024
View reviewed changes
Copy link
Member

@fitzgen fitzgen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but I am not sure I understand what you are getting at with regards to windows, so we should resolve that before merging. Thanks!

crates/wasmtime/src/runtime/vm/sys/windows/mmap.rs Show resolved Hide resolved
@github-actions github-actions bot added the wasmtime:api Related to the API of the `wasmtime` crate itself label Nov 6, 2024
@fitzgen fitzgen added this pull request to the merge queue Nov 7, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Nov 7, 2024
@alexcrichton
Copy link
Member

Not necessarily obvious to find but the failure is a Windows-specific one

@adambratschikaye
Copy link
Contributor Author

Yeah @alexcrichton is right - it looks like a simple File::open doesn't work for windows because the open options need to be compatible with the options used when creating the mapping. I also had to fix up the new test for this and I added a comment on deserialize_open_file on how the file should be opened for windows.

Also ran the full CI on the branch now, so the previous windows failure should be good.

fitzgen
fitzgen reviewed Nov 11, 2024
View reviewed changes
Copy link
Member

@fitzgen fitzgen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think there is a writable vs readable swaparoo in the docs. AFAICT, it is readable and executable, not writable and executable, and if that is true then this is good to merge with that doc comment fixed.

If my understanding is off, and we are actually mapping as writable and executable, then I think we want to revisit what we're doing here, since that is a pretty scary widget to expose!

crates/wasmtime/src/runtime/module.rs
Comment on lines +447 to +450
/// Note that the corresponding will be mapped as private writeable
/// (copy-on-write) and executable. For `windows` this means the file needs
/// to be opened with at least `FILE_GENERIC_READ | FILE_GENERIC_EXECUTE`
/// [`access_mode`].
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it need to be writable? Seems like it should be (and maybe actually is?) readable and executable?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In windows we create the mapping with protection PAGE_EXECUTE_WRITECOPY which only requires the file handle was created with FILE_GENERIC_READ and FILE_GENERIC_EXECUTE access (docs here). It looks like write access would only be required if writes were being persisted to the file, but since we use copy-on-write it's not needed. Maybe I should add a link to these windows docs in comment for further clarity?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bjorn3 bjorn3 bjorn3 left review comments

@fitzgen fitzgen fitzgen approved these changes

@alexcrichton alexcrichton alexcrichton left review comments

Assignees
No one assigned
Labels
wasmtime:api Related to the API of the `wasmtime` crate itself
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@adambratschikaye @alexcrichton @fitzgen @bjorn3