T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Mark public API functions as unsafe. (#90)

Browse Source 
* Mark public API functions as unsafe.

This marks the public hostcalls functions as unsafe.

This is generalizing from Rust's `from_raw_fd` function, which is
unsafe. The observation is that nothing prevents code using this
function from passing a bogus or stale dangling file descriptor and
corrupting an arbitrary open stream.

Technically, some of these functions don't use file descriptors, such as
random, clocks, and a few others. However I expect that in the future,
random and clocks will switch to using file descriptors anyway, and it
keeps the macro definitions simpler if we only have to handle one form.

* Mark WasiCtx functions that operate on file descriptors unsafe too.

* `fd_filestat_set_times_impl` doesn't need to be unsafe.

* Remove unnecessary unsafes
This commit is contained in:
Dan Gohman
2019-09-16 15:55:35 -07:00
committed by GitHub
parent fec5b7ab0a
commit 30a4f73cce
6 changed files with 89 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
src/hostcalls/fs.rs
View File

@@ -3,11 +3,11 @@ use crate::ctx::WasiCtx;
use crate::wasm32;
hostcalls! {
pub fn fd_close(wasi_ctx: &mut WasiCtx, fd: wasm32::__wasi_fd_t,) -> wasm32::__wasi_errno_t;
pub unsafe fn fd_close(wasi_ctx: &mut WasiCtx, fd: wasm32::__wasi_fd_t,) -> wasm32::__wasi_errno_t;
pub fn fd_datasync(wasi_ctx: &WasiCtx, fd: wasm32::__wasi_fd_t,) -> wasm32::__wasi_errno_t;
pub unsafe fn fd_datasync(wasi_ctx: &WasiCtx, fd: wasm32::__wasi_fd_t,) -> wasm32::__wasi_errno_t;
pub fn fd_pread(
pub unsafe fn fd_pread(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
fd: wasm32::__wasi_fd_t,
@@ -17,7 +17,7 @@ hostcalls! {
nread: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_pwrite(
pub unsafe fn fd_pwrite(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
fd: wasm32::__wasi_fd_t,
@@ -27,7 +27,7 @@ hostcalls! {
nwritten: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_read(
pub unsafe fn fd_read(
wasi_ctx: &mut WasiCtx,
memory: &mut [u8],
fd: wasm32::__wasi_fd_t,
@@ -36,13 +36,13 @@ hostcalls! {
nread: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_renumber(
pub unsafe fn fd_renumber(
wasi_ctx: &mut WasiCtx,
from: wasm32::__wasi_fd_t,
to: wasm32::__wasi_fd_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_seek(
pub unsafe fn fd_seek(
wasi_ctx: &mut WasiCtx,
memory: &mut [u8],
fd: wasm32::__wasi_fd_t,
@@ -51,36 +51,36 @@ hostcalls! {
newoffset: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_tell(
pub unsafe fn fd_tell(
wasi_ctx: &mut WasiCtx,
memory: &mut [u8],
fd: wasm32::__wasi_fd_t,
newoffset: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_fdstat_get(
pub unsafe fn fd_fdstat_get(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
fd: wasm32::__wasi_fd_t,
fdstat_ptr: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_fdstat_set_flags(
pub unsafe fn fd_fdstat_set_flags(
wasi_ctx: &WasiCtx,
fd: wasm32::__wasi_fd_t,
fdflags: wasm32::__wasi_fdflags_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_fdstat_set_rights(
pub unsafe fn fd_fdstat_set_rights(
wasi_ctx: &mut WasiCtx,
fd: wasm32::__wasi_fd_t,
fs_rights_base: wasm32::__wasi_rights_t,
fs_rights_inheriting: wasm32::__wasi_rights_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_sync(wasi_ctx: &WasiCtx, fd: wasm32::__wasi_fd_t,) -> wasm32::__wasi_errno_t;
pub unsafe fn fd_sync(wasi_ctx: &WasiCtx, fd: wasm32::__wasi_fd_t,) -> wasm32::__wasi_errno_t;
pub fn fd_write(
pub unsafe fn fd_write(
wasi_ctx: &mut WasiCtx,
memory: &mut [u8],
fd: wasm32::__wasi_fd_t,
@@ -89,7 +89,7 @@ hostcalls! {
nwritten: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_advise(
pub unsafe fn fd_advise(
wasi_ctx: &WasiCtx,
fd: wasm32::__wasi_fd_t,
offset: wasm32::__wasi_filesize_t,
@@ -97,14 +97,14 @@ hostcalls! {
advice: wasm32::__wasi_advice_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_allocate(
pub unsafe fn fd_allocate(
wasi_ctx: &WasiCtx,
fd: wasm32::__wasi_fd_t,
offset: wasm32::__wasi_filesize_t,
len: wasm32::__wasi_filesize_t,
) -> wasm32::__wasi_errno_t;
pub fn path_create_directory(
pub unsafe fn path_create_directory(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
dirfd: wasm32::__wasi_fd_t,
@@ -112,7 +112,7 @@ hostcalls! {
path_len: wasm32::size_t,
) -> wasm32::__wasi_errno_t;
pub fn path_link(
pub unsafe fn path_link(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
old_dirfd: wasm32::__wasi_fd_t,
@@ -124,7 +124,7 @@ hostcalls! {
new_path_len: wasm32::size_t,
) -> wasm32::__wasi_errno_t;
pub fn path_open(
pub unsafe fn path_open(
wasi_ctx: &mut WasiCtx,
memory: &mut [u8],
dirfd: wasm32::__wasi_fd_t,
@@ -138,7 +138,7 @@ hostcalls! {
fd_out_ptr: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_readdir(
pub unsafe fn fd_readdir(
wasi_ctx: &mut WasiCtx,
memory: &mut [u8],
fd: wasm32::__wasi_fd_t,
@@ -148,7 +148,7 @@ hostcalls! {
buf_used: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn path_readlink(
pub unsafe fn path_readlink(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
dirfd: wasm32::__wasi_fd_t,
@@ -159,7 +159,7 @@ hostcalls! {
buf_used: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn path_rename(
pub unsafe fn path_rename(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
old_dirfd: wasm32::__wasi_fd_t,
@@ -170,14 +170,14 @@ hostcalls! {
new_path_len: wasm32::size_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_filestat_get(
pub unsafe fn fd_filestat_get(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
fd: wasm32::__wasi_fd_t,
filestat_ptr: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_filestat_set_times(
pub unsafe fn fd_filestat_set_times(
wasi_ctx: &WasiCtx,
fd: wasm32::__wasi_fd_t,
st_atim: wasm32::__wasi_timestamp_t,
@@ -185,13 +185,13 @@ hostcalls! {
fst_flags: wasm32::__wasi_fstflags_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_filestat_set_size(
pub unsafe fn fd_filestat_set_size(
wasi_ctx: &WasiCtx,
fd: wasm32::__wasi_fd_t,
st_size: wasm32::__wasi_filesize_t,
) -> wasm32::__wasi_errno_t;
pub fn path_filestat_get(
pub unsafe fn path_filestat_get(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
dirfd: wasm32::__wasi_fd_t,
@@ -201,7 +201,7 @@ hostcalls! {
filestat_ptr: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn path_filestat_set_times(
pub unsafe fn path_filestat_set_times(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
dirfd: wasm32::__wasi_fd_t,
@@ -213,7 +213,7 @@ hostcalls! {
fst_flags: wasm32::__wasi_fstflags_t,
) -> wasm32::__wasi_errno_t;
pub fn path_symlink(
pub unsafe fn path_symlink(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
old_path_ptr: wasm32::uintptr_t,
@@ -223,7 +223,7 @@ hostcalls! {
new_path_len: wasm32::size_t,
) -> wasm32::__wasi_errno_t;
pub fn path_unlink_file(
pub unsafe fn path_unlink_file(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
dirfd: wasm32::__wasi_fd_t,
@@ -231,7 +231,7 @@ hostcalls! {
path_len: wasm32::size_t,
) -> wasm32::__wasi_errno_t;
pub fn path_remove_directory(
pub unsafe fn path_remove_directory(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
dirfd: wasm32::__wasi_fd_t,
@@ -239,14 +239,14 @@ hostcalls! {
path_len: wasm32::size_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_prestat_get(
pub unsafe fn fd_prestat_get(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
fd: wasm32::__wasi_fd_t,
prestat_ptr: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_prestat_dir_name(
pub unsafe fn fd_prestat_dir_name(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
fd: wasm32::__wasi_fd_t,

22
src/hostcalls/misc.rs
View File

@@ -7,7 +7,7 @@ use log::trace;
use wasi_common_cbindgen::wasi_common_cbindgen;
#[wasi_common_cbindgen]
pub fn proc_exit(rval: wasm32::__wasi_exitcode_t) {
pub unsafe fn proc_exit(rval: wasm32::__wasi_exitcode_t) {
trace!("proc_exit(rval={:?})", rval);
// TODO: Rather than call std::process::exit here, we should trigger a
// stack unwind similar to a trap.
@@ -15,7 +15,7 @@ pub fn proc_exit(rval: wasm32::__wasi_exitcode_t) {
}
#[wasi_common_cbindgen]
pub fn proc_raise(
pub unsafe fn proc_raise(
_wasi_ctx: &WasiCtx,
_memory: &mut [u8],
_sig: wasm32::__wasi_signal_t,
@@ -24,54 +24,54 @@ pub fn proc_raise(
}
hostcalls! {
pub fn args_get(
pub unsafe fn args_get(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
argv_ptr: wasm32::uintptr_t,
argv_buf: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn args_sizes_get(
pub unsafe fn args_sizes_get(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
argc_ptr: wasm32::uintptr_t,
argv_buf_size_ptr: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn environ_get(
pub unsafe fn environ_get(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
environ_ptr: wasm32::uintptr_t,
environ_buf: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn environ_sizes_get(
pub unsafe fn environ_sizes_get(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
environ_count_ptr: wasm32::uintptr_t,
environ_size_ptr: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn random_get(
pub unsafe fn random_get(
memory: &mut [u8],
buf_ptr: wasm32::uintptr_t,
buf_len: wasm32::size_t,
) -> wasm32::__wasi_errno_t;
pub fn clock_res_get(
pub unsafe fn clock_res_get(
memory: &mut [u8],
clock_id: wasm32::__wasi_clockid_t,
resolution_ptr: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn clock_time_get(
pub unsafe fn clock_time_get(
memory: &mut [u8],
clock_id: wasm32::__wasi_clockid_t,
precision: wasm32::__wasi_timestamp_t,
time_ptr: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn poll_oneoff(
pub unsafe fn poll_oneoff(
memory: &mut [u8],
input: wasm32::uintptr_t,
output: wasm32::uintptr_t,
@@ -79,5 +79,5 @@ hostcalls! {
nevents: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn sched_yield() -> wasm32::__wasi_errno_t;
pub unsafe fn sched_yield() -> wasm32::__wasi_errno_t;
}

6
src/hostcalls/sock.rs
View File

@@ -6,7 +6,7 @@ use crate::wasm32;
use wasi_common_cbindgen::wasi_common_cbindgen;
#[wasi_common_cbindgen]
pub fn sock_recv(
pub unsafe fn sock_recv(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
sock: wasm32::__wasi_fd_t,
@@ -20,7 +20,7 @@ pub fn sock_recv(
}
#[wasi_common_cbindgen]
pub fn sock_send(
pub unsafe fn sock_send(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
sock: wasm32::__wasi_fd_t,
@@ -33,7 +33,7 @@ pub fn sock_send(
}
#[wasi_common_cbindgen]
pub fn sock_shutdown(
pub unsafe fn sock_shutdown(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
sock: wasm32::__wasi_fd_t,