diff options
| author | Meir Shpilraien (Spielrein) <meir@redis.com> | 2022-01-06 13:39:38 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-06 13:39:38 +0200 |
| commit | 885f6b5cebf80108a857cd50a4b84f5daf013e29 (patch) | |
| tree | 334d9824d647e243dd4c020b5dd15349f4190409 /src/script_lua.c | |
| parent | 568c2e039bac388003068cd8debb2f93619dd462 (diff) | |
| download | redis-885f6b5cebf80108a857cd50a4b84f5daf013e29.tar.gz | |
Redis Function Libraries (#10004)
# Redis Function Libraries
This PR implements Redis Functions Libraries as describe on: https://github.com/redis/redis/issues/9906.
Libraries purpose is to provide a better code sharing between functions by allowing to create multiple
functions in a single command. Functions that were created together can safely share code between
each other without worrying about compatibility issues and versioning.
Creating a new library is done using 'FUNCTION LOAD' command (full API is described below)
This PR introduces a new struct called libraryInfo, libraryInfo holds information about a library:
* name - name of the library
* engine - engine used to create the library
* code - library code
* description - library description
* functions - the functions exposed by the library
When Redis gets the `FUNCTION LOAD` command it creates a new empty libraryInfo.
Redis passes the `CODE` to the relevant engine alongside the empty libraryInfo.
As a result, the engine will create one or more functions by calling 'libraryCreateFunction'.
The new funcion will be added to the newly created libraryInfo. So far Everything is happening
locally on the libraryInfo so it is easy to abort the operation (in case of an error) by simply
freeing the libraryInfo. After the library info is fully constructed we start the joining phase by
which we will join the new library to the other libraries currently exist on Redis.
The joining phase make sure there is no function collision and add the library to the
librariesCtx (renamed from functionCtx). LibrariesCtx is used all around the code in the exact
same way as functionCtx was used (with respect to RDB loading, replicatio, ...).
The only difference is that apart from function dictionary (maps function name to functionInfo
object), the librariesCtx contains also a libraries dictionary that maps library name to libraryInfo object.
## New API
### FUNCTION LOAD
`FUNCTION LOAD <ENGINE> <LIBRARY NAME> [REPLACE] [DESCRIPTION <DESCRIPTION>] <CODE>`
Create a new library with the given parameters:
* ENGINE - REPLACE Engine name to use to create the library.
* LIBRARY NAME - The new library name.
* REPLACE - If the library already exists, replace it.
* DESCRIPTION - Library description.
* CODE - Library code.
Return "OK" on success, or error on the following cases:
* Library name already taken and REPLACE was not used
* Name collision with another existing library (even if replace was uses)
* Library registration failed by the engine (usually compilation error)
## Changed API
### FUNCTION LIST
`FUNCTION LIST [LIBRARYNAME <LIBRARY NAME PATTERN>] [WITHCODE]`
Command was modified to also allow getting libraries code (so `FUNCTION INFO` command is no longer
needed and removed). In addition the command gets an option argument, `LIBRARYNAME` allows you to
only get libraries that match the given `LIBRARYNAME` pattern. By default, it returns all libraries.
### INFO MEMORY
Added number of libraries to `INFO MEMORY`
### Commands flags
`DENYOOM` flag was set on `FUNCTION LOAD` and `FUNCTION RESTORE`. We consider those commands
as commands that add new data to the dateset (functions are data) and so we want to disallows
to run those commands on OOM.
## Removed API
* FUNCTION CREATE - Decided on https://github.com/redis/redis/issues/9906
* FUNCTION INFO - Decided on https://github.com/redis/redis/issues/9899
## Lua engine changes
When the Lua engine gets the code given on `FUNCTION LOAD` command, it immediately runs it, we call
this run the loading run. Loading run is not a usual script run, it is not possible to invoke any
Redis command from within the load run.
Instead there is a new API provided by `library` object. The new API's:
* `redis.log` - behave the same as `redis.log`
* `redis.register_function` - register a new function to the library
The loading run purpose is to register functions using the new `redis.register_function` API.
Any attempt to use any other API will result in an error. In addition, the load run is has a time
limit of 500ms, error is raise on timeout and the entire operation is aborted.
### `redis.register_function`
`redis.register_function(<function_name>, <callback>, [<description>])`
This new API allows users to register a new function that will be linked to the newly created library.
This API can only be called during the load run (see definition above). Any attempt to use it outside
of the load run will result in an error.
The parameters pass to the API are:
* function_name - Function name (must be a Lua string)
* callback - Lua function object that will be called when the function is invokes using fcall/fcall_ro
* description - Function description, optional (must be a Lua string).
### Example
The following example creates a library called `lib` with 2 functions, `f1` and `f1`, returns 1 and 2 respectively:
```
local function f1(keys, args)
return 1
end
local function f2(keys, args)
return 2
end
redis.register_function('f1', f1)
redis.register_function('f2', f2)
```
Notice: Unlike `eval`, functions inside a library get the KEYS and ARGV as arguments to the
functions and not as global.
### Technical Details
On the load run we only want the user to be able to call a white list on API's. This way, in
the future, if new API's will be added, the new API's will not be available to the load run
unless specifically added to this white list. We put the while list on the `library` object and
make sure the `library` object is only available to the load run by using [lua_setfenv](https://www.lua.org/manual/5.1/manual.html#lua_setfenv) API. This API allows us to set
the `globals` of a function (and all the function it creates). Before starting the load run we
create a new fresh Lua table (call it `g`) that only contains the `library` API (we make sure
to set global protection on this table just like the general global protection already exists
today), then we use [lua_setfenv](https://www.lua.org/manual/5.1/manual.html#lua_setfenv)
to set `g` as the global table of the load run. After the load run finished we update `g`
metatable and set `__index` and `__newindex` functions to be `_G` (Lua default globals),
we also pop out the `library` object as we do not need it anymore.
This way, any function that was created on the load run (and will be invoke using `fcall`) will
see the default globals as it expected to see them and will not have the `library` API anymore.
An important outcome of this new approach is that now we can achieve a distinct global table
for each library (it is not yet like that but it is very easy to achieve it now). In the future we can
decide to remove global protection because global on different libraries will not collide or we
can chose to give different API to different libraries base on some configuration or input.
Notice that this technique was meant to prevent errors and was not meant to prevent malicious
user from exploit it. For example, the load run can still save the `library` object on some local
variable and then using in `fcall` context. To prevent such a malicious use, the C code also make
sure it is running in the right context and if not raise an error.
Diffstat (limited to 'src/script_lua.c')
| -rw-r--r-- | src/script_lua.c | 164 |
1 files changed, 131 insertions, 33 deletions
diff --git a/src/script_lua.c b/src/script_lua.c index 258c6c385..fc9fc812a 100644 --- a/src/script_lua.c +++ b/src/script_lua.c @@ -80,6 +80,9 @@ void* luaGetFromRegistry(lua_State* lua, const char* name) { lua_pushstring(lua, name); lua_gettable(lua, LUA_REGISTRYINDEX); + if (lua_isnil(lua, -1)) { + return NULL; + } /* must be light user data */ serverAssert(lua_islightuserdata(lua, -1)); @@ -427,7 +430,7 @@ static void redisProtocolToLuaType_Double(void *ctx, double d, const char *proto * with a single "err" field set to the error string. Note that this * table is never a valid reply by proper commands, since the returned * tables are otherwise always indexed by integers, never by strings. */ -static void luaPushError(lua_State *lua, char *error) { +void luaPushError(lua_State *lua, char *error) { lua_Debug dbg; /* If debugging is active and in step mode, log errors resulting from @@ -455,7 +458,7 @@ static void luaPushError(lua_State *lua, char *error) { * by the non-error-trapping version of redis.pcall(), which is redis.call(), * this function will raise the Lua error so that the execution of the * script will be halted. */ -static int luaRaiseError(lua_State *lua) { +int luaRaiseError(lua_State *lua) { lua_pushstring(lua,"err"); lua_gettable(lua,-2); return lua_error(lua); @@ -656,6 +659,10 @@ static void luaReplyToRedisReply(client *c, client* script_client, lua_State *lu static int luaRedisGenericCommand(lua_State *lua, int raise_error) { int j, argc = lua_gettop(lua); scriptRunCtx* rctx = luaGetFromRegistry(lua, REGISTRY_RUN_CTX_NAME); + if (!rctx) { + luaPushError(lua, "redis.call/pcall can only be called inside a script invocation"); + return luaRaiseError(lua); + } sds err = NULL; client* c = rctx->c; sds reply; @@ -911,6 +918,10 @@ static int luaRedisSetReplCommand(lua_State *lua) { int flags, argc = lua_gettop(lua); scriptRunCtx* rctx = luaGetFromRegistry(lua, REGISTRY_RUN_CTX_NAME); + if (!rctx) { + lua_pushstring(lua, "redis.set_repl can only be called inside a script invocation"); + return lua_error(lua); + } if (argc != 1) { lua_pushstring(lua, "redis.set_repl() requires two arguments."); @@ -966,6 +977,11 @@ static int luaLogCommand(lua_State *lua) { /* redis.setresp() */ static int luaSetResp(lua_State *lua) { + scriptRunCtx* rctx = luaGetFromRegistry(lua, REGISTRY_RUN_CTX_NAME); + if (!rctx) { + lua_pushstring(lua, "redis.setresp can only be called inside a script invocation"); + return lua_error(lua); + } int argc = lua_gettop(lua); if (argc != 1) { @@ -978,7 +994,6 @@ static int luaSetResp(lua_State *lua) { lua_pushstring(lua, "RESP version must be 2 or 3."); return lua_error(lua); } - scriptRunCtx* rctx = luaGetFromRegistry(lua, REGISTRY_RUN_CTX_NAME); scriptSetResp(rctx, resp); return 0; } @@ -1031,8 +1046,8 @@ static void luaRemoveUnsupportedFunctions(lua_State *lua) { * sequence, because it may interact with creation of globals. * * On Legacy Lua (eval) we need to check 'w ~= \"main\"' otherwise we will not be able - * to create the global 'function <sha> ()' variable. On Lua engine we do not use this trick - * so its not needed. */ + * to create the global 'function <sha> ()' variable. On Functions Lua engine we do not use + * this trick so it's not needed. */ void luaEnableGlobalsProtection(lua_State *lua, int is_eval) { char *s[32]; sds code = sdsempty(); @@ -1067,33 +1082,72 @@ void luaEnableGlobalsProtection(lua_State *lua, int is_eval) { sdsfree(code); } -void luaRegisterRedisAPI(lua_State* lua) { - luaLoadLibraries(lua); - luaRemoveUnsupportedFunctions(lua); - - /* Register the redis commands table and fields */ - lua_newtable(lua); - - /* redis.call */ - lua_pushstring(lua,"call"); - lua_pushcfunction(lua,luaRedisCallCommand); - lua_settable(lua,-3); +/* Create a global protection function and put it to registry. + * This need to be called once in the lua_State lifetime. + * After called it is possible to use luaSetGlobalProtection + * to set global protection on a give table. + * + * The function assumes the Lua stack have a least enough + * space to push 2 element, its up to the caller to verify + * this before calling this function. + * + * Notice, the difference between this and luaEnableGlobalsProtection + * is that luaEnableGlobalsProtection is enabling global protection + * on the current Lua globals. This registering a global protection + * function that later can be applied on any table. */ +void luaRegisterGlobalProtectionFunction(lua_State *lua) { + lua_pushstring(lua, REGISTRY_SET_GLOBALS_PROTECTION_NAME); + char *global_protection_func = "local dbg = debug\n" + "local globals_protection = function (t)\n" + " local mt = {}\n" + " setmetatable(t, mt)\n" + " mt.__newindex = function (t, n, v)\n" + " if dbg.getinfo(2) then\n" + " local w = dbg.getinfo(2, \"S\").what\n" + " if w ~= \"C\" then\n" + " error(\"Script attempted to create global variable '\"..tostring(n)..\"'\", 2)\n" + " end" + " end" + " rawset(t, n, v)\n" + " end\n" + " mt.__index = function (t, n)\n" + " if dbg.getinfo(2) and dbg.getinfo(2, \"S\").what ~= \"C\" then\n" + " error(\"Script attempted to access nonexistent global variable '\"..tostring(n)..\"'\", 2)\n" + " end\n" + " return rawget(t, n)\n" + " end\n" + "end\n" + "return globals_protection"; + int res = luaL_loadbuffer(lua, global_protection_func, strlen(global_protection_func), "@global_protection_def"); + serverAssert(res == 0); + res = lua_pcall(lua,0,1,0); + serverAssert(res == 0); + lua_settable(lua, LUA_REGISTRYINDEX); +} - /* redis.pcall */ - lua_pushstring(lua,"pcall"); - lua_pushcfunction(lua,luaRedisPCallCommand); - lua_settable(lua,-3); +/* Set global protection on a given table. + * The table need to be located on the top of the lua stack. + * After called, it will no longer be possible to set + * new items on the table. The function is not removing + * the table from the top of the stack! + * + * The function assumes the Lua stack have a least enough + * space to push 2 element, its up to the caller to verify + * this before calling this function. */ +void luaSetGlobalProtection(lua_State *lua) { + lua_pushstring(lua, REGISTRY_SET_GLOBALS_PROTECTION_NAME); + lua_gettable(lua, LUA_REGISTRYINDEX); + lua_pushvalue(lua, -2); + int res = lua_pcall(lua, 1, 0, 0); + serverAssert(res == 0); +} +void luaRegisterLogFunction(lua_State* lua) { /* redis.log and log levels. */ lua_pushstring(lua,"log"); lua_pushcfunction(lua,luaLogCommand); lua_settable(lua,-3); - /* redis.setresp */ - lua_pushstring(lua,"setresp"); - lua_pushcfunction(lua,luaSetResp); - lua_settable(lua,-3); - lua_pushstring(lua,"LOG_DEBUG"); lua_pushnumber(lua,LL_DEBUG); lua_settable(lua,-3); @@ -1109,6 +1163,31 @@ void luaRegisterRedisAPI(lua_State* lua) { lua_pushstring(lua,"LOG_WARNING"); lua_pushnumber(lua,LL_WARNING); lua_settable(lua,-3); +} + +void luaRegisterRedisAPI(lua_State* lua) { + luaLoadLibraries(lua); + luaRemoveUnsupportedFunctions(lua); + + /* Register the redis commands table and fields */ + lua_newtable(lua); + + /* redis.call */ + lua_pushstring(lua,"call"); + lua_pushcfunction(lua,luaRedisCallCommand); + lua_settable(lua,-3); + + /* redis.pcall */ + lua_pushstring(lua,"pcall"); + lua_pushcfunction(lua,luaRedisPCallCommand); + lua_settable(lua,-3); + + luaRegisterLogFunction(lua); + + /* redis.setresp */ + lua_pushstring(lua,"setresp"); + lua_pushcfunction(lua,luaSetResp); + lua_settable(lua,-3); /* redis.sha1hex */ lua_pushstring(lua, "sha1hex"); @@ -1149,7 +1228,7 @@ void luaRegisterRedisAPI(lua_State* lua) { lua_settable(lua,-3); /* Finally set the table as 'redis' global var. */ - lua_setglobal(lua,"redis"); + lua_setglobal(lua,REDIS_API_NAME); /* Replace math.random and math.randomseed with our implementations. */ lua_getglobal(lua,"math"); @@ -1167,7 +1246,7 @@ void luaRegisterRedisAPI(lua_State* lua) { /* Set an array of Redis String Objects as a Lua array (table) stored into a * global variable. */ -static void luaSetGlobalArray(lua_State *lua, char *var, robj **elev, int elec) { +static void luaCreateArray(lua_State *lua, robj **elev, int elec) { int j; lua_newtable(lua); @@ -1175,7 +1254,6 @@ static void luaSetGlobalArray(lua_State *lua, char *var, robj **elev, int elec) lua_pushlstring(lua,(char*)elev[j]->ptr,sdslen(elev[j]->ptr)); lua_rawseti(lua,-2,j+1); } - lua_setglobal(lua,var); } /* --------------------------------------------------------------------------- @@ -1189,6 +1267,11 @@ static void luaSetGlobalArray(lua_State *lua, char *var, robj **elev, int elec) /* The following implementation is the one shipped with Lua itself but with * rand() replaced by redisLrand48(). */ static int redis_math_random (lua_State *L) { + scriptRunCtx* rctx = luaGetFromRegistry(L, REGISTRY_RUN_CTX_NAME); + if (!rctx) { + return luaL_error(L, "math.random can only be called inside a script invocation"); + } + /* the `%' avoids the (rare) case of r==1, and is needed also because on some systems (SunOS!) `rand()' may return a value larger than RAND_MAX */ lua_Number r = (lua_Number)(redisLrand48()%REDIS_LRAND48_MAX) / @@ -1217,6 +1300,10 @@ static int redis_math_random (lua_State *L) { } static int redis_math_randomseed (lua_State *L) { + scriptRunCtx* rctx = luaGetFromRegistry(L, REGISTRY_RUN_CTX_NAME); + if (!rctx) { + return luaL_error(L, "math.randomseed can only be called inside a script invocation"); + } redisSrand48(luaL_checkint(L, 1)); return 0; } @@ -1260,13 +1347,24 @@ void luaCallFunction(scriptRunCtx* run_ctx, lua_State *lua, robj** keys, size_t /* Populate the argv and keys table accordingly to the arguments that * EVAL received. */ - luaSetGlobalArray(lua,"KEYS",keys,nkeys); - luaSetGlobalArray(lua,"ARGV",args,nargs); + luaCreateArray(lua,keys,nkeys); + /* On eval, keys and arguments are globals. */ + if (run_ctx->flags & SCRIPT_EVAL_MODE) lua_setglobal(lua,"KEYS"); + luaCreateArray(lua,args,nargs); + if (run_ctx->flags & SCRIPT_EVAL_MODE) lua_setglobal(lua,"ARGV"); /* At this point whether this script was never seen before or if it was - * already defined, we can call it. We have zero arguments and expect - * a single return value. */ - int err = lua_pcall(lua,0,1,-2); + * already defined, we can call it. + * On eval mode, we have zero arguments and expect a single return value. + * In addition the error handler is located on position -2 on the Lua stack. + * On function mode, we pass 2 arguments (the keys and args tables), + * and the error handler is located on position -4 (stack: error_handler, callback, keys, args) */ + int err; + if (run_ctx->flags & SCRIPT_EVAL_MODE) { + err = lua_pcall(lua,0,1,-2); + } else { + err = lua_pcall(lua,2,1,-4); + } /* Call the Lua garbage collector from time to time to avoid a * full cycle performed by Lua, which adds too latency. |