Load ELF from memory using memfd_create

2026-06-08 22:38:01 -06:00 · 2025-11-24 13:13:06 -07:00
parent 0c538e9dcf
commit dae1d524bc
14 changed files with 340 additions and 21 deletions
@@ -0,0 +1,7 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
 version = 4
 [[package]]
 name = "testproj"
 version = "0.1.0"
@@ -0,0 +1,22 @@
 cargo-features = ["trim-paths"]
 [package]
 name = "testproj"
 version = "0.1.0"
 edition = "2024"
 [lib]
 crate-type = ["cdylib"]
 [dependencies]
 [profile.release]
 strip = true # Strip symbols from the binary
 opt-level = "z"  # Optimize for size
 lto = true # Link tree optimization
 codegen-units = 1
 panic = "abort"
 debug = false # Remove debug
 trim-paths="all"
@@ -0,0 +1,30 @@
 #![no_std]
 #![crate_type = "cdylib"]
 use core::panic::PanicInfo;
 #[panic_handler]
 fn panic(_info: &PanicInfo) -> ! {
    loop {}
 }
 #[unsafe(no_mangle)]
 fn a() -> i32 {
    1
 }
 #[repr(C)]
 pub struct S {
    a: u64,
    b: u32,
    c: u16,
    d: u8,
 }
 #[unsafe(no_mangle)]
 pub extern "C" fn test_identity_struct(x: S) -> S {
    x
 }
 #[unsafe(no_mangle)]
 pub static HELLO: &str = "Hello!";
@@ -315,6 +315,15 @@ version = "1.21.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d"
 [[package]]
 name = "ppv-lite86"
 version = "0.2.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9"
 dependencies = [
 "zerocopy",
 ]
 [[package]]
 name = "proc-macro2"
 version = "1.0.103"
@@ -339,6 +348,35 @@ version = "5.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f"
 [[package]]
 name = "rand"
 version = "0.9.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1"
 dependencies = [
 "rand_chacha",
 "rand_core",
 ]
 [[package]]
 name = "rand_chacha"
 version = "0.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb"
 dependencies = [
 "ppv-lite86",
 "rand_core",
 ]
 [[package]]
 name = "rand_core"
 version = "0.9.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "99d9a13982dcf210057a8a78572b2217b667c3beacbf3a0d8b454f6f82837d38"
 dependencies = [
 "getrandom",
 ]
 [[package]]
 name = "regex"
 version = "1.12.2"
@@ -490,7 +528,9 @@ version = "0.0.0"
 dependencies = [
 "bincode",
 "chrono",
 "libc",
 "libloading",
 "rand",
 "serde",
 "serde_json",
 "unshell-obfuscate",
@@ -642,3 +682,23 @@ name = "wit-bindgen"
 version = "0.46.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f17a85883d4e6d00e8a97c586de764dabcc06133f7f1d55dce5cdc070ad7fe59"
 [[package]]
 name = "zerocopy"
 version = "0.8.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "43fa6694ed34d6e57407afbccdeecfa268c470a7d2a5b0cf49ce9fcc345afb90"
 dependencies = [
 "zerocopy-derive",
 ]
 [[package]]
 name = "zerocopy-derive"
 version = "0.8.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c640b22cd9817fae95be82f0d2f90b11f7605f6c319d16705c459b27ac2cbc26"
 dependencies = [
 "proc-macro2",
 "quote",
 "syn",
 ]
@@ -1,5 +1,4 @@
 // Behold! The world's most sophisticated shared library! (it has no code)
 #![no_main]
 pub use unshell_lib::get_components;
@@ -315,6 +315,15 @@ version = "1.21.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d"
 [[package]]
 name = "ppv-lite86"
 version = "0.2.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9"
 dependencies = [
 "zerocopy",
 ]
 [[package]]
 name = "proc-macro2"
 version = "1.0.103"
@@ -339,6 +348,35 @@ version = "5.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f"
 [[package]]
 name = "rand"
 version = "0.9.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1"
 dependencies = [
 "rand_chacha",
 "rand_core",
 ]
 [[package]]
 name = "rand_chacha"
 version = "0.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb"
 dependencies = [
 "ppv-lite86",
 "rand_core",
 ]
 [[package]]
 name = "rand_core"
 version = "0.9.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "99d9a13982dcf210057a8a78572b2217b667c3beacbf3a0d8b454f6f82837d38"
 dependencies = [
 "getrandom",
 ]
 [[package]]
 name = "regex"
 version = "1.12.2"
@@ -483,7 +521,9 @@ version = "0.0.0"
 dependencies = [
 "bincode",
 "chrono",
 "libc",
 "libloading",
 "rand",
 "serde",
 "serde_json",
 "unshell-obfuscate",
@@ -635,3 +675,23 @@ name = "wit-bindgen"
 version = "0.46.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f17a85883d4e6d00e8a97c586de764dabcc06133f7f1d55dce5cdc070ad7fe59"
 [[package]]
 name = "zerocopy"
 version = "0.8.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "43fa6694ed34d6e57407afbccdeecfa268c470a7d2a5b0cf49ce9fcc345afb90"
 dependencies = [
 "zerocopy-derive",
 ]
 [[package]]
 name = "zerocopy-derive"
 version = "0.8.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c640b22cd9817fae95be82f0d2f90b11f7605f6c319d16705c459b27ac2cbc26"
 dependencies = [
 "proc-macro2",
 "quote",
 "syn",
 ]
@@ -23,3 +23,5 @@ chrono = "0.4.42"
 serde = {version = "1.0.228", features=["derive"]}
 serde_json = "1.0.145"
 libc = "0.2.177"
 rand = "0.9.2"
@@ -1,4 +1,4 @@
-use std::collections::HashMap;
+use std::{collections::HashMap, fmt::Debug};
 // use bincode::{Decode, Encode};
 // use serde::{Deserialize, Serialize};
@@ -40,6 +40,16 @@ pub struct NamedComponent {
             ),
 }
 impl Debug for NamedComponent {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        f.debug_struct("NamedComponent")
            .field("name", &self.name)
            // .field("get_interface", &self.get_interface)
            // .field("start_runtime", &self.start_runtime)
            .finish()
    }
 }
 /// Trait that wraps the get_interface<T>() function inside of components
 pub trait InterfaceWrapper: Send + Sync {
    fn get_interface<T: 'static>(&self) -> Option<T>
@@ -10,7 +10,7 @@ mod components;
 pub use components::get_components;
 mod announcement;
-use std::fmt;
+use std::fmt::{self, Debug};
 pub use announcement::Announcement;
@@ -1,6 +1,8 @@
 mod manager;
 mod module;
 mod proc_load;
 // use std::any::Any;
 // pub use logger::setup_logger;
@@ -1,5 +1,6 @@
 use libloading::{Library, Symbol};
 use crate::module::proc_load::memfd_create_dlopen;
 use crate::{ModuleError, logger::SetupLogger, logger::logger};
 use crate::*;
@@ -22,26 +23,27 @@ impl Module {
        Ok(this)
    }
    // TODO: Implement actual reflective ELF loading (possibly even custom format)
    // Look at https://github.com/weizhiao/rust-elfloader
    pub fn new_bytes(bytes: &[u8]) -> Result<Self, ModuleError> {
        let lib =
            memfd_create_dlopen(bytes).map_err(|e| ModuleError::Error(e.to_string().into()))?;
        let this = Self { lib };
        if let Ok(setup_logger) = this.get_symbol::<SetupLogger>(b"setup_logger") {
            setup_logger(logger());
        } else {
            warn!("setup_logger not found");
        }
        Ok(this)
    }
    pub fn get_symbol<T>(&self, symbol: &[u8]) -> Result<Symbol<'_, T>, ModuleError> {
        let symbol = unsafe { self.lib.get::<T>(symbol) }
            .map_err(|e| ModuleError::LinkError(format!("Failed to load symbol: {}", e)))?;
        Ok(symbol)
    }
    // pub fn get_id(&self) -> &str {
    //     self.id
    // }
    // pub fn get_interface<T>(&self) -> Result<T, ModuleError> {
    //     if let Ok(interface_function) = self.get_symbol::<fn() -> T>(b"interface") {
    //         Ok(interface_function())
    //     } else {
    //         Err(ModuleError::LinkError(format!(
    //             "Interface function not found!"
    //         )))
    //     }
    // }
 }
 // extern "C" fn test1234() {
 //     info!("Test1234!");
 // }
@@ -0,0 +1,56 @@
 // Load a shared object by saving bytes to a filesystem in /proc
 use std::{error::Error, ffi::CString, io}; // 0.8
 use libloading::Library;
 use crate::debug;
 // The `memfd_create` syscall flags (MFD_CLOEXEC is common and good practice)
 const MFD_CLOEXEC: u32 = 0x0001;
 const MFD_ALLOW_SEALING: u32 = 0x0002;
 pub fn memfd_create_dlopen(payload: &[u8]) -> Result<Library, Box<dyn Error>> {
    use rand::distr::{Alphanumeric, SampleString};
    let string = Alphanumeric.sample_string(&mut rand::rng(), 16);
    // 1. Create the anonymous in-memory file descriptor using the raw syscall
    let c_name = CString::new(string).expect("CString conversion failed");
    let fd = unsafe { libc::memfd_create(c_name.as_ptr(), MFD_CLOEXEC | MFD_ALLOW_SEALING) };
    if fd < 0 {
        return Err(io::Error::last_os_error().to_string().into());
    }
    // 2. Write the payload bytes to the in-memory file
    let bytes_written =
        unsafe { libc::write(fd, payload.as_ptr() as *const libc::c_void, payload.len()) };
    if bytes_written != payload.len() as isize {
        // If write fails or is incomplete, clean up the file descriptor
        unsafe {
            libc::close(fd);
        }
        return Err("Failed to write full payload to memfd".into());
    }
    // Optional: Seal the file to prevent modification, common for security/integrity
    // Note: The MFD_ALLOW_SEALING flag must be set during creation for this to work.
    let seals = libc::F_SEAL_GROW | libc::F_SEAL_SHRINK | libc::F_SEAL_WRITE;
    if unsafe { libc::fcntl(fd, libc::F_ADD_SEALS, seals) } == -1 {
        // Log a warning but continue if sealing fails (e.g., due to permissions)
        debug!(
            "memfd_create_dlopen: Failed to apply seals. Error: {}",
            io::Error::last_os_error()
        );
    }
    // 3. Construct the virtual path to the in-memory file
    // This path is necessary for dlopen to work, as dlopen expects a filesystem path.
    let dl_path = format!("/proc/self/fd/{}", fd);
    // 4. Use dlopen (via libloading) on the virtual path
    Ok(unsafe { Library::new(&dl_path)? })
 }
@@ -321,6 +321,15 @@ version = "1.21.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d"
 [[package]]
 name = "ppv-lite86"
 version = "0.2.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9"
 dependencies = [
 "zerocopy",
 ]
 [[package]]
 name = "proc-macro2"
 version = "1.0.103"
@@ -345,6 +354,35 @@ version = "5.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f"
 [[package]]
 name = "rand"
 version = "0.9.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1"
 dependencies = [
 "rand_chacha",
 "rand_core",
 ]
 [[package]]
 name = "rand_chacha"
 version = "0.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb"
 dependencies = [
 "ppv-lite86",
 "rand_core",
 ]
 [[package]]
 name = "rand_core"
 version = "0.9.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "99d9a13982dcf210057a8a78572b2217b667c3beacbf3a0d8b454f6f82837d38"
 dependencies = [
 "getrandom",
 ]
 [[package]]
 name = "regex"
 version = "1.12.2"
@@ -489,7 +527,9 @@ version = "0.0.0"
 dependencies = [
 "bincode",
 "chrono",
 "libc",
 "libloading",
 "rand",
 "serde",
 "serde_json",
 "unshell-obfuscate",
@@ -650,3 +690,23 @@ name = "wit-bindgen"
 version = "0.46.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f17a85883d4e6d00e8a97c586de764dabcc06133f7f1d55dce5cdc070ad7fe59"
 [[package]]
 name = "zerocopy"
 version = "0.8.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "43fa6694ed34d6e57407afbccdeecfa268c470a7d2a5b0cf49ce9fcc345afb90"
 dependencies = [
 "zerocopy-derive",
 ]
 [[package]]
 name = "zerocopy-derive"
 version = "0.8.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c640b22cd9817fae95be82f0d2f90b11f7605f6c319d16705c459b27ac2cbc26"
 dependencies = [
 "proc-macro2",
 "quote",
 "syn",
 ]
@@ -1,4 +1,5 @@
-use std::collections::HashMap;
+use std::fs::File;
 use std::{collections::HashMap, io::Read};
 use lazy_static::lazy_static;
 use unshell_lib::{
@@ -38,7 +39,15 @@ fn main() {
        let mut modules = Vec::new();
        for arg in args.skip(1) {
            debug!("Loading module: {}", arg);
-            modules.push(Module::new(&arg)?)
+
            let mut file = File::open(arg).map_err(|e| ModuleError::Error(e.to_string().into()))?;
            let mut buffer = Vec::new();
            file.read_to_end(&mut buffer)
                .map_err(|e| ModuleError::Error(e.to_string().into()))?;
            modules.push(Module::new_bytes(&buffer)?)
            // modules.push(Module::new(&arg)?)
        }
        // Run the manager, this is blocking.