The fix contains an errno remapping in macOS case where in case
when we try to rename a file into a path with a trailing slash an
ENOENT is returned. In this case, if the destination does not exist,
an ENOTDIR should be thrown as is thrown correctly on Linux hosts.
Thus, as a fix, if an ENOENT is thrown, an additional check is
performed to see whether the destination path indeed contains
a trailing slash, and if so, the errno is adjusted to ENOTDIR
to match the POSIX/WASI spec.
* Mark public API functions as unsafe.
This marks the public hostcalls functions as unsafe.
This is generalizing from Rust's `from_raw_fd` function, which is
unsafe. The observation is that nothing prevents code using this
function from passing a bogus or stale dangling file descriptor and
corrupting an arbitrary open stream.
Technically, some of these functions don't use file descriptors, such as
random, clocks, and a few others. However I expect that in the future,
random and clocks will switch to using file descriptors anyway, and it
keeps the macro definitions simpler if we only have to handle one form.
* Mark WasiCtx functions that operate on file descriptors unsafe too.
* `fd_filestat_set_times_impl` doesn't need to be unsafe.
* Remove unnecessary unsafes
Changes:
* use [tempfile] crate for auto mgmt of temp dirs
* use concrete types in place of generics in `utils` module
[tempfile]: https://github.com/Stebalien/tempfile
Internal modules `memory` and `host` can indeed be internal hidden
behind public-private visibility as `wasmtime-wasi` has already
been updated not to use the said modules (see
CraneStation/wasmtime#298).
Functions which trust that their arguments are valid raw file descriptors
or raw handles should be marked unsafe, because these arguments are
passed unchecked to I/O routines.
* Fix fd_readdir on BSD-style nixes
The fix was tested on Darwin-XNU and FreeBSD. The change introduces
thread-safe cache of (RawFd, *mut libc::DIR) pairs so that
libc::fdopendir syscall is called only once when invoking fd_readdir
for the first time, and then the pointer to the directory stream,
*mut libc::DIR, is reused until the matching raw file descriptor
is closed.
This fix allows then correct use (and matching to the implementation
on Linux kernels) of libc::seekdir and libc::rewinddir to seek through
and rewind the existing directory stream, *mut libc::DIR, which
otherwise seems to be reset/invalidated every time libc::fdopendir
is called (unlike on Linux, where this behaviour is not observed).
* Store dir stream as part of the FdEntry's Descriptor
* Move bsd specifics into separate module
* Add todo comments and fix formatting
* Refactor int conversions
* Emphasise in debug logs that we're looking at fd_readdir entry
* Change visibility of FdEntry and related to public-private
* Rewrite creating DirStream for the first time
