Perf optimization, Alibaba PVM compatibility, and security hardening#1007
Perf optimization, Alibaba PVM compatibility, and security hardening#1007dywongcloud wants to merge 9 commits into
Conversation
Performance (reducing host syscalls and page-table churn, the dominant cost inside pagetable-based VMs such as Alibaba Cloud PVM guests): - mm: madvise(DONTNEED/FREE) on anonymous mappings now uses a single host madvise via new PageManagementProvider::discard_pages instead of per-VMA MAP_FIXED remaps; anonymous mmaps skip the RW-staging window (one host syscall instead of two); mprotect/munmap coalesce adjacent VMAs into single host calls - platform/linux_userland: CoW file mappings reuse a pre-opened fd (was open+mmap+close per mapping); alternate signal stacks are pooled across guest threads; pending-signal drain avoids atomic xchg when empty; timed-wait timespec avoids u128 division - shim: sys_read/sys_write/readv/writev/sendto reuse a per-task scratch buffer with bounded chunking instead of per-syscall zeroed allocations; program load copies files in 128KiB chunks and writes back only patched spans; non-ELF fds are negatively cached - core: futex wake publishes and releases entries before issuing host wakes and pre-checks the futex word before bucket insertion; fd table uses a free-slot bitmap (O(1) lowest-fd) and cached subsystem TypeId; TCP buffers (512KiB) allocate lazily at connect; path normalization is single-pass without intermediate allocation; contended-mutex spin budget is now platform-tunable (long spins are wasted work when a vCPU is preempted) - rewriter: sections are decoded once instead of twice and branch targets use sorted-vec binary search (~1.6x faster on a 124MB binary); fixed chunked decoding resuming mid-instruction at chunk boundaries - build: release profile enables thin LTO and codegen-units=1 Capabilities: - futex: implement FUTEX_REQUEUE/FUTEX_CMP_REQUEUE; unsupported ops now return ENOSYS instead of panicking - sysinfo: report the platform's actual online CPU count PVM guest compatibility: - seccomp: allow clock_gettime/clock_getres/gettimeofday — glibc falls back to the real syscall when the guest clocksource is not vDSO-capable (e.g. unstable TSC under PVM), which previously died with SIGSYS - fail fast with an actionable error at startup when FSGSBASE is unavailable instead of SIGILL at first guest entry - bounded spinning in the shim transport (PAUSE loops burn preempted vCPU quanta under PVM) - check clock_gettime return value instead of assuming success Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01End2XtfTCUfUyZsyAU8NsU
The alternate-signal-stack free list is a deliberate process-wide cache (uniform stacks reused across guest threads), so the global count for litebox_platform_linux_userland goes from 5 to 6. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01End2XtfTCUfUyZsyAU8NsU
The guest/host transition and signal-handler code read and write the fs/gs bases with rdfsbase/wrgsbase, which #UD (SIGILL) unless the host has CR4.FSGSBASE set. Some hosts lack it — old CPUs/kernels, hosts booted with `nofsgsbase`, and PVM (pagetable-based VM) guests on such hosts. The previous commit failed fast there; instead, detect FSGSBASE once at startup (AT_HWCAP2) and branch each fs/gs access: - native path: unchanged rdfsbase/wrgsbase/rdgsbase/wrfsbase - fallback path: arch_prctl(ARCH_GET/SET_FS/GS) syscalls, with the host fs base cached in a new `host_fsbase` TLS slot so the syscall-return path can restore it without an FSGSBASE read The transition assembly saves the full guest register frame before restoring the host fs base so the fallback syscalls may clobber caller-saved registers and flags freely; the entry path reloads the thread-context pointer (clobbered by the arch_prctl arguments) from the stack before calling the handlers. arch_prctl is added to the seccomp allowlist (thread-local fs/gs only, sandbox-neutral). Setting LITEBOX_NO_FSGSBASE forces the fallback for testing on capable hosts. RDTSCP is not used by LiteBox, so no equivalent is needed; guest use of RDTSCP is governed by the guest's own CPUID/auxv view. Verified: full runner + shim + platform suites pass identically with and without LITEBOX_NO_FSGSBASE (only the pre-existing diod/python environmental failures remain), in debug and release. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01End2XtfTCUfUyZsyAU8NsU
When a leaf PTE is created on demand, the CPU's page-table walker sets the ACCESSED bit on first access (and DIRTY on first write) with a locked, microcoded write that takes the PTE cache line for exclusive ownership. Pre-filling the software-known result avoids that write, reducing cache-coherency traffic and slightly speeding up the walk — the same optimization Linux applies via pte_mkyoung()/pte_mkdirty() on fault-in. In vmflags_to_pteflags (linux_kernel and lvbs x86 platforms), leaf PTEs are now built ACCESSED, and writable leaves additionally DIRTY (DIRTY is only ever set together with WRITABLE). Intermediate table entries created during the walk also get ACCESSED (matching Linux's _PAGE_TABLE; DIRTY is meaningless on non-leaf entries and is omitted). This is behavior-neutral: MPROTECT_PTE_MASK excludes A/D so mprotect neither observes nor clears them, and no code reads A/D for data pages (CoW/reclaim are unimplemented). Verified: linux_kernel clippy + mm tests pass (4/4), lvbs clippy clean on stable. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01End2XtfTCUfUyZsyAU8NsU
From a multi-lens review of the earlier optimization commits: - futex: resolve the wake-vs-timeout race in favor of the wake. A waiter whose wait_until reported a timeout/interruption at the same moment a concurrent wake/requeue selected it (consuming that wakeup) now returns Ok once its entry is removed and `done` is observed set, instead of dropping the wakeup. remove() synchronizes with the waker's release of the entry, so `done` is stable at that point. Matches Linux futex_wait. - futex: document that FUTEX_CMP_REQUEUE's value compare is not held under the source bucket lock — benign for its only consumer (POSIX condvar broadcast), where a stale pass yields at most a spurious wakeup, never a lost one, since waiters re-check the word under the lock before parking. - shim write: writes larger than the 512KiB scratch buffer fall back to a single owned copy + single sys_write, preserving datagram message boundaries and O_APPEND atomicity (chunking would fragment them); mirrors the existing sys_sendto guard. Sub-512KiB writes keep the buffer reuse. - platform: cache num_cpus (available_parallelism) once, seeded before the seccomp filter is installed, so sched_getaffinity no longer re-probes the host on every call. - errno: mmap of a directory or non-regular fd now reports ENODEV (Linux's "mmap not supported by this file"), not EISDIR. Verified: fmt/clippy(-Dwarnings)/build clean; litebox + shim + common + platform + runner + dev_tests suites pass (only the pre-existing diod/9P and python environmental failures remain). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01End2XtfTCUfUyZsyAU8NsU
A follow-up review escalated the earlier note on requeue()'s value compare: performing it as an unlocked read (separate from the requeue scan) is not merely a spurious-wakeup risk but can strand a waiter. If a waiter enqueues on the source word with the new value between the check and the scan, it can be requeued onto the target word based on a stale comparison; because requeue does not mark the target word contended, a later uncontended unlock issues no FUTEX_WAKE and the waiter hangs. Linux avoids this by comparing the word under the hash-bucket lock. Add LoanList::extract_if_guarded, which runs a guard closure under the list lock before any entry is examined or removed, and rewrite requeue() to validate the futex word through it while scanning the source bucket first — so a mismatch aborts with EAGAIN and zero side effects, and the check is atomic with the requeue against concurrent enqueues on the same word. extract_if now delegates to the guarded form with a no-op guard. Also document the displaced-counter fast-path limitation (a parked cross-bucket-requeued waiter forces all-bucket wake scans) as a known, correctness-neutral perf tradeoff rather than risk a lost wakeup from a per-bucket accounting scheme. Verified: fmt/clippy(-Dwarnings)/doc clean; litebox + shim suites pass (incl. test_futex_requeue, which now exercises the locked value check); only the pre-existing diod/9P environmental failures remain. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01End2XtfTCUfUyZsyAU8NsU
Independent security/reliability audits (unsafe-code soundness, sandbox boundary integrity, integer/bounds safety, guest-reachable panics, resource lifecycle) surfaced real, guest-triggerable defects. Fixed the ones confirmed by direct code reading, most severe first: - CRITICAL, sandbox escape: anonymous RW memory written with a raw `syscall` opcode and mprotect'd executable ran unmediated on the host — the runtime syscall-rewriter only ever tracked file-backed exec segments (`elf_patch_cache`'s `file_mappings`), never anonymous mappings. `sys_mprotect` now falls back to the existing `apply_trap_fallback` byte-scanner (already used for unpatchable file segments) whenever no tracked file mapping accounts for the range gaining PROT_EXEC. Verified against Node's V8 JIT (RW<->RX toggling is the common, legitimate case) — correct but not free: ~44ms slower Node startup, an accepted, necessary cost of closing a real escape. Simultaneous PROT_READ_WRITE_EXEC still can't be fully defended (no permission-transition event to hook); documented as a residual, pre-existing risk in PageManager::make_pages_rwx's own safety comment. - CRITICAL, guest-controlled host-ASLR leak / control-flow-hijack primitive: `rt_sigreturn` copied a guest-memory-supplied `rip`/`rsp`/ `eflags` into the resume context with no validation, then unconditionally `jmp`'d to it. A non-canonical `rip` faults inside the host's own transition code and leaks that host address into the guest's signal handler; a valid host code address plus a guest-controlled stack is a jump-into-trusted-code primitive. The `lvbs`/`snp` platforms already gate every guest resume on `PtRegs::sanitize_for_user_return()`; wire the same call into linux_userland's single guest-resume choke point (`ThreadContext::call_shim`), terminating the thread instead of resuming with invalid state. - CRITICAL, arbitrary host munmap: `mremap`'s `new_size` only passed through `checked_next_multiple_of(PAGE_SIZE)`, which accepts an already-page-aligned huge value unchanged; `resize_mapping` then added it to the mapping's start address with a raw `+`, and a guest-chosen wraparound could make the "shrink" branch unmap an arbitrary attacker-chosen range instead of a suffix of its own mapping. Use `checked_add`, rejecting the call instead of wrapping. - HIGH: an ordinary `dup2`/`fcntl(F_DUPFD)` to a fd number past a small, undocumented internal growth bound (`stored_fds.len() + 256`) hit a hard `assert!` — reachable with ordinary target fd numbers on a fresh process, independent of the real `RLIMIT_NOFILE` check already in place. Converted to a graceful decline propagated as `ENOMEM`/ `EMFILE`, correctly distinguishing it from `do_close_and_replace`'s pre-existing `EBADF` return-as-side-effect for "nothing to close." - HIGH: `mmap`'s reserved-space and range math used raw `+` on guest-controlled lengths, wrapping (silently, in `NonZeroPageSize::Add`) or panicking (via `.unwrap()` on the resulting `PageRange`) instead of erroring. Switched to `checked_add` throughout, surfacing `AllocationError::OutOfMemory` instead of a crash. - HIGH: the sole network worker thread `unimplemented!()`'d on ANY `send_ip_packet` errno, including `EAGAIN`/`EWOULDBLOCK` from the non-blocking TUN fd under ordinary backpressure — no malicious input needed, just network load — killing networking process-wide. Added `SendError::WouldBlock` (mirroring the existing `ReceiveError`) and taught `TxToken::consume` to drop the packet on backpressure, exactly as a real NIC driver would; TCP retransmission handles recovery. - LOW: an unguarded subtraction in `AF_UNIX` sockaddr encoding (`addrlen_val - offset`) could underflow given a guest-supplied `addrlen` at or below the path field's offset; guarded to match the sibling `Abstract`-address arm. Verified: fmt/clippy(-Dwarnings)/doc clean; full workspace test suite matches the pre-existing environmental-failure baseline exactly (20 known diod/9P/python failures, zero new ones) after eliminating tun-device contention from a stray background process; Node.js runs correctly under the anonymous-exec-scan path. Several further confirmed findings (a `create_pages` TOCTOU allowing a concurrent thread to corrupt a just-created mapping; an ELF-loader integer overflow in segment-reservation math; an unbounded `to_cstring` scan; execve leaking PageManager state on a partially-loaded image; `bind`/`listen`-after-`connect` corrupting the shared local-port allocator; an unpatched `path.rs` `..`-at-root normalization gap) are real but not fixed in this pass — each needs more invasive redesign (lock restructuring, rollback-on-failure semantics) than is safe to rush alongside this batch; left for follow-up. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01End2XtfTCUfUyZsyAU8NsU
@microsoft-github-policy-service agree [company="{Tencent Cloud}"] |
@microsoft-github-policy-service agree [company="{Tencent Cloud}"] |
…aba-tl6lcg Claude/ultracode perf x86 alibaba tl6lcg
|
@microsoft-github-policy-service agree
…On Mon, Jul 6, 2026 at 1:57 PM microsoft-github-policy-service[bot] < ***@***.***> wrote:
*microsoft-github-policy-service[bot]* left a comment
(microsoft/litebox#1007)
<#1007 (comment)>
@dywongcloud <https://github.com/dywongcloud> please read the following
Contributor License Agreement(CLA). If you agree with the CLA, please reply
with the following information.
@microsoft-github-policy-service agree [company="{your company}"]
Options:
- (default - no company specified) I have sole ownership of
intellectual property rights to my Submissions and I am not making
Submissions in the course of work for my employer.
@microsoft-github-policy-service agree
- (when company given) I am making Submissions in the course of work
for my employer (or my employer has intellectual property rights in my
Submissions by contract or applicable law). I have permission from my
employer to make Submissions and enter into this Agreement on behalf of my
employer. By signing below, the defined term “You” includes me and my
employer.
@microsoft-github-policy-service agree company="Microsoft"
Contributor License Agreement Contribution License Agreement
This Contribution License Agreement (*“Agreement”*) is agreed to by the
party signing below (*“You”*),
and conveys certain license rights to Microsoft Corporation and its
affiliates (“Microsoft”) for Your
contributions to Microsoft open source projects. This Agreement is
effective as of the latest signature
date below.
1. *Definitions*.
*“Code”* means the computer software code, whether in human-readable
or machine-executable form,
that is delivered by You to Microsoft under this Agreement.
*“Project”* means any of the projects owned or managed by Microsoft
and offered under a license
approved by the Open Source Initiative (www.opensource.org).
*“Submit”* is the act of uploading, submitting, transmitting, or
distributing code or other content to any
Project, including but not limited to communication on electronic
mailing lists, source code control
systems, and issue tracking systems that are managed by, or on behalf
of, the Project for the purpose of
discussing and improving that Project, but excluding communication
that is conspicuously marked or
otherwise designated in writing by You as “Not a Submission.”
*“Submission”* means the Code and any other copyrightable material
Submitted by You, including any
associated comments and documentation.
2. *Your Submission*. You must agree to the terms of this Agreement
before making a Submission to any
Project. This Agreement covers any and all Submissions that You, now
or in the future (except as
described in Section 4 below), Submit to any Project.
3. *Originality of Work*. You represent that each of Your Submissions
is entirely Your original work.
Should You wish to Submit materials that are not Your original work,
You may Submit them separately
to the Project if You (a) retain all copyright and license information
that was in the materials as You
received them, (b) in the description accompanying Your Submission,
include the phrase “Submission
containing materials of a third party:” followed by the names of the
third party and any licenses or other
restrictions of which You are aware, and (c) follow any other
instructions in the Project’s written
guidelines concerning Submissions.
4. *Your Employer*. References to “employer” in this Agreement include
Your employer or anyone else
for whom You are acting in making Your Submission, e.g. as a
contractor, vendor, or agent. If Your
Submission is made in the course of Your work for an employer or Your
employer has intellectual
property rights in Your Submission by contract or applicable law, You
must secure permission from Your
employer to make the Submission before signing this Agreement. In that
case, the term “You” in this
Agreement will refer to You and the employer collectively. If You
change employers in the future and
desire to Submit additional Submissions for the new employer, then You
agree to sign a new Agreement
and secure permission from the new employer before Submitting those
Submissions.
5. *Licenses*.
- *Copyright License*. You grant Microsoft, and those who receive the
Submission directly or
indirectly from Microsoft, a perpetual, worldwide, non-exclusive,
royalty-free, irrevocable license in the
Submission to reproduce, prepare derivative works of, publicly
display, publicly perform, and distribute
the Submission and such derivative works, and to sublicense any or all
of the foregoing rights to third
parties.
- *Patent License*. You grant Microsoft, and those who receive the
Submission directly or
indirectly from Microsoft, a perpetual, worldwide, non-exclusive,
royalty-free, irrevocable license under
Your patent claims that are necessarily infringed by the Submission or
the combination of the
Submission with the Project to which it was Submitted to make, have
made, use, offer to sell, sell and
import or otherwise dispose of the Submission alone or with the
Project.
- *Other Rights Reserved*. Each party reserves all rights not
expressly granted in this Agreement.
No additional licenses or rights whatsoever (including, without
limitation, any implied licenses) are
granted by implication, exhaustion, estoppel or otherwise.
6. *Representations and Warranties*. You represent that You are
legally entitled to grant the above
licenses. You represent that each of Your Submissions is entirely Your
original work (except as You may
have disclosed under Section 3). You represent that You have secured
permission from Your employer to
make the Submission in cases where Your Submission is made in the
course of Your work for Your
employer or Your employer has intellectual property rights in Your
Submission by contract or applicable
law. If You are signing this Agreement on behalf of Your employer, You
represent and warrant that You
have the necessary authority to bind the listed employer to the
obligations contained in this Agreement.
You are not expected to provide support for Your Submission, unless
You choose to do so. UNLESS
REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING, AND EXCEPT FOR THE
WARRANTIES
EXPRESSLY STATED IN SECTIONS 3, 4, AND 6, THE SUBMISSION PROVIDED
UNDER THIS AGREEMENT IS
PROVIDED WITHOUT WARRANTY OF ANY KIND, INCLUDING, BUT NOT LIMITED TO,
ANY WARRANTY OF
NONINFRINGEMENT, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE.
7. *Notice to Microsoft*. You agree to notify Microsoft in writing of
any facts or circumstances of which
You later become aware that would make Your representations in this
Agreement inaccurate in any
respect.
8. *Information about Submissions*. You agree that contributions to
Projects and information about
contributions may be maintained indefinitely and disclosed publicly,
including Your name and other
information that You submit with Your Submission.
9. *Governing Law/Jurisdiction*. This Agreement is governed by the
laws of the State of Washington, and
the parties consent to exclusive jurisdiction and venue in the federal
courts sitting in King County,
Washington, unless no federal subject matter jurisdiction exists, in
which case the parties consent to
exclusive jurisdiction and venue in the Superior Court of King County,
Washington. The parties waive all
defenses of lack of personal jurisdiction and forum non-conveniens.
10. *Entire Agreement/Assignment*. This Agreement is the entire
agreement between the parties, and
supersedes any and all prior agreements, understandings or
communications, written or oral, between
the parties relating to the subject matter hereof. This Agreement may
be assigned by Microsoft.
—
Reply to this email directly, view it on GitHub
<#1007?email_source=notifications&email_token=CBM73QHB2KNKY3OAWNARDGT5DQHBXA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTIOBZG42TGNZYGU3KM4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJLDGN5XXIZLSL5RWY2LDNM#issuecomment-4897537856>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/CBM73QHI7NEZSFEP4PKN6I35DQHBXAVCNFSNUABFKJSXA33TNF2G64TZHM4TAMJWGA3TCMZSHNEXG43VMU5TIOBSGMYDEMRSHA32C5QC>
.
Triage notifications, keep track of coding agent tasks and review pull
requests on the go with GitHub Mobile for iOS
<https://github.com/notifications/mobile/ios/CBM73QA7TSMUC2MPQZIVTZT5DQHBXA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTIOBZG42TGNZYGU3KM4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJKTGN5XXIZLSL5UW64Y>
and Android
<https://github.com/notifications/mobile/android/CBM73QDZUWCXQ7ZXQIQIJKT5DQHBXA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTIOBZG42TGNZYGU3KM4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJLTGN5XXIZLSL5QW4ZDSN5UWI>.
Download it today!
You are receiving this because you were mentioned.Message ID:
***@***.***>
--
*Dylan Wong*
Senior Cloud Architect
Tencent Cloud International
[image: What is Tencent Cloud and how to get started | Chinafy]
|
@microsoft-github-policy-service agree |
d9d1b50 to
9ecccf2
Compare
|
@microsoft-github-policy-service agree [company="{Tencent Cloud}"]
…On Mon, Jul 6, 2026 at 1:53 PM microsoft-github-policy-service[bot] < ***@***.***> wrote:
*microsoft-github-policy-service[bot]* left a comment
(microsoft/litebox#1007)
<#1007 (comment)>
@dywongcloud <https://github.com/dywongcloud> please read the following
Contributor License Agreement(CLA). If you agree with the CLA, please reply
with the following information.
@microsoft-github-policy-service agree [company="{your company}"]
Options:
- (default - no company specified) I have sole ownership of
intellectual property rights to my Submissions and I am not making
Submissions in the course of work for my employer.
@microsoft-github-policy-service agree
- (when company given) I am making Submissions in the course of work
for my employer (or my employer has intellectual property rights in my
Submissions by contract or applicable law). I have permission from my
employer to make Submissions and enter into this Agreement on behalf of my
employer. By signing below, the defined term “You” includes me and my
employer.
@microsoft-github-policy-service agree company="Microsoft"
Contributor License Agreement Contribution License Agreement
This Contribution License Agreement (*“Agreement”*) is agreed to by the
party signing below (*“You”*),
and conveys certain license rights to Microsoft Corporation and its
affiliates (“Microsoft”) for Your
contributions to Microsoft open source projects. This Agreement is
effective as of the latest signature
date below.
1. *Definitions*.
*“Code”* means the computer software code, whether in human-readable
or machine-executable form,
that is delivered by You to Microsoft under this Agreement.
*“Project”* means any of the projects owned or managed by Microsoft
and offered under a license
approved by the Open Source Initiative (www.opensource.org).
*“Submit”* is the act of uploading, submitting, transmitting, or
distributing code or other content to any
Project, including but not limited to communication on electronic
mailing lists, source code control
systems, and issue tracking systems that are managed by, or on behalf
of, the Project for the purpose of
discussing and improving that Project, but excluding communication
that is conspicuously marked or
otherwise designated in writing by You as “Not a Submission.”
*“Submission”* means the Code and any other copyrightable material
Submitted by You, including any
associated comments and documentation.
2. *Your Submission*. You must agree to the terms of this Agreement
before making a Submission to any
Project. This Agreement covers any and all Submissions that You, now
or in the future (except as
described in Section 4 below), Submit to any Project.
3. *Originality of Work*. You represent that each of Your Submissions
is entirely Your original work.
Should You wish to Submit materials that are not Your original work,
You may Submit them separately
to the Project if You (a) retain all copyright and license information
that was in the materials as You
received them, (b) in the description accompanying Your Submission,
include the phrase “Submission
containing materials of a third party:” followed by the names of the
third party and any licenses or other
restrictions of which You are aware, and (c) follow any other
instructions in the Project’s written
guidelines concerning Submissions.
4. *Your Employer*. References to “employer” in this Agreement include
Your employer or anyone else
for whom You are acting in making Your Submission, e.g. as a
contractor, vendor, or agent. If Your
Submission is made in the course of Your work for an employer or Your
employer has intellectual
property rights in Your Submission by contract or applicable law, You
must secure permission from Your
employer to make the Submission before signing this Agreement. In that
case, the term “You” in this
Agreement will refer to You and the employer collectively. If You
change employers in the future and
desire to Submit additional Submissions for the new employer, then You
agree to sign a new Agreement
and secure permission from the new employer before Submitting those
Submissions.
5. *Licenses*.
- *Copyright License*. You grant Microsoft, and those who receive the
Submission directly or
indirectly from Microsoft, a perpetual, worldwide, non-exclusive,
royalty-free, irrevocable license in the
Submission to reproduce, prepare derivative works of, publicly
display, publicly perform, and distribute
the Submission and such derivative works, and to sublicense any or all
of the foregoing rights to third
parties.
- *Patent License*. You grant Microsoft, and those who receive the
Submission directly or
indirectly from Microsoft, a perpetual, worldwide, non-exclusive,
royalty-free, irrevocable license under
Your patent claims that are necessarily infringed by the Submission or
the combination of the
Submission with the Project to which it was Submitted to make, have
made, use, offer to sell, sell and
import or otherwise dispose of the Submission alone or with the
Project.
- *Other Rights Reserved*. Each party reserves all rights not
expressly granted in this Agreement.
No additional licenses or rights whatsoever (including, without
limitation, any implied licenses) are
granted by implication, exhaustion, estoppel or otherwise.
6. *Representations and Warranties*. You represent that You are
legally entitled to grant the above
licenses. You represent that each of Your Submissions is entirely Your
original work (except as You may
have disclosed under Section 3). You represent that You have secured
permission from Your employer to
make the Submission in cases where Your Submission is made in the
course of Your work for Your
employer or Your employer has intellectual property rights in Your
Submission by contract or applicable
law. If You are signing this Agreement on behalf of Your employer, You
represent and warrant that You
have the necessary authority to bind the listed employer to the
obligations contained in this Agreement.
You are not expected to provide support for Your Submission, unless
You choose to do so. UNLESS
REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING, AND EXCEPT FOR THE
WARRANTIES
EXPRESSLY STATED IN SECTIONS 3, 4, AND 6, THE SUBMISSION PROVIDED
UNDER THIS AGREEMENT IS
PROVIDED WITHOUT WARRANTY OF ANY KIND, INCLUDING, BUT NOT LIMITED TO,
ANY WARRANTY OF
NONINFRINGEMENT, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE.
7. *Notice to Microsoft*. You agree to notify Microsoft in writing of
any facts or circumstances of which
You later become aware that would make Your representations in this
Agreement inaccurate in any
respect.
8. *Information about Submissions*. You agree that contributions to
Projects and information about
contributions may be maintained indefinitely and disclosed publicly,
including Your name and other
information that You submit with Your Submission.
9. *Governing Law/Jurisdiction*. This Agreement is governed by the
laws of the State of Washington, and
the parties consent to exclusive jurisdiction and venue in the federal
courts sitting in King County,
Washington, unless no federal subject matter jurisdiction exists, in
which case the parties consent to
exclusive jurisdiction and venue in the Superior Court of King County,
Washington. The parties waive all
defenses of lack of personal jurisdiction and forum non-conveniens.
10. *Entire Agreement/Assignment*. This Agreement is the entire
agreement between the parties, and
supersedes any and all prior agreements, understandings or
communications, written or oral, between
the parties relating to the subject matter hereof. This Agreement may
be assigned by Microsoft.
—
Reply to this email directly, view it on GitHub
<#1007?email_source=notifications&email_token=CBM73QDD3JHUUREHQJT6VRD5DQGU5A5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTIOBZG42TCMZUHEZKM4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJLDGN5XXIZLSL5RWY2LDNM#issuecomment-4897513492>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/CBM73QHSGYCJ6ZTO6RAW7YD5DQGU5AVCNFSNUABFKJSXA33TNF2G64TZHM4TAMJWGA3TCMZSHNEXG43VMU5TIOBSGMYDEMRSHA32C5QC>
.
Triage notifications, keep track of coding agent tasks and review pull
requests on the go with GitHub Mobile for iOS
<https://github.com/notifications/mobile/ios/CBM73QE36DLMUOLRULHQCL35DQGU5A5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTIOBZG42TCMZUHEZKM4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJKTGN5XXIZLSL5UW64Y>
and Android
<https://github.com/notifications/mobile/android/CBM73QHNUEXOGSAYOXEKPZD5DQGU5A5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTIOBZG42TCMZUHEZKM4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJLTGN5XXIZLSL5QW4ZDSN5UWI>.
Download it today!
You are receiving this because you were mentioned.Message ID:
***@***.***>
--
*Dylan Wong*
Senior Cloud Architect
Tencent Cloud International
[image: What is Tencent Cloud and how to get started | Chinafy]
|
|
@microsoft-github-policy-service agree [company="{Tencent Cloud}"] |
@microsoft-github-policy-service agree [company="{Tencent Cloud}"] |
|
@dywongcloud the command you issued was incorrect. Please try again. Examples are: and |
@microsoft-github-policy-service agree @microsoft-github-policy-service agree [company="{Tencent Cloud}"] |
Performance (
litebox,litebox_shim_linux,litebox_platform_linux_userland,litebox_syscall_rewriter):madvisediscard path, direct-permission anonymous mmap (no RW→mprotect double call), coalesced mprotect/munmap runs, pre-opened CoW fdslitebox_platform_linux_kernel,litebox_platform_lvbs)Alibaba Cloud PVM (Pagetable-based Virtual Machine) compatibility:
arch_prctlfor hosts/guests where user-mode FSGSBASE is unavailable (works with and without PVM; forced viaLITEBOX_NO_FSGSBASE=1for testing)clock_gettime/clock_getres/gettimeofday/arch_prctl, since PVM's unstable TSC can push glibc off the vDSO fast path onto real syscallsSecurity fixes (from a 5-lens audit --- unsafe-code soundness, sandbox/seccomp boundary, integer/bounds safety, guest-reachable panics, resource lifecycle):
mmap(RW)+ guest-writtensyscallopcode +mprotect(PROT_EXEC)bypassed the ELF syscall rewriter entirely, since it only tracked file-backed executable mappings. Anonymous exec transitions are now scanned and neutralized the same way.rt_sigreturncopied guest-suppliedrip/rsp/rflagsinto the resume context with no validation, letting a guest crash into or read addresses inside the host runtime. Now gated by the samesanitize_for_user_return()check thelvbs/snpplatforms already used.munmap(critical):mremap's resize path did an uncheckedusizeadd on a guest-controlled size, allowing integer wraparound to unmap an attacker-chosen address range.dup2/fcntl(F_DUPFD)to an ordinary (non-adversarial) fd number, andmmapwith a large page-aligned length that overflowed reserved-space math.EAGAIN/EWOULDBLOCKTUN backpressure (was killing networking for every guest sharing the process).AF_UNIXgetsockname/acceptguarded against an integer underflow when the guest supplies anaddrlensmaller than the path offset.FUTEX_CMP_REQUEUE's value check is now performed under the source bucket's lock (matching Linux), closing a stale-comparison race that could strand a requeued waiter.Known, documented residual risk (not fixed in this PR --- flagged for a follow-up):
PROT_READ_WRITE_EXECmemory is still simultaneously writable and executable by design (JIT compatibility); the anonymous-exec scan only catches syscalls present at grant time, not written afterward.create_pages(cross-thread race during the unlocked init callback) and a couple of MEDIUM-severity DoS/consistency issues (path..-at-root growth,resolve_pathmissing aPATH_MAXcheck,execveleakingPageManagerstate on a malformed second ELF segment) are documented but not yet fixed.Test plan
cargo fmt --all --checkcargo clippy --all-targets --all-features(workspace,-Dwarnings) across all CI target sets, including the LVBS/OP-TEE/SNP exclusionscargo build(default workspace + release)cargo doc --no-deps --all-features --document-private-items(-Dwarnings)cargo nextest run--- full workspace, clean except the pre-existing environmental failures (diod/9P permissions, missing Pythonencodingsmodule) present identically onmaindev_benchcomparison againstmain: rewriter ~1.6x faster, no regressionsLITEBOX_NO_FSGSBASE=1(fallback path)