| Age | Commit message (Collapse) | Author |
|---|
|
|
|
1874: signalfd optional file descriptor r=asomers a=JonathanWoollett-Light
[`sys::signalfd::signalfd`](https://docs.rs/nix/latest/nix/sys/signalfd/fn.signalfd.html) currently takes a `RawFd` for its `fd` argument.
Considering from [the documentation](https://man7.org/linux/man-pages/man2/signalfd.2.html):
> If the fd argument is -1, then the call creates a new file
descriptor and associates the signal set specified in mask with
that file descriptor. If fd is not -1, then it must specify a
valid existing signalfd file descriptor, and mask is used to
replace the signal set associated with that file descriptor.
We can better pass the argument as `Option<BorrowedFd>` which encodes the optional nature of this parameter in an option rather than the value being -1 (invalid) (`size_of::<Option<BorrowedFd>>() == size_of::<RawFd>() == 4`).
This removes the error case where `fd < -1`.
> EBADF The fd file descriptor is not a valid file descriptor.
This does however require additional changes to produce a cohesive implementation, notably changing the type within `Signal` from `RawFd` to `ManuallyDrop<OwnedFd>`, this has no functional affect, but illustrates ownership and allows the type to more easily produce `BorrowedFd`s.
To use [`BorrowedFd`](https://doc.rust-lang.org/stable/std/os/unix/io/struct.BorrowedFd.html) requires updating the MSRV to `>= 1.63.0`
Co-authored-by: Jonathan <jonathanwoollettlight@gmail.com>
|
|
1935: Formatting only changes for #1928 and #1863 r=asomers a=SUPERCILEX
Co-authored-by: Alex Saveau <saveau.alexandre@gmail.com>
|
|
|
|
Signed-off-by: Alex Saveau <saveau.alexandre@gmail.com>
|
|
1913: feat: I/O safety for 'sys/inotify' r=asomers a=SteveLauC
#### What this PR does:
1. Changes the `fd` field of `struct Inotify` from `RawFd` to `OwnedFd`
2. Changes the interfaces of functions in the `impl Inotify {}`
> The type of `self` changes from `Self` to `&mut Self`.
From:
```rust
pub fn add_watch<P: ?Sized + NixPath>(
self,
path: &P,
mask: AddWatchFlags,
) -> Result<WatchDescriptor>
pub fn rm_watch(self, wd: WatchDescriptor) -> Result<()>
pub fn read_events(self) -> Result<Vec<InotifyEvent>>
```
To:
```rust
pub fn add_watch<P: ?Sized + NixPath>(
&mut self,
path: &P,
mask: AddWatchFlags,
) -> Result<WatchDescriptor>
pub fn rm_watch(&mut self, wd: WatchDescriptor) -> Result<()>
pub fn read_events(&mut self) -> Result<Vec<InotifyEvent>>
```
In the previous implementation, these functions can take `self` by value as `struct Inotify` [was `Copy`](https://docs.rs/nix/latest/nix/sys/inotify/struct.Inotify.html#impl-Copy-for-Inotify). With the changes in `1` applied, `struct Inotify` is no longer `Copy`, so we have to take `self` by reference.
-------
Blocks until the merge of #1863 as this PR needs `read(2)` to be I/O-safe.
1926: feat: I/O safety for 'sys/sendfile' r=asomers a=SteveLauC
#### What this PR does:
1. Adds I/O safety for module `sys/sendfile`.
1927: feat: I/O safety for 'sys/statvfs' r=asomers a=SteveLauC
#### What this PR does:
1. Adds I/O safety for module `sys/statvfs`.
1931: feat: I/O safety for 'sys/uid' & 'sched' r=asomers a=SteveLauC
#### What this PR does:
Adds I/O safety for modules:
1. `sys/uio`
2. `sched`
1933: feat: I/O safety for 'sys/timerfd' r=asomers a=SteveLauC
#### What this PR does:
1. Adds I/O safety for module `sys/timerfd`.
Co-authored-by: Steve Lau <stevelauc@outlook.com>
|
|
1932: refactor: take `AsFd` by value r=asomers a=SteveLauC
#### What this PR does
1. Changes the `fd` type to take `AsFd` by value for the I/O safety PRs that are merged.
* #1916
* #1919
* #1921
* #1922
Co-authored-by: Steve Lau <stevelauc@outlook.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1921: feat: I/O safety for 'sys/termios' & 'pty' r=asomers a=SteveLauC
#### What this PR does:
1. Adds I/O safety for modules `sys/termios` and `pty`
------
#### Known Problems:
1. [Double free issue on `PtyMaster`](https://github.com/nix-rust/nix/issues/659)
I have changed the `RawFd` in `PtyMaster` to `OwnedFd` in this PR, with this
change, the double-free issue still exists, see this test code snippet
(From [this comment](https://github.com/nix-rust/nix/issues/659#issuecomment-315544022))
```rust
use std::io::prelude::*;
use std::os::unix::io::AsRawFd;
fn main() {
let mut f = {
let m = nix::pty::posix_openpt(nix::fcntl::OFlag::O_RDWR).unwrap(); // get fd 3
nix::unistd::close(m.as_raw_fd()).unwrap(); // close fd 3
std::fs::File::create("foo").unwrap() // get fd 3 again
}; // m goes out of scope, `drop(OwnedFd)`, fd 3 closed
f.write("whatever".as_bytes()).unwrap(); // EBADF
}
```
I have tested this code with `nix 0.26.1`, and I am still getting `EBADF`, which means the current impl does not prevent this problem either.
```shell
$ cat Cargo.toml | grep nix
nix = "0.26.1"
$ cargo r -q
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 9, kind: Uncategorized, message: "Bad file descriptor" }', src/main.rs:10:36
```
If we still wanna the drop of `PtyMaster` panic when the internal `fd` is invalid
as we did in #677, then we have to revert the changes to use `RawFd` and manually impl `Drop`.
2. Some trait implementations for some types are removed
* `struct OpenptyResult`:
1. PartialEq
2. Eq
3. Hash
4. Clone
* `struct ForkptyResult`:
1. Clone
* `struct PtyMaster`:
1. PartialEq
2. Eq
3. Hash
In the previous implementation, these trait impls are `#[derive()]`ed, due to
the type change to `OwnedFd`, we can no longer derive them. Should we manually
implement them?
I kinda think we should at least impl `PartialEq` and `Eq` for `OpenptyResult`
and `PtyMaster`.
-----
#### Some Clarifications that may help code review
1. For the basic `fd`-related syscall like `read(2)`, `write(2)` and `fcntl(2)`
, I am still using the old `RawFd` interfaces, as they will be covered in
other PRs.
2. Two helper functions
1. `write_all()` in `test/sys/test_termios.rs`:
```rust
/// Helper function analogous to `std::io::Write::write_all`, but for `RawFd`s
fn write_all(f: RawFd, buf: &[u8]) {
/// Helper function analogous to `std::io::Write::write_all`, but for `Fd`s
fn write_all<Fd: AsFd>(f: &Fd, buf: &[u8]) {
let mut len = 0;
while len < buf.len() {
len += write(f, &buf[len..]).unwrap();
len += write(f.as_fd().as_raw_fd(), &buf[len..]).unwrap();
}
}
```
2. `read_exact()` in `test/test.rs`:
```rust
/// Helper function analogous to `std::io::Read::read_exact`, but for `RawFD`s
fn read_exact(f: RawFd, buf: &mut [u8]) {
/// Helper function analogous to `std::io::Read::read_exact`, but for `Fd`s
fn read_exact<Fd: AsFd>(f: &Fd, buf: &mut [u8]) {
let mut len = 0;
while len < buf.len() {
// get_mut would be better than split_at_mut, but it requires nightly
let (_, remaining) = buf.split_at_mut(len);
len += read(f, remaining).unwrap();
len += read(f.as_fd().as_raw_fd(), remaining).unwrap();
}
}
```
I have added I/O safety for them, but it actually does not matter whether
they use `Fd: AsFd` or `RawFd`. So feel free to ask me to discard these changes
if you guys don't like it.
Co-authored-by: Steve Lau <stevelauc@outlook.com>
|
|
|
|
1922: feat: I/O safety for 'kmod' r=asomers a=SteveLauC
#### What this PR does:
1. Adds I/O safety for module `kmod`.
Co-authored-by: Steve Lau <stevelauc@outlook.com>
|
|
|
|
1916: Use I/O safety in sys::mman r=rtzoeller a=asomers
Co-authored-by: Alan Somers <asomers@gmail.com>
|
|
1882: Epoll type r=asomers a=JonathanWoollett-Light
Epoll can be most safely used as a type. This implement a type `Epoll` which supports this.
Co-authored-by: Jonathan <jonathanwoollettlight@gmail.com>
|
|
1919: feat: I/O safety for 'sys/statfs' r=asomers a=SteveLauC
### What this PR does:
1. Adds I/O safety for module `sys/statfs`.
This PR is pretty small as all we need to do is to change the interface of `fstatfs(2)`:
from:
```rust
pub fn fstatfs<T: AsRawFd>(fd: &T) -> Result<Statfs>
```
to:
```rust
pub fn fstatfs<Fd: AsFd>(fd: &Fd) -> Result<Statfs>
```
------
~Besides from the changes in module `sys/statfs`, there are two extra places where care needs to be taken:~
```shell
$ cd nix
# Search for the usage of `fstatfs(2)` in `nix`
$ rg "fstatfs\("
test/test_fcntl.rs
386: let statfs = nix::sys::statfs::fstatfs(&tmp).unwrap();
424: let statfs = nix::sys::statfs::fstatfs(&tmp).unwrap();
CHANGELOG.md
849:- Now functions `statfs()` and `fstatfs()` return result with `Statfs` wrapper
src/sys/statfs.rs
769: check_fstatfs("/tmp");
770: check_fstatfs("/dev");
771: check_fstatfs("/run");
772: check_fstatfs("/");
775: fn check_fstatfs(path: &str) {
781: let fs = fstatfs(&file).unwrap();
830: let fs = fstatfs(&file);
```
~As you can see, `fstatfs(2)` is used in the tests in `test/test_fcntl.rs`:~
```rust
// Test code that involves `fstatfs(2)`
let tmp: NamedTempFile = NamedTempFile::new().unwrap();
let fd = tmp.as_raw_fd();
let statfs = nix::sys::statfs::fstatfs(&tmp).unwrap();
```
~`tmp` is of type [`NamedTempFile`](https://docs.rs/tempfile/latest/tempfile/struct.NamedTempFile.html), which does not implement `AsFd` in the current implementation of `tempfile`, but the implementation should be easy as it contains `std::fs::File` internally:~
```rust
pub struct NamedTempFile {
path: TempPath,
file: File,
}
```
~So I am thinking about making a PR to `tempfile` to make `NamedTempFile` `AsFd`, any thoughts on this?~
Co-authored-by: Steve Lau <stevelauc@outlook.com>
|
|
1918: Update CI environment to FreeBSD 12.4 r=rtzoeller a=asomers
Co-authored-by: Alan Somers <asomers@gmail.com>
|
|
|
|
|
|
|
|
1911: Cleanup old Clippy directives. r=rtzoeller a=asomers
Co-authored-by: Alan Somers <asomers@gmail.com>
|
|
|
|
|
|
1862: Bump MSRV to 1.63 for I/O safety r=asomers a=SUPERCILEX
Prep for https://github.com/nix-rust/nix/issues/1750
Co-authored-by: Alex Saveau <saveau.alexandre@gmail.com>
|
|
Signed-off-by: Alex Saveau <saveau.alexandre@gmail.com>
|
|
Signed-off-by: Alex Saveau <saveau.alexandre@gmail.com>
|
|
Signed-off-by: Alex Saveau <saveau.alexandre@gmail.com>
|
|
Signed-off-by: Alex Saveau <saveau.alexandre@gmail.com>
|
|
1909: More annoying formatting changes r=asomers a=SUPERCILEX
Extracted from https://github.com/nix-rust/nix/pull/1862
Co-authored-by: Alex Saveau <saveau.alexandre@gmail.com>
|
|
Signed-off-by: Alex Saveau <saveau.alexandre@gmail.com>
|
|
1908: Move some pure formatting changes out of #1863 r=asomers a=SUPERCILEX
Co-authored-by: Alex Saveau <saveau.alexandre@gmail.com>
|
|
Signed-off-by: Alex Saveau <saveau.alexandre@gmail.com>
|
|
1905: Drop x86_64-unknown-darwin to Tier 2 r=rtzoeller a=asomers
And promote aarch64-unknown-darwin to Tier 1. Because that's what Cirrus CI is doing.
Fixes #1904
Co-authored-by: Alan Somers <asomers@gmail.com>
|
|
And promote aarch64-unknown-darwin to Tier 1. Because that's what
Cirrus CI is doing.
Fixes #1904
|
|
1861: Nuke deprecated net APIs r=asomers a=SUPERCILEX
This one's a little more questionable since it's only been one release, but it removes a ton of code which is sweet.
Co-authored-by: Alex Saveau <saveau.alexandre@gmail.com>
|
|
Signed-off-by: Alex Saveau <saveau.alexandre@gmail.com>
|
|
1902: Enable ucontext module on aarch64-unknown-linux-gnu r=asomers a=rtzoeller
Untested, but I saw https://github.com/rust-lang/libc/commit/fd32da6e7dfa2afcae86e176904244cf45a90c06 and figured we should uptake it.
Co-authored-by: Ryan Zoeller <rtzoeller@rtzoeller.com>
|
|
1855: Nuke IoVec r=asomers a=SUPERCILEX
A release cycle went by... it's be nice to remove some bloat.
Closes https://github.com/nix-rust/nix/issues/1647, closes https://github.com/nix-rust/nix/issues/1371, closes https://github.com/nix-rust/nix/issues/305
Co-authored-by: Alex Saveau <saveau.alexandre@gmail.com>
|
|
Signed-off-by: Alex Saveau <saveau.alexandre@gmail.com>
|
|
|
|
1867: Add routing socket type on macOS r=asomers a=pinkisemils
This is a small change to add the routing socket type to the list of socket types one can open with `nix`. I've added a smoke test to see that a socket of such type can actually be opened, but I'm not sure if such a test belongs in the codebase here.
Co-authored-by: Emils <emils@mullvad.net>
|
|
|
|
|
|
|
|
1821: Fix UB in the SO_TYPE sockopt r=rtzoeller a=asomers
When reading a value into an enum from getsockopt, we must validate it. Failing to do so can lead to UB for example with SOCK_PACKET on Linux.
Perform the validation in GetSockOpt::get. Currently SockType is the only type that requires validation.
Fixes #1819
Co-authored-by: Alan Somers <asomers@gmail.com>
|
