Skip to content

Commit

Permalink
Add usage warnings to mfio-netfs
Browse files Browse the repository at this point in the history
  • Loading branch information
h33p committed Nov 30, 2023
1 parent 2dc631c commit 54fe777
Show file tree
Hide file tree
Showing 4 changed files with 27 additions and 0 deletions.
8 changes: 8 additions & 0 deletions mfio-netfs/src/bin/mfio-netfs-server.rs
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
use clap::Parser;
use log::*;
use mfio::backend::*;
use mfio_rt::{NativeRt, Tcp};
use std::net::SocketAddr;
Expand All @@ -12,12 +13,19 @@ struct Args {
fn main() -> anyhow::Result<()> {
env_logger::init();

println!(
"mfio-netfs is a dangerous PoC that violates memory safety. Do not run in production!"
);
warn!("mfio-netfs is a dangerous PoC that violates memory safety. Do not run in production!");
info!("Grep for 'memunsafe' to see details.");

let args = Args::parse();

let fs = NativeRt::default();

fs.block_on(async {
let listener = fs.bind(args.bind).await?;
info!("Bound to {}", args.bind);
mfio_netfs::server(&fs, listener).await;
Ok(())
})
Expand Down
8 changes: 8 additions & 0 deletions mfio-netfs/src/net/client.rs
Original file line number Diff line number Diff line change
Expand Up @@ -274,6 +274,14 @@ impl NetworkFs {
}
};

// Verify that the tag is proper, since otherwise we may jump to the wrong place of
// code. TODO: use proper deserialization techniques
// SAFETY: memunsafe made safe
// while adding this check saves us from memory safety bugs, this will probably
// still lead to arbitrarily large allocations that make us crash.
let tag = unsafe { *(&resp as *const _ as *const u8) };
assert!(tag < 4, "incoming data tag is invalid {tag}");

trace!("Response: {resp:?}");

match resp {
Expand Down
3 changes: 3 additions & 0 deletions mfio-netfs/src/net/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ use mfio::io::{
use mfio::tarc::BaseArc;
use mfio_rt::{DirEntry, DirOp, Metadata, OpenOptions};

// SAFETY: memunsafe
// We cannot have safe implementation of this, because malformed data may lead to invalid tag.
// This may lead to incorrect jumps in pattern matching.
unsafe impl Zeroable for Request {}
unsafe impl Pod for Request {}
unsafe impl Zeroable for Response {}
Expand Down
8 changes: 8 additions & 0 deletions mfio-netfs/src/net/server.rs
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,14 @@ async fn run_server(stream: NativeTcpStream, fs: &NativeRt) {
} {
let end_span = tracing::span!(tracing::Level::TRACE, "server read Request");
let op = async {
// Verify that the tag is proper, since otherwise we may jump to the wrong place of
// code. TODO: use proper deserialization techniques
// SAFETY: memunsafe made safe
// while adding this check saves us from memory safety bugs, this will probably
// still lead to arbitrarily large allocations that make us crash.
let tag = unsafe { *(&v as *const _ as *const u8) };
assert!(tag < 5, "incoming data tag is invalid {tag}");

trace!("Receive req: {v:?}");

match v {
Expand Down

0 comments on commit 54fe777

Please sign in to comment.