Encode cageids to enable address translations: (arg, cageid) tuple independence from calling cages. (#913)

* Encode arg cageid translation flag

* make it look not insane

* Changes post test runs.

* Reorganize docs and add clamping/stacking paragraphs (#711)

* reorganize docs, add image, add clamping/stacking paragraphs

* add link

* Update docs/internal/grates.md

Co-authored-by: Justin Cappos <justincappos@gmail.com>

* 3i comment updates

* more 3i comment updates

* index update

* grate changes: more on clamping, motivation

* resolve grate comments

* add examples and more on clamping

* Update wasmtime doc

* Update wasmtime

* update example

* update clamping section

* add clamping doc

* Update docs/internal/clamping.md

Co-authored-by: Justin Cappos <justincappos@gmail.com>

* Apply suggestion from @JustinCappos

Co-authored-by: Justin Cappos <justincappos@gmail.com>

* resolve some comments

* resolve some comments

* fix unclear memory comment

---------

Co-authored-by: Justin Cappos <justincappos@gmail.com>
Co-authored-by: Alice W <wenyaxuan0925@outlook.com>

* Force-link signal_callback export in crt1.c (#916)

Programs that never call sigaction() (e.g. kill.c) would not link in
libc_sigaction.o, so signal_callback was missing from the wasm exports.
The epoch-based signal handler in wasmtime looks up this export at
runtime, causing a panic when delivering signals to such programs.

Fix: add a __attribute__((used)) reference to signal_callback in crt1.c
so it is always exported from every wasm binary.

* refactor handler resolution logic to remove usage of operational_cageid in rawposix (#900)

* refactor traget cageid usage in 3i and rawposix

* Squashed commit of the following:

commit 5756372
Author: Nicholas Renner <nr2185@nyu.edu>
Date:   Tue Mar 10 09:58:37 2026 -0400

    Restore wasip linker for rust (#902)

    * restore wasip linker for rust

    * Deduplicate wasip1/lind environ linker functions, fix rustfmt

    Merge add_environ_to_linker and add_wasi_compat_to_linker into a single
    add_environ_funcs_to_linker that takes a module name parameter. Called
    twice with "lind" and "wasi_snapshot_preview1" to register identical
    implementations under both namespaces. Fixes cargo fmt lint failure.

commit fee8b37
Author: Nicholas Renner <nr2185@nyu.edu>
Date:   Mon Mar 9 22:54:30 2026 -0400

    Signal EINTR + Asyncify updates (349 update) (#906)

    * update PR to integrated signal EINTR with lind-boot

    * Remove spurious set_stack_pointer call in fork child path

    The set_stack_pointer call was carried over from the old asyncify branch
    but is not needed in the new architecture. The fork child's stack pointer
    is correctly managed by the asyncify rewind mechanism. Calling
    set_stack_pointer before the rewind interfered with the fork process,
    causing all fork-based tests to deadlock/timeout.

    * Rewrite eintr_fork_signal test to use spin loop instead of blocking read

    The original test used alarm(1) + blocking read(pipe), but RawPOSIX's
    read() calls host libc::read() directly, which blocks in the host kernel.
    Since SIGALRM is delivered via epoch callback (which requires wasm to be
    executing), the blocking read can never be interrupted. Rewrite to use a
    spin loop that allows the epoch to fire and deliver the signal.

commit f15676e
Author: Alice Wen <40227173+Yaxuan-w@users.noreply.github.com>
Date:   Mon Mar 9 21:28:46 2026 -0400

    Implement structured exit status handling and correct POSIX wait status encoding (#910)

    * Fix exit code handling to include signal termination

    * Revert fs_call

    * Remove redundant bit check

    * Not using sleep to sync in test

commit f135811
Author: Nicholas Renner <nr2185@nyu.edu>
Date:   Mon Mar 9 18:51:24 2026 -0400

    determinize resolve test (#912)

commit a8798b6
Author: Alice Wen <40227173+Yaxuan-w@users.noreply.github.com>
Date:   Mon Mar 9 17:58:01 2026 -0400

    Fix exit code mismatch between wasmtime and lind-boot exit (#856)

    * Fix exit code mismatch

    * Update skipped list

    * Skip test case

    * Handle system err return

    * Fix merge conflicts

commit 750ba9a
Author: Qianxi Chen <53324229+qianxichen233@users.noreply.github.com>
Date:   Mon Mar 9 13:58:23 2026 -0400

    unify execute_wasmtime and execute_with_lind (#903)

commit e5eb83c
Author: Qianxi Chen <53324229+qianxichen233@users.noreply.github.com>
Date:   Mon Mar 9 13:57:55 2026 -0400

    update wasm-opt for dylink support (#905)

commit 086224d
Author: Huong Hoang <68453624+celinehoang177@users.noreply.github.com>
Date:   Mon Mar 9 12:10:52 2026 -0400

    Replace hardcoded numbers in codebase with named constants (Rust + C) (#855)

    * replace hardcoded numbers in codebase with named constants

    * replace padding 0s with NOTUSED/UNUSED_ID/UNUSED_ARG

commit 89ef9bd
Author: Nicholas Renner <nr2185@nyu.edu>
Date:   Mon Mar 9 11:18:37 2026 -0400

    Fix remote DNS (#898)

    * dns remote resolv

    * add fionread

    * lint

* Refine 3i get_handler and solve exec/exit/clone issue

* Fix exec

* update gitignore (#920)

* deps(gha)(deps): bump docker/metadata-action in /.github/workflows (#925)

* deps(gha)(deps): bump docker/build-push-action in /.github/workflows (#926)

* deps(gha)(deps): bump docker/setup-buildx-action in /.github/workflows (#928)

* deps(gha)(deps): bump zizmorcore/zizmor-action from 0.5.0 to 0.5.2 in /.github/workflows (#927)

* deps(gha)(deps): bump zizmorcore/zizmor-action in /.github/workflows

Bumps [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) from 0.5.0 to 0.5.2.
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases)
- [Commits](zizmorcore/zizmor-action@0dce257...71321a2)

---
updated-dependencies:
- dependency-name: zizmorcore/zizmor-action
  dependency-version: 0.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* add dedicated environment for zizmor compatibility

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Natasha Hemmings <discount.yoyos@gmail.com>

* Fix getaddrinfo() with PF_UNSPEC (#935)

* Fix getaddrinfo PF_UNSPEC: stub out sendmmsg for Lind-WASM

getaddrinfo() with PF_UNSPEC failed with "Temporary failure in name
resolution" because glibc's DNS resolver (res_send.c) tried to send
parallel A+AAAA queries using sendmmsg(), which is not implemented
in Lind. With __ASSUME_SENDMMSG defined, the fallback to individual
send() calls was compiled out, so the sendmmsg failure was fatal.

Fix:
- Stub __sendmmsg to return ENOSYS immediately (no syscall dispatch)
- Undefine __ASSUME_SENDMMSG in kernel-features.h so res_send.c
  compiles in the fallback path that uses individual __send() calls

When sendmmsg returns ENOSYS, res_send.c sets have_sendmmsg=-1 and
falls through to try_send, which sends each DNS query individually.
Subsequent calls skip sendmmsg entirely.

Closes #934

* Add getaddrinfo PF_UNSPEC test

* make test failure return error code in make file to stop process (#936)

* make test failure return error code in make file to stop process

* Add deliberately failing ci test file

* intentional failing tests should now force E2E_STATUS=fail

* Skip ci-test file to prevent actual failures

* move test location to ci folder

* update test harness to include the ci folder

* change skipped test location for ci test

* Fix random_get: route through make_syscall instead of /dev/urandom (#940)

lind-boot chroots to lindfs where /dev/urandom doesn't exist,
causing a panic in random_get. Route through 3i make_syscall to
the existing getrandom_syscall handler (syscall 318) in rawposix.

Fixes #919

* Fix test output

* WIP : Glibc fixes to fix build errors and undefined symbol errors (#793)

* Added placeholder for libdl.a

* Added unwind_def object file for libc.a

* Updated s_frexpl.c with latest glibc code to fix the build error

* Disable compiler flags -mno-sse, -mno-mmx, -mfpmath-387 that are not supported by wasm and caused build errors

* Disable ELF symbol versioning and hidden visibility in glibc shared builds which caused undefined symbol error for pow etc

* Removed flags that is not supported in wasm

* resolve comments.

* Revert "Merge branch 'main' of github.com:Lind-Project/lind-wasm into encode-argid"

This reverts commit a758efd, reversing
changes made to 061322b.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Nicholas Renner <nr2185@nyu.edu>
Co-authored-by: Justin Cappos <justincappos@gmail.com>
Co-authored-by: Alice W <wenyaxuan0925@outlook.com>
Co-authored-by: Alice Wen <40227173+Yaxuan-w@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Natasha Hemmings <discount.yoyos@gmail.com>
Co-authored-by: Vidya Lakshmi Rajagopalan <vidyalakshmir@users.noreply.github.com>

Author: 7 people

src/glibc/lind_syscall/addr_translation.h

@@ -5,6 +5,15 @@
 #include <stddef.h>
 #include <errno.h>
 
+// With the new semantics, a cageid with its MSB set indicates that the
+// associated argument should be translated. These helpers manage that flag.
+//
+// Flag indicating the argument requires translation (MSB set).
+#define LIND_ARG_TRANSLATE_FLAG (1ULL << 63)
+
+// Mask to extract the actual cageid (clear the translation flag).
+#define LIND_ARG_CAGEID_MASK (~LIND_ARG_TRANSLATE_FLAG)
+
 #ifdef __cplusplus
 extern "C"
 {
@@ -45,7 +54,13 @@ extern "C"
   static inline uint64_t
   __lind_translate_uaddr_to_host (const uint64_t uaddr, const uint64_t cageid)
   {
-    if (cageid == __lind_cageid)
+    // Extract actual cageid (without the translation flag)
+    uint64_t __cageid = cageid & LIND_ARG_CAGEID_MASK;
+
+    // Translate only if:
+    // 1. The argument originates from the current cage, and
+    // 2. MSB of cageid is set.
+    if (__cageid == __lind_cageid && ((cageid & LIND_ARG_TRANSLATE_FLAG) != 0))
       return __lind_base + uaddr;
 
     return uaddr;
@@ -55,10 +70,24 @@ extern "C"
 #define TRANSLATE_GUEST_POINTER_TO_HOST(p)                                    \
   __lind_translate_ptr_to_host ((const void *) (p))
 
-// Converts (uaddr, cageid) pair to host address.
-// Useful when address space (cage vs host) is ambigious.
+// Convert a (uaddr, cageid) pair to (host_addr, cageid).
+//
+// Used by copy_data_between_cages where arguments are already addresses. This macro
+// sets the translation flag before invoking the helper.
+//
+// Input:  (uaddr, cageid)
+// Output: (host_addr, cageid)
 #define TRANSLATE_UADDR_TO_HOST(uaddr, cageid)                                \
-  __lind_translate_uaddr_to_host ((uaddr), (cageid))
+  __lind_translate_uaddr_to_host ((uaddr), ((cageid) | LIND_ARG_TRANSLATE_FLAG)), (cageid)
+
+// Used by make_threei_call to translate arguments if required.
+//
+// Translation occurs only when the MSB of cageid is set.
+//
+// Input:  (uaddr, cageid)
+// Output: (host_addr, actual_cageid)
+#define TRANSLATE_ARG_TO_HOST(uaddr, cageid)                                  \
+  __lind_translate_uaddr_to_host ((uaddr), (cageid)), ((cageid) & LIND_ARG_CAGEID_MASK)
 
 /* Translate an array of guest iovec structures to host layout.
    Each iov_base is a wasm32 guest pointer; we split the translated

src/glibc/lind_syscall/lind_syscall.c

@@ -81,12 +81,13 @@ int make_threei_call (unsigned int callnumber,
     int ret = __lind_make_syscall_trampoline(callnumber, 
         callname, 
         self_cageid, target_cageid,
-        arg1, arg1cageid,
-        arg2, arg2cageid,
-        arg3, arg3cageid,
-        arg4, arg4cageid,
-        arg5, arg5cageid,
-        arg6, arg6cageid);
+        TRANSLATE_ARG_TO_HOST(arg1, arg1cageid),
+        TRANSLATE_ARG_TO_HOST(arg2, arg2cageid),
+        TRANSLATE_ARG_TO_HOST(arg3, arg3cageid),
+        TRANSLATE_ARG_TO_HOST(arg4, arg4cageid),
+        TRANSLATE_ARG_TO_HOST(arg5, arg5cageid),
+        TRANSLATE_ARG_TO_HOST(arg6, arg6cageid));
+
     // if translate_errno is not enabled, we do not do any further process to errno handling and directly return the result
     if(translate_errno == TRANSLATE_ERRNO_OFF) return ret;
     // handle the errno
@@ -155,8 +156,8 @@ int copy_data_between_cages(uint64_t thiscage, uint64_t targetcage, uint64_t src
         NOTUSED, // callname is not used in the trampoline
         thiscage, // self_cageid
         thiscage, // target_cageid. Self_cageid and target_cageid are the same to adapt with regular make_syscall lookup logic in 3i
-        TRANSLATE_UADDR_TO_HOST(srcaddr, srccage), srccage,
-        TRANSLATE_UADDR_TO_HOST(destaddr, destcage), destcage,
+        TRANSLATE_UADDR_TO_HOST(srcaddr, srccage),
+        TRANSLATE_UADDR_TO_HOST(destaddr, destcage),
         len, NOTUSED,
         copytype, NOTUSED,
         NOTUSED, NOTUSED, NOTUSED, NOTUSED,

tests/grate-tests/diff-cage-args.c

@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+int main() {
+	int fd = open("redirected.txt", O_RDONLY, 0);
+	printf("Hello world. FD=%d\n", fd);
+
+	char buf[11];
+	int ret = read(fd, buf, 10);
+	buf[ret] = '\0';
+
+	printf("Goodbye world! ret=%d buf=%s\n", ret, buf);
+}

tests/grate-tests/diff-cage-args_grate.c

@@ -0,0 +1,136 @@
+#include <errno.h>
+#include <lind_syscall.h>
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+// Dispatcher function
+int pass_fptr_to_wt(uint64_t fn_ptr_uint, uint64_t cageid, uint64_t arg1,
+		    uint64_t arg1cage, uint64_t arg2, uint64_t arg2cage,
+		    uint64_t arg3, uint64_t arg3cage, uint64_t arg4,
+		    uint64_t arg4cage, uint64_t arg5, uint64_t arg5cage,
+		    uint64_t arg6, uint64_t arg6cage) {
+	if (fn_ptr_uint == 0) {
+		fprintf(stderr,
+			"[Grate|diff-cage-args] Invalid function ptr\n");
+		assert(0);
+	}
+
+	printf("[Grate|diff-cage-args] Handling function ptr: %llu from cage: "
+	       "%llu\n",
+	       fn_ptr_uint, cageid);
+
+	int (*fn)(uint64_t, uint64_t, uint64_t, uint64_t, uint64_t, uint64_t,
+		  uint64_t, uint64_t, uint64_t, uint64_t, uint64_t, uint64_t,
+		  uint64_t) =
+	    (int (*)(uint64_t, uint64_t, uint64_t, uint64_t, uint64_t, uint64_t,
+		     uint64_t, uint64_t, uint64_t, uint64_t, uint64_t, uint64_t,
+		     uint64_t))(uintptr_t)fn_ptr_uint;
+
+	return fn(cageid, arg1, arg1cage, arg2, arg2cage, arg3, arg3cage, arg4,
+		  arg4cage, arg5, arg5cage, arg6, arg6cage);
+}
+
+int read_grate(uint64_t grateid, uint64_t arg1, uint64_t arg1cage,
+	       uint64_t arg2, uint64_t arg2cage, uint64_t arg3,
+	       uint64_t arg3cage, uint64_t arg4, uint64_t arg4cage,
+	       uint64_t arg5, uint64_t arg5cage, uint64_t arg6,
+	       uint64_t arg6cage) {
+	int thiscage = getpid();
+	int cageid = arg1cage;
+
+	int fd = (int)arg1;
+	int count = (size_t)arg3;
+
+	ssize_t ret = 4321;
+
+	char buf[11] = "helloworld";
+
+	copy_data_between_cages(thiscage, arg2cage, (uint64_t)buf, thiscage,
+				arg2, arg2cage, count,
+				0 // Use copytype 0 so read exactly count
+				  // bytes instead of stopping at '\0'
+	);
+
+	return ret;
+}
+
+int open_grate(uint64_t cageid, uint64_t arg1, uint64_t arg1cage, uint64_t arg2,
+	       uint64_t arg2cage, uint64_t arg3, uint64_t arg3cage,
+	       uint64_t arg4, uint64_t arg4cage, uint64_t arg5,
+	       uint64_t arg5cage, uint64_t arg6, uint64_t arg6cage) {
+	printf(
+	    "[Grate|diff-cage-args] In open_grate %d handler for cage: %llu\n",
+	    getpid(), cageid);
+
+	int self_grate_id = getpid();
+
+	// Overwrite the path supplied to open with a different path.
+	char new_path[20] = "/tmp/redirected.txt";
+
+	int ret = make_threei_call(
+	    2, 0, self_grate_id, arg1cage,
+	    // We need to modify the cageid here to indicate that we want the
+	    // address translated.
+	    (uint64_t)&new_path, self_grate_id | (1ULL << 63), arg2, arg2cage,
+	    arg3, arg3cage, arg4, arg4cage, arg5, arg5cage, arg6, arg6cage,
+	    0 // we will handle the errno in this grate instead of translating
+	      // it to
+	);
+
+	return ret;
+}
+
+// Main function will always be same in all grates
+int main(int argc, char *argv[]) {
+	// Should be at least one input (at least one grate file and one cage
+	// file)
+	if (argc < 2) {
+		fprintf(stderr, "Usage: %s <cage_file> <grate_file>\n",
+			argv[0]);
+		assert(0);
+	}
+
+	int grateid = getpid();
+
+	pid_t pid = fork();
+	if (pid < 0) {
+		perror("fork failed");
+		assert(0);
+	} else if (pid == 0) {
+		int cageid = getpid();
+
+		// This is to test whether we can use arg, argcage from
+		// different cages.
+		uint64_t fn_ptr_addr = (uint64_t)(uintptr_t)&open_grate;
+		int ret = register_handler(cageid, 2, grateid, fn_ptr_addr);
+
+		// This is to check copy_data for regression.
+		fn_ptr_addr = (uint64_t)(uintptr_t)&read_grate;
+		ret = register_handler(cageid, 0, grateid, fn_ptr_addr);
+
+		if (execv(argv[1], &argv[1]) == -1) {
+			perror("execv failed");
+			assert(0);
+		}
+	}
+
+	int status;
+	int failed = 0;
+	while (wait(&status) > 0) {
+		if (status != 0) {
+			fprintf(stderr,
+				"[Grate|diff-cage-args] FAIL: child exited "
+				"with status %d\n",
+				status);
+			assert(0);
+		}
+	}
+
+	printf("[Grate|diff-cage-args] PASS\n");
+	return 0;
+}