Author: Armin Rigo <[email protected]>
Branch: sandbox-2
Changeset: r97289:f4bf2fbd0c19
Date: 2019-08-27 08:42 +0200
http://bitbucket.org/pypy/pypy/changeset/f4bf2fbd0c19/
Log: in-progress
diff --git a/pypy/module/__pypy__/interp_time.py
b/pypy/module/__pypy__/interp_time.py
--- a/pypy/module/__pypy__/interp_time.py
+++ b/pypy/module/__pypy__/interp_time.py
@@ -6,10 +6,12 @@
from rpython.rtyper.lltypesystem import rffi, lltype
from rpython.rlib import rtime
from rpython.rlib.rtime import HAS_CLOCK_GETTIME
+from rpython.rlib.objectmodel import sandbox_review
if HAS_CLOCK_GETTIME:
+ @sandbox_review(reviewed=True)
@unwrap_spec(clk_id="c_int")
def clock_gettime(space, clk_id):
with lltype.scoped_alloc(rtime.TIMESPEC) as tp:
@@ -20,6 +22,7 @@
float(rffi.getintfield(tp, 'c_tv_nsec')) * 0.000000001)
return space.newfloat(t)
+ @sandbox_review(reviewed=True)
@unwrap_spec(clk_id="c_int")
def clock_getres(space, clk_id):
with lltype.scoped_alloc(rtime.TIMESPEC) as tp:
diff --git a/pypy/module/_file/readinto.py b/pypy/module/_file/readinto.py
--- a/pypy/module/_file/readinto.py
+++ b/pypy/module/_file/readinto.py
@@ -22,7 +22,7 @@
fd = -1
target_pos = 0
- if size > 64:
+ if size > 64 and not self.space.config.translation.sandbox:
try:
target_address = rwbuffer.get_raw_address()
except ValueError:
@@ -48,6 +48,13 @@
else:
# optimized case: reading more than 64 bytes into a rwbuffer
# with a valid raw address
+
+ # XXX note that this is not fully safe, because we don't "lock"
+ # the buffer so we can't in theory pass its raw address to c_read().
+ # Another thread could cause it to be freed in parallel.
+ # Without proper buffer locking, it's not going to be fixed, though.
+ assert not self.space.config.translation.sandbox
+
self.check_readable()
# first "read" the part that is already sitting in buffers, if any
diff --git a/rpython/rlib/rposix.py b/rpython/rlib/rposix.py
--- a/rpython/rlib/rposix.py
+++ b/rpython/rlib/rposix.py
@@ -495,6 +495,7 @@
#___________________________________________________________________
+@sandbox_review(reviewed=True)
@replace_os_function('open')
@specialize.argtype(0)
@enforceargs(NOT_CONSTANT, int, int, typecheck=False)
@@ -514,6 +515,7 @@
c_close = external(UNDERSCORE_ON_WIN32 + 'close', [rffi.INT], rffi.INT,
releasegil=False, save_err=rffi.RFFI_SAVE_ERRNO)
+@sandbox_review(reviewed=True)
@replace_os_function('read')
@signature(types.int(), types.int(), returns=types.any())
def read(fd, count):
@@ -525,6 +527,7 @@
got = handle_posix_error('read', c_read(fd, void_buf, count))
return buf.str(got)
+@sandbox_review(reviewed=True)
@replace_os_function('write')
@signature(types.int(), types.any(), returns=types.any())
def write(fd, data):
@@ -711,6 +714,7 @@
with FdValidator(fd):
handle_posix_error('fchdir', c_fchdir(fd))
+@sandbox_review(reviewed=True)
@replace_os_function('access')
@specialize.argtype(0)
def access(path, mode):
@@ -753,6 +757,7 @@
[rffi.CWCHARP, rffi.SIZE_T], rffi.CWCHARP,
save_err=rffi.RFFI_SAVE_ERRNO)
+@sandbox_review(reviewed=True)
@replace_os_function('getcwd')
def getcwd():
bufsize = 256
@@ -773,6 +778,7 @@
lltype.free(buf, flavor='raw')
return result
+@sandbox_review(reviewed=True)
@replace_os_function('getcwdu')
def getcwdu():
bufsize = 256
diff --git a/rpython/rlib/rposix_environ.py b/rpython/rlib/rposix_environ.py
--- a/rpython/rlib/rposix_environ.py
+++ b/rpython/rlib/rposix_environ.py
@@ -2,7 +2,7 @@
import sys
from rpython.annotator import model as annmodel
from rpython.rlib._os_support import _WIN32, StringTraits, UnicodeTraits
-from rpython.rlib.objectmodel import enforceargs
+from rpython.rlib.objectmodel import enforceargs, sandbox_review
# importing rposix here creates a cycle on Windows
from rpython.rtyper.controllerentry import Controller
from rpython.rtyper.lltypesystem import rffi, lltype
@@ -148,6 +148,7 @@
byname, eq = envkeepalive.bywname, u'='
from rpython.rlib.rwin32 import lastSavedWindowsError as last_error
+ @sandbox_review(reviewed=True)
def envitems_llimpl():
environ = get_environ()
result = []
@@ -162,6 +163,7 @@
i += 1
return result
+ @sandbox_review(reviewed=True)
def getenv_llimpl(name):
with traits.scoped_str2charp(name) as l_name:
l_result = getenv(l_name)
diff --git a/rpython/rlib/rposix_stat.py b/rpython/rlib/rposix_stat.py
--- a/rpython/rlib/rposix_stat.py
+++ b/rpython/rlib/rposix_stat.py
@@ -18,6 +18,7 @@
from rpython.rlib._os_support import _preferred_traits, string_traits
from rpython.rlib.objectmodel import specialize, we_are_translated, not_rpython
+from rpython.rlib.objectmodel import sandbox_review
from rpython.rtyper.lltypesystem import lltype, rffi
from rpython.translator.tool.cbuild import ExternalCompilationInfo
from rpython.rlib.rarithmetic import intmask
@@ -574,6 +575,7 @@
finally:
lltype.free(info, flavor='raw')
+@sandbox_review(reviewed=True)
@replace_os_function('stat')
@specialize.argtype(0)
def stat(path):
@@ -587,6 +589,7 @@
path = traits.as_str0(path)
return win32_xstat(traits, path, traverse=True)
+@sandbox_review(reviewed=True)
@replace_os_function('lstat')
@specialize.argtype(0)
def lstat(path):
diff --git a/rpython/rtyper/lltypesystem/rffi.py
b/rpython/rtyper/lltypesystem/rffi.py
--- a/rpython/rtyper/lltypesystem/rffi.py
+++ b/rpython/rtyper/lltypesystem/rffi.py
@@ -346,11 +346,15 @@
wrapper = sandbox_review(abort=True)(wrapper)
else:
assert isinstance(sandboxsafe, bool)
- wrapper = sandbox_review(reviewed=True)(wrapper)
+ if sandboxsafe or (all(_sandbox_type_safe(ARG) for ARG in args) and
+ _sandbox_type_safe(result)):
+ wrapper = sandbox_review(reviewed=True)(wrapper)
+ else:
+ wrapper = sandbox_review(check_caller=True)(wrapper)
return wrapper
-def sandbox_check_type(TYPE):
- return not isinstance(TYPE, lltype.Primitive) or TYPE == llmemory.Address
+def _sandbox_type_safe(TYPE):
+ return isinstance(TYPE, lltype.Primitive) and TYPE != llmemory.Address
class CallbackHolder:
_______________________________________________
pypy-commit mailing list
[email protected]
https://mail.python.org/mailman/listinfo/pypy-commit
