Skip to content

wasmtime: update to v9.0.3. #355

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jun 1, 2023
Merged

wasmtime: update to v9.0.3. #355

merged 5 commits into from
Jun 1, 2023

Conversation

phlax
Copy link
Contributor

@phlax phlax commented May 31, 2023

No description provided.

@phlax phlax force-pushed the deps-bump-wasmtime branch 3 times, most recently from 4601db4 to 02d15aa Compare May 31, 2023 09:06
@phlax phlax mentioned this pull request May 31, 2023
Merged
@phlax
deps: Bump wasmtime -> 9.0.2
e903d96 
Signed-off-by: Ryan Northey <[email protected]>
@phlax phlax force-pushed the deps-bump-wasmtime branch from 02d15aa to e903d96 Compare May 31, 2023 09:30
@phlax
Copy link
Contributor Author

phlax commented May 31, 2023

@PiotrSikora this seems to be passing ci here, but when i test it in envoy ci im seeing errors like ...

[2023-05-31 10:21:05.114][18][error][wasm] [external/envoy/source/extensions/common/wasm/wasm_vm.cc:38] Failed to load Wasm module due to a missing import: env�.proxy_get_header_map_valuen
[2023-05-31 10:21:05.114][18][error][wasm] [external/envoy/source/extensions/common/wasm/wasm.cc:109] Wasm VM failed Failed to initialize Wasm code
unknown file: Failure
C++ exception with description "Unable to create Wasm HTTP filter " thrown in the test body.
[  FAILED  ] Runtimes/WasmFilterConfigTest.YamlLoadFromFileWasmFailOpenOk/wamr_cpp, where GetParam() = ("wamr", "cpp") (831 ms)
[----------] 1 test from Runtimes/WasmFilterConfigTest (831 ms total)

[----------] Global test environment tear-down
[==========] 1 test from 1 test suite ran. (831 ms total)
[  PASSED  ] 0 tests.
[  FAILED  ] 1 test, listed below:
[  FAILED  ] Runtimes/WasmFilterConfigTest.YamlLoadFromFileWasmFailOpenOk/wamr_cpp, where GetParam() = ("wamr", "cpp")

 1 FAILED TEST

https://dev.azure.com/cncf/envoy/_build/results?buildId=138916&view=logs&j=e969334a-0e55-5c18-ac96-8b546753391e&t=32392586-69f5-5768-4caa-e00e8d4cc47e&l=407

PiotrSikora
PiotrSikora reviewed May 31, 2023
View reviewed changes
@PiotrSikora
Copy link
Member 

[2023-05-31 10:21:05.114][18][error][wasm] [external/envoy/source/extensions/common/wasm/wasm_vm.cc:38] Failed to load Wasm module due to a missing import: env�.proxy_get_header_map_valuen

This is because WAMR was updated here, but apparently not in Envoy, and they made a breaking changes in the code.

You need to update WAMR (and presumably LLVM) in Envoy first, unfortunately.

@phlax
Copy link
Contributor Author

phlax commented May 31, 2023

You need to update WAMR (and presumably LLVM) in Envoy first, unfortunately.

im trying to knock out a set of patch releases (hopefully tomorrow) to address any flagged cves, so trying to push this through

ill raise a pr to update wamr now ...

@phlax
update-versions
7b248f1 
Signed-off-by: Ryan Northey <[email protected]>
@phlax phlax force-pushed the deps-bump-wasmtime branch from 7afc489 to 7b248f1 Compare May 31, 2023 18:25
@phlax
Copy link
Contributor Author

phlax commented May 31, 2023

versions updated here - this really needs a better solution for updating

@phlax
Copy link
Contributor Author

phlax commented May 31, 2023

envoyproxy/envoy#27737

@phlax
Copy link
Contributor Author

phlax commented May 31, 2023

confirming that this PR at current HEAD + wamr update passes envoy ci

@PiotrSikora
Copy link
Member

PiotrSikora commented May 31, 2023
edited
Loading

versions updated here - this really needs a better solution for updating

IMHO, the best way would be if Envoy used proxy_wasm_cpp_host_repositories() and proxy_wasm_cpp_host_dependencies() to pull required deps instead of redeclaring them in Envoy.

But I think there was a supply chain related reason why you want to control them there?

@phlax
Copy link
Contributor Author

phlax commented Jun 1, 2023

... the best way would be if Envoy used ...

how would that be different if one of us still has to come here and do this to update?

the only difference i think would be that we would probably not actually see the CVE notices

@phlax phlax changed the title deps: Bump wasmtime -> 9.0.2 deps: Bump wasmtime -> 9.0.3 Jun 1, 2023
@phlax
Copy link
Contributor Author

phlax commented Jun 1, 2023

updated to 9.0.3

@phlax
Copy link
Contributor Author

phlax commented Jun 1, 2023

updated to 9.0.3

somewhat involuntarily - it changed all the versions running generate-lock - ie didnt respect the various places the versions are (manually) set

phlax added 3 commits June 1, 2023 03:23
@phlax
fix-versions
d3f4983 
Signed-off-by: Ryan Northey <[email protected]>
@phlax
up-version
de0e6b0 
Signed-off-by: Ryan Northey <[email protected]>
@phlax
add-missing-files
b754175 
Signed-off-by: Ryan Northey <[email protected]>
@phlax phlax force-pushed the deps-bump-wasmtime branch from bfe707a to b754175 Compare June 1, 2023 02:23
@PiotrSikora
Copy link
Member

how would that be different if one of us still has to come here and do this to update?

the only difference i think would be that we would probably not actually see the CVE notices

You'd only need to do a single "atomic" bump of proxy-wasm-cpp-host in Envoy, without risk of having other dependencies out-of-sync, like with WAMR now (I thought that was your main complaint?).

@PiotrSikora PiotrSikora changed the title deps: Bump wasmtime -> 9.0.3 wasmtime: update to v9.0.3. Jun 1, 2023
PiotrSikora
PiotrSikora approved these changes Jun 1, 2023
View reviewed changes
Copy link
Member

@PiotrSikora PiotrSikora left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@PiotrSikora PiotrSikora merged commit 5d76116 into proxy-wasm:master Jun 1, 2023
@phlax
Copy link
Contributor Author

phlax commented Jun 1, 2023

You'd only need to do a single "atomic" bump of proxy-wasm-cpp-host in Envoy, without risk of having other dependencies out-of-sync, like with WAMR now

i guess there is some benefit to delegating the dep setup - it would mess up our cve tracking, which tbh, i think this repo depends on as we are the ones updating it

(I thought that was your main complaint?).

the main complaint is the complexity of doing this - everyone dreads it and as we track the cves it needs to be updated fairly frequently

ideally we reduce what is required to a single command - ie ./ci/update_wasmtime.sh kinda thing - then it would be no big deal, and potentially could be automated with ci here - the current situation is a nightmare

@PiotrSikora
Copy link
Member

the main complaint is the complexity of doing this - everyone dreads it and as we track the cves it needs to be updated fairly frequently

ideally we reduce what is required to a single command - ie ./ci/update_wasmtime.sh kinda thing - then it would be no big deal, and potentially could be automated with ci here - the current situation is a nightmare

cc @mpwarres @martijneken

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PiotrSikora PiotrSikora PiotrSikora approved these changes

@mathetake mathetake Awaiting requested review from mathetake

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@phlax @PiotrSikora