From f10cd2f4b1458352d1c96e2e331021626806cf51 Mon Sep 17 00:00:00 2001
From: Dan Gohman <sunfish@mozilla.com>
Date: Tue, 23 Apr 2019 12:41:16 -0700
Subject: [PATCH] Don't allow a preopened file descriptor to be renamed over.

This is consistent with fd_close's behavior, and is likely temporary
until other options are designed.
---
 .../include/wasmtime_ssp.h                      |  1 +
 .../sandboxed-system-primitives/src/posix.c     | 17 +++++++++++++++++
 wasmtime-wasi/src/syscalls.rs                   |  3 ++-
 3 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/wasmtime-wasi/sandboxed-system-primitives/include/wasmtime_ssp.h b/wasmtime-wasi/sandboxed-system-primitives/include/wasmtime_ssp.h
index 992cb24872..6a0d348c4f 100644
--- a/wasmtime-wasi/sandboxed-system-primitives/include/wasmtime_ssp.h
+++ b/wasmtime-wasi/sandboxed-system-primitives/include/wasmtime_ssp.h
@@ -564,6 +564,7 @@ __wasi_errno_t wasmtime_ssp_fd_read(
 __wasi_errno_t wasmtime_ssp_fd_renumber(
 #if !defined(WASMTIME_SSP_STATIC_CURFDS)
     struct fd_table *curfds,
+    struct fd_prestats *prestats,
 #endif
     __wasi_fd_t from,
     __wasi_fd_t to
diff --git a/wasmtime-wasi/sandboxed-system-primitives/src/posix.c b/wasmtime-wasi/sandboxed-system-primitives/src/posix.c
index e9356c7c07..7c1fabf237 100644
--- a/wasmtime-wasi/sandboxed-system-primitives/src/posix.c
+++ b/wasmtime-wasi/sandboxed-system-primitives/src/posix.c
@@ -958,10 +958,27 @@ __wasi_errno_t wasmtime_ssp_fd_read(
 __wasi_errno_t wasmtime_ssp_fd_renumber(
 #if !defined(WASMTIME_SSP_STATIC_CURFDS)
     struct fd_table *curfds,
+    struct fd_prestats *prestats,
 #endif
     __wasi_fd_t from,
     __wasi_fd_t to
 ) {
+  // Don't allow renumbering over a pre-opened resource.
+  // TODO: Eventually, we do want to permit this, once libpreopen in
+  // userspace is capable of removing entries from its tables as well.
+  {
+    rwlock_rdlock(&prestats->lock);
+    struct fd_prestat *prestat;
+    __wasi_errno_t error = fd_prestats_get_entry(prestats, to, &prestat);
+    if (error != 0) {
+      error = fd_prestats_get_entry(prestats, from, &prestat);
+    }
+    rwlock_unlock(&prestats->lock);
+    if (error == 0) {
+      return __WASI_ENOTSUP;
+    }
+  }
+
   struct fd_table *ft = curfds;
   rwlock_wrlock(&ft->lock);
   struct fd_entry *fe_from;
diff --git a/wasmtime-wasi/src/syscalls.rs b/wasmtime-wasi/src/syscalls.rs
index b5202f353e..4f61d51f49 100644
--- a/wasmtime-wasi/src/syscalls.rs
+++ b/wasmtime-wasi/src/syscalls.rs
@@ -573,10 +573,11 @@ syscalls! {
 
         let vmctx = &mut *vmctx;
         let curfds = get_curfds(vmctx);
+        let prestats = get_prestats(vmctx);
         let from = decode_fd(from);
         let to = decode_fd(to);
 
-        let e = host::wasmtime_ssp_fd_renumber(curfds, from, to);
+        let e = host::wasmtime_ssp_fd_renumber(curfds, prestats, from, to);
 
         return_encoded_errno(e)
     }