Handle Wasm errors by failing closed or open. (proxy-wasm#29)

Signed-off-by: John Plevyak <[email protected]>

Author: jplevyak

include/proxy-wasm/context.h

@@ -44,17 +44,19 @@ class WasmVm;
  * @param root_id is an identifier for the in VM handlers for this plugin.
  * @param vm_id is a string used to differentiate VMs with the same code and VM configuration.
  * @param plugin_configuration is configuration for this plugin.
+ * @param fail_open if true the plugin will pass traffic as opposed to close all streams.
  */
 struct PluginBase {
   PluginBase(string_view name, string_view root_id, string_view vm_id,
-             string_view plugin_configuration)
+             string_view plugin_configuration, bool fail_open)
       : name_(std::string(name)), root_id_(std::string(root_id)), vm_id_(std::string(vm_id)),
-        plugin_configuration_(plugin_configuration) {}
+        plugin_configuration_(plugin_configuration), fail_open_(fail_open) {}
 
   const std::string name_;
   const std::string root_id_;
   const std::string vm_id_;
   std::string plugin_configuration_;
+  const bool fail_open_;
   const std::string &log_prefix() const { return log_prefix_; }
 
 private:
@@ -216,6 +218,8 @@ class ContextBase : public RootInterface,
     error("unimplemented proxy-wasm API");
     return WasmResult::Unimplemented;
   }
+  bool isFailed();
+  bool isFailOpen() { return plugin_->fail_open_; }
 
   //
   // General Callbacks.
@@ -308,6 +312,7 @@ class ContextBase : public RootInterface,
                                string_view /* details */) override {
     return unimplemented();
   }
+  void failStream(WasmStreamType stream_type) override { closeStream(stream_type); }
 
   // Shared Data
   WasmResult getSharedData(string_view key,
@@ -353,12 +358,7 @@ class ContextBase : public RootInterface,
 protected:
   friend class WasmBase;
 
-  // NB: initializeRootBase is non-virtual and can be called in the constructor without ambiguity.
   void initializeRootBase(WasmBase *wasm, std::shared_ptr<PluginBase> plugin);
-  // NB: initializeRoot is virtual and should be called only outside of the constructor.
-  virtual void initializeRoot(WasmBase *wasm, std::shared_ptr<PluginBase> plugin) {
-    initializeRootBase(wasm, plugin);
-  }
   std::string makeRootLogPrefix(string_view vm_id) const;
 
   WasmBase *wasm_{nullptr};

include/proxy-wasm/context_interface.h

@@ -315,6 +315,9 @@ struct StreamInterface {
   // Close a stream.
   virtual WasmResult closeStream(WasmStreamType type) = 0;
 
+  // Called when a Wasm VM has failed and the plugin is set to fail closed.
+  virtual void failStream(WasmStreamType) = 0;
+
   /**
    * Provides a BufferInterface to be used to return buffered data to the VM.
    * @param type is the type of buffer to provide.

include/proxy-wasm/null_vm.h

@@ -36,7 +36,7 @@ struct NullVm : public WasmVm {
   Cloneable cloneable() override { return Cloneable::InstantiatedModule; };
   std::unique_ptr<WasmVm> clone() override;
   bool load(const std::string &code, bool allow_precompiled) override;
-  void link(string_view debug_name) override;
+  bool link(string_view debug_name) override;
   uint64_t getMemorySize() override;
   optional<string_view> getMemory(uint64_t pointer, uint64_t size) override;
   bool setMemory(uint64_t pointer, uint64_t size, const void *data) override;

include/proxy-wasm/wasm.h

@@ -71,6 +71,7 @@ class WasmBase : public std::enable_shared_from_this<WasmBase> {
     return nullptr;
   }
   uint32_t allocContextId();
+  bool isFailed() { return failed_; }
 
   const std::string &code() const { return code_; }
   const std::string &vm_configuration() const;
@@ -91,20 +92,17 @@ class WasmBase : public std::enable_shared_from_this<WasmBase> {
     unimplemented();
     return nullptr;
   }
-  // NB: if plugin is nullptr, then a VM Context is returned.
-  virtual ContextBase *createContext(std::shared_ptr<PluginBase> plugin) {
-    if (plugin)
-      return new ContextBase(this, plugin);
-    return new ContextBase(this);
+
+  virtual ContextBase *createVmContext() { return new ContextBase(this); }
+  virtual ContextBase *createRootContext(const std::shared_ptr<PluginBase> &plugin) {
+    return new ContextBase(this, plugin);
+  }
+  virtual ContextBase *createContext(const std::shared_ptr<PluginBase> &plugin) {
+    return new ContextBase(this, plugin);
   }
   virtual void setTimerPeriod(uint32_t root_context_id, std::chrono::milliseconds period) {
     timer_period_[root_context_id] = period;
   }
-  virtual void error(string_view message) {
-    std::cerr << message << "\n";
-    abort();
-  }
-  virtual void unimplemented() { error("unimplemented proxy-wasm API"); }
 
   // Support functions.
   //
@@ -117,12 +115,12 @@ class WasmBase : public std::enable_shared_from_this<WasmBase> {
 
   WasmForeignFunction getForeignFunction(string_view function_name);
 
-  // For testing.
-  //
-  void setContextForTesting(ContextBase *context) { contexts_[context->id()] = context; }
-  // Returns false if onStart returns false.
-  bool startForTesting(std::unique_ptr<ContextBase> root_context,
-                       std::shared_ptr<PluginBase> plugin);
+  void fail(string_view message) {
+    error(message);
+    failed_ = true;
+  }
+  virtual void error(string_view message) { std::cerr << message << "\n"; }
+  virtual void unimplemented() { error("unimplemented proxy-wasm API"); }
 
   bool getEmscriptenVersion(uint32_t *emscripten_metadata_major_version,
                             uint32_t *emscripten_metadata_minor_version,
@@ -238,6 +236,7 @@ class WasmBase : public std::enable_shared_from_this<WasmBase> {
   std::string code_;
   std::string vm_configuration_;
   bool allow_precompiled_ = false;
+  bool failed_ = false; // The Wasm VM has experienced a fatal error.
 
   bool is_emscripten_ = false;
   uint32_t emscripten_metadata_major_version_ = 0;
@@ -259,7 +258,13 @@ class WasmBase : public std::enable_shared_from_this<WasmBase> {
 class WasmHandleBase : public std::enable_shared_from_this<WasmHandleBase> {
 public:
   explicit WasmHandleBase(std::shared_ptr<WasmBase> wasm_base) : wasm_base_(wasm_base) {}
-  ~WasmHandleBase() { wasm_base_->startShutdown(); }
+  ~WasmHandleBase() {
+    if (wasm_base_) {
+      wasm_base_->startShutdown();
+    }
+  }
+
+  void kill() { wasm_base_ = nullptr; }
 
   std::shared_ptr<WasmBase> &wasm() { return wasm_base_; }
 
@@ -276,8 +281,7 @@ using WasmHandleCloneFactory =
 // Returns nullptr on failure (i.e. initialization of the VM fails).
 std::shared_ptr<WasmHandleBase>
 createWasm(std::string vm_key, std::string code, std::shared_ptr<PluginBase> plugin,
-           WasmHandleFactory factory, bool allow_precompiled,
-           std::unique_ptr<ContextBase> root_context_for_testing = nullptr);
+           WasmHandleFactory factory, WasmHandleCloneFactory clone_factory, bool allow_precompiled);
 // Get an existing ThreadLocal VM matching 'vm_id' or nullptr if there isn't one.
 std::shared_ptr<WasmHandleBase> getThreadLocalWasm(string_view vm_id);
 // Get an existing ThreadLocal VM matching 'vm_id' or create one using 'base_wavm' by cloning or by
@@ -286,6 +290,9 @@ std::shared_ptr<WasmHandleBase>
 getOrCreateThreadLocalWasm(std::shared_ptr<WasmHandleBase> base_wasm,
                            std::shared_ptr<PluginBase> plugin, WasmHandleCloneFactory factory);
 
+// Clear Base Wasm cache and the thread-local Wasm sandbox cache for the calling thread.
+void clearWasmCachesForTesting();
+
 inline const std::string &WasmBase::vm_configuration() const {
   if (base_wasm_handle_)
     return base_wasm_handle_->wasm()->vm_configuration_;

include/proxy-wasm/wasm_vm.h

@@ -171,8 +171,9 @@ class WasmVm {
    * should be loaded and the ABI callbacks registered (see above). Linking should be done once
    * after load().
    * @param debug_name user-provided name for use in log and error messages.
+   * @return whether or not the link was successful.
    */
-  virtual void link(string_view debug_name) = 0;
+  virtual bool link(string_view debug_name) = 0;
 
   /**
    * Get size of the currently allocated memory in the VM.
@@ -249,12 +250,24 @@ class WasmVm {
   FOR_ALL_WASM_VM_IMPORTS(_REGISTER_CALLBACK)
 #undef _REGISTER_CALLBACK
 
+  bool isFailed() { return failed_; }
+  void fail(string_view message) {
+    error(message);
+    failed_ = true;
+    if (fail_callback_) {
+      fail_callback_();
+    }
+  }
+  void setFailCallback(std::function<void()> fail_callback) { fail_callback_ = fail_callback; }
+
   // Integrator operations.
   std::unique_ptr<WasmVmIntegration> &integration() { return integration_; }
   void error(string_view message) { integration()->error(message); }
 
 private:
   std::unique_ptr<WasmVmIntegration> integration_;
+  bool failed_ = false;
+  std::function<void()> fail_callback_;
 };
 
 // Thread local state set during a call into a WASM VM so that calls coming out of the