From c71193571e05f42ce95cd3324bdef8ef171fff55 Mon Sep 17 00:00:00 2001 From: Harvey Tuch Date: Fri, 9 Oct 2020 13:59:11 -0400 Subject: [PATCH 1/5] dependencies: bump LuaJIT to 2.1 branch HEAD @ e9af1ab. LuaJIT 2.1.0-beta3 has the following CVEs, which don't appear super critical for correctly functioning Lua code but prudence dictates we should bump anyway: - CVE-2020-15890: LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled. - CVE-2020-24372: LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in lj_err.c. There is no release version beyond 2.1.0-beta3, so using HEAD of 2.1 branch. Risk level: Medium (if using LuaJIT). Testing: bazel test //test/... Some unit tests required fixups due to changes in Lua header map table ordering. Signed-off-by: Harvey Tuch --- bazel/foreign_cc/luajit.patch | 158 +++++++++--------- bazel/repository_locations.bzl | 10 +- .../filters/http/lua/lua_filter_test.cc | 73 ++++---- test/test_common/utility.cc | 32 ++-- test/test_common/utility_test.cc | 18 ++ 5 files changed, 158 insertions(+), 133 deletions(-) diff --git a/bazel/foreign_cc/luajit.patch b/bazel/foreign_cc/luajit.patch index b454b7dfd149..364618af791d 100644 --- a/bazel/foreign_cc/luajit.patch +++ b/bazel/foreign_cc/luajit.patch @@ -1,5 +1,5 @@ diff --git a/src/Makefile b/src/Makefile -index f56465d..5d91fa7 100644 +index e65b55e..9d4633c 100644 --- a/src/Makefile +++ b/src/Makefile @@ -27,7 +27,7 @@ NODOTABIVER= 51 @@ -33,93 +33,87 @@ index f56465d..5d91fa7 100644 # # Disable the JIT compiler, i.e. turn LuaJIT into a pure interpreter. #XCFLAGS+= -DLUAJIT_DISABLE_JIT -@@ -111,7 +111,7 @@ XCFLAGS= - #XCFLAGS+= -DLUAJIT_NUMMODE=2 - # - # Enable GC64 mode for x64. --#XCFLAGS+= -DLUAJIT_ENABLE_GC64 -+XCFLAGS+= -DLUAJIT_ENABLE_GC64 - # - ############################################################################## - -@@ -587,7 +587,7 @@ endif - +@@ -591,7 +591,7 @@ endif + Q= @ E= @echo -#Q= +Q= #E= @: - - ############################################################################## -EOF ---- a/src/msvcbuild.bat 2020-08-13 18:42:05.667354300 +0000 -+++ b/src/msvcbuild.bat 2020-08-13 19:03:25.092297900 +0000 -@@ -14,7 +14,7 @@ - @if not defined INCLUDE goto :FAIL - - @setlocal --@set LJCOMPILE=cl /nologo /c /O2 /W3 /D_CRT_SECURE_NO_DEPRECATE /D_CRT_STDIO_INLINE=__declspec(dllexport)__inline -+@set LJCOMPILE=cl /nologo /c /W3 /D_CRT_SECURE_NO_DEPRECATE /D_CRT_STDIO_INLINE=__declspec(dllexport)__inline /DLUAJIT_ENABLE_LUA52COMPAT - @set LJLINK=link /nologo - @set LJMT=mt /nologo - @set LJLIB=lib /nologo /nodefaultlib -@@ -25,7 +25,7 @@ - @set LJLIBNAME=lua51.lib - @set ALL_LIB=lib_base.c lib_math.c lib_bit.c lib_string.c lib_table.c lib_io.c lib_os.c lib_package.c lib_debug.c lib_jit.c lib_ffi.c - --%LJCOMPILE% host\minilua.c -+%LJCOMPILE% /O2 host\minilua.c - @if errorlevel 1 goto :BAD - %LJLINK% /out:minilua.exe minilua.obj - @if errorlevel 1 goto :BAD -@@ -48,7 +48,7 @@ - minilua %DASM% -LN %DASMFLAGS% -o host\buildvm_arch.h %DASC% - @if errorlevel 1 goto :BAD --%LJCOMPILE% /I "." /I %DASMDIR% host\buildvm*.c -+%LJCOMPILE% /O2 /I "." /I %DASMDIR% host\buildvm*.c - @if errorlevel 1 goto :BAD - %LJLINK% /out:buildvm.exe buildvm*.obj - @if errorlevel 1 goto :BAD -@@ -72,24 +72,35 @@ - - @if "%1" neq "debug" goto :NODEBUG - @shift --@set LJCOMPILE=%LJCOMPILE% /Zi -+@set LJCOMPILE=%LJCOMPILE% /O0 /Z7 - @set LJLINK=%LJLINK% /debug /opt:ref /opt:icf /incremental:no -+@set LJCRTDBG=d -+@goto :ENDDEBUG - :NODEBUG -+@set LJCOMPILE=%LJCOMPILE% /O2 /Z7 -+@set LJLINK=%LJLINK% /release /incremental:no -+@set LJCRTDBG= -+:ENDDEBUG - @if "%1"=="amalg" goto :AMALGDLL - @if "%1"=="static" goto :STATIC --%LJCOMPILE% /MD /DLUA_BUILD_AS_DLL lj_*.c lib_*.c -+@set LJCOMPILE=%LJCOMPILE% /MD%LJCRTDBG% -+%LJCOMPILE% /DLUA_BUILD_AS_DLL lj_*.c lib_*.c - @if errorlevel 1 goto :BAD - %LJLINK% /DLL /out:%LJDLLNAME% lj_*.obj lib_*.obj - @if errorlevel 1 goto :BAD - @goto :MTDLL - :STATIC -+@shift -+@set LJCOMPILE=%LJCOMPILE% /MT%LJCRTDBG% - %LJCOMPILE% lj_*.c lib_*.c - @if errorlevel 1 goto :BAD - %LJLIB% /OUT:%LJLIBNAME% lj_*.obj lib_*.obj - @if errorlevel 1 goto :BAD - @goto :MTDLL - :AMALGDLL --%LJCOMPILE% /MD /DLUA_BUILD_AS_DLL ljamalg.c -+@shift -+@set LJCOMPILE=%LJCOMPILE% /MD%LJCRTDBG% -+%LJCOMPILE% /DLUA_BUILD_AS_DLL ljamalg.c - @if errorlevel 1 goto :BAD - %LJLINK% /DLL /out:%LJDLLNAME% ljamalg.obj lj_vm.obj - @if errorlevel 1 goto :BAD + ############################################################################## +diff --git a/src/msvcbuild.bat b/src/msvcbuild.bat +index ae035dc..5851aa3 100644 +--- a/src/msvcbuild.bat ++++ b/src/msvcbuild.bat +@@ -16,6 +16,7 @@ + @rem Add more debug flags here, e.g. DEBUGCFLAGS=/DLUA_USE_APICHECK + @set DEBUGCFLAGS= + @set LJCOMPILE=cl /nologo /c /O2 /W3 /D_CRT_SECURE_NO_DEPRECATE /D_CRT_STDIO_INLINE=__declspec(dllexport)__inline ++@set LJCOMPILE=cl /nologo /c /W3 /D_CRT_SECURE_NO_DEPRECATE /D_CRT_STDIO_INLINE=__declspec(dllexport)__inline /DLUAJIT_ENABLE_LUA52COMPAT + @set LJLINK=link /nologo + @set LJMT=mt /nologo + @set LJLIB=lib /nologo /nodefaultlib +@@ -27,7 +28,7 @@ + @set BUILDTYPE=release + @set ALL_LIB=lib_base.c lib_math.c lib_bit.c lib_string.c lib_table.c lib_io.c lib_os.c lib_package.c lib_debug.c lib_jit.c lib_ffi.c + +-%LJCOMPILE% host\minilua.c ++%LJCOMPILE% /O2 host\minilua.c + @if errorlevel 1 goto :BAD + %LJLINK% /out:minilua.exe minilua.obj + @if errorlevel 1 goto :BAD +@@ -51,7 +52,7 @@ if exist minilua.exe.manifest^ + minilua %DASM% -LN %DASMFLAGS% -o host\buildvm_arch.h %DASC% + @if errorlevel 1 goto :BAD + +-%LJCOMPILE% /I "." /I %DASMDIR% host\buildvm*.c ++%LJCOMPILE% /O2 /I "." /I %DASMDIR% host\buildvm*.c + @if errorlevel 1 goto :BAD + %LJLINK% /out:buildvm.exe buildvm*.obj + @if errorlevel 1 goto :BAD +@@ -76,25 +77,35 @@ buildvm -m folddef -o lj_folddef.h lj_opt_fold.c + @if "%1" neq "debug" goto :NODEBUG + @shift + @set BUILDTYPE=debug +-@set LJCOMPILE=%LJCOMPILE% /Zi %DEBUGCFLAGS% ++@set LJCOMPILE=%LJCOMPILE% /Zi /O0 %DEBUGCFLAGS% + @set LJLINK=%LJLINK% /opt:ref /opt:icf /incremental:no ++@set LJCRTDBG=d ++@goto :ENDDEBUG + :NODEBUG ++@set LJCOMPILE=%LJCOMPILE% /O2 /Z7 + @set LJLINK=%LJLINK% /%BUILDTYPE% ++@set LJCRTDBG= ++:ENDDEBUG + @if "%1"=="amalg" goto :AMALGDLL + @if "%1"=="static" goto :STATIC +-%LJCOMPILE% /MD /DLUA_BUILD_AS_DLL lj_*.c lib_*.c ++@set LJCOMPILE=%LJCOMPILE% /MD%LJCRTDBG% ++%LJCOMPILE% /DLUA_BUILD_AS_DLL lj_*.c lib_*.c + @if errorlevel 1 goto :BAD + %LJLINK% /DLL /out:%LJDLLNAME% lj_*.obj lib_*.obj + @if errorlevel 1 goto :BAD + @goto :MTDLL + :STATIC ++@shift ++@set LJCOMPILE=%LJCOMPILE% /MT%LJCRTDBG% + %LJCOMPILE% lj_*.c lib_*.c + @if errorlevel 1 goto :BAD + %LJLIB% /OUT:%LJLIBNAME% lj_*.obj lib_*.obj + @if errorlevel 1 goto :BAD + @goto :MTDLL + :AMALGDLL +-%LJCOMPILE% /MD /DLUA_BUILD_AS_DLL ljamalg.c ++@shift ++@set LJCOMPILE=%LJCOMPILE% /MD%LJCRTDBG% +++%LJCOMPILE% /DLUA_BUILD_AS_DLL ljamalg.c + @if errorlevel 1 goto :BAD + %LJLINK% /DLL /out:%LJDLLNAME% ljamalg.obj lj_vm.obj + @if errorlevel 1 goto :BAD +-- +2.28.0.1011.ga647a8990f-goog + diff --git a/build.py b/build.py new file mode 100755 index 0000000..9c71271 diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl index 6eba5a821d1d..c9ed241720bb 100644 --- a/bazel/repository_locations.bzl +++ b/bazel/repository_locations.bzl @@ -283,13 +283,15 @@ DEPENDENCY_REPOSITORIES_SPEC = dict( project_name = "LuaJIT", project_desc = "Just-In-Time compiler for Lua", project_url = "https://luajit.org", - version = "2.1.0-beta3", - sha256 = "409f7fe570d3c16558e594421c47bdd130238323c9d6fd6c83dedd2aaeb082a8", + # The last release version, 2.1.0-beta3 has a number of CVEs filed + # against it. These may not impact correct non-malicious Lua code, but for prudence we bump. + version = "e9af1abec542e6f9851ff2368e7f196b6382a44c", + sha256 = "186cd55c0e321aa2ec3c0f9220e31cc17479ec6222db515ec8b902f9275a9616", strip_prefix = "LuaJIT-{version}", - urls = ["https://github.com/LuaJIT/LuaJIT/archive/v{version}.tar.gz"], + urls = ["https://github.com/LuaJIT/LuaJIT/archive/{version}.tar.gz"], + last_updated = "2020-10-09", use_category = ["dataplane_ext"], extensions = ["envoy.filters.http.lua"], - last_updated = "2017-11-07", cpe = "cpe:2.3:a:luajit:luajit:*", ), com_github_moonjit_moonjit = dict( diff --git a/test/extensions/filters/http/lua/lua_filter_test.cc b/test/extensions/filters/http/lua/lua_filter_test.cc index ac4ab9514037..2ca04be1b572 100644 --- a/test/extensions/filters/http/lua/lua_filter_test.cc +++ b/test/extensions/filters/http/lua/lua_filter_test.cc @@ -809,13 +809,14 @@ TEST_F(LuaHttpFilterTest, HttpCall) { .WillOnce( Invoke([&](Http::RequestMessagePtr& message, Http::AsyncClient::Callbacks& cb, const Http::AsyncClient::RequestOptions&) -> Http::AsyncClient::Request* { - EXPECT_EQ((Http::TestRequestHeaderMapImpl{{":path", "/"}, - {":method", "POST"}, - {":authority", "foo"}, - {"set-cookie", "flavor=chocolate; Path=/"}, - {"set-cookie", "variant=chewy; Path=/"}, - {"content-length", "11"}}), - message->headers()); + const Http::TestRequestHeaderMapImpl expected_headers{ + {":method", "POST"}, + {":path", "/"}, + {":authority", "foo"}, + {"set-cookie", "flavor=chocolate; Path=/"}, + {"set-cookie", "variant=chewy; Path=/"}, + {"content-length", "11"}}; + EXPECT_THAT(&message->headers(), HeaderMapEqualIgnoreOrder(&expected_headers)); callbacks = &cb; return &request; })); @@ -877,13 +878,14 @@ TEST_F(LuaHttpFilterTest, HttpCallAsyncFalse) { .WillOnce( Invoke([&](Http::RequestMessagePtr& message, Http::AsyncClient::Callbacks& cb, const Http::AsyncClient::RequestOptions&) -> Http::AsyncClient::Request* { - EXPECT_EQ((Http::TestRequestHeaderMapImpl{{":path", "/"}, - {":method", "POST"}, - {":authority", "foo"}, - {"set-cookie", "flavor=chocolate; Path=/"}, - {"set-cookie", "variant=chewy; Path=/"}, - {"content-length", "11"}}), - message->headers()); + const Http::TestRequestHeaderMapImpl expected_headers{ + {":path", "/"}, + {":method", "POST"}, + {":authority", "foo"}, + {"set-cookie", "flavor=chocolate; Path=/"}, + {"set-cookie", "variant=chewy; Path=/"}, + {"content-length", "11"}}; + EXPECT_THAT(&message->headers(), HeaderMapEqualIgnoreOrder(&expected_headers)); callbacks = &cb; return &request; })); @@ -936,13 +938,14 @@ TEST_F(LuaHttpFilterTest, HttpCallAsynchronous) { .WillOnce( Invoke([&](Http::RequestMessagePtr& message, Http::AsyncClient::Callbacks& cb, const Http::AsyncClient::RequestOptions&) -> Http::AsyncClient::Request* { - EXPECT_EQ((Http::TestRequestHeaderMapImpl{{":path", "/"}, - {":method", "POST"}, - {":authority", "foo"}, - {"set-cookie", "flavor=chocolate; Path=/"}, - {"set-cookie", "variant=chewy; Path=/"}, - {"content-length", "11"}}), - message->headers()); + const Http::TestRequestHeaderMapImpl expected_headers{ + {":path", "/"}, + {":method", "POST"}, + {":authority", "foo"}, + {"set-cookie", "flavor=chocolate; Path=/"}, + {"set-cookie", "variant=chewy; Path=/"}, + {"content-length", "11"}}; + EXPECT_THAT(&message->headers(), HeaderMapEqualIgnoreOrder(&expected_headers)); callbacks = &cb; return &request; })); @@ -1004,11 +1007,11 @@ TEST_F(LuaHttpFilterTest, DoubleHttpCall) { .WillOnce( Invoke([&](Http::RequestMessagePtr& message, Http::AsyncClient::Callbacks& cb, const Http::AsyncClient::RequestOptions&) -> Http::AsyncClient::Request* { - EXPECT_EQ((Http::TestRequestHeaderMapImpl{{":path", "/"}, - {":method", "POST"}, - {":authority", "foo"}, - {"content-length", "11"}}), - message->headers()); + const Http::TestRequestHeaderMapImpl expected_headers{{":path", "/"}, + {":method", "POST"}, + {":authority", "foo"}, + {"content-length", "11"}}; + EXPECT_THAT(&message->headers(), HeaderMapEqualIgnoreOrder(&expected_headers)); callbacks = &cb; return &request; })); @@ -1027,9 +1030,9 @@ TEST_F(LuaHttpFilterTest, DoubleHttpCall) { .WillOnce( Invoke([&](Http::RequestMessagePtr& message, Http::AsyncClient::Callbacks& cb, const Http::AsyncClient::RequestOptions&) -> Http::AsyncClient::Request* { - EXPECT_EQ((Http::TestRequestHeaderMapImpl{ - {":path", "/bar"}, {":method", "GET"}, {":authority", "foo"}}), - message->headers()); + const Http::TestRequestHeaderMapImpl expected_headers{ + {":path", "/bar"}, {":method", "GET"}, {":authority", "foo"}}; + EXPECT_THAT(&message->headers(), HeaderMapEqualIgnoreOrder(&expected_headers)); callbacks = &cb; return &request; })); @@ -1084,9 +1087,9 @@ TEST_F(LuaHttpFilterTest, HttpCallNoBody) { .WillOnce( Invoke([&](Http::RequestMessagePtr& message, Http::AsyncClient::Callbacks& cb, const Http::AsyncClient::RequestOptions&) -> Http::AsyncClient::Request* { - EXPECT_EQ((Http::TestRequestHeaderMapImpl{ - {":path", "/"}, {":method", "GET"}, {":authority", "foo"}}), - message->headers()); + const Http::TestRequestHeaderMapImpl expected_headers{ + {":path", "/"}, {":method", "GET"}, {":authority", "foo"}}; + EXPECT_THAT(&message->headers(), HeaderMapEqualIgnoreOrder(&expected_headers)); callbacks = &cb; return &request; })); @@ -1142,9 +1145,9 @@ TEST_F(LuaHttpFilterTest, HttpCallImmediateResponse) { .WillOnce( Invoke([&](Http::RequestMessagePtr& message, Http::AsyncClient::Callbacks& cb, const Http::AsyncClient::RequestOptions&) -> Http::AsyncClient::Request* { - EXPECT_EQ((Http::TestRequestHeaderMapImpl{ - {":path", "/"}, {":method", "GET"}, {":authority", "foo"}}), - message->headers()); + const Http::TestRequestHeaderMapImpl expected_headers{ + {":path", "/"}, {":method", "GET"}, {":authority", "foo"}}; + EXPECT_THAT(&message->headers(), HeaderMapEqualIgnoreOrder(&expected_headers)); callbacks = &cb; return &request; })); diff --git a/test/test_common/utility.cc b/test/test_common/utility.cc index a0a4814f37c8..928cb440c5f2 100644 --- a/test/test_common/utility.cc +++ b/test/test_common/utility.cc @@ -28,6 +28,7 @@ #include "common/config/resource_name.h" #include "common/filesystem/directory.h" #include "common/filesystem/filesystem_impl.h" +#include "common/http/header_utility.h" #include "common/json/json_loader.h" #include "common/network/address_impl.h" #include "common/network/utility.h" @@ -65,22 +66,29 @@ uint64_t TestRandomGenerator::random() { return generator_(); } bool TestUtility::headerMapEqualIgnoreOrder(const Http::HeaderMap& lhs, const Http::HeaderMap& rhs) { - if (lhs.size() != rhs.size()) { - return false; - } - - bool equal = true; - rhs.iterate([&lhs, &equal](const Http::HeaderEntry& header) -> Http::HeaderMap::Iterate { - const Http::HeaderEntry* entry = - lhs.get(Http::LowerCaseString(std::string(header.key().getStringView()))); - if (entry == nullptr || (entry->value() != header.value().getStringView())) { - equal = false; + absl::flat_hash_set lhs_keys; + absl::flat_hash_set rhs_keys; + lhs.iterate([&lhs_keys](const Http::HeaderEntry& header) -> Http::HeaderMap::Iterate { + const std::string key{header.key().getStringView()}; + lhs_keys.insert(key); + return Http::HeaderMap::Iterate::Continue; + }); + rhs.iterate([&lhs, &rhs, &rhs_keys](const Http::HeaderEntry& header) -> Http::HeaderMap::Iterate { + const std::string key{header.key().getStringView()}; + // Compare with canonicalized multi-value headers. This ensures we respect order within + // a header. + const auto lhs_entry = + Http::HeaderUtility::getAllOfHeaderAsString(lhs, Http::LowerCaseString(key)); + const auto rhs_entry = + Http::HeaderUtility::getAllOfHeaderAsString(rhs, Http::LowerCaseString(key)); + ASSERT(rhs_entry.result()); + if (lhs_entry.result() != rhs_entry.result()) { return Http::HeaderMap::Iterate::Break; } + rhs_keys.insert(key); return Http::HeaderMap::Iterate::Continue; }); - - return equal; + return lhs_keys.size() == rhs_keys.size(); } bool TestUtility::buffersEqual(const Buffer::Instance& lhs, const Buffer::Instance& rhs) { diff --git a/test/test_common/utility_test.cc b/test/test_common/utility_test.cc index 648d65cda365..71190a50317e 100644 --- a/test/test_common/utility_test.cc +++ b/test/test_common/utility_test.cc @@ -28,6 +28,24 @@ TEST(HeaderMapEqualIgnoreOrder, NotEqual) { EXPECT_FALSE(TestUtility::headerMapEqualIgnoreOrder(lhs, rhs)); } +TEST(HeaderMapEqualIgnoreOrder, MultiValue) { + { + Http::TestRequestHeaderMapImpl lhs{{"bar", "a"}, {"foo", "1"}, {"foo", "2"}}; + Http::TestRequestHeaderMapImpl rhs{{"foo", "1"}, {"bar", "a"}, {"foo", "2"}}; + EXPECT_TRUE(TestUtility::headerMapEqualIgnoreOrder(lhs, rhs)); + } + { + Http::TestRequestHeaderMapImpl lhs{{"bar", "a"}, {"foo", "1"}, {"foo", "2"}}; + Http::TestRequestHeaderMapImpl rhs{{"foo", "2"}, {"bar", "a"}, {"foo", "1"}}; + EXPECT_FALSE(TestUtility::headerMapEqualIgnoreOrder(lhs, rhs)); + } + { + Http::TestRequestHeaderMapImpl lhs{{"bar", "a"}, {"foo", "1"}, {"foo", "2"}}; + Http::TestRequestHeaderMapImpl rhs{{"foo", "1,2"}, {"bar", "a"}}; + EXPECT_TRUE(TestUtility::headerMapEqualIgnoreOrder(lhs, rhs)); + } +} + TEST(ProtoEqIgnoreField, ActuallyEqual) { // Ignored field equal { From f13c45902a34358bb85d3401160e3d27e3ac0fc9 Mon Sep 17 00:00:00 2001 From: Harvey Tuch Date: Tue, 13 Oct 2020 11:48:52 -0400 Subject: [PATCH 2/5] Windows fixes from https://github.com/envoyproxy/envoy/pull/13541/commits/1a756ef3a4b7deeccf0636fdfbe68343e9aefd95 Signed-off-by: Harvey Tuch --- bazel/foreign_cc/BUILD | 7 +-- bazel/foreign_cc/luajit.patch | 59 +++++++++++++-------- bazel/foreign_cc/moonjit.patch | 96 +--------------------------------- 3 files changed, 42 insertions(+), 120 deletions(-) diff --git a/bazel/foreign_cc/BUILD b/bazel/foreign_cc/BUILD index 20c91b683b7c..c2a214747107 100644 --- a/bazel/foreign_cc/BUILD +++ b/bazel/foreign_cc/BUILD @@ -67,16 +67,13 @@ configure_make( # TODO(htuch): Remove when #6084 is fixed "//bazel:asan_build": {"ENVOY_CONFIG_ASAN": "1"}, "//bazel:msan_build": {"ENVOY_CONFIG_MSAN": "1"}, - "//bazel:windows_dbg_build": {"WINDOWS_DBG_BUILD": "debug"}, "//conditions:default": {}, }), lib_source = "@com_github_moonjit_moonjit//:all", make_commands = [], out_include_dir = "include/moonjit-2.2", - static_libraries = select({ - "//bazel:windows_x86_64": ["lua51.lib"], - "//conditions:default": ["libluajit-5.1.a"], - }), + static_libraries = ["libluajit-5.1.a"], + tags = ["skip_on_windows"], ) envoy_cmake_external( diff --git a/bazel/foreign_cc/luajit.patch b/bazel/foreign_cc/luajit.patch index 364618af791d..ad0bd3a0357f 100644 --- a/bazel/foreign_cc/luajit.patch +++ b/bazel/foreign_cc/luajit.patch @@ -1,5 +1,5 @@ diff --git a/src/Makefile b/src/Makefile -index e65b55e..9d4633c 100644 +index e65b55e..f0a61dd 100644 --- a/src/Makefile +++ b/src/Makefile @@ -27,7 +27,7 @@ NODOTABIVER= 51 @@ -33,6 +33,17 @@ index e65b55e..9d4633c 100644 # # Disable the JIT compiler, i.e. turn LuaJIT into a pure interpreter. #XCFLAGS+= -DLUAJIT_DISABLE_JIT +@@ -110,8 +110,8 @@ XCFLAGS= + #XCFLAGS+= -DLUAJIT_NUMMODE=1 + #XCFLAGS+= -DLUAJIT_NUMMODE=2 + # +-# Disable LJ_GC64 mode for x64. +-#XCFLAGS+= -DLUAJIT_DISABLE_GC64 ++# Enable GC64 mode for x64. ++XCFLAGS+= -DLUAJIT_ENABLE_GC64 + # + ############################################################################## + @@ -591,7 +591,7 @@ endif Q= @ @@ -43,19 +54,25 @@ index e65b55e..9d4633c 100644 ############################################################################## diff --git a/src/msvcbuild.bat b/src/msvcbuild.bat -index ae035dc..5851aa3 100644 +index ae035dc..0e7eac9 100644 --- a/src/msvcbuild.bat +++ b/src/msvcbuild.bat -@@ -16,6 +16,7 @@ - @rem Add more debug flags here, e.g. DEBUGCFLAGS=/DLUA_USE_APICHECK - @set DEBUGCFLAGS= - @set LJCOMPILE=cl /nologo /c /O2 /W3 /D_CRT_SECURE_NO_DEPRECATE /D_CRT_STDIO_INLINE=__declspec(dllexport)__inline +@@ -13,9 +13,7 @@ + @if not defined INCLUDE goto :FAIL + + @setlocal +-@rem Add more debug flags here, e.g. DEBUGCFLAGS=/DLUA_USE_APICHECK +-@set DEBUGCFLAGS= +-@set LJCOMPILE=cl /nologo /c /O2 /W3 /D_CRT_SECURE_NO_DEPRECATE /D_CRT_STDIO_INLINE=__declspec(dllexport)__inline +@set LJCOMPILE=cl /nologo /c /W3 /D_CRT_SECURE_NO_DEPRECATE /D_CRT_STDIO_INLINE=__declspec(dllexport)__inline /DLUAJIT_ENABLE_LUA52COMPAT @set LJLINK=link /nologo @set LJMT=mt /nologo @set LJLIB=lib /nologo /nodefaultlib -@@ -27,7 +28,7 @@ - @set BUILDTYPE=release +@@ -24,10 +22,9 @@ + @set DASC=vm_x64.dasc + @set LJDLLNAME=lua51.dll + @set LJLIBNAME=lua51.lib +-@set BUILDTYPE=release @set ALL_LIB=lib_base.c lib_math.c lib_bit.c lib_string.c lib_table.c lib_io.c lib_os.c lib_package.c lib_debug.c lib_jit.c lib_ffi.c -%LJCOMPILE% host\minilua.c @@ -63,7 +80,7 @@ index ae035dc..5851aa3 100644 @if errorlevel 1 goto :BAD %LJLINK% /out:minilua.exe minilua.obj @if errorlevel 1 goto :BAD -@@ -51,7 +52,7 @@ if exist minilua.exe.manifest^ +@@ -51,7 +48,7 @@ if exist minilua.exe.manifest^ minilua %DASM% -LN %DASMFLAGS% -o host\buildvm_arch.h %DASC% @if errorlevel 1 goto :BAD @@ -72,24 +89,27 @@ index ae035dc..5851aa3 100644 @if errorlevel 1 goto :BAD %LJLINK% /out:buildvm.exe buildvm*.obj @if errorlevel 1 goto :BAD -@@ -76,25 +77,35 @@ buildvm -m folddef -o lj_folddef.h lj_opt_fold.c +@@ -75,26 +72,35 @@ buildvm -m folddef -o lj_folddef.h lj_opt_fold.c + @if "%1" neq "debug" goto :NODEBUG @shift - @set BUILDTYPE=debug +-@set BUILDTYPE=debug -@set LJCOMPILE=%LJCOMPILE% /Zi %DEBUGCFLAGS% -+@set LJCOMPILE=%LJCOMPILE% /Zi /O0 %DEBUGCFLAGS% - @set LJLINK=%LJLINK% /opt:ref /opt:icf /incremental:no +-@set LJLINK=%LJLINK% /opt:ref /opt:icf /incremental:no ++@set LJCOMPILE=%LJCOMPILE% /O0 /Z7 ++@set LJLINK=%LJLINK% /debug /opt:ref /opt:icf /incremental:no +@set LJCRTDBG=d +@goto :ENDDEBUG :NODEBUG +-@set LJLINK=%LJLINK% /%BUILDTYPE% +@set LJCOMPILE=%LJCOMPILE% /O2 /Z7 - @set LJLINK=%LJLINK% /%BUILDTYPE% ++@set LJLINK=%LJLINK% /release /incremental:no +@set LJCRTDBG= +:ENDDEBUG @if "%1"=="amalg" goto :AMALGDLL @if "%1"=="static" goto :STATIC -%LJCOMPILE% /MD /DLUA_BUILD_AS_DLL lj_*.c lib_*.c -+@set LJCOMPILE=%LJCOMPILE% /MD%LJCRTDBG% ++@set LJCOMPILE=%LJCOMPILE% /MD%LJCRTDBG% +%LJCOMPILE% /DLUA_BUILD_AS_DLL lj_*.c lib_*.c @if errorlevel 1 goto :BAD %LJLINK% /DLL /out:%LJDLLNAME% lj_*.obj lib_*.obj @@ -106,17 +126,14 @@ index ae035dc..5851aa3 100644 :AMALGDLL -%LJCOMPILE% /MD /DLUA_BUILD_AS_DLL ljamalg.c +@shift -+@set LJCOMPILE=%LJCOMPILE% /MD%LJCRTDBG% -++%LJCOMPILE% /DLUA_BUILD_AS_DLL ljamalg.c ++@set LJCOMPILE=%LJCOMPILE% /MD%LJCRTDBG% ++%LJCOMPILE% /DLUA_BUILD_AS_DLL ljamalg.c @if errorlevel 1 goto :BAD %LJLINK% /DLL /out:%LJDLLNAME% ljamalg.obj lj_vm.obj @if errorlevel 1 goto :BAD --- -2.28.0.1011.ga647a8990f-goog - diff --git a/build.py b/build.py new file mode 100755 -index 0000000..9c71271 +index 0000000..3eb74ff --- /dev/null +++ b/build.py @@ -0,0 +1,56 @@ diff --git a/bazel/foreign_cc/moonjit.patch b/bazel/foreign_cc/moonjit.patch index 99ac22fb04fe..5bb745875132 100644 --- a/bazel/foreign_cc/moonjit.patch +++ b/bazel/foreign_cc/moonjit.patch @@ -3,7 +3,7 @@ new file mode 100644 index 00000000..dab3606c --- /dev/null +++ b/build.py -@@ -0,0 +1,56 @@ +@@ -0,0 +1,39 @@ +#!/usr/bin/env python3 + +import argparse @@ -41,24 +41,7 @@ index 00000000..dab3606c + + os.system('make -j{} V=1 PREFIX="{}" install'.format(os.cpu_count(), args.prefix)) + -+def win_main(): -+ src_dir = os.path.dirname(os.path.realpath(__file__)) -+ dst_dir = os.getcwd() + "/moonjit" -+ shutil.copytree(src_dir, os.path.basename(src_dir)) -+ os.chdir(os.path.basename(src_dir) + "/src") -+ os.system('msvcbuild.bat gc64 ' + os.getenv('WINDOWS_DBG_BUILD', '') + ' static') -+ os.makedirs(dst_dir + "/lib", exist_ok=True) -+ shutil.copy("lua51.lib", dst_dir + "/lib") -+ os.makedirs(dst_dir + "/include/moonjit-2.2", exist_ok=True) -+ for header in ["lauxlib.h", "luaconf.h", "lua.h", "lua.hpp", "luajit.h", "lualib.h"]: -+ shutil.copy(header, dst_dir + "/include/moonjit-2.2") -+ os.makedirs(dst_dir + "/bin", exist_ok=True) -+ shutil.copy("luajit.exe", dst_dir + "/bin") -+ -+if os.name == 'nt': -+ win_main() -+else: -+ main() ++main() + diff --git a/src/Makefile b/src/Makefile index dad9aeec..e10b3118 100644 @@ -104,78 +87,3 @@ index dad9aeec..e10b3118 100644 #E= @: ############################################################################## -diff --git a/src/msvcbuild.bat b/src/msvcbuild.bat -index c2d2c212..71f24422 100644 ---- a/src/msvcbuild.bat -+++ b/src/msvcbuild.bat -@@ -15,7 +15,7 @@ - @setlocal - @rem Add more debug flags here, e.g. DEBUGCFLAGS=/DLUA_USE_APICHECK - @set DEBUGCFLAGS= --@set LJCOMPILE=cl /nologo /c /O2 /W3 /D_CRT_SECURE_NO_DEPRECATE /D_CRT_STDIO_INLINE=__declspec(dllexport)__inline -+@set LJCOMPILE=cl /nologo /c /W3 /D_CRT_SECURE_NO_DEPRECATE /D_CRT_STDIO_INLINE=__declspec(dllexport)__inline /DLUAJIT_ENABLE_LUA52COMPAT - @set LJLINK=link /nologo - @set LJMT=mt /nologo - @set LJLIB=lib /nologo /nodefaultlib -@@ -24,10 +24,9 @@ - @set DASC=vm_x86.dasc - @set LJDLLNAME=lua51.dll - @set LJLIBNAME=lua51.lib --@set BUILDTYPE=release - @set ALL_LIB=lib_base.c lib_math.c lib_bit.c lib_string.c lib_table.c lib_io.c lib_os.c lib_package.c lib_debug.c lib_jit.c lib_ffi.c lib_utf8.c - --%LJCOMPILE% host\minilua.c -+%LJCOMPILE% /O2 host\minilua.c - @if errorlevel 1 goto :BAD - %LJLINK% /out:minilua.exe minilua.obj - @if errorlevel 1 goto :BAD -@@ -50,7 +49,7 @@ if exist minilua.exe.manifest^ - minilua %DASM% -LN %DASMFLAGS% -o host\buildvm_arch.h %DASC% - @if errorlevel 1 goto :BAD - --%LJCOMPILE% /I "." /I %DASMDIR% host\buildvm*.c -+%LJCOMPILE% /O2 /I "." /I %DASMDIR% host\buildvm*.c - @if errorlevel 1 goto :BAD - %LJLINK% /out:buildvm.exe buildvm*.obj - @if errorlevel 1 goto :BAD -@@ -74,25 +73,35 @@ buildvm -m folddef -o lj_folddef.h lj_opt_fold.c - - @if "%1" neq "debug" goto :NODEBUG - @shift --@set BUILDTYPE=debug --@set LJCOMPILE=%LJCOMPILE% /Zi %DEBUGCFLAGS% -+@set LJCOMPILE=%LJCOMPILE% /O0 /Z7 -+@set LJLINK=%LJLINK% /debug /opt:ref /opt:icf /incremental:no -+@set LJCRTDBG=d -+@goto :ENDDEBUG - :NODEBUG --@set LJLINK=%LJLINK% /%BUILDTYPE% -+@set LJCOMPILE=%LJCOMPILE% /O2 /Z7 -+@set LJLINK=%LJLINK% /release /incremental:no -+@set LJCRTDBG= -+:ENDDEBUG - @if "%1"=="amalg" goto :AMALGDLL - @if "%1"=="static" goto :STATIC --%LJCOMPILE% /MD /DLUA_BUILD_AS_DLL lj_*.c lib_*.c -+@set LJCOMPILE=%LJCOMPILE% /MD%LJCRTDBG% -+LJCOMPILE% /DLUA_BUILD_AS_DLL lj_*.c lib_*.c - @if errorlevel 1 goto :BAD - %LJLINK% /DLL /out:%LJDLLNAME% lj_*.obj lib_*.obj - @if errorlevel 1 goto :BAD - @goto :MTDLL - :STATIC -+@shift -+@set LJCOMPILE=%LJCOMPILE% /MT%LJCRTDBG% - %LJCOMPILE% lj_*.c lib_*.c - @if errorlevel 1 goto :BAD - %LJLIB% /OUT:%LJLIBNAME% lj_*.obj lib_*.obj - @if errorlevel 1 goto :BAD - @goto :MTDLL - :AMALGDLL --%LJCOMPILE% /MD /DLUA_BUILD_AS_DLL ljamalg.c -+@shift -+@set LJCOMPILE=%LJCOMPILE% /MD%LJCRTDBG% -+%LJCOMPILE% /DLUA_BUILD_AS_DLL ljamalg.c - @if errorlevel 1 goto :BAD - %LJLINK% /DLL /out:%LJDLLNAME% ljamalg.obj lj_vm.obj - @if errorlevel 1 goto :BAD From 070d7dbd36769c6beaa4d357e4b46c05522b89ae Mon Sep 17 00:00:00 2001 From: Harvey Tuch Date: Tue, 13 Oct 2020 14:09:38 -0400 Subject: [PATCH 3/5] Fix wrappers_test, dynamic metadata doesn't have deterministic order. Signed-off-by: Harvey Tuch --- test/extensions/filters/http/lua/wrappers_test.cc | 1 - 1 file changed, 1 deletion(-) diff --git a/test/extensions/filters/http/lua/wrappers_test.cc b/test/extensions/filters/http/lua/wrappers_test.cc index e3b03f538eaf..990016db3f15 100644 --- a/test/extensions/filters/http/lua/wrappers_test.cc +++ b/test/extensions/filters/http/lua/wrappers_test.cc @@ -293,7 +293,6 @@ TEST_F(LuaStreamInfoWrapperTest, SetGetAndIterateDynamicMetadata) { end )EOF"}; - InSequence s; setup(SCRIPT); StreamInfo::StreamInfoImpl stream_info(Http::Protocol::Http2, test_time_.timeSystem()); From 8a793409a8815ffcc544ec9cb8845ec074951b6d Mon Sep 17 00:00:00 2001 From: Harvey Tuch Date: Tue, 13 Oct 2020 14:17:59 -0400 Subject: [PATCH 4/5] Bump to 1d8b747c161db457e032a023ebbff511f5de5ec2. Signed-off-by: Harvey Tuch --- bazel/repository_locations.bzl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl index 96bacc5b70c9..3f06398a644f 100644 --- a/bazel/repository_locations.bzl +++ b/bazel/repository_locations.bzl @@ -239,11 +239,11 @@ REPOSITORY_LOCATIONS_SPEC = dict( project_url = "https://luajit.org", # The last release version, 2.1.0-beta3 has a number of CVEs filed # against it. These may not impact correct non-malicious Lua code, but for prudence we bump. - version = "e9af1abec542e6f9851ff2368e7f196b6382a44c", - sha256 = "186cd55c0e321aa2ec3c0f9220e31cc17479ec6222db515ec8b902f9275a9616", + version = "1d8b747c161db457e032a023ebbff511f5de5ec2", + sha256 = "20a159c38a98ecdb6368e8d655343b6036622a29a1621da9dc303f7ed9bf37f3", strip_prefix = "LuaJIT-{version}", urls = ["https://github.com/LuaJIT/LuaJIT/archive/{version}.tar.gz"], - last_updated = "2020-10-09", + last_updated = "2020-10-13", use_category = ["dataplane_ext"], extensions = ["envoy.filters.http.lua"], cpe = "cpe:2.3:a:luajit:luajit:*", From 7eb3713a8910ef91468fb23e6a191ce54188a90b Mon Sep 17 00:00:00 2001 From: Harvey Tuch Date: Thu, 15 Oct 2020 10:40:11 -0400 Subject: [PATCH 5/5] wrowe@ suggestions. Signed-off-by: Harvey Tuch --- bazel/foreign_cc/luajit.patch | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/bazel/foreign_cc/luajit.patch b/bazel/foreign_cc/luajit.patch index ad0bd3a0357f..c0fb0da819fd 100644 --- a/bazel/foreign_cc/luajit.patch +++ b/bazel/foreign_cc/luajit.patch @@ -33,17 +33,6 @@ index e65b55e..f0a61dd 100644 # # Disable the JIT compiler, i.e. turn LuaJIT into a pure interpreter. #XCFLAGS+= -DLUAJIT_DISABLE_JIT -@@ -110,8 +110,8 @@ XCFLAGS= - #XCFLAGS+= -DLUAJIT_NUMMODE=1 - #XCFLAGS+= -DLUAJIT_NUMMODE=2 - # --# Disable LJ_GC64 mode for x64. --#XCFLAGS+= -DLUAJIT_DISABLE_GC64 -+# Enable GC64 mode for x64. -+XCFLAGS+= -DLUAJIT_ENABLE_GC64 - # - ############################################################################## - @@ -591,7 +591,7 @@ endif Q= @ @@ -179,7 +168,7 @@ index 0000000..3eb74ff + dst_dir = os.getcwd() + "/luajit" + shutil.copytree(src_dir, os.path.basename(src_dir)) + os.chdir(os.path.basename(src_dir) + "/src") -+ os.system('msvcbuild.bat gc64 ' + os.getenv('WINDOWS_DBG_BUILD', '') + ' static') ++ os.system('msvcbuild.bat ' + os.getenv('WINDOWS_DBG_BUILD', '') + ' static') + os.makedirs(dst_dir + "/lib", exist_ok=True) + shutil.copy("lua51.lib", dst_dir + "/lib") + os.makedirs(dst_dir + "/include/luajit-2.1", exist_ok=True)