T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rewrite majority of impl reusing libstd (#34)

Browse Source 
* Rewrite FdEntry reusing as much libstd as possible

* Use the new FdEntry, FdObject, Descriptor struct in *nix impl

* Adapt Windows impl

* Remove unnecessary check in fd_read

Check `host_nread == 0` caused premature FdEntry closure and removal
which ultimately was resulting in an attempt at "double closing" of
the same file descriptor at the end of the Wasm program:
...
fd_close(fd=4)
    -> errno=WASI_ESUCCESS
fd_close(fd=4)
    -> errno=WASI_EBADF

* Use libstd vectored IO

* Use std:🧵:yield_now to implement sched_yield

* Add logging to integration tests

* Add preliminary support for host-specific errors

* Operate on std::fs::File in path_get on *nix

* Add cross-platform RawString type encapsulating OsStrExt

* Fix Windows build

* Update Travis and README to Rust v1.36

* Remove unused winx::handle::close helper

* Refactor Descriptor into raw handles/fds

* Strip readlinkat in prep for path_get host-independent

* Strip openat in prep for path_get host-independent

* Move ManuallyDrop up one level from Descriptor to FdObject

* Make (c)iovec host fns unsafe

* Swap unwraps/expects for Results in fdentry_impl on nix

* Rewrite fd_pread/write and implement for Win

* Use File::sync_all to impl fd_sync

* Use File::sync_data to impl fd_datasync

* Rewind file cursor after fd_p{read, write} on Windows

* Add fd_p{read, write} tests

* Handle errors instead of panicking in path_get

* Use File::set_len to impl fd_allocate

* Add test for fd_allocate

* Replace all panics with Results

* Document the point of RawString
This commit is contained in:
Jakub Konka
2019-07-16 00:34:28 +02:00
committed by Dan Gohman
parent 93e1657bae
commit 667f272edd
32 changed files with 977 additions and 1045 deletions
Download Patch File Download Diff File Expand all files Collapse all files

175
src/sys/unix/hostcalls_impl/fs_helpers.rs
View File

@@ -1,86 +1,58 @@
#![allow(non_camel_case_types)]
#![allow(unused_unsafe)]
use super::host_impl;
use crate::ctx::WasiCtx;
use crate::fdentry::Descriptor;
use crate::host;
use crate::sys::errno_from_host;
use crate::sys::host_impl::{self, RawString};
use nix::libc::{self, c_long};
use std::ffi::{OsStr, OsString};
use std::os::unix::prelude::{OsStrExt, RawFd};
use std::ffi::OsStr;
use std::fs::File;
use std::path::{Component, Path};
/// Normalizes a path to ensure that the target path is located under the directory provided.
///
/// This is a workaround for not having Capsicum support in the OS.
pub fn path_get<P: AsRef<OsStr>>(
pub fn path_get(
wasi_ctx: &WasiCtx,
dirfd: host::__wasi_fd_t,
dirflags: host::__wasi_lookupflags_t,
path: P,
path: &RawString,
needed_base: host::__wasi_rights_t,
needed_inheriting: host::__wasi_rights_t,
needs_final_component: bool,
) -> Result<(RawFd, OsString), host::__wasi_errno_t> {
use nix::errno::Errno;
use nix::fcntl::{openat, readlinkat, OFlag};
use nix::sys::stat::Mode;
) -> Result<(File, RawString), host::__wasi_errno_t> {
const MAX_SYMLINK_EXPANSIONS: usize = 128;
/// close all the intermediate file descriptors, but make sure not to drop either the original
/// dirfd or the one we return (which may be the same dirfd)
fn ret_dir_success(dir_stack: &mut Vec<RawFd>) -> RawFd {
let ret_dir = dir_stack.pop().expect("there is always a dirfd to return");
if let Some(dirfds) = dir_stack.get(1..) {
for dirfd in dirfds {
nix::unistd::close(*dirfd).unwrap_or_else(|e| {
dbg!(e);
});
}
}
ret_dir
}
/// close all file descriptors other than the base directory, and return the errno for
/// convenience with `return`
fn ret_error(
dir_stack: &mut Vec<RawFd>,
errno: host::__wasi_errno_t,
) -> Result<(RawFd, OsString), host::__wasi_errno_t> {
if let Some(dirfds) = dir_stack.get(1..) {
for dirfd in dirfds {
nix::unistd::close(*dirfd).unwrap_or_else(|e| {
dbg!(e);
});
}
}
Err(errno)
}
if path.as_ref().as_bytes().contains(&b'\0') {
if path.contains(&b'\0') {
// if contains NUL, return EILSEQ
return Err(host::__WASI_EILSEQ);
}
let dirfe = wasi_ctx.get_fd_entry(dirfd, needed_base, needed_inheriting)?;
let dirfd = match &*dirfe.fd_object.descriptor {
Descriptor::File(f) => f.try_clone().map_err(|err| {
err.raw_os_error()
.map_or(host::__WASI_EBADF, errno_from_host)
})?,
_ => return Err(host::__WASI_EBADF),
};
// Stack of directory file descriptors. Index 0 always corresponds with the directory provided
// to this function. Entering a directory causes a file descriptor to be pushed, while handling
// ".." entries causes an entry to be popped. Index 0 cannot be popped, as this would imply
// escaping the base directory.
let mut dir_stack = vec![dirfe.fd_object.rawfd];
let mut dir_stack = vec![dirfd];
// Stack of paths left to process. This is initially the `path` argument to this function, but
// any symlinks we encounter are processed by pushing them on the stack.
let mut path_stack = vec![path.as_ref().to_owned()];
let mut path_stack = vec![path.clone()];
// Track the number of symlinks we've expanded, so we can return `ELOOP` after too many.
let mut symlink_expansions = 0;
// Buffer to read links into; defined outside of the loop so we don't reallocate it constantly.
let mut readlink_buf = vec![0u8; libc::PATH_MAX as usize + 1];
// TODO: rewrite this using a custom posix path type, with a component iterator that respects
// trailing slashes. This version does way too much allocation, and is way too fiddly.
loop {
@@ -88,16 +60,16 @@ pub fn path_get<P: AsRef<OsStr>>(
Some(cur_path) => {
// eprintln!("cur_path = {:?}", cur_path);
let ends_with_slash = cur_path.as_bytes().ends_with(b"/");
let ends_with_slash = cur_path.ends_with(b"/");
let mut components = Path::new(&cur_path).components();
let head = match components.next() {
None => return ret_error(&mut dir_stack, host::__WASI_ENOENT),
None => return Err(host::__WASI_ENOENT),
Some(p) => p,
};
let tail = components.as_path();
if tail.components().next().is_some() {
let mut tail = tail.as_os_str().to_owned();
let mut tail = RawString::from(tail.as_os_str());
if ends_with_slash {
tail.push("/");
}
@@ -107,7 +79,7 @@ pub fn path_get<P: AsRef<OsStr>>(
match head {
Component::Prefix(_) | Component::RootDir => {
// path is absolute!
return ret_error(&mut dir_stack, host::__WASI_ENOTCAPABLE);
return Err(host::__WASI_ENOTCAPABLE);
}
Component::CurDir => {
// "." so skip
@@ -115,56 +87,45 @@ pub fn path_get<P: AsRef<OsStr>>(
}
Component::ParentDir => {
// ".." so pop a dir
let dirfd = dir_stack.pop().expect("dir_stack is never empty");
let _ = dir_stack.pop().ok_or(host::__WASI_ENOTCAPABLE)?;
// we're not allowed to pop past the original directory
if dir_stack.is_empty() {
return ret_error(&mut dir_stack, host::__WASI_ENOTCAPABLE);
} else {
nix::unistd::close(dirfd).unwrap_or_else(|e| {
dbg!(e);
});
return Err(host::__WASI_ENOTCAPABLE);
}
}
Component::Normal(head) => {
let mut head = OsString::from(head);
let mut head = RawString::from(head);
if ends_with_slash {
// preserve trailing slash
head.push("/");
}
if !path_stack.is_empty() || (ends_with_slash && !needs_final_component) {
match openat(
*dir_stack.last().expect("dir_stack is never empty"),
head.as_os_str(),
OFlag::O_RDONLY | OFlag::O_DIRECTORY | OFlag::O_NOFOLLOW,
Mode::empty(),
) {
match openat(dir_stack.last().ok_or(host::__WASI_ENOTCAPABLE)?, &head) {
Ok(new_dir) => {
dir_stack.push(new_dir);
continue;
}
Err(e)
// Check to see if it was a symlink. Linux indicates
// this with ENOTDIR because of the O_DIRECTORY flag.
if e.as_errno() == Some(Errno::ELOOP)
|| e.as_errno() == Some(Errno::EMLINK)
|| e.as_errno() == Some(Errno::ENOTDIR) =>
if e == host::__WASI_ELOOP
|| e == host::__WASI_EMLINK
|| e == host::__WASI_ENOTDIR =>
// Check to see if it was a symlink. Linux indicates
// this with ENOTDIR because of the O_DIRECTORY flag.
{
// attempt symlink expansion
match readlinkat(
*dir_stack.last().expect("dir_stack is never empty"),
head.as_os_str(),
readlink_buf.as_mut_slice(),
dir_stack.last().ok_or(host::__WASI_ENOTCAPABLE)?,
&head,
) {
Ok(link_path) => {
Ok(mut link_path) => {
symlink_expansions += 1;
if symlink_expansions > MAX_SYMLINK_EXPANSIONS {
return ret_error(&mut dir_stack, host::__WASI_ELOOP);
return Err(host::__WASI_ELOOP);
}
let mut link_path = OsString::from(link_path);
if head.as_bytes().ends_with(b"/") {
if head.ends_with(b"/") {
link_path.push("/");
}
@@ -172,18 +133,12 @@ pub fn path_get<P: AsRef<OsStr>>(
continue;
}
Err(e) => {
return ret_error(
&mut dir_stack,
host_impl::errno_from_nix(e.as_errno().unwrap()),
);
return Err(e);
}
}
}
Err(e) => {
return ret_error(
&mut dir_stack,
host_impl::errno_from_nix(e.as_errno().unwrap()),
);
return Err(e);
}
}
} else if ends_with_slash
@@ -192,17 +147,16 @@ pub fn path_get<P: AsRef<OsStr>>(
// if there's a trailing slash, or if `LOOKUP_SYMLINK_FOLLOW` is set, attempt
// symlink expansion
match readlinkat(
*dir_stack.last().expect("dir_stack is never empty"),
head.as_os_str(),
readlink_buf.as_mut_slice(),
dir_stack.last().ok_or(host::__WASI_ENOTCAPABLE)?,
&head,
) {
Ok(link_path) => {
Ok(mut link_path) => {
symlink_expansions += 1;
if symlink_expansions > MAX_SYMLINK_EXPANSIONS {
return ret_error(&mut dir_stack, host::__WASI_ELOOP);
return Err(host::__WASI_ELOOP);
}
let mut link_path = OsString::from(link_path);
if head.as_bytes().ends_with(b"/") {
if head.ends_with(b"/") {
link_path.push("/");
}
@@ -210,20 +164,15 @@ pub fn path_get<P: AsRef<OsStr>>(
continue;
}
Err(e) => {
let errno = e.as_errno().unwrap();
if errno != Errno::EINVAL && errno != Errno::ENOENT {
// only return an error if this path is not actually a symlink
return ret_error(
&mut dir_stack,
host_impl::errno_from_nix(errno),
);
if e != host::__WASI_EINVAL && e != host::__WASI_ENOENT {
return Err(e);
}
}
}
}
// not a symlink, so we're done;
return Ok((ret_dir_success(&mut dir_stack), head));
return Ok((dir_stack.pop().ok_or(host::__WASI_ENOTCAPABLE)?, head));
}
}
}
@@ -231,14 +180,40 @@ pub fn path_get<P: AsRef<OsStr>>(
// no further components to process. means we've hit a case like "." or "a/..", or if the
// input path has trailing slashes and `needs_final_component` is not set
return Ok((
ret_dir_success(&mut dir_stack),
OsStr::new(".").to_os_string(),
dir_stack.pop().ok_or(host::__WASI_ENOTCAPABLE)?,
RawString::from(OsStr::new(".")),
));
}
}
}
}
fn openat(dirfd: &File, path: &RawString) -> Result<File, host::__wasi_errno_t> {
use nix::fcntl::{self, OFlag};
use nix::sys::stat::Mode;
use std::os::unix::prelude::{AsRawFd, FromRawFd};
fcntl::openat(
dirfd.as_raw_fd(),
path.as_ref(),
OFlag::O_RDONLY | OFlag::O_DIRECTORY | OFlag::O_NOFOLLOW,
Mode::empty(),
)
.map(|new_fd| unsafe { File::from_raw_fd(new_fd) })
.map_err(|e| host_impl::errno_from_nix(e.as_errno().unwrap()))
}
fn readlinkat(dirfd: &File, path: &RawString) -> Result<RawString, host::__wasi_errno_t> {
use nix::fcntl;
use std::os::unix::prelude::AsRawFd;
let readlink_buf = &mut [0u8; libc::PATH_MAX as usize + 1];
fcntl::readlinkat(dirfd.as_raw_fd(), path.as_ref(), readlink_buf)
.map(RawString::from)
.map_err(|e| host_impl::errno_from_nix(e.as_errno().unwrap()))
}
#[cfg(not(target_os = "macos"))]
pub fn utime_now() -> c_long {
libc::UTIME_NOW