wasmer_wasix/syscalls/wasix/

path_open2.rs

use super::*;
use crate::VIRTUAL_ROOT_FD;
use crate::syscalls::*;

/// ### `path_open()`
/// Open file located at the given path
/// Inputs:
/// - `Fd dirfd`
///     The fd corresponding to the directory that the file is in
/// - `LookupFlags dirflags`
///     Flags specifying how the path will be resolved
/// - `char *path`
///     The path of the file or directory to open
/// - `u32 path_len`
///     The length of the `path` string
/// - `Oflags o_flags`
///     How the file will be opened
/// - `Rights fs_rights_base`
///     The rights of the created file descriptor
/// - `Rights fs_rightsinheriting`
///     The rights of file descriptors derived from the created file descriptor
/// - `Fdflags fs_flags`
///     The flags of the file descriptor
/// Output:
/// - `Fd* fd`
///     The new file descriptor
/// Possible Errors:
/// - `Errno::Access`, `Errno::Badf`, `Errno::Fault`, `Errno::Fbig?`, `Errno::Inval`, `Errno::Io`, `Errno::Loop`, `Errno::Mfile`, `Errno::Nametoolong?`, `Errno::Nfile`, `Errno::Noent`, `Errno::Notdir`, `Errno::Rofs`, and `Errno::Notcapable`
#[instrument(level = "trace", skip_all, fields(%dirfd, path = field::Empty, follow_symlinks = field::Empty, ret_fd = field::Empty), ret)]
pub fn path_open2<M: MemorySize>(
    mut ctx: FunctionEnvMut<'_, WasiEnv>,
    dirfd: WasiFd,
    dirflags: LookupFlags,
    path: WasmPtr<u8, M>,
    path_len: M::Offset,
    o_flags: Oflags,
    fs_rights_base: Rights,
    fs_rights_inheriting: Rights,
    fs_flags: Fdflags,
    fd_flags: Fdflagsext,
    fd: WasmPtr<WasiFd, M>,
) -> Result<Errno, WasiError> {
    WasiEnv::do_pending_operations(&mut ctx)?;

    if dirflags & __WASI_LOOKUP_SYMLINK_FOLLOW != 0 {
        Span::current().record("follow_symlinks", true);
    }
    let env = ctx.data();
    let (memory, mut state, mut inodes) =
        unsafe { env.get_memory_and_wasi_state_and_inodes(&ctx, 0) };
    /* TODO: find actual upper bound on name size (also this is a path, not a name :think-fish:) */
    let path_len64: u64 = path_len.into();
    if path_len64 > 1024u64 * 1024u64 {
        return Ok(Errno::Nametoolong);
    }

    if path_len64 == 0 {
        return Ok(Errno::Noent);
    }

    // o_flags:
    // - __WASI_O_CREAT (create if it does not exist)
    // - __WASI_O_DIRECTORY (fail if not dir)
    // - __WASI_O_EXCL (fail if file exists)
    // - __WASI_O_TRUNC (truncate size to 0)

    let path_string = unsafe { get_input_str_ok!(&memory, path, path_len) };
    Span::current().record("path", path_string.as_str());

    let out_fd = wasi_try_ok!(path_open_internal(
        ctx.data(),
        dirfd,
        dirflags,
        &path_string,
        o_flags,
        fs_rights_base,
        fs_rights_inheriting,
        fs_flags,
        fd_flags,
        None,
    )?);
    let env = ctx.data();

    #[cfg(feature = "journal")]
    if env.enable_journal {
        JournalEffector::save_path_open(
            &mut ctx,
            out_fd,
            dirfd,
            dirflags,
            path_string,
            o_flags,
            fs_rights_base,
            fs_rights_inheriting,
            fs_flags,
            fd_flags,
        )
        .map_err(|err| {
            tracing::error!("failed to save unlink event - {}", err);
            WasiError::Exit(ExitCode::from(Errno::Fault))
        })?;
    }

    let env = ctx.data();
    let (memory, mut state, mut inodes) =
        unsafe { env.get_memory_and_wasi_state_and_inodes(&ctx, 0) };

    Span::current().record("ret_fd", out_fd);

    let fd_ref = fd.deref(&memory);
    wasi_try_mem_ok!(fd_ref.write(out_fd));

    Ok(Errno::Success)
}

pub(crate) fn path_open_internal(
    env: &WasiEnv,
    dirfd: WasiFd,
    dirflags: LookupFlags,
    path: &str,
    o_flags: Oflags,
    fs_rights_base: Rights,
    fs_rights_inheriting: Rights,
    fs_flags: Fdflags,
    fd_flags: Fdflagsext,
    with_fd: Option<WasiFd>,
) -> Result<Result<WasiFd, Errno>, WasiError> {
    fn implied_fd_rights(has_read_access: bool, has_write_access: bool) -> Rights {
        let mut rights = Rights::FD_ADVISE | Rights::FD_TELL | Rights::FD_SEEK;

        if has_read_access {
            rights |= Rights::FD_READ | Rights::FD_FILESTAT_GET;
        }

        if has_write_access {
            rights |= Rights::FD_DATASYNC
                | Rights::FD_FDSTAT_SET_FLAGS
                | Rights::FD_WRITE
                | Rights::FD_SYNC
                | Rights::FD_ALLOCATE
                | Rights::FD_FILESTAT_GET
                | Rights::FD_FILESTAT_SET_SIZE
                | Rights::FD_FILESTAT_SET_TIMES;
        }

        rights
    }

    let state = env.state.deref();
    let inodes = &state.inodes;
    let follow_symlinks = dirflags & __WASI_LOOKUP_SYMLINK_FOLLOW != 0;
    let effective_dirfd = if path.starts_with('/') {
        VIRTUAL_ROOT_FD
    } else {
        dirfd
    };
    let path_arg = std::path::PathBuf::from(path);
    let working_dir = match state.fs.get_fd(effective_dirfd) {
        Ok(fd) => fd,
        Err(err) => return Ok(Err(err)),
    };
    let maybe_inode = state
        .fs
        .get_inode_at_path(inodes, effective_dirfd, path, follow_symlinks);
    let working_dir_rights_inheriting = working_dir.inner.rights_inheriting;

    // ASSUMPTION: open rights apply recursively
    if !working_dir.inner.rights.contains(Rights::PATH_OPEN) {
        return Ok(Err(Errno::Access));
    }

    let mut open_flags = 0;
    // TODO: traverse rights of dirs properly
    // COMMENTED OUT: WASI isn't giving appropriate rights here when opening
    //              TODO: look into this; file a bug report if this is a bug
    //
    let has_read_access = fs_rights_base.contains(Rights::FD_READ);
    let has_write_access = fs_rights_base.contains(Rights::FD_WRITE)
        || fs_flags.contains(Fdflags::APPEND)
        || o_flags.contains(Oflags::TRUNC)
        || o_flags.contains(Oflags::CREATE);
    let requested_base_rights =
        fs_rights_base | implied_fd_rights(has_read_access, has_write_access);

    // Maximum rights: whatever the parent fd may delegate
    // Minimum rights: whatever rights the caller requested or the open mode implies
    let adjusted_rights = requested_base_rights & working_dir_rights_inheriting;
    let adjusted_rights_inheriting = fs_rights_inheriting & working_dir_rights_inheriting;
    let mut open_options = state.fs_new_open_options();

    let target_rights = match maybe_inode {
        Ok(_) => {
            let write_permission = adjusted_rights.contains(Rights::FD_WRITE);

            // append, truncate, and create all require the permission to write
            let (append_permission, truncate_permission, create_permission) = if write_permission {
                (
                    fs_flags.contains(Fdflags::APPEND),
                    o_flags.contains(Oflags::TRUNC),
                    o_flags.contains(Oflags::CREATE),
                )
            } else {
                (false, false, false)
            };

            virtual_fs::OpenOptionsConfig {
                read: adjusted_rights.contains(Rights::FD_READ),
                write: write_permission,
                create_new: create_permission && o_flags.contains(Oflags::EXCL),
                create: create_permission,
                append: append_permission,
                truncate: truncate_permission,
            }
        }
        Err(_) => virtual_fs::OpenOptionsConfig {
            append: fs_flags.contains(Fdflags::APPEND),
            write: adjusted_rights.contains(Rights::FD_WRITE),
            read: adjusted_rights.contains(Rights::FD_READ),
            create_new: o_flags.contains(Oflags::CREATE) && o_flags.contains(Oflags::EXCL),
            create: o_flags.contains(Oflags::CREATE),
            truncate: o_flags.contains(Oflags::TRUNC),
        },
    };

    let parent_rights = virtual_fs::OpenOptionsConfig {
        read: working_dir.inner.rights.contains(Rights::FD_READ),
        write: working_dir.inner.rights.contains(Rights::FD_WRITE),
        // The parent is a directory, which is why these options
        // aren't inherited from the parent (append / truncate doesn't work on directories)
        create_new: true,
        create: true,
        append: true,
        truncate: true,
    };

    let minimum_rights = target_rights.minimum_rights(&parent_rights);

    open_options.options(minimum_rights.clone());

    // Regular files share a single inode-level handle across all WASIX file
    // descriptors, so prefer opening that shared handle with duplex access.
    // That lets a later read-only fd keep working after an earlier write-only
    // open (and vice versa). If the backing filesystem denies duplex access,
    // fall back to the narrower requested mode.
    let open_shared_file_handle =
        |path: &std::path::Path,
         requested_config: virtual_fs::OpenOptionsConfig,
         shared_config: virtual_fs::OpenOptionsConfig|
         -> Result<Box<dyn VirtualFile + Send + Sync + 'static>, Errno> {
            let mut open_options = state.fs_new_open_options();
            open_options.options(shared_config.clone());
            match open_options.open(path) {
                Ok(handle) => Ok(handle),
                Err(FsError::PermissionDenied)
                    if shared_config.read != requested_config.read
                        || shared_config.write != requested_config.write =>
                {
                    let mut open_options = state.fs_new_open_options();
                    open_options.options(requested_config);
                    open_options.open(path).map_err(fs_error_into_wasi_err)
                }
                Err(err) => Err(fs_error_into_wasi_err(err)),
            }
        };

    let orig_path = path;

    let inode = if let Ok(inode) = maybe_inode {
        // Happy path, we found the file we're trying to open
        let processing_inode = inode.clone();
        let mut guard = processing_inode.write();

        let deref_mut = guard.deref_mut();

        if o_flags.contains(Oflags::EXCL) && o_flags.contains(Oflags::CREATE) {
            return Ok(Err(Errno::Exist));
        }

        match deref_mut {
            Kind::File {
                handle, path, fd, ..
            } => {
                if let Some(special_fd) = fd {
                    // short circuit if we're dealing with a special file
                    assert!(handle.is_some());
                    return Ok(Ok(*special_fd));
                }
                if o_flags.contains(Oflags::DIRECTORY) || orig_path.ends_with('/') {
                    return Ok(Err(Errno::Notdir));
                }

                let requested_config = open_options
                    .write(minimum_rights.write)
                    .create(minimum_rights.create)
                    .append(false)
                    .truncate(minimum_rights.truncate)
                    .get_config();
                let shared_config = virtual_fs::OpenOptionsConfig {
                    read: true,
                    write: true,
                    ..requested_config.clone()
                };

                if minimum_rights.read {
                    open_flags |= Fd::READ;
                }
                if minimum_rights.write {
                    open_flags |= Fd::WRITE;
                }
                if minimum_rights.create {
                    open_flags |= Fd::CREATE;
                }
                if minimum_rights.truncate {
                    open_flags |= Fd::TRUNCATE;
                }
                // Keep a stable shared handle per inode whenever possible, but reopen it
                // when this open requires stronger rights than the existing handle may have.
                let requires_stronger_handle =
                    minimum_rights.write || minimum_rights.truncate || minimum_rights.create;
                if handle.is_none() {
                    *handle = Some(Arc::new(std::sync::RwLock::new(wasi_try_ok_ok!(
                        open_shared_file_handle(
                            path.as_path(),
                            requested_config.clone(),
                            shared_config.clone()
                        )
                    ))));
                } else if requires_stronger_handle {
                    let mut file = handle.as_ref().unwrap().write().unwrap();
                    *file = wasi_try_ok_ok!(open_shared_file_handle(
                        path.as_path(),
                        requested_config.clone(),
                        shared_config.clone(),
                    ));
                }

                if let Some(handle) = handle {
                    let handle = handle.read().unwrap();
                    if let Some(fd) = handle.get_special_fd() {
                        // We clone the file descriptor so that when its closed
                        // nothing bad happens
                        let dup_fd = wasi_try_ok_ok!(state.fs.clone_fd(fd));
                        trace!(
                            %dup_fd
                        );

                        // some special files will return a constant FD rather than
                        // actually open the file (/dev/stdin, /dev/stdout, /dev/stderr)
                        return Ok(Ok(dup_fd));
                    }
                }
            }
            Kind::Buffer { .. } => unimplemented!("wasi::path_open for Buffer type files"),
            Kind::Root { .. } => {
                if !o_flags.contains(Oflags::DIRECTORY) {
                    return Ok(Err(Errno::Isdir));
                }
            }
            Kind::Dir { .. } => {
                if fs_rights_base.contains(Rights::FD_WRITE) {
                    return Ok(Err(Errno::Isdir));
                }
            }
            Kind::Socket { .. }
            | Kind::PipeTx { .. }
            | Kind::PipeRx { .. }
            | Kind::DuplexPipe { .. }
            | Kind::EventNotifications { .. }
            | Kind::Epoll { .. } => {}
            Kind::Symlink {
                base_po_dir,
                path_to_symlink,
                relative_path,
            } => {
                // Resolve the symlink via the existing path traversal logic and restart
                // path_open with lookup-follow semantics for this resolved path.
                let (resolved_base_fd, resolved_path) = if relative_path.is_absolute() {
                    (VIRTUAL_ROOT_FD, relative_path.clone())
                } else {
                    let mut resolved_path = path_to_symlink.clone();
                    resolved_path.pop();
                    resolved_path.push(relative_path);
                    (*base_po_dir, resolved_path)
                };
                return path_open_internal(
                    env,
                    resolved_base_fd,
                    __WASI_LOOKUP_SYMLINK_FOLLOW,
                    &resolved_path.to_string_lossy(),
                    o_flags,
                    fs_rights_base,
                    fs_rights_inheriting,
                    fs_flags,
                    fd_flags,
                    with_fd,
                );
            }
        }
        inode
    } else {
        // less-happy path, we have to try to create the file
        if o_flags.contains(Oflags::CREATE) {
            if o_flags.contains(Oflags::DIRECTORY) {
                return Ok(Err(Errno::Notdir));
            }

            // Trailing slash matters. But the underlying opener normalizes it away later.
            if path.ends_with('/') {
                return Ok(Err(Errno::Isdir));
            }

            // strip end file name

            let (parent_inode, new_entity_name) =
                wasi_try_ok_ok!(state.fs.get_parent_inode_at_path(
                    inodes,
                    effective_dirfd,
                    &path_arg,
                    follow_symlinks
                ));
            let new_file_host_path = {
                let guard = parent_inode.read();
                match guard.deref() {
                    Kind::Dir { path, .. } => {
                        let mut new_path = path.clone();
                        new_path.push(&new_entity_name);
                        new_path
                    }
                    Kind::Root { .. } => {
                        let mut new_path = std::path::PathBuf::new();
                        new_path.push(&new_entity_name);
                        new_path
                    }
                    _ => return Ok(Err(Errno::Notdir)),
                }
            };
            // once we got the data we need from the parent, we lookup the host file
            // todo: extra check that opening with write access is okay
            let handle = {
                // We set create_new because the path already didn't resolve to an existing file,
                // so it must be created.
                let requested_config = open_options
                    .read(minimum_rights.read)
                    .append(minimum_rights.append)
                    .write(minimum_rights.write)
                    .create_new(true)
                    .get_config();
                let shared_config = virtual_fs::OpenOptionsConfig {
                    read: true,
                    write: true,
                    ..requested_config.clone()
                };

                if minimum_rights.read {
                    open_flags |= Fd::READ;
                }
                if minimum_rights.write {
                    open_flags |= Fd::WRITE;
                }
                if minimum_rights.create_new {
                    open_flags |= Fd::CREATE;
                }
                if minimum_rights.truncate {
                    open_flags |= Fd::TRUNCATE;
                }

                match open_shared_file_handle(
                    new_file_host_path.as_path(),
                    requested_config,
                    shared_config,
                ) {
                    Ok(handle) => Some(handle),
                    Err(err) => {
                        // Even though the file does not exist, it still failed to create with
                        // `AlreadyExists` error.  This can happen if the path resolves to a
                        // symlink that points outside the FS sandbox.
                        if err == Errno::Exist {
                            return Ok(Err(Errno::Perm));
                        }

                        return Ok(Err(err));
                    }
                }
            };

            let new_inode = {
                let kind = Kind::File {
                    handle: handle.map(|a| Arc::new(std::sync::RwLock::new(a))),
                    path: new_file_host_path,
                    fd: None,
                };
                wasi_try_ok_ok!(
                    state
                        .fs
                        .create_inode(inodes, kind, false, new_entity_name.clone())
                )
            };

            {
                let mut guard = parent_inode.write();
                if let Kind::Dir { entries, .. } = guard.deref_mut() {
                    entries.insert(new_entity_name, new_inode.clone());
                }
            }

            new_inode
        } else {
            return Ok(Err(maybe_inode.unwrap_err()));
        }
    };

    // TODO: check and reduce these
    // TODO: ensure a mutable fd to root can never be opened
    let out_fd = wasi_try_ok_ok!(if let Some(fd) = with_fd {
        state
            .fs
            .with_fd(
                adjusted_rights,
                adjusted_rights_inheriting,
                fs_flags,
                fd_flags,
                open_flags,
                inode,
                fd,
            )
            .map(|_| fd)
    } else {
        state.fs.create_fd(
            adjusted_rights,
            adjusted_rights_inheriting,
            fs_flags,
            fd_flags,
            open_flags,
            inode,
        )
    });

    Ok(Ok(out_fd))
}