Wasmtime: generalize async_stack_zeroing knob to cover initialization (bytecodealliance#10027)

* Wasmtime: generalize `async_stack_zeroing` knob to cover initialization

This commit moves the knob from the `PoolingInstanceAllocatorConfig` to the
regular `Config` and now controls both whether stacks are zeroed before reuse
and whether they are zeroed before the initial use. The latter doesn't matter
usually, since anonymous mmaps are already zeroed so we don't have to do
anything there, but for no-std environments it is the difference between
manually zeroing the stack or simply using unininitialized memory.

* Fix CLI and test builds

* fix default config value

* fix some more tests

Author: fitzgen

crates/c-api/include/wasmtime/async.h

@@ -332,7 +332,7 @@ typedef struct {
  * https://docs.wasmtime.dev/api/wasmtime/trait.StackCreator.html#tymethod.new_stack
  */
 typedef wasmtime_error_t *(*wasmtime_new_stack_memory_callback_t)(
-    void *env, size_t size, wasmtime_stack_memory_t *stack_ret);
+    void *env, size_t size, bool zeroed, wasmtime_stack_memory_t *stack_ret);
 
 /**
  * A representation of custom stack creator.

crates/c-api/src/async.rs

@@ -397,6 +397,7 @@ unsafe impl StackMemory for CHostStackMemory {
 pub type wasmtime_new_stack_memory_callback_t = extern "C" fn(
     env: *mut std::ffi::c_void,
     size: usize,
+    zeroed: bool,
     stack_ret: &mut wasmtime_stack_memory_t,
 ) -> Option<Box<wasmtime_error_t>>;
 
@@ -414,7 +415,7 @@ struct CHostStackCreator {
 unsafe impl Send for CHostStackCreator {}
 unsafe impl Sync for CHostStackCreator {}
 unsafe impl StackCreator for CHostStackCreator {
-    fn new_stack(&self, size: usize) -> Result<Box<dyn wasmtime::StackMemory>> {
+    fn new_stack(&self, size: usize, zeroed: bool) -> Result<Box<dyn wasmtime::StackMemory>> {
         extern "C" fn panic_callback(_env: *mut std::ffi::c_void, _out_len: &mut usize) -> *mut u8 {
             panic!("a callback must be set");
         }
@@ -424,7 +425,7 @@ unsafe impl StackCreator for CHostStackCreator {
             finalizer: None,
         };
         let cb = self.new_stack;
-        let result = cb(self.foreign.data, size, &mut out);
+        let result = cb(self.foreign.data, size, zeroed, &mut out);
         match result {
             Some(error) => Err((*error).into()),
             None => Ok(Box::new(CHostStackMemory {

crates/cli-flags/src/lib.rs

@@ -131,10 +131,6 @@ wasmtime_option_group! {
         /// pooling allocator. (default: 100)
         pub pooling_max_unused_warm_slots: Option<u32>,
 
-        /// Configures whether or not stacks used for async futures are reset to
-        /// zero after usage. (default: false)
-        pub pooling_async_stack_zeroing: Option<bool>,
-
         /// How much memory, in bytes, to keep resident for async stacks allocated
         /// with the pooling allocator. (default: 0)
         pub pooling_async_stack_keep_resident: Option<usize>,
@@ -276,6 +272,9 @@ wasmtime_option_group! {
         /// difference between the two is how much stack the host has to execute
         /// on.
         pub async_stack_size: Option<usize>,
+        /// Configures whether or not stacks used for async futures are zeroed
+        /// before (re)use as a defense-in-depth mechanism. (default: false)
+        pub async_stack_zeroing: Option<bool>,
         /// Allow unknown exports when running commands.
         pub unknown_exports_allow: Option<bool>,
         /// Allow the main module to import unknown functions, using an
@@ -759,11 +758,6 @@ impl CommonOptions {
                     if let Some(max) = self.opts.pooling_max_unused_warm_slots {
                         cfg.max_unused_warm_slots(max);
                     }
-                    match_feature! {
-                        ["async" : self.opts.pooling_async_stack_zeroing]
-                        enable => cfg.async_stack_zeroing(enable),
-                        _ => err,
-                    }
                     match_feature! {
                         ["async" : self.opts.pooling_async_stack_keep_resident]
                         size => cfg.async_stack_keep_resident(size),
@@ -831,6 +825,11 @@ impl CommonOptions {
             size => config.async_stack_size(size),
             _ => err,
         }
+        match_feature! {
+            ["async" : self.wasm.async_stack_zeroing]
+            enable => config.async_stack_zeroing(enable),
+            _ => err,
+        }
 
         if let Some(max) = self.wasm.max_wasm_stack {
             config.max_wasm_stack(max);

crates/fiber/src/lib.rs

@@ -47,8 +47,8 @@ pub type Result<T, E = imp::Error> = core::result::Result<T, E>;
 
 impl FiberStack {
     /// Creates a new fiber stack of the given size.
-    pub fn new(size: usize) -> Result<Self> {
-        Ok(Self(imp::FiberStack::new(size)?))
+    pub fn new(size: usize, zeroed: bool) -> Result<Self> {
+        Ok(Self(imp::FiberStack::new(size, zeroed)?))
     }
 
     /// Creates a new fiber stack of the given size.
@@ -108,7 +108,7 @@ pub unsafe trait RuntimeFiberStackCreator: Send + Sync {
     ///
     /// This is useful to plugin previously allocated memory instead of mmap'ing a new stack for
     /// every instance.
-    fn new_stack(&self, size: usize) -> Result<Box<dyn RuntimeFiberStack>, Error>;
+    fn new_stack(&self, size: usize, zeroed: bool) -> Result<Box<dyn RuntimeFiberStack>, Error>;
 }
 
 /// A fiber stack backed by custom memory.
@@ -276,11 +276,11 @@ mod tests {
 
     #[test]
     fn small_stacks() {
-        Fiber::<(), (), ()>::new(FiberStack::new(0).unwrap(), |_, _| {})
+        Fiber::<(), (), ()>::new(FiberStack::new(0, false).unwrap(), |_, _| {})
             .unwrap()
             .resume(())
             .unwrap();
-        Fiber::<(), (), ()>::new(FiberStack::new(1).unwrap(), |_, _| {})
+        Fiber::<(), (), ()>::new(FiberStack::new(1, false).unwrap(), |_, _| {})
             .unwrap()
             .resume(())
             .unwrap();
@@ -290,10 +290,11 @@ mod tests {
     fn smoke() {
         let hit = Rc::new(Cell::new(false));
         let hit2 = hit.clone();
-        let fiber = Fiber::<(), (), ()>::new(FiberStack::new(1024 * 1024).unwrap(), move |_, _| {
-            hit2.set(true);
-        })
-        .unwrap();
+        let fiber =
+            Fiber::<(), (), ()>::new(FiberStack::new(1024 * 1024, false).unwrap(), move |_, _| {
+                hit2.set(true);
+            })
+            .unwrap();
         assert!(!hit.get());
         fiber.resume(()).unwrap();
         assert!(hit.get());
@@ -303,12 +304,13 @@ mod tests {
     fn suspend_and_resume() {
         let hit = Rc::new(Cell::new(false));
         let hit2 = hit.clone();
-        let fiber = Fiber::<(), (), ()>::new(FiberStack::new(1024 * 1024).unwrap(), move |_, s| {
-            s.suspend(());
-            hit2.set(true);
-            s.suspend(());
-        })
-        .unwrap();
+        let fiber =
+            Fiber::<(), (), ()>::new(FiberStack::new(1024 * 1024, false).unwrap(), move |_, s| {
+                s.suspend(());
+                hit2.set(true);
+                s.suspend(());
+            })
+            .unwrap();
         assert!(!hit.get());
         assert!(fiber.resume(()).is_err());
         assert!(!hit.get());
@@ -345,15 +347,17 @@ mod tests {
         }
 
         fn run_test() {
-            let fiber =
-                Fiber::<(), (), ()>::new(FiberStack::new(1024 * 1024).unwrap(), move |(), s| {
+            let fiber = Fiber::<(), (), ()>::new(
+                FiberStack::new(1024 * 1024, false).unwrap(),
+                move |(), s| {
                     assert_contains_host();
                     s.suspend(());
                     assert_contains_host();
                     s.suspend(());
                     assert_contains_host();
-                })
-                .unwrap();
+                },
+            )
+            .unwrap();
             assert!(fiber.resume(()).is_err());
             assert!(fiber.resume(()).is_err());
             assert!(fiber.resume(()).is_ok());
@@ -369,12 +373,14 @@ mod tests {
 
         let a = Rc::new(Cell::new(false));
         let b = SetOnDrop(a.clone());
-        let fiber =
-            Fiber::<(), (), ()>::new(FiberStack::new(1024 * 1024).unwrap(), move |(), _s| {
+        let fiber = Fiber::<(), (), ()>::new(
+            FiberStack::new(1024 * 1024, false).unwrap(),
+            move |(), _s| {
                 let _ = &b;
                 panic!();
-            })
-            .unwrap();
+            },
+        )
+        .unwrap();
         assert!(panic::catch_unwind(AssertUnwindSafe(|| fiber.resume(()))).is_err());
         assert!(a.get());
 
@@ -389,11 +395,14 @@ mod tests {
 
     #[test]
     fn suspend_and_resume_values() {
-        let fiber = Fiber::new(FiberStack::new(1024 * 1024).unwrap(), move |first, s| {
-            assert_eq!(first, 2.0);
-            assert_eq!(s.suspend(4), 3.0);
-            "hello".to_string()
-        })
+        let fiber = Fiber::new(
+            FiberStack::new(1024 * 1024, false).unwrap(),
+            move |first, s| {
+                assert_eq!(first, 2.0);
+                assert_eq!(s.suspend(4), 3.0);
+                "hello".to_string()
+            },
+        )
         .unwrap();
         assert_eq!(fiber.resume(2.0), Err(4));
         assert_eq!(fiber.resume(3.0), Ok("hello".to_string()));

crates/fiber/src/nostd.rs

@@ -62,10 +62,14 @@ fn align_ptr(ptr: *mut u8, len: usize, align: usize) -> (*mut u8, usize) {
 }
 
 impl FiberStack {
-    pub fn new(size: usize) -> Result<Self> {
+    pub fn new(size: usize, zeroed: bool) -> Result<Self> {
         // Round up the size to at least one page.
         let size = core::cmp::max(4096, size);
-        let mut storage = vec![0; size];
+        let mut storage = Vec::new();
+        storage.reserve_exact(size);
+        if zeroed {
+            storage.resize(size, 0);
+        }
         let (base, len) = align_ptr(storage.as_mut_ptr(), size, STACK_ALIGN);
         Ok(FiberStack {
             storage,

crates/fiber/src/unix.rs

@@ -60,7 +60,11 @@ enum FiberStackStorage {
 }
 
 impl FiberStack {
-    pub fn new(size: usize) -> io::Result<Self> {
+    pub fn new(size: usize, zeroed: bool) -> io::Result<Self> {
+        // The anonymous `mmap`s we use for `FiberStackStorage` are alawys
+        // zeroed.
+        let _ = zeroed;
+
         // See comments in `mod asan` below for why asan has a different stack
         // allocation strategy.
         if cfg!(asan) {

crates/fiber/src/windows.rs

@@ -14,7 +14,10 @@ pub type Error = io::Error;
 pub struct FiberStack(usize);
 
 impl FiberStack {
-    pub fn new(size: usize) -> io::Result<Self> {
+    pub fn new(size: usize, zeroed: bool) -> io::Result<Self> {
+        // We don't support fiber stack zeroing on windows.
+        let _ = zeroed;
+
         Ok(Self(size))
     }
 

crates/fuzzing/src/generators/config.rs

@@ -275,7 +275,8 @@ impl Config {
             ))
             .allocation_strategy(self.wasmtime.strategy.to_wasmtime())
             .generate_address_map(self.wasmtime.generate_address_map)
-            .signals_based_traps(self.wasmtime.signals_based_traps);
+            .signals_based_traps(self.wasmtime.signals_based_traps)
+            .async_stack_zeroing(self.wasmtime.async_stack_zeroing);
 
         if !self.module_config.config.simd_enabled {
             cfg.wasm_relaxed_simd(false);
@@ -508,6 +509,7 @@ pub struct WasmtimeConfig {
     memory_init_cow: bool,
     memory_guaranteed_dense_image_size: u64,
     use_precompiled_cwasm: bool,
+    async_stack_zeroing: bool,
     /// Configuration for the instance allocation strategy to use.
     pub strategy: InstanceAllocationStrategy,
     codegen: CodegenSettings,

crates/fuzzing/src/generators/pooling_config.rs

@@ -30,7 +30,6 @@ pub struct PoolingAllocationConfig {
     pub decommit_batch_size: usize,
     pub max_unused_warm_slots: u32,
 
-    pub async_stack_zeroing: bool,
     pub async_stack_keep_resident: usize,
 
     pub memory_protection_keys: MpkEnabled,
@@ -65,7 +64,6 @@ impl PoolingAllocationConfig {
         cfg.decommit_batch_size(self.decommit_batch_size);
         cfg.max_unused_warm_slots(self.max_unused_warm_slots);
 
-        cfg.async_stack_zeroing(self.async_stack_zeroing);
         cfg.async_stack_keep_resident(self.async_stack_keep_resident);
 
         cfg.memory_protection_keys(self.memory_protection_keys);
@@ -112,7 +110,6 @@ impl<'a> Arbitrary<'a> for PoolingAllocationConfig {
             decommit_batch_size: u.int_in_range(1..=1000)?,
             max_unused_warm_slots: u.int_in_range(0..=total_memories + 10)?,
 
-            async_stack_zeroing: u.arbitrary()?,
             async_stack_keep_resident: u.int_in_range(0..=1 << 20)?,
 
             memory_protection_keys: *u.choose(&[MpkEnabled::Auto, MpkEnabled::Disable])?,