| Age | Commit message (Collapse) | Author |
|---|
|
The called function must uphold some invariants about initializing data
in order for the calls to `from_anything` to be sound.
|
|
This mirrors the approach used for the `From<&libc::passwd> for User`
impl.
|
|
1971: Document the mount.linux module r=asomers a=asomers
Also, deprecate a few flags that should not be used by userland.
Co-authored-by: Alan Somers <asomers@gmail.com>
|
|
|
|
Also, deprecate a few flags that should not be used by userland.
|
|
|
|
|
|
1964: Fix endian swap on SocketAddrV6. r=asomers a=aarond10
This is a bug. flowinfo and scope_id should not be byte swapped here.
See also https://github.com/nix-rust/nix/issues/1963.
Co-authored-by: Aaron Drew <aarond10@gmail.com>
|
|
flowinfo and scope_id should not be byte swapped.
|
|
|
|
|
|
|
|
Signed-off-by: Xiaobo Liu <cppcoffee@gmail.com>
|
|
|
|
1940: feat: I/O safety for 'sys/select' r=asomers a=SteveLauC
#### What this PR does:
1. Adds I/O safety for module `sys/select`.
Co-authored-by: Steve Lau <stevelauc@outlook.com>
|
|
|
|
1923: feat: I/O safety for 'sys/wait' r=asomers a=SteveLauC
#### What this PR does:
1. Adds I/O safety for `sys/wait`
----------
Actually, I am not sure about which type to use here:
```rust
pub enum Id<'fd> {
/// Wait for the child referred to by the given PID file descriptor
#[cfg(any(target_os = "android", target_os = "linux"))]
PIDFd(RawFd),
PIDFd(BorrowedFd<'fd>),
}
```
If we use `Fd: AsFd`
```rust
pub enum Id<'fd, Fd: AsFd> {
/// Wait for the child referred to by the given PID file descriptor
#[cfg(any(target_os = "android", target_os = "linux"))]
PIDFd(RawFd),
PIDFd(&'fd Fd),
}
```
then the user has to specify that generic type when using this interface, which is kinda user-unfriendly...
------
The typical usage of this interface will be something like:
```rust
// Thought currently we don't have pidfd_open(2) in `Nix`
let fd_referring_to_a_process: OwnedFd = pidfd_open().unwrap();
let status = waitid(Id::PIDFd(fd_referring_to_a_process), WaitPidFlag::XXXX).unwrap();
```
UPDATE: `pidfd_open(2)` will be added in #1859 or #1868 .
Co-authored-by: Steve Lau <stevelauc@outlook.com>
|
|
1928: feat: I/O safety for 'sys/memfd' & 'sys/event' & 'sys/eventfd' r=asomers a=SteveLauC
#### What this PR does:
Adds I/O safety for moduels:
1. `sys/memfd`
2. `sys/event`
3. `sys/eventfd`
-----
BYW, I called `rustfmt` on these 4 files, which introduces some noise, sorry about this.
1938: Deprecate the signalfd function. r=asomers a=asomers
The SignalFd type is just as capable and easier to use.
CC `@JonathanWoollett-Light`
Co-authored-by: Steve Lau <stevelauc@outlook.com>
Co-authored-by: Alan Somers <asomers@gmail.com>
|
|
1937: feat: I/O safety for 'poll' r=asomers a=SteveLauC
#### What this PR does:
1. Adds I/O safety for module `poll`.
Co-authored-by: Steve Lau <stevelauc@outlook.com>
|
|
|
|
|
|
|
|
The SignalFd type is just as capable and easier to use.
|
|
1874: signalfd optional file descriptor r=asomers a=JonathanWoollett-Light
[`sys::signalfd::signalfd`](https://docs.rs/nix/latest/nix/sys/signalfd/fn.signalfd.html) currently takes a `RawFd` for its `fd` argument.
Considering from [the documentation](https://man7.org/linux/man-pages/man2/signalfd.2.html):
> If the fd argument is -1, then the call creates a new file
descriptor and associates the signal set specified in mask with
that file descriptor. If fd is not -1, then it must specify a
valid existing signalfd file descriptor, and mask is used to
replace the signal set associated with that file descriptor.
We can better pass the argument as `Option<BorrowedFd>` which encodes the optional nature of this parameter in an option rather than the value being -1 (invalid) (`size_of::<Option<BorrowedFd>>() == size_of::<RawFd>() == 4`).
This removes the error case where `fd < -1`.
> EBADF The fd file descriptor is not a valid file descriptor.
This does however require additional changes to produce a cohesive implementation, notably changing the type within `Signal` from `RawFd` to `ManuallyDrop<OwnedFd>`, this has no functional affect, but illustrates ownership and allows the type to more easily produce `BorrowedFd`s.
To use [`BorrowedFd`](https://doc.rust-lang.org/stable/std/os/unix/io/struct.BorrowedFd.html) requires updating the MSRV to `>= 1.63.0`
Co-authored-by: Jonathan <jonathanwoollettlight@gmail.com>
|
|
|
|
Signed-off-by: Alex Saveau <saveau.alexandre@gmail.com>
|
|
1913: feat: I/O safety for 'sys/inotify' r=asomers a=SteveLauC
#### What this PR does:
1. Changes the `fd` field of `struct Inotify` from `RawFd` to `OwnedFd`
2. Changes the interfaces of functions in the `impl Inotify {}`
> The type of `self` changes from `Self` to `&mut Self`.
From:
```rust
pub fn add_watch<P: ?Sized + NixPath>(
self,
path: &P,
mask: AddWatchFlags,
) -> Result<WatchDescriptor>
pub fn rm_watch(self, wd: WatchDescriptor) -> Result<()>
pub fn read_events(self) -> Result<Vec<InotifyEvent>>
```
To:
```rust
pub fn add_watch<P: ?Sized + NixPath>(
&mut self,
path: &P,
mask: AddWatchFlags,
) -> Result<WatchDescriptor>
pub fn rm_watch(&mut self, wd: WatchDescriptor) -> Result<()>
pub fn read_events(&mut self) -> Result<Vec<InotifyEvent>>
```
In the previous implementation, these functions can take `self` by value as `struct Inotify` [was `Copy`](https://docs.rs/nix/latest/nix/sys/inotify/struct.Inotify.html#impl-Copy-for-Inotify). With the changes in `1` applied, `struct Inotify` is no longer `Copy`, so we have to take `self` by reference.
-------
Blocks until the merge of #1863 as this PR needs `read(2)` to be I/O-safe.
1926: feat: I/O safety for 'sys/sendfile' r=asomers a=SteveLauC
#### What this PR does:
1. Adds I/O safety for module `sys/sendfile`.
1927: feat: I/O safety for 'sys/statvfs' r=asomers a=SteveLauC
#### What this PR does:
1. Adds I/O safety for module `sys/statvfs`.
1931: feat: I/O safety for 'sys/uid' & 'sched' r=asomers a=SteveLauC
#### What this PR does:
Adds I/O safety for modules:
1. `sys/uio`
2. `sched`
1933: feat: I/O safety for 'sys/timerfd' r=asomers a=SteveLauC
#### What this PR does:
1. Adds I/O safety for module `sys/timerfd`.
Co-authored-by: Steve Lau <stevelauc@outlook.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1921: feat: I/O safety for 'sys/termios' & 'pty' r=asomers a=SteveLauC
#### What this PR does:
1. Adds I/O safety for modules `sys/termios` and `pty`
------
#### Known Problems:
1. [Double free issue on `PtyMaster`](https://github.com/nix-rust/nix/issues/659)
I have changed the `RawFd` in `PtyMaster` to `OwnedFd` in this PR, with this
change, the double-free issue still exists, see this test code snippet
(From [this comment](https://github.com/nix-rust/nix/issues/659#issuecomment-315544022))
```rust
use std::io::prelude::*;
use std::os::unix::io::AsRawFd;
fn main() {
let mut f = {
let m = nix::pty::posix_openpt(nix::fcntl::OFlag::O_RDWR).unwrap(); // get fd 3
nix::unistd::close(m.as_raw_fd()).unwrap(); // close fd 3
std::fs::File::create("foo").unwrap() // get fd 3 again
}; // m goes out of scope, `drop(OwnedFd)`, fd 3 closed
f.write("whatever".as_bytes()).unwrap(); // EBADF
}
```
I have tested this code with `nix 0.26.1`, and I am still getting `EBADF`, which means the current impl does not prevent this problem either.
```shell
$ cat Cargo.toml | grep nix
nix = "0.26.1"
$ cargo r -q
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 9, kind: Uncategorized, message: "Bad file descriptor" }', src/main.rs:10:36
```
If we still wanna the drop of `PtyMaster` panic when the internal `fd` is invalid
as we did in #677, then we have to revert the changes to use `RawFd` and manually impl `Drop`.
2. Some trait implementations for some types are removed
* `struct OpenptyResult`:
1. PartialEq
2. Eq
3. Hash
4. Clone
* `struct ForkptyResult`:
1. Clone
* `struct PtyMaster`:
1. PartialEq
2. Eq
3. Hash
In the previous implementation, these trait impls are `#[derive()]`ed, due to
the type change to `OwnedFd`, we can no longer derive them. Should we manually
implement them?
I kinda think we should at least impl `PartialEq` and `Eq` for `OpenptyResult`
and `PtyMaster`.
-----
#### Some Clarifications that may help code review
1. For the basic `fd`-related syscall like `read(2)`, `write(2)` and `fcntl(2)`
, I am still using the old `RawFd` interfaces, as they will be covered in
other PRs.
2. Two helper functions
1. `write_all()` in `test/sys/test_termios.rs`:
```rust
/// Helper function analogous to `std::io::Write::write_all`, but for `RawFd`s
fn write_all(f: RawFd, buf: &[u8]) {
/// Helper function analogous to `std::io::Write::write_all`, but for `Fd`s
fn write_all<Fd: AsFd>(f: &Fd, buf: &[u8]) {
let mut len = 0;
while len < buf.len() {
len += write(f, &buf[len..]).unwrap();
len += write(f.as_fd().as_raw_fd(), &buf[len..]).unwrap();
}
}
```
2. `read_exact()` in `test/test.rs`:
```rust
/// Helper function analogous to `std::io::Read::read_exact`, but for `RawFD`s
fn read_exact(f: RawFd, buf: &mut [u8]) {
/// Helper function analogous to `std::io::Read::read_exact`, but for `Fd`s
fn read_exact<Fd: AsFd>(f: &Fd, buf: &mut [u8]) {
let mut len = 0;
while len < buf.len() {
// get_mut would be better than split_at_mut, but it requires nightly
let (_, remaining) = buf.split_at_mut(len);
len += read(f, remaining).unwrap();
len += read(f.as_fd().as_raw_fd(), remaining).unwrap();
}
}
```
I have added I/O safety for them, but it actually does not matter whether
they use `Fd: AsFd` or `RawFd`. So feel free to ask me to discard these changes
if you guys don't like it.
Co-authored-by: Steve Lau <stevelauc@outlook.com>
|
|
|
|
|
|
1916: Use I/O safety in sys::mman r=rtzoeller a=asomers
Co-authored-by: Alan Somers <asomers@gmail.com>
|
|
1882: Epoll type r=asomers a=JonathanWoollett-Light
Epoll can be most safely used as a type. This implement a type `Epoll` which supports this.
Co-authored-by: Jonathan <jonathanwoollettlight@gmail.com>
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Alex Saveau <saveau.alexandre@gmail.com>
|
|
1909: More annoying formatting changes r=asomers a=SUPERCILEX
Extracted from https://github.com/nix-rust/nix/pull/1862
Co-authored-by: Alex Saveau <saveau.alexandre@gmail.com>
|
|
Signed-off-by: Alex Saveau <saveau.alexandre@gmail.com>
|
|
Signed-off-by: Alex Saveau <saveau.alexandre@gmail.com>
|
|
Signed-off-by: Alex Saveau <saveau.alexandre@gmail.com>
|
|
1902: Enable ucontext module on aarch64-unknown-linux-gnu r=asomers a=rtzoeller
Untested, but I saw https://github.com/rust-lang/libc/commit/fd32da6e7dfa2afcae86e176904244cf45a90c06 and figured we should uptake it.
Co-authored-by: Ryan Zoeller <rtzoeller@rtzoeller.com>
|
|
Signed-off-by: Alex Saveau <saveau.alexandre@gmail.com>
|
|
|
