Mount python worker files after taking memory snapshot

This ensures that the contents of worker files cannot be accessed prior to taking the snapshot and so won't appear in the linear memory.
cloudflare · Sep 27, 2024 · 045d770 · 045d770
1 parent ba8a592
commit 045d770
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 6 deletions.
diff --git a/src/pyodide/internal/python.ts b/src/pyodide/internal/python.ts
@@ -4,7 +4,8 @@ import {
  TRANSITIVE_REQUIREMENTS,
  SITE_PACKAGES,
  adjustSysPath,
- mountLib,
+ mountSitePackages,
+ mountWorkerFiles,
 } from 'pyodide-internal:setupPackages';
 import { reportError } from 'pyodide-internal:util';
 import {
@@ -201,7 +202,7 @@ async function instantiateEmscriptenModule(
  */
 async function prepareWasmLinearMemory(Module: Module): Promise<void> {
  // Note: if we are restoring from a snapshot, runtime is not initialized yet.
- mountLib(Module, SITE_PACKAGES.rootInfo);
+ mountSitePackages(Module, SITE_PACKAGES.rootInfo);
  entropyMountFiles(Module);
  if (SHOULD_RESTORE_SNAPSHOT) {
  restoreSnapshot(Module);
@@ -229,6 +230,9 @@ export async function loadPyodide(
  prepareWasmLinearMemory(Module)
  );
  maybeSetupSnapshotUpload(Module);
+ // Mount worker files after doing snapshot upload so we ensure that data from the files is never
+ // present in snapshot memory.
+ mountWorkerFiles(Module);
 
  // Finish setting up Pyodide's ffi so we can use the nice Python interface
  await enterJaegerSpan('finalize_bootstrap', Module.API.finalizeBootstrap);

diff --git a/src/pyodide/internal/setupPackages.ts b/src/pyodide/internal/setupPackages.ts
@@ -189,18 +189,21 @@ export function getSitePackagesPath(Module: Module): string {
  * details, so even though we want these directories to be on sys.path, we
  * handle that separately in adjustSysPath.
  */
-export function mountLib(Module: Module, info: TarFSInfo): void {
+export function mountSitePackages(Module: Module, info: TarFSInfo): void {
  const tarFS = createTarFS(Module);
- const mdFS = createMetadataFS(Module);
  const site_packages = getSitePackagesPath(Module);
  Module.FS.mkdirTree(site_packages);
- Module.FS.mkdirTree('/session/metadata');
  if (!LOAD_WHEELS_FROM_R2 && !LOAD_WHEELS_FROM_ARTIFACT_BUNDLER) {
  // if we are not loading additional wheels, then we're done
  // with site-packages and we can mount it here. Otherwise, we must mount it in
  // loadPackages().
  Module.FS.mount(tarFS, { info }, site_packages);
  }
+}
+
+export function mountWorkerFiles(Module: Module) {
+ Module.FS.mkdirTree('/session/metadata');
+ const mdFS = createMetadataFS(Module);
  Module.FS.mount(mdFS, {}, '/session/metadata');
 }
 

diff --git a/src/workerd/io/compatibility-date.capnp b/src/workerd/io/compatibility-date.capnp
@@ -424,7 +424,7 @@ struct CompatibilityFlags @0x8f8c1b68151b6cef {
  pythonWorkers @43 :Bool
  $compatEnableFlag("python_workers")
  $pythonSnapshotRelease(pyodide = "0.26.0a2", pyodideRevision = "2024-03-01",
- packages = "2024-03-01", backport = 0)
+ packages = "2024-03-01", backport = 1)
  $impliedByAfterDate(name = "pythonWorkersDevPyodide", date = "2000-01-01");
  # Enables Python Workers. Access to this flag is not restricted, instead bundles containing
  # Python modules are restricted in EWC.