Unfortunately the helpers added in #154 were only used from non-Windows
implementations, which caused compiler warnings on Windows.
This commit moves the helper to be unix-specific and removes the tiny wrapper
around calling `str_to_cstring` on `PathGet.path`.
* Fix path_get returning ENOTDIR when base not dir
This commit makes certain adjustments to `WasiCtx` and `FdEntry`
by introducing methods `get_nonvalidated_fd_entry` and
`get_nonvalidated_fd_entry_mut` which only check if the `FdEntry`
corresponding to the specified raw WASI fd exists in the context
object but **without** automatically validating the rights. Thanks
to postponing the validation until after the `FdEntry` object is
extracted from the context, it is possible to check if the extracted
`FdEntry` object is indeed a valid dir descriptor when processing
paths in `path_get` helper fn. In essence then, this commit closes
#158.
* Remove potentially useless FdObject struct
This commit removes `FdObject` struct which wasn't really used
in our codebase, and flattens its contents into `FdEntry`. IMHO,
this cleans up a fair amount of code and generally unclutters it.
* Refactor and document `WasiCtx` and `FdEntry`
This commit refactors `WasiCtx` struct by making the collection
of `FdEntry`s stored within private, and only allowing it to be
accessed via the provided set of modifier methods (push, insert,
remove, etc.).
Additionally, this commit documents the methods of `WasiCtx` and
`FdEntry` structs for easier debugging and maintenance in the future.
Return `ENOTDIR` instead of `ENOTCAPABLE` when `*at` functions are
given a non-directory as their base. This is in accordance with POSIX:
https://pubs.opengroup.org/onlinepubs/9699919799/functions/open.html
Currently wasi-libc contains some code to detect such cases and rewrite
`ENOTCAPABLE` to `ENOTDIR`, however it's better for WASI implementations
to just do the right thing in the first place.
* FixesCraneStation/wasmtime#440
This commit introduces a couple of changes/fixes:
* it annotates `log::debug!` messages with "host" to differentiate
between file descriptors stored on the WASI side (aka the wrappers)
and those managed by the host (aka the wrapped)
* it fixesCraneStation/wasmtime#440, i.e., incorrect passing of
file descriptor to `poll_oneoff` where currently errenously we
pass in the wrapper instead of the wrapped value
* it adds a couple more `log::debug!` macros calls for easier future
debugging
* Add partial refactorting to poll_oneoff
This commit lays the groundwork for more clean up to come in
subsequent commits.
* Finalise refactoring of `poll_oneoff`
* Fix compilation error on Windows
* Address majority of suggestions and refactor
Co-authored-by: Marcin Mielniczuk <marmistrz.dev@zoho.eu>
* Add poll_oneoff test case
* Leave timeout in nanoseconds in ClockEventData
Instead of converting the timeout value from nanoseconds to
milliseconds in the host-independent impl, move the conversion
to *nix-specific impl as the conversion is currently only warranted
by the POSIX `poll` syscall.
* Don't fail immediately on bad descriptor
If the user specifies an invalid descriptor inside a subscription,
don't fail immediately but rather generate an event with the thrown
WASI error code, and continue with the remaining, potentially
correct subscriptions.
This commit implements a simple helper for converting `&str` to `CString` and
mapping to the appropriate WASI error.
It also adds a `path_cstring` helper method in `PathGet` where the conversion was
used the most.
Fixes#104.
Instead of returning the debug formatting, which includes the enum
names, like `Io(...)`, just run the formatting function of the inner
error objects, which is nicer for command-line use.
* Fix some Windows warnings.
* Implement clock_time_get on Windows.
Also update misc_testsuite to include latest clock_time_get test
changes.
* improve comments
* Remove a leftover import.
Co-Authored-By: Jakub Konka <kubkon@jakubkonka.com>
This commit updates `poll_oneoff`'s API in a potentially least
invasive way. That is, it adds unused `WasiCtx` argument to the
syscall which will be required by #137. I am hopeful that this way
#137 can pass all tests and hence this commit should aid the review
process.
This commit provides a fix for `remove_directory_trailing_slashes`
test case on Windows. It adds a missing mapping between the following
WinAPI error code and WASI error:
```
ERROR_DIRECTORY => __WASI_ENOTDIR
```
where `ERROR_DIRECTORY` is thrown when the directory name is invalid.
We iterate over the preopens to present them to the WASI program, so
storing them in a `HashMap` means this order is nondeterministic. Switch
to a `Vec` of tuples instead. This means we don't eliminate duplicates,
but they should be rare.
* Fixes `path_symlink_trailing_slashes` test case
This commit:
* adds a couple `log::debug!` macro calls in and around `path_get`
for easier future debugging
* changes impl of `path_symlink` hostcall to actually *require*
the final component (matching the impl of WASI in C)
* ignores the error `__WASI_ENOTDIR` in `path_get`'s `readlinkat` call
which is not meant to be an error at this stage (i.e., this
potentially erroneous condition *will be* handled later, in
one of the layers above)
* Fixes `path_symlink_trailing` slashes on BSD-nixes
This commit:
* makes `path_symlink` host-specific (Linux and BSD-like nixes
now have their own differing implementations)
* on BSD-like nixes, when `ENOTDIR` is returned from `symlinkat`
it checks whether the target path contains a trailing slash,
strips it, and then checks if the target path without the trailing
slash exists; if yes, then converts the error code to `EEXIST` to
match Linux/POSIX spec
This commit moves a couple of things around:
* separates the logic of `path_unlink_file` into separate impls
for linux and BSD-style nixes
* moves implementation consts into appropriate impl modules: linux
or bsd
* cleans up `utime_now` and `utime_omit` for BSD-style nixes
This commit fixes an issue with incorrect handling of /dev/(u)random
on Linux. It turns out that `nix::unistd::isatty` call handled only
the POSIX spec case where `ENOTTY` is returned in case the passed
in file descriptor is OK but not a TTY, whereas on Linux this is not
always the case. On Linux, it can be the case that `EINVAL` is returned
instead and this case AFAIK is not handled by the `nix` crate. This
commit fixes this by using `libc::isatty` syscall directly and checking
the return values.
* Begin sketching out a new high-level `fs` API.
This is a very preliminary sketch of #83. It doesn't even compile yet,
but it shows a possible high-level structure of such an API.
* Stub out more functionality.
* Switch from a lazy_static WasiCtx to a borrowed one.
* Reformat some comments.
* Code-quote `Self`.
* Implement error translation for Windows.
* Calls to `fd_close` are now unsafe.
* Implement a few more functions.
* Open /dev/null for writing as well as reading.
Port this fix to wasi-common:
b905c44483
* Remove all remaining uses of `std::mem::uninitialized`.
Patch inspired by:
2d6519d051
* Replace libc::memcpy() calls with std::ptr::copy_nonoverlapping()
Port this fix to wasi-common:
a3f3a33e9b
* Pass `WasiError` by value.
It's a `u16` underneath, so we can pass it by value.
* Avoid unnecessary explicit lifetime parameters.
* Use immutable references rather than mutable references.
Patch inspired by:
54baa4c38c
The fix contains an errno remapping in macOS case where in case
when we try to rename a file into a path with a trailing slash an
ENOENT is returned. In this case, if the destination does not exist,
an ENOTDIR should be thrown as is thrown correctly on Linux hosts.
Thus, as a fix, if an ENOENT is thrown, an additional check is
performed to see whether the destination path indeed contains
a trailing slash, and if so, the errno is adjusted to ENOTDIR
to match the POSIX/WASI spec.
* Mark public API functions as unsafe.
This marks the public hostcalls functions as unsafe.
This is generalizing from Rust's `from_raw_fd` function, which is
unsafe. The observation is that nothing prevents code using this
function from passing a bogus or stale dangling file descriptor and
corrupting an arbitrary open stream.
Technically, some of these functions don't use file descriptors, such as
random, clocks, and a few others. However I expect that in the future,
random and clocks will switch to using file descriptors anyway, and it
keeps the macro definitions simpler if we only have to handle one form.
* Mark WasiCtx functions that operate on file descriptors unsafe too.
* `fd_filestat_set_times_impl` doesn't need to be unsafe.
* Remove unnecessary unsafes
Internal modules `memory` and `host` can indeed be internal hidden
behind public-private visibility as `wasmtime-wasi` has already
been updated not to use the said modules (see
CraneStation/wasmtime#298).
Functions which trust that their arguments are valid raw file descriptors
or raw handles should be marked unsafe, because these arguments are
passed unchecked to I/O routines.
* Fix fd_readdir on BSD-style nixes
The fix was tested on Darwin-XNU and FreeBSD. The change introduces
thread-safe cache of (RawFd, *mut libc::DIR) pairs so that
libc::fdopendir syscall is called only once when invoking fd_readdir
for the first time, and then the pointer to the directory stream,
*mut libc::DIR, is reused until the matching raw file descriptor
is closed.
This fix allows then correct use (and matching to the implementation
on Linux kernels) of libc::seekdir and libc::rewinddir to seek through
and rewind the existing directory stream, *mut libc::DIR, which
otherwise seems to be reset/invalidated every time libc::fdopendir
is called (unlike on Linux, where this behaviour is not observed).
* Store dir stream as part of the FdEntry's Descriptor
* Move bsd specifics into separate module
* Add todo comments and fix formatting
* Refactor int conversions
* Emphasise in debug logs that we're looking at fd_readdir entry
* Change visibility of FdEntry and related to public-private
* Rewrite creating DirStream for the first time
