add version info to modules

version information is comprised of both the current crate version and
the current git commit hash (if available).

Author: awortman-fastly

lucet-analyze/src/main.rs

@@ -2,6 +2,7 @@
 
 use lucet_module::{
     FunctionSpec, Module, ModuleData, SerializedModule, TableElement, TrapManifest, TrapSite,
+    VersionInfo,
 };
 
 use byteorder::{LittleEndian, ReadBytesExt};
@@ -102,7 +103,12 @@ impl<'a> ArtifactSummary<'a> {
                 .unwrap();
             let mut rdr = Cursor::new(buffer);
 
+            let version = unsafe {
+                std::mem::transmute::<u64, VersionInfo>(rdr.read_u64::<LittleEndian>().unwrap())
+            };
+
             SerializedModule {
+                version,
                 module_data_ptr: rdr.read_u64::<LittleEndian>().unwrap(),
                 module_data_len: rdr.read_u64::<LittleEndian>().unwrap(),
                 tables_ptr: rdr.read_u64::<LittleEndian>().unwrap(),
@@ -211,6 +217,7 @@ fn load_module<'b, 'a: 'b>(
         )
     };
     Module {
+        version: serialized_module.version.clone(),
         module_data,
         tables,
         function_manifest,

lucet-module/src/lib.rs

@@ -17,6 +17,7 @@ mod signature;
 mod tables;
 mod traps;
 mod types;
+mod version_info;
 
 pub use crate::error::Error;
 pub use crate::functions::{
@@ -32,6 +33,7 @@ pub use crate::signature::{ModuleSignature, PublicKey};
 pub use crate::tables::TableElement;
 pub use crate::traps::{TrapCode, TrapManifest, TrapSite};
 pub use crate::types::{Signature, ValueType};
+pub use crate::version_info::VersionInfo;
 
 /// Owned variants of the module data types, useful for serialization and testing.
 pub mod owned {

lucet-module/src/module.rs

@@ -1,12 +1,14 @@
 use crate::functions::FunctionSpec;
 use crate::module_data::ModuleData;
 use crate::tables::TableElement;
+use crate::version_info::VersionInfo;
 
 pub const LUCET_MODULE_SYM: &str = "lucet_module";
 
 /// Module is the exposed structure that contains all the data backing a Lucet-compiled object.
 #[derive(Debug)]
 pub struct Module<'a> {
+    pub version: VersionInfo,
     pub module_data: ModuleData<'a>,
     pub tables: &'a [&'a [TableElement]],
     pub function_manifest: &'a [FunctionSpec],
@@ -18,6 +20,7 @@ pub struct Module<'a> {
 #[repr(C)]
 #[derive(Debug)]
 pub struct SerializedModule {
+    pub version: VersionInfo,
     pub module_data_ptr: u64,
     pub module_data_len: u64,
     pub tables_ptr: u64,

lucet-module/src/version_info.rs

@@ -0,0 +1,63 @@
+use byteorder::{LittleEndian, WriteBytesExt};
+use std::cmp::min;
+use std::io;
+
+/// VersionInfo is information about a Lucet module to allow the Lucet runtime to determine if or
+/// how the module can be loaded, if so requested. The information here describes implementation
+/// details in runtime support for `lucetc`-produced modules, and nothing higher level.
+#[repr(C)]
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct VersionInfo {
+    major: u16,
+    minor: u16,
+    patch: u16,
+    reserved: u16,
+    version_hash: [u8; 8],
+}
+
+impl VersionInfo {
+    pub fn write_to<W: WriteBytesExt>(&self, w: &mut W) -> io::Result<()> {
+        w.write_u16::<LittleEndian>(self.major)?;
+        w.write_u16::<LittleEndian>(self.minor)?;
+        w.write_u16::<LittleEndian>(self.patch)?;
+        w.write_u16::<LittleEndian>(self.reserved)?;
+        w.write(&self.version_hash).and_then(|written| {
+            if written != self.version_hash.len() {
+                Err(io::Error::new(
+                    io::ErrorKind::Other,
+                    "unable to write full version hash",
+                ))
+            } else {
+                Ok(())
+            }
+        })
+    }
+
+    pub fn valid(&self) -> bool {
+        self.reserved == 0x8000
+    }
+
+    pub fn current(current_hash: &'static [u8]) -> Self {
+        let mut version_hash = [0u8; 8];
+
+        for i in 0..min(version_hash.len(), current_hash.len()) {
+            version_hash[i] = current_hash[i];
+        }
+
+        // The reasoning for this is as follows:
+        // `SerializedModule`, in version before version information was introduced, began with a
+        // pointer - `module_data_ptr`. This pointer would be relocated to somewhere in user space
+        // for the embedder of `lucet-runtime`. On x86_64, hopefully, that's userland code in some
+        // OS, meaning the pointer will be a pointer to user memory, and will be below
+        // 0x8000_0000_0000_0000. By setting `reserved` to `0x8000`, we set what would be the
+        // highest bit in `module_data_ptr` in an old `lucet-runtime` and guarantee a segmentation
+        // fault when loading these newer modules with version information.
+        VersionInfo {
+            major: env!("CARGO_PKG_VERSION_MAJOR").parse().unwrap(),
+            minor: env!("CARGO_PKG_VERSION_MINOR").parse().unwrap(),
+            patch: env!("CARGO_PKG_VERSION_PATCH").parse().unwrap(),
+            reserved: 0x8000u16,
+            version_hash,
+        }
+    }
+}

lucet-runtime/lucet-runtime-internals/build.rs

@@ -1,3 +1,9 @@
+use std::env;
+use std::fs::File;
+use std::io::Write;
+use std::path::Path;
+use std::process::Command;
+
 use cc;
 
 fn main() {
@@ -14,4 +20,16 @@ fn main() {
     cc::Build::new()
         .file("src/context/tests/c_child.c")
         .compile("context_tests_c_child");
+
+    let last_commit_hash = Command::new("git")
+        .args(&["log", "-n", "1", "--pretty=format:%H"])
+        .output()
+        .ok();
+
+    let commit_file_path = Path::new(&env::var("OUT_DIR").unwrap()).join("commit_hash");
+    let mut f = File::create(&commit_file_path).unwrap();
+
+    if let Some(last_commit_hash) = last_commit_hash {
+        f.write_all(&last_commit_hash.stdout).unwrap();
+    }
 }

lucet-runtime/lucet-runtime-internals/src/module/dl.rs

@@ -4,7 +4,7 @@ use libc::c_void;
 use libloading::Library;
 use lucet_module::{
     FunctionHandle, FunctionIndex, FunctionPointer, FunctionSpec, ModuleData, ModuleSignature,
-    PublicKey, SerializedModule, Signature, LUCET_MODULE_SYM,
+    PublicKey, SerializedModule, Signature, VersionInfo, LUCET_MODULE_SYM,
 };
 use std::ffi::CStr;
 use std::mem::MaybeUninit;
@@ -61,6 +61,21 @@ impl DlModule {
         let serialized_module: &SerializedModule =
             unsafe { serialized_module_ptr.as_ref().unwrap() };
 
+        let version = serialized_module.version.clone();
+
+        let runtime_version =
+            VersionInfo::current(include_str!(concat!(env!("OUT_DIR"), "/commit_hash")).as_bytes());
+
+        if !version.valid() {
+            return Err(lucet_incorrect_module!("reserved bit is not set. This module is likely too old for this lucet-runtime to load."));
+        } else if version != runtime_version {
+            return Err(lucet_incorrect_module!(
+                "version mismatch. module has version {:?}, while this runtime is version {:?}",
+                version,
+                runtime_version,
+            ));
+        }
+
         // Deserialize the slice into ModuleData, which will hold refs into the loaded
         // shared object file in `module_data_slice`. Both of these get a 'static lifetime because
         // Rust doesn't have a safe way to describe that their lifetime matches the containing
@@ -115,6 +130,7 @@ impl DlModule {
             lib,
             fbase,
             module: lucet_module::Module {
+                version,
                 module_data,
                 tables,
                 function_manifest,

lucet-runtime/tests/version_checks.rs

@@ -0,0 +1,16 @@
+use lucet_runtime::{DlModule, Error};
+
+#[test]
+pub fn reject_old_modules() {
+    let err = DlModule::load("./tests/version_checks/old_module2.so")
+        .err()
+        .unwrap();
+
+    if let Error::ModuleError(e) = err {
+        let msg = format!("{}", e);
+        assert!(msg.contains("reserved bit is not set"));
+        assert!(msg.contains("module is likely too old"));
+    } else {
+        panic!("unexpected error loading module: {}", err);
+    }
+}

lucet-runtime/tests/version_checks/old_module.so

@@ -1,5 +1,6 @@
 use crate::bindings;
 use failure::{format_err, Error, Fail};
+use lucet_module::CapabilitiesBuilder;
 use lucet_runtime::{self, MmapRegion, Module as LucetModule, Region, UntypedRetVal, Val};
 use lucetc::{Compiler, HeapSettings, LucetcError, LucetcErrorKind, OptLevel};
 use std::io;
@@ -72,7 +73,9 @@ impl ScriptEnv {
             OptLevel::Fast,
             &bindings,
             HeapSettings::default(),
-            true,
+            CapabilitiesBuilder::new()
+                .with_instructions_counted(true)
+                .build(),
         )
         .map_err(program_error)?;
 

lucet-spectest/src/script.rs

@@ -2,6 +2,7 @@
 mod lucetc_tests {
     use failure::Error;
     use lucet_module::bindings::Bindings;
+    use lucet_module::Capabilities;
     use lucet_wasi_sdk::*;
     use lucetc::{Compiler, HeapSettings, OptLevel};
     use std::collections::HashMap;
@@ -39,7 +40,8 @@ mod lucetc_tests {
         let m = module_from_c(&["empty"], &[]).expect("build module for empty");
         let b = Bindings::empty();
         let h = HeapSettings::default();
-        let c = Compiler::new(&m, OptLevel::Fast, &b, h, false).expect("compile empty");
+        let c = Compiler::new(&m, OptLevel::Fast, &b, h, Capabilities::default())
+            .expect("compile empty");
         let mdata = c.module_data().unwrap();
         assert!(mdata.heap_spec().is_some());
         // clang creates 3 globals:
@@ -74,7 +76,8 @@ mod lucetc_tests {
         let m = module_from_c(&["c"], &["c"]).expect("build module for c");
         let b = Bindings::empty();
         let h = HeapSettings::default();
-        let c = Compiler::new(&m, OptLevel::Fast, &b, h, false).expect("compile c");
+        let c =
+            Compiler::new(&m, OptLevel::Fast, &b, h, Capabilities::default()).expect("compile c");
         let mdata = c.module_data().unwrap();
         assert_eq!(mdata.import_functions().len(), 0, "import functions");
         assert_eq!(mdata.export_functions().len(), 1, "export functions");
@@ -91,7 +94,8 @@ mod lucetc_tests {
         let m = module_from_c(&["d"], &["d"]).expect("build module for d");
         let b = d_only_test_bindings();
         let h = HeapSettings::default();
-        let c = Compiler::new(&m, OptLevel::Fast, &b, h, false).expect("compile d");
+        let c =
+            Compiler::new(&m, OptLevel::Fast, &b, h, Capabilities::default()).expect("compile d");
         let mdata = c.module_data().unwrap();
         assert_eq!(mdata.import_functions().len(), 1, "import functions");
         assert_eq!(mdata.export_functions().len(), 1, "export functions");
@@ -107,7 +111,8 @@ mod lucetc_tests {
         let m = module_from_c(&["c", "d"], &["c", "d"]).expect("build module for c & d");
         let b = Bindings::empty();
         let h = HeapSettings::default();
-        let c = Compiler::new(&m, OptLevel::Fast, &b, h, false).expect("compile c & d");
+        let c = Compiler::new(&m, OptLevel::Fast, &b, h, Capabilities::default())
+            .expect("compile c & d");
         let mdata = c.module_data().unwrap();
         assert_eq!(mdata.import_functions().len(), 0, "import functions");
         assert_eq!(mdata.export_functions().len(), 2, "export functions");