snaipe / boxfort Goto Github PK
View Code? Open in Web Editor NEWConvenient & cross-platform sandboxing C library
License: MIT License
Convenient & cross-platform sandboxing C library
License: MIT License
lldb-server doesn't always ship with lldb, and some other systems have clang+gdb without lldb. It would be better to fallback to gdbserver if lldb-server isn't available.
Currently, Boxfort segfaults with musl due to how they populate program headers.
clang-13 prints this:
../src/arena.c:110:40: warning: passing 'unsigned char *' to parameter of type 'char *' converts between pointers to integer types where one is of the unique plain 'char' type and the other is not [-Wpointer-sign]
if (!mincore(addr, pagesize(), &p))
^~
/usr/include/sys/mman.h:327:41: note: passing argument to parameter here
int mincore(const void *, size_t, char *);
^
Log of Meson test suite run on 2023-10-22T23:49:41.776019
Inherited environment: DEVELOPER_DIR=/Library/Developer/CommandLineTools TMPDIR=/opt/local/var/macports/build/_opt_svacchanda_SonomaPorts_devel_boxfort/boxfort/work/.tmp LIBRARY_PATH=/opt/local/lib SDKROOT=/Library/Developer/CommandLineTools/SDKs/MacOSX14.sdk NO_PROXY='*.local,169.254/16' USER=root CCACHE_DIR=/opt/local/var/macports/build/.ccache CPATH=/opt/local/include COLUMNS=80 PATH=/opt/local/bin:/opt/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin _=/opt/local/bin/meson CC_PRINT_OPTIONS=YES PWD=/opt/local/var/macports/build/_opt_svacchanda_SonomaPorts_devel_boxfort/boxfort/work/build LANG=en_US.UTF-8 CC_PRINT_OPTIONS_FILE=/opt/local/var/macports/build/_opt_svacchanda_SonomaPorts_devel_boxfort/boxfort/work/.CC_PRINT_OPTIONS LINES=24 HOME=/opt/local/var/macports/build/_opt_svacchanda_SonomaPorts_devel_boxfort/boxfort/work/.home SHLVL=2 MACOSX_DEPLOYMENT_TARGET=14.0 DISPLAY=/private/tmp/com.apple.launchd.EEZzEtiyvC/org.macports:0 __CF_USER_TEXT_ENCODING=0x1F6:0:0
==================================== 1/4 =====================================
test: nested.c
start time: 15:49:41
duration: 0.24s
result: killed by signal 6 SIGABRT
command: MALLOC_PERTURB_=156 /opt/local/var/macports/build/_opt_svacchanda_SonomaPorts_devel_boxfort/boxfort/work/build/sample/nested.c.bin
==============================================================================
==================================== 2/4 =====================================
test: callback.c
start time: 15:49:41
duration: 0.44s
result: killed by signal 6 SIGABRT
command: MALLOC_PERTURB_=239 /opt/local/var/macports/build/_opt_svacchanda_SonomaPorts_devel_boxfort/boxfort/work/build/sample/callback.c.bin
==============================================================================
==================================== 3/4 =====================================
test: context.c
start time: 15:49:41
duration: 0.86s
result: exit status 0
command: MALLOC_PERTURB_=53 /opt/local/var/macports/build/_opt_svacchanda_SonomaPorts_devel_boxfort/boxfort/work/build/sample/context.c.bin
----------------------------------- stdout -----------------------------------
my_int = 42
my_long = 24
==============================================================================
==================================== 4/4 =====================================
test: timeout.c
start time: 15:49:41
duration: 2.66s
result: exit status 0
command: MALLOC_PERTURB_=37 /opt/local/var/macports/build/_opt_svacchanda_SonomaPorts_devel_boxfort/boxfort/work/build/sample/timeout.c.bin
----------------------------------- stdout -----------------------------------
Wait timed out after 1 second
Process killed after 2.0 seconds
==============================================================================
Summary of Failures:
1/4 nested.c FAIL 0.24s killed by signal 6 SIGABRT
2/4 callback.c FAIL 0.44s killed by signal 6 SIGABRT
Ok: 2
Expected Fail: 0
Fail: 2
Unexpected Pass: 0
Skipped: 0
Timeout: 0
Building with clang-cl
on Win-10, shows some important warnings:
src/sandbox-windows.c(370,9): warning: variable 'sync' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized]
if (!instance->waited)
^~~~~~~~~~~~~~~~~
src/sandbox-windows.c(584,9): note: uninitialized use occurs here
if (sync)
^~~~
src/sandbox-windows.c(370,5): note: remove the 'if' if its condition is always false
if (!instance->waited)
^~~~~~~~~~~~~~~~~~~~~~
src/sandbox-windows.c(363,9): warning: variable 'sync' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized]
if (!instance)
^~~~~~~~~
src/sandbox-windows.c(584,9): note: uninitialized use occurs here
if (sync)
^~~~
src/sandbox-windows.c(363,5): note: remove the 'if' if its condition is always false
if (!instance)
^~~~~~~~~~~~~~
src/sandbox-windows.c(383,5): note: variable 'sync' is declared here
HANDLE sync = CreateEvent(&inherit_handle, FALSE, FALSE, NULL);
^
2 warnings generated.
Which I fixed by:
--- a/src/sandbox-windows.c 2022-09-18 12:05:05
+++ b/src/sandbox-windows.c 2022-09-19 12:00:35
@@ -346,6 +346,7 @@
int errnum = 0;
struct bxfi_sandbox *instance = NULL;
BOOL success = FALSE;
+ HANDLE sync = NULL;
struct bxfi_prepare_ctx prep = {
.handles = NULL,
@@ -380,7 +381,7 @@
.bInheritHandle = TRUE
};
- HANDLE sync = CreateEvent(&inherit_handle, FALSE, FALSE, NULL);
+ sync = CreateEvent(&inherit_handle, FALSE, FALSE, NULL);
errnum = -EPROTO;
if (!sync)
goto error;
Not sure what causes this when it sometimes works fine -- perhaps a misoptimisation?
@MrAnno I recently attempt to package Criterion for Fedora, and the BoxFort is a dependency of it. The fedora packaging guidelines recommended using shared libraries instead of static libraries. Is there any reason of only building BoxFort as a static lib?
Lines 67 to 78 in c91d718
I'm running tests by means of Criterion 2.3 (https://github.com/Snaipe/Criterion/releases/download/v2.3.0/criterion-v2.3.0-mingw-x64.tar.bz2)
While doing i also check my code potential leaks.
But if you're curious i found some leaks in BoxFort code
Error #1: LEAK 260 direct bytes 0x0000000002cc7a60-0x0000000002cc7b64 + 0 indirect bytes
# 0 replace_RtlAllocateHeap [d:\drmemory_package\common\alloc_replace.c:3770]
# 1 bcryptPrimitives.dll!GetCipherInterface+0x2b09 (0x00007ffbd1930ffa <bcryptPrimitives.dll+0x10ffa>)
# 2 KERNELBASE.dll!LocalAlloc +0x70 (0x00007ffbd1d06591 <KERNELBASE.dll+0x26591>)
# 3 libcriterion.dll!bxfi_lib_name [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/exe-pe.c:127]
# 4 libcriterion.dll!bxfi_slide_from_addr [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/exe-pe.c:108]
# 5 libcriterion.dll!bxfi_normalize_addr [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/addr.c:35]
# 6 libcriterion.dll!bxfi_exec [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/addr.h:41]
# 7 KERNELBASE.dll!GetModuleFileNameA +0x102 (0x00007ffbd1d35973 <KERNELBASE.dll+0x55973>)
# 8 libcriterion.dll!bxfi_lib_name [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/exe-pe.c:129]
# 9 libcriterion.dll!bxfi_slide_from_addr [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/exe-pe.c:108]
#10 libcriterion.dll!bxf_spawn_struct [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/sandbox.c:84]
#11 libcriterion.dll!run_test [C:/msys64/home/Snaipe/workspace/Criterion/src/core/runner_coroutine.c:343]
Error #2: LEAK 260 direct bytes 0x0000000002cd16e0-0x0000000002cd17e4 + 0 indirect bytes
# 0 replace_RtlAllocateHeap [d:\drmemory_package\common\alloc_replace.c:3770]
# 1 libcriterion.dll!pb_field_iter_find [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/nanopb/pb_common.c:90]
# 2 KERNELBASE.dll!MapViewOfFileExNuma +0xca (0x00007ffbd1d3d99b <KERNELBASE.dll+0x5d99b>)
# 3 KERNELBASE.dll!LocalAlloc +0x70 (0x00007ffbd1d06591 <KERNELBASE.dll+0x26591>)
# 4 KERNELBASE.dll!MapViewOfFileEx +0x21 (0x00007ffbd1d3d8c2 <KERNELBASE.dll+0x5d8c2>)
# 5 KERNELBASE.dll!VirtualAlloc +0x4a (0x00007ffbd1d3154b <KERNELBASE.dll+0x5154b>)
# 6 libcriterion.dll!bxfi_lib_name [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/exe-pe.c:127]
# 7 libcriterion.dll!bxfi_slide_from_addr [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/exe-pe.c:108]
# 8 libcriterion.dll!bxfi_normalize_addr [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/addr.c:35]
# 9 libcriterion.dll!bxf_context_addaddr [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/context.c:163]
#10 libcriterion.dll!bxf_context_addobject [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/context.c:123]
#11 libcriterion.dll!bxf_context_init [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/context.c:49]
Error #3: LEAK 260 direct bytes 0x0000000002cd1e20-0x0000000002cd1f24 + 0 indirect bytes
# 0 replace_RtlAllocateHeap [d:\drmemory_package\common\alloc_replace.c:3770]
# 1 KERNELBASE.dll!WideCharToMultiByte +0x2d0 (0x00007ffbd1d21e41 <KERNELBASE.dll+0x41e41>)
# 2 KERNELBASE.dll!LocalAlloc +0x70 (0x00007ffbd1d06591 <KERNELBASE.dll+0x26591>)
# 3 libcriterion.dll!bxfi_lib_name [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/exe-pe.c:127]
# 4 libcriterion.dll!bxfi_slide_from_addr [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/exe-pe.c:108]
# 5 WS2_32.dll!WSASocketW +0x47b (0x00007ffbd383ae1c <WS2_32.dll+0xae1c>)
# 6 KERNELBASE.dll!GetModuleFileNameA +0x102 (0x00007ffbd1d35973 <KERNELBASE.dll+0x55973>)
# 7 libcriterion.dll!bxfi_lib_name [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/exe-pe.c:129]
# 8 libcriterion.dll!bxfi_slide_from_addr [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/exe-pe.c:108]
# 9 libcriterion.dll!bxf_spawn_struct [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/sandbox.c:84]
#10 libcriterion.dll!run_test [C:/msys64/home/Snaipe/workspace/Criterion/src/core/runner_coroutine.c:343]
#11 libcriterion.dll!cri_run_next_test [C:/msys64/home/Snaipe/workspace/Criterion/src/core/runner_coroutine.c:437]
Error #4: LEAK 48 direct bytes 0x00000000030b9c40-0x00000000030b9c70 + 0 indirect bytes
# 0 replace_malloc [d:\drmemory_package\common\alloc_replace.c:2576]
# 1 libcriterion.dll!do_inherit_handle [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/sandbox-windows.c:286]
# 2 libcriterion.dll!bxfi_denormalize_addr [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/addr.c:48]
# 3 libcriterion.dll!prepare_elt [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/context.c:315]
# 4 libcriterion.dll!bxf_arena_iter [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/arena.c:681]
# 5 libcriterion.dll!bxfi_context_prepare [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/context.c:340]
# 6 KERNELBASE.dll!InitializeProcThreadAttributeList+0x72 (0x00007ffbd1d4a2a3 <KERNELBASE.dll+0x6a2a3>)
# 7 libcriterion.dll!bxfi_exec [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/sandbox-windows.c:320]
# 8 libcriterion.dll!bxfi_lib_name [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/exe-pe.c:129]
# 9 libcriterion.dll!bxfi_slide_from_addr [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/exe-pe.c:108]
#10 libcriterion.dll!bxf_spawn_struct [C:/msys64/home/Snaipe/workspace/Criterion/dependencies/boxfort/src/sandbox.c:84]
#11 libcriterion.dll!run_test [C:/msys64/home/Snaipe/workspace/Criterion/src/core/runner_coroutine.c:343]
I'm building boxfort with criterion in OBS[1] and OBS reports the architecture as 'armv7l'...
After I modified the CMakeLists.txt (just simply added the 'armv7l') OBS was able to build Criterion.
Testing is in progress.
If possible, could you fix the arm detection?
[1] https://build.opensuse.org/package/show/home:laszlo_budai:syslog-ng/criterion
Hi,
I'm trying to build Criterion on OpenBSD and I'm stuck on build of BoxFort because there is no waitid(2)
on OpenBSD
https://github.com/diacritic/BoxFort/blob/master/src/sandbox-posix.c#L161
https://github.com/diacritic/BoxFort/blob/master/src/sandbox-posix.c#L173
Is there any workaround I could try to do the same things without this syscall ? If you can explain me what this is supposed to do I can try to find something.
Regards
I'm unable to use criterion on my ppc64 workstation.
Nearly all of criterion
tests fail on aarch64
with:
criterion: Could not initialize inheritable arena: Cannot allocate memory
That's because BoxFort
assumes minimal address space for 64-bit hosts of 48-bit:
Lines 56 to 61 in a26074c
While on aarch64
it is possible to to have 39-bit address space see https://www.kernel.org/doc/Documentation/arm64/memory.rst
The windows implementation is lacking some job control to kill child processes on exit.
There should also be a workaround for POSIX systems without PR_SET_PDEATHSIG.
BoxFort should propagate SIGTSTP
and SIGCONT
to the child workers.
Would it be possible to tag the current master head with version 0.0.1? It's then easier to package the stuff across distros with the same version.
Yet even better, tag it after #27 is merged so we don't have to patch it locally in Linux Gentoo :)
I had an infinite loop in some of my criterion tests, so I was obliged to kill the processes in order to get going. With time I notice a considerable amount of lag on my pc, turns out boxfort workers had been left open, and were consuming all of the cpu.
The workers should have died along with criterion, by either noticing criterion was gone or maybe criterion passing the signal if that's possible.
Shouldn't we re-enable BXF_FORK_RESILIENCE
by default?
I am quite out of practice when it comes to MASM, so I decided to read the directives chapter over the last weekend http://www.phatcode.net/res/223/files/html/Chapter_8/CH08-7.html and decided to implement windows counterpart for AT&T dialect .S
-> .asm
, but my attempt is currently on frits because of the .h
-> .inc
macros conversion.
Here is my attempt trampoline-i386.inc
:
; The MIT License (MIT)
; Copyright © 2016 Franklin "Snaipe" Mathieu <http://snai.pe/>
; Permission is hereby granted, free of charge, to any person obtaining a copy
; of this software and associated documentation files (the "Software"), to deal
; in the Software without restriction, including without limitation the rights
; to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
; copies of the Software, and to permit persons to whom the Software is
; furnished to do so, subject to the following conditions:
; The above copyright notice and this permission notice shall be included in
; all copies or substantial portions of the Software.
; THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
; IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
; FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
; AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
; LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
; OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
; THE SOFTWARE.
%ifndef ASM_MANGLING_H_
ASM_MANGLING_H_ equ
%include config.inc ; this is an additional projection by cmake
MANGLING_STR_ macro x:req
; what goes here??
endm
MANGLING_STR macro x:req
MANGLING_STR_ x
endm
MANGLING_HEADER_ textequ <mangling/BXF_MANGLING.inc> ; this works
MANGLING_HEADER equ %(MANGLING_STR MANGLING_HEADER_)
%include MANGLING_HEADER ; this is failing due to syntax limitation that I could not figure out
; however, this works:
%include MANGLING_HEADER_
%endif ; !ASM_MANGLING_H_
Probably MASM/Intel macros have weird syntax limitations? Or probably direct syntax conversion is not such a good idea and it would:
OR
gcc -E foo.asm -o foo.preproc.asm && masm foo.preproc.asm -o foo.obj
, i.e. cl /EP foo.asm > foo.pp.asm
?I know AT&T assembly dialect would compiles with MinGW but would be nice to have the MSVCR counterpart :)
FWIW, I have config.inc.in
(which cmake emits as config.inc
), trampoline.inc
and trampoline-i386.asm
. Moreover, my MASM assembler test command is:
:: this is CMD
:: clone BF and cd
mkdir build
cd build
:: cmake configure and build once (build will fail)
cmake ..
cmake --build .
:: run once:
"%ProgramFiles(x86)%\Microsoft Visual Studio 14.0\VC\vcvarsall.bat"
:: now the test command for rest of the exercise (with relative paths)
ml.exe /c /nologo /Zi /Fo"boxfort.dir\Debug\trampoline-i386.obj" /D"WIN32" /D"_WINDOWS" /D"_DEBUG" /D"_CRT_SECURE_NO_WARNINGS" /D"WIN32_LEAN_AND_MEAN" /D"_WIN32_WINNT=0x600" /D"CMAKE_INTDIR="Debug"" /D"boxfort_EXPORTS" /I "include" /I "src" /I "build\src" /W3 /errorReport:prompt /safeseh /Ta"src\asm\trampoline-i386.asm"
I'm trying to use Criterion on ARM and based on Snaipe/Criterion#233 issue, I tried building BoxFort on the aarch/arm branch and I get the following failure:
[ 5%] Building ASM object CMakeFiles/boxfort.dir/src/asm/trampoline-arm64.S.o
[ 10%] Building C object CMakeFiles/boxfort.dir/src/addr.c.o
[ 15%] Building C object CMakeFiles/boxfort.dir/src/arena.c.o
[ 21%] Building C object CMakeFiles/boxfort.dir/src/context.c.o
[ 26%] Building C object CMakeFiles/boxfort.dir/src/exe-elf.c.o
[ 31%] Building C object CMakeFiles/boxfort.dir/src/sandbox-posix.c.o
[ 36%] Building C object CMakeFiles/boxfort.dir/src/sandbox.c.o
[ 42%] Building C object CMakeFiles/boxfort.dir/src/timeout-posix.c.o
[ 47%] Building C object CMakeFiles/boxfort.dir/src/timestamp.c.o
[ 52%] Linking C shared library libboxfort.so
/usr/bin/ld: CMakeFiles/boxfort.dir/src/arena.c.o: relocation R_AARCH64_ADR_PREL_PG_HI21 against external symbol `stderr@@GLIBC_2.17' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: CMakeFiles/boxfort.dir/src/arena.c.o(.text+0xb4): unresolvable R_AARCH64_ADR_PREL_PG_HI21 relocation against symbol `stderr@@GLIBC_2.17'
/usr/bin/ld: final link failed: Bad value
collect2: error: ld returned 1 exit status
CMakeFiles/boxfort.dir/build.make:294: recipe for target 'libboxfort.so' failed
Any insight or help to fix this would be useful.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.