T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Mark public API functions as unsafe. (#90)

Browse Source 
* Mark public API functions as unsafe.

This marks the public hostcalls functions as unsafe.

This is generalizing from Rust's `from_raw_fd` function, which is
unsafe. The observation is that nothing prevents code using this
function from passing a bogus or stale dangling file descriptor and
corrupting an arbitrary open stream.

Technically, some of these functions don't use file descriptors, such as
random, clocks, and a few others. However I expect that in the future,
random and clocks will switch to using file descriptors anyway, and it
keeps the macro definitions simpler if we only have to handle one form.

* Mark WasiCtx functions that operate on file descriptors unsafe too.

* `fd_filestat_set_times_impl` doesn't need to be unsafe.

* Remove unnecessary unsafes
This commit is contained in:
Dan Gohman
2019-09-16 15:55:35 -07:00
committed by GitHub
parent fec5b7ab0a
commit 30a4f73cce
6 changed files with 89 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
src/hostcalls/fs.rs
View File

@@ -3,11 +3,11 @@ use crate::ctx::WasiCtx;
use crate::wasm32;
hostcalls! {
pub fn fd_close(wasi_ctx: &mut WasiCtx, fd: wasm32::__wasi_fd_t,) -> wasm32::__wasi_errno_t;
pub unsafe fn fd_close(wasi_ctx: &mut WasiCtx, fd: wasm32::__wasi_fd_t,) -> wasm32::__wasi_errno_t;
pub fn fd_datasync(wasi_ctx: &WasiCtx, fd: wasm32::__wasi_fd_t,) -> wasm32::__wasi_errno_t;
pub unsafe fn fd_datasync(wasi_ctx: &WasiCtx, fd: wasm32::__wasi_fd_t,) -> wasm32::__wasi_errno_t;
pub fn fd_pread(
pub unsafe fn fd_pread(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
fd: wasm32::__wasi_fd_t,
@@ -17,7 +17,7 @@ hostcalls! {
nread: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_pwrite(
pub unsafe fn fd_pwrite(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
fd: wasm32::__wasi_fd_t,
@@ -27,7 +27,7 @@ hostcalls! {
nwritten: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_read(
pub unsafe fn fd_read(
wasi_ctx: &mut WasiCtx,
memory: &mut [u8],
fd: wasm32::__wasi_fd_t,
@@ -36,13 +36,13 @@ hostcalls! {
nread: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_renumber(
pub unsafe fn fd_renumber(
wasi_ctx: &mut WasiCtx,
from: wasm32::__wasi_fd_t,
to: wasm32::__wasi_fd_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_seek(
pub unsafe fn fd_seek(
wasi_ctx: &mut WasiCtx,
memory: &mut [u8],
fd: wasm32::__wasi_fd_t,
@@ -51,36 +51,36 @@ hostcalls! {
newoffset: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_tell(
pub unsafe fn fd_tell(
wasi_ctx: &mut WasiCtx,
memory: &mut [u8],
fd: wasm32::__wasi_fd_t,
newoffset: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_fdstat_get(
pub unsafe fn fd_fdstat_get(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
fd: wasm32::__wasi_fd_t,
fdstat_ptr: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_fdstat_set_flags(
pub unsafe fn fd_fdstat_set_flags(
wasi_ctx: &WasiCtx,
fd: wasm32::__wasi_fd_t,
fdflags: wasm32::__wasi_fdflags_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_fdstat_set_rights(
pub unsafe fn fd_fdstat_set_rights(
wasi_ctx: &mut WasiCtx,
fd: wasm32::__wasi_fd_t,
fs_rights_base: wasm32::__wasi_rights_t,
fs_rights_inheriting: wasm32::__wasi_rights_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_sync(wasi_ctx: &WasiCtx, fd: wasm32::__wasi_fd_t,) -> wasm32::__wasi_errno_t;
pub unsafe fn fd_sync(wasi_ctx: &WasiCtx, fd: wasm32::__wasi_fd_t,) -> wasm32::__wasi_errno_t;
pub fn fd_write(
pub unsafe fn fd_write(
wasi_ctx: &mut WasiCtx,
memory: &mut [u8],
fd: wasm32::__wasi_fd_t,
@@ -89,7 +89,7 @@ hostcalls! {
nwritten: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_advise(
pub unsafe fn fd_advise(
wasi_ctx: &WasiCtx,
fd: wasm32::__wasi_fd_t,
offset: wasm32::__wasi_filesize_t,
@@ -97,14 +97,14 @@ hostcalls! {
advice: wasm32::__wasi_advice_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_allocate(
pub unsafe fn fd_allocate(
wasi_ctx: &WasiCtx,
fd: wasm32::__wasi_fd_t,
offset: wasm32::__wasi_filesize_t,
len: wasm32::__wasi_filesize_t,
) -> wasm32::__wasi_errno_t;
pub fn path_create_directory(
pub unsafe fn path_create_directory(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
dirfd: wasm32::__wasi_fd_t,
@@ -112,7 +112,7 @@ hostcalls! {
path_len: wasm32::size_t,
) -> wasm32::__wasi_errno_t;
pub fn path_link(
pub unsafe fn path_link(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
old_dirfd: wasm32::__wasi_fd_t,
@@ -124,7 +124,7 @@ hostcalls! {
new_path_len: wasm32::size_t,
) -> wasm32::__wasi_errno_t;
pub fn path_open(
pub unsafe fn path_open(
wasi_ctx: &mut WasiCtx,
memory: &mut [u8],
dirfd: wasm32::__wasi_fd_t,
@@ -138,7 +138,7 @@ hostcalls! {
fd_out_ptr: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_readdir(
pub unsafe fn fd_readdir(
wasi_ctx: &mut WasiCtx,
memory: &mut [u8],
fd: wasm32::__wasi_fd_t,
@@ -148,7 +148,7 @@ hostcalls! {
buf_used: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn path_readlink(
pub unsafe fn path_readlink(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
dirfd: wasm32::__wasi_fd_t,
@@ -159,7 +159,7 @@ hostcalls! {
buf_used: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn path_rename(
pub unsafe fn path_rename(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
old_dirfd: wasm32::__wasi_fd_t,
@@ -170,14 +170,14 @@ hostcalls! {
new_path_len: wasm32::size_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_filestat_get(
pub unsafe fn fd_filestat_get(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
fd: wasm32::__wasi_fd_t,
filestat_ptr: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_filestat_set_times(
pub unsafe fn fd_filestat_set_times(
wasi_ctx: &WasiCtx,
fd: wasm32::__wasi_fd_t,
st_atim: wasm32::__wasi_timestamp_t,
@@ -185,13 +185,13 @@ hostcalls! {
fst_flags: wasm32::__wasi_fstflags_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_filestat_set_size(
pub unsafe fn fd_filestat_set_size(
wasi_ctx: &WasiCtx,
fd: wasm32::__wasi_fd_t,
st_size: wasm32::__wasi_filesize_t,
) -> wasm32::__wasi_errno_t;
pub fn path_filestat_get(
pub unsafe fn path_filestat_get(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
dirfd: wasm32::__wasi_fd_t,
@@ -201,7 +201,7 @@ hostcalls! {
filestat_ptr: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn path_filestat_set_times(
pub unsafe fn path_filestat_set_times(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
dirfd: wasm32::__wasi_fd_t,
@@ -213,7 +213,7 @@ hostcalls! {
fst_flags: wasm32::__wasi_fstflags_t,
) -> wasm32::__wasi_errno_t;
pub fn path_symlink(
pub unsafe fn path_symlink(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
old_path_ptr: wasm32::uintptr_t,
@@ -223,7 +223,7 @@ hostcalls! {
new_path_len: wasm32::size_t,
) -> wasm32::__wasi_errno_t;
pub fn path_unlink_file(
pub unsafe fn path_unlink_file(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
dirfd: wasm32::__wasi_fd_t,
@@ -231,7 +231,7 @@ hostcalls! {
path_len: wasm32::size_t,
) -> wasm32::__wasi_errno_t;
pub fn path_remove_directory(
pub unsafe fn path_remove_directory(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
dirfd: wasm32::__wasi_fd_t,
@@ -239,14 +239,14 @@ hostcalls! {
path_len: wasm32::size_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_prestat_get(
pub unsafe fn fd_prestat_get(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
fd: wasm32::__wasi_fd_t,
prestat_ptr: wasm32::uintptr_t,
) -> wasm32::__wasi_errno_t;
pub fn fd_prestat_dir_name(
pub unsafe fn fd_prestat_dir_name(
wasi_ctx: &WasiCtx,
memory: &mut [u8],
fd: wasm32::__wasi_fd_t,