[wasm] Initial signal handler

src/trap-handler/trap-handler.cc

+// Copyright 2016 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+

[Mark Seaborn, 2017/02/09 16:44:36]

The naming of the files as "trap-handler.cc" and "signal-handler.cc" is a bit
odd, since a signal handler is a type of trap handler.

How about something like "inside-handler.cc" and "outside-handler.cc" for code
that runs inside and outside the trap handler?  That is the distinction we
really have between these two files.

[Eric Holk, 2017/02/15 02:02:45]

Done.

+// PLEASE READ BEFORE CHANGING THIS FILE!
+//
+// This file implements the out of bounds signal handler for

[Mark Seaborn, 2017/02/09 16:44:36]

Can you drop this sentence?  *This* file doesn't implement the signal handler,
the other file does.  This file contains code that runs outside the trap
handler, and it maintains the data structures that the trap handler reads.

[Eric Holk, 2017/02/15 02:02:45]

Done.

+// WebAssembly. Signal handlers are notoriously difficult to get
+// right, and getting it wrong can lead to security
+// vulnerabilities. In order to minimize this risk, here are some
+// rules to follow.
+//
+// 1. Do not introduce any new external dependencies. This file needs
+//    to be self contained so it is easy to audit everything that a

[Mark Seaborn, 2017/02/09 16:44:36]

This reason doesn't apply for the outside-the-trap-handler code.

External dependencies are more OK for this case.  Probably the only issue is
lock ordering, but the TLS check should mean we avoid most lock ordering
problems.

[Eric Holk, 2017/02/15 02:02:45]

I softened the wording a bit to say "avoid adding new external dependencies." I
think we still want to be judicious here, since this file maintains data
structures that affect the signal handler and deserves close scrutiny.

+//    signal handler might do.
+//
+// 2. Any changes must be reviewed by someone from the crash reporting
+//    or security team.
+
+// This file contains general support code for trap handling, and is mostly
+// used by other parts of V8. For the code that runs in the signal handler
+// itself, see signal-handler.cc.
+
+#include <signal.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <atomic>
+
+#include "src/flags.h"
+#include "src/trap-handler/trap-handler-internal.h"
+#include "src/trap-handler/trap-handler.h"
+
+#define TRACE(...)
+
+namespace v8 {
+namespace internal {
+namespace trap_handler {
+
+THREAD_LOCAL bool g_thread_in_wasm_code = false;
+
+const size_t kInitialCodeObjectSize = 1024;
+const size_t kCodeObjectGrowthFactor = 2;
+size_t gNumCodeObjects = 0;
+CodeProtectionInfo** gCodeObjects = nullptr;
+
+std::atomic_flag MetadataLock::spinlock_ = ATOMIC_FLAG_INIT;
+
+constexpr size_t HandlerDataSize(size_t num_protected_instructions) {
+  return offsetof(CodeProtectionInfo, instructions) +
+         num_protected_instructions * sizeof(ProtectedInstructionData);
+}
+
+CodeProtectionInfo* CreateHandlerData(
+    void* base, size_t size, size_t num_protected_instructions,
+    ProtectedInstructionData* protected_instructions) {
+  const size_t alloc_size = HandlerDataSize(num_protected_instructions);
+  CodeProtectionInfo* data =
+      reinterpret_cast<CodeProtectionInfo*>(malloc(alloc_size));
+
+  if (data == nullptr) {
+    return nullptr;
+  }
+
+  data->base = base;
+  data->size = size;
+  data->num_protected_instructions = num_protected_instructions;
+
+  memcpy(data->instructions, protected_instructions,
+         num_protected_instructions * sizeof(ProtectedInstructionData));
+
+  return data;
+}
+
+void UpdateCodePointer(int index, void* base) {
+  TRACE("Updating code pointer at index %d\n", index);
+  MetadataLock lock;
+  if (static_cast<size_t>(index) >= gNumCodeObjects) {
+    TRACE("Out of bounds\n");
+    abort();
+  }
+  CodeProtectionInfo* data = gCodeObjects[index];
+  data->base = base;
+}
+
+int RegisterHandlerData(void* base, size_t size,
+                        size_t num_protected_instructions,
+                        ProtectedInstructionData* protected_instructions) {
+  // TODO(eholk): in debug builds, make sure this data isn't already registered.
+
+  CodeProtectionInfo* data = CreateHandlerData(
+      base, size, num_protected_instructions, protected_instructions);
+
+  if (data == nullptr) {
+    TRACE("Could not allocate handler data\n");
+    abort();
+  }
+
+  MetadataLock lock;
+
+  size_t i;
+  for (i = 0; i < gNumCodeObjects; ++i) {
+    if (gCodeObjects[i] == nullptr) {
+      break;
+    }
+  }
+
+  // We didn't find an opening in the available space, so grow.
+  if (i == gNumCodeObjects) {
+    size_t new_size = gNumCodeObjects > 0
+                          ? gNumCodeObjects * kCodeObjectGrowthFactor
+                          : kInitialCodeObjectSize;
+    gCodeObjects = static_cast<CodeProtectionInfo**>(
+        realloc(gCodeObjects, sizeof(*gCodeObjects) * new_size));
+
+    if (gCodeObjects == nullptr) {
+      abort();
+    }
+
+    memset(gCodeObjects + gNumCodeObjects, 0,
+           sizeof(*gCodeObjects) * (new_size - gNumCodeObjects));
+    gNumCodeObjects = new_size;
+  }
+
+  gCodeObjects[i] = data;
+  TRACE("Registered handler data %p at index %zu\n", data, i);
+  return static_cast<int>(i);
+}
+
+void ReleaseHandlerData(int index) {
+  // Remove the data from the global list if it's there.
+
+  MetadataLock lock;
+
+  CodeProtectionInfo* data = gCodeObjects[index];
+  gCodeObjects[index] = nullptr;
+
+  TRACE("Released handler data %p at index %d\n", data, index);
+
+  // TODO(eholk): on debug builds, ensure there are no more copies in
+  // the list.
+  free(data);
+}
+
+void SetThreadInWasm() {
+  TRACE("Transitioning to Wasm\n");
+  g_thread_in_wasm_code = true;
+}
+
+void ClearThreadInWasm() {
+  TRACE("Transitioning from Wasm\n");
+  g_thread_in_wasm_code = false;
+}
+
+bool IsThreadInWasm() { return g_thread_in_wasm_code; }
+
+bool EnableTrapHandler() {
+  return FLAG_wasm_trap_handler && kTrapHandlerSupported;
+}
+
+}  // namespace trap_handler
+}  // namespace internal
+}  // namespace v8