* Mark public API functions as unsafe.
This marks the public hostcalls functions as unsafe.
This is generalizing from Rust's `from_raw_fd` function, which is
unsafe. The observation is that nothing prevents code using this
function from passing a bogus or stale dangling file descriptor and
corrupting an arbitrary open stream.
Technically, some of these functions don't use file descriptors, such as
random, clocks, and a few others. However I expect that in the future,
random and clocks will switch to using file descriptors anyway, and it
keeps the macro definitions simpler if we only have to handle one form.
* Mark WasiCtx functions that operate on file descriptors unsafe too.
* `fd_filestat_set_times_impl` doesn't need to be unsafe.
* Remove unnecessary unsafes
* Fix fd_readdir on BSD-style nixes
The fix was tested on Darwin-XNU and FreeBSD. The change introduces
thread-safe cache of (RawFd, *mut libc::DIR) pairs so that
libc::fdopendir syscall is called only once when invoking fd_readdir
for the first time, and then the pointer to the directory stream,
*mut libc::DIR, is reused until the matching raw file descriptor
is closed.
This fix allows then correct use (and matching to the implementation
on Linux kernels) of libc::seekdir and libc::rewinddir to seek through
and rewind the existing directory stream, *mut libc::DIR, which
otherwise seems to be reset/invalidated every time libc::fdopendir
is called (unlike on Linux, where this behaviour is not observed).
* Store dir stream as part of the FdEntry's Descriptor
* Move bsd specifics into separate module
* Add todo comments and fix formatting
* Refactor int conversions
* Emphasise in debug logs that we're looking at fd_readdir entry
* Change visibility of FdEntry and related to public-private
* Rewrite creating DirStream for the first time
* Rewrite FdEntry reusing as much libstd as possible
* Use the new FdEntry, FdObject, Descriptor struct in *nix impl
* Adapt Windows impl
* Remove unnecessary check in fd_read
Check `host_nread == 0` caused premature FdEntry closure and removal
which ultimately was resulting in an attempt at "double closing" of
the same file descriptor at the end of the Wasm program:
...
fd_close(fd=4)
-> errno=WASI_ESUCCESS
fd_close(fd=4)
-> errno=WASI_EBADF
* Use libstd vectored IO
* Use std:🧵:yield_now to implement sched_yield
* Add logging to integration tests
* Add preliminary support for host-specific errors
* Operate on std::fs::File in path_get on *nix
* Add cross-platform RawString type encapsulating OsStrExt
* Fix Windows build
* Update Travis and README to Rust v1.36
* Remove unused winx::handle::close helper
* Refactor Descriptor into raw handles/fds
* Strip readlinkat in prep for path_get host-independent
* Strip openat in prep for path_get host-independent
* Move ManuallyDrop up one level from Descriptor to FdObject
* Make (c)iovec host fns unsafe
* Swap unwraps/expects for Results in fdentry_impl on nix
* Rewrite fd_pread/write and implement for Win
* Use File::sync_all to impl fd_sync
* Use File::sync_data to impl fd_datasync
* Rewind file cursor after fd_p{read, write} on Windows
* Add fd_p{read, write} tests
* Handle errors instead of panicking in path_get
* Use File::set_len to impl fd_allocate
* Add test for fd_allocate
* Replace all panics with Results
* Document the point of RawString
Linux's open returns ENOTDIR when used with O_DIRECTORY|O_NOFOLLOW and
the path is a symlink. Update the code to expect this.
FreeBSD's open returns EMLINK instead of ELOOP when using O_NOFOLLOW on
symlink. Update the code to expect this.
WASI currently lacks the ability to specify the full UNIX access control
information when creating files and directories, so for now just avoid
creating executable files and rely on the umask.
If a path_open call is requesting __WASI_RIGHT_FD_FILESTAT_SET_SIZE,
interpret that as a request for write privleges. If it is requesting
O_TRUNC, require __WASI_RIGHT_PATH_FILESTAT_SET_SIZE, since this is
a path operation rather than a FD operation.
