about summary refs log tree commit diff
path: root/library/std/src/sys/unix
AgeCommit message (Collapse)AuthorLines
2022-03-14Add a `process_group` method to UNIX `CommandExt`Thomas Orozco-2/+80
2022-03-10Use implicit capture syntax in format_argsT-O-R-U-S-11/+11
This updates the standard library's documentation to use the new syntax. The documentation is worthwhile to update as it should be more idiomatic (particularly for features like this, which are nice for users to get acquainted with). The general codebase is likely more hassle than benefit to update: it'll hurt git blame, and generally updates can be done by folks updating the code if (and when) that makes things more readable with the new format. A few places in the compiler and library code are updated (mostly just due to already having been done when this commit was first authored).
2022-03-09add as_raw() method to L4Re's Socket mockBenjamin Lamowski-0/+5
Minimally comply with with #87329 to avoid breaking tests on L4Re.
2022-03-09adapt L4Re network interface mock to #87329Benjamin Lamowski-9/+34
Copy the relevant trait implementations from the Unix default.
2022-03-09L4Re does not support sanitizing standard streamsBenjamin Lamowski-0/+1
L4Re provides limited POSIX support which includes support for standard I/O streams, and a limited implementation of the standard file handling API. However, because as a capability based OS it strives to only make a local view available to each application, there are currently no standardized special files like /dev/null that could serve to sanitize closed standard FDs. For now, skip any attempts to sanitize standard streams until a more complete POSIX runtime is available.
2022-03-09drop unused libc imports on L4ReBenjamin Lamowski-1/+4
As a capability-based microkernel OS, L4Re only has incomplete support for POSIX APIs, in particular it does not implement UIDs and GIDs.
2022-03-09fix return value of LookupHost::port()Sebastian Humenda-1/+1
[Benjamin Lamowski: Reworded commit message after split commit.]
2022-03-09fix return values in L4Re networking stubSebastian Humenda-4/+4
[Benjamin Lamowski: Reworded commit message after split commit.]
2022-03-09Auto merge of #94750 - cuviper:dirent64_min, r=joshtriplettbors-10/+47
unix: reduce the size of DirEntry On platforms where we call `readdir` instead of `readdir_r`, we store the name as an allocated `CString` for variable length. There's no point carrying around a full `dirent64` with its fixed-length `d_name` too.
2022-03-08Rollup merge of #94724 - cuviper:rmdirall-cstr, r=Dylan-DPCDylan DPC-10/+9
unix: Avoid name conversions in `remove_dir_all_recursive` Each recursive call was creating an `OsString` for a `&Path`, only for it to be turned into a `CString` right away. Instead we can directly pass `.name_cstr()`, saving two allocations each time.
2022-03-08unix: reduce the size of DirEntryJosh Stone-10/+47
On platforms where we call `readdir` instead of `readdir_r`, we store the name as an allocated `CString` for variable length. There's no point carrying around a full `dirent64` with its fixed-length `d_name` too.
2022-03-08remove_dir_all: use fallback implementation on MiriRalf Jung-3/+3
2022-03-07unix: Avoid name conversions in `remove_dir_all_recursive`Josh Stone-10/+9
Each recursive call was creating an `OsString` for a `&Path`, only for it to be turned into a `CString` right away. Instead we can directly pass `.name_cstr()`, saving two allocations each time.
2022-03-07promot debug_assert to assertFausto-3/+3
2022-03-07Auto merge of #94272 - tavianator:readdir-reclen-for-real, r=cuviperbors-5/+9
fs: Don't dereference a pointer to a too-small allocation ptr::addr_of!((*ptr).field) still requires ptr to point to an appropriate allocation for its type. Since the pointer returned by readdir() can be smaller than sizeof(struct dirent), we need to entirely avoid dereferencing it as that type. Link: https://github.com/rust-lang/miri/pull/1981#issuecomment-1048278492 Link: https://github.com/rust-lang/rust/pull/93459#discussion_r795089971
2022-03-06Rollup merge of #94649 - ChrisDenton:unix-absolute-fix, r=Dylan-DPCfee1-dead-1/+2
Unix path::absolute: Fix leading "." component Testing leading `.` and `..` components were missing from the unix tests. This PR adds them and fixes the leading `.` case. It also fixes the test cases so that they do an exact comparison. This problem reported by ``@axetroy``
2022-03-05Unix `path::absolute`: Fix leading "." componentChris Denton-1/+2
Testing leading `.` and `..` components were missing from the unix tests.
2022-03-05do not attempt to open cgroup files under MiriRalf Jung-0/+5
2022-03-05Rollup merge of #94446 - rusticstuff:remove_dir_all-illumos-fix, r=cuviperDylan DPC-131/+74
UNIX `remove_dir_all()`: Try recursing first on the slow path This only affects the _slow_ code path - if there is no `dirent.d_type` or if it is `DT_UNKNOWN`. POSIX specifies that calling `unlink()` or `unlinkat(..., 0)` on a directory is allowed to succeed: > The _path_ argument shall not name a directory unless the process has appropriate privileges and the implementation supports using _unlink()_ on directories. This however can cause dangling inodes requiring an fsck e.g. on Illumos UFS, so we have to avoid that in the common case. We now just try to recurse into it first and unlink() if we can't open it as a directory. The other two commits integrate the Macos x86-64 implementation reducing redundancy. Split into two commits for better reviewing. Fixes #94335.
2022-03-04Integrate macos x86-64 remove_dir_all() impl. Step 2: readdHans Kratz-6/+60
2022-03-04Integrate macos x86-64 remove_dir_all() impl. Step 1: removeHans Kratz-118/+0
2022-03-04remove_dir_all(): try recursing first instead of trying to unlink()Hans Kratz-15/+22
This only affects the `slow` code path, if there is no `dirent.d_type` or if the type is `DT_UNKNOWN`. POSIX specifies that calling `unlink()` or `unlinkat(..., 0)` on a directory can succeed: > "The _path_ argument shall not name a directory unless the process has > appropriate privileges and the implementation supports using _unlink()_ on > directories." This however can cause orphaned directories requiring an fsck e.g. on Illumos UFS, so we have to avoid that in the common case. We now just try to recurse into it first and unlink() if we can't open it as a directory.
2022-03-03Rollup merge of #92697 - the8472:cgroups, r=joshtriplettMatthias Krüger-3/+82
Use cgroup quotas for calculating `available_parallelism` Automated tests for this are possible but would require a bunch of assumptions. It requires root + a recent kernel, systemd and maybe docker. And even then it would need a helper binary since the test has to run in a separate process. Limitations * only supports cgroup v2 and assumes it's mounted under `/sys/fs/cgroup` * procfs must be available * the quota gets mixed into `sched_getaffinity`, so if the latter doesn't work then quota information gets ignored too Manually tested via ``` // spawn a new cgroup scope for the current user $ sudo systemd-run -p CPUQuota="300%" --uid=$(id -u) -tdS // quota.rs #![feature(available_parallelism)] fn main() { println!("{:?}", std::thread::available_parallelism()); // prints Ok(3) } ``` strace: ``` sched_getaffinity(3041643, 32, [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47]) = 32 openat(AT_FDCWD, "/proc/self/cgroup", O_RDONLY|O_CLOEXEC) = 3 statx(0, NULL, AT_STATX_SYNC_AS_STAT, STATX_ALL, NULL) = -1 EFAULT (Bad address) statx(3, "", AT_STATX_SYNC_AS_STAT|AT_EMPTY_PATH, STATX_ALL, {stx_mask=STATX_BASIC_STATS|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0444, stx_size=0, ...}) = 0 lseek(3, 0, SEEK_CUR) = 0 read(3, "0::/system.slice/run-u31477.serv"..., 128) = 36 read(3, "", 92) = 0 close(3) = 0 statx(AT_FDCWD, "/sys/fs/cgroup/system.slice/run-u31477.service/cgroup.controllers", AT_STATX_SYNC_AS_STAT, STATX_ALL, {stx_mask=STATX_BASIC_STATS|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0444, stx_size=0, ...}) = 0 openat(AT_FDCWD, "/sys/fs/cgroup/system.slice/run-u31477.service/cpu.max", O_RDONLY|O_CLOEXEC) = 3 statx(3, "", AT_STATX_SYNC_AS_STAT|AT_EMPTY_PATH, STATX_ALL, {stx_mask=STATX_BASIC_STATS|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=0, ...}) = 0 lseek(3, 0, SEEK_CUR) = 0 read(3, "300000 100000\n", 20) = 14 read(3, "", 6) = 0 close(3) = 0 openat(AT_FDCWD, "/sys/fs/cgroup/system.slice/cpu.max", O_RDONLY|O_CLOEXEC) = 3 statx(3, "", AT_STATX_SYNC_AS_STAT|AT_EMPTY_PATH, STATX_ALL, {stx_mask=STATX_BASIC_STATS|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=0, ...}) = 0 lseek(3, 0, SEEK_CUR) = 0 read(3, "max 100000\n", 20) = 11 read(3, "", 9) = 0 close(3) = 0 openat(AT_FDCWD, "/sys/fs/cgroup/cpu.max", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) sched_getaffinity(0, 128, [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47]) = 40 ``` r? ```````@joshtriplett``````` cc ```````@yoshuawuyts``````` Tracking issue and previous discussion: #74479
2022-03-03Rollup merge of #93663 - sunfishcode:sunfishcode/as-raw-name, r=joshtriplettDylan DPC-6/+6
Rename `BorrowedFd::borrow_raw_fd` to `BorrowedFd::borrow_raw`. Also, rename `BorrowedHandle::borrow_raw_handle` and `BorrowedSocket::borrow_raw_socket` to `BorrowedHandle::borrow_raw` and `BorrowedSocket::borrow_raw`. This is just a minor rename to reduce redundancy in the user code calling these functions, and to eliminate an inessential difference between `BorrowedFd` code and `BorrowedHandle`/`BorrowedSocket` code. While here, add a simple test exercising `BorrowedFd::borrow_raw_fd`. r? ``````@joshtriplett``````
2022-03-03hardcode /sys/fs/cgroup instead of doing a lookup via mountinfoThe 8472-53/+67
this avoids parsing mountinfo which can be huge on some systems and something might be emulating cgroup fs for sandboxing reasons which means it wouldn't show up as mountpoint additionally the new implementation operates on a single pathbuffer, reducing allocations
2022-03-03Use cgroup quotas for calculating `available_parallelism`The 8472-3/+68
Manually tested via ``` // spawn a new cgroup scope for the current user $ sudo systemd-run -p CPUQuota="300%" --uid=$(id -u) -tdS // quota.rs #![feature(available_parallelism)] fn main() { println!("{:?}", std::thread::available_parallelism()); // prints Ok(3) } ``` Caveats * cgroup v1 is ignored * funky mountpoints (containing spaces, newlines or control chars) for cgroupfs will not be handled correctly since that would require unescaping /proc/self/mountinfo The escaping behavior of procfs seems to be undocumented. systemd and docker default to `/sys/fs/cgroup` so it should be fine for most systems. * quota will be ignored when `sched_getaffinity` doesn't work * assumes procfs is mounted under `/proc` and cgroupfs mounted and readable somewhere in the directory tree
2022-03-01Provide C FFI types via core::ffi, not just in stdJosh Triplett-3/+3
The ability to interoperate with C code via FFI is not limited to crates using std; this allows using these types without std. The existing types in `std::os::raw` become type aliases for the ones in `core::ffi`. This uses type aliases rather than re-exports, to allow the std types to remain stable while the core types are unstable. This also moves the currently unstable `NonZero_` variants and `c_size_t`/`c_ssize_t`/`c_ptrdiff_t` types to `core::ffi`, while leaving them unstable.
2022-02-23fs: Don't dereference a pointer to a too-small allocationTavian Barnes-5/+9
ptr::addr_of!((*ptr).field) still requires ptr to point to an appropriate allocation for its type. Since the pointer returned by readdir() can be smaller than sizeof(struct dirent), we need to entirely avoid dereferencing it as that type. Link: https://github.com/rust-lang/miri/pull/1981#issuecomment-1048278492 Link: https://github.com/rust-lang/rust/pull/93459#discussion_r795089971
2022-02-20solarish current_exe using libc call directlyDavid Carlier-4/+1
2022-02-13Auto merge of #91673 - ChrisDenton:path-absolute, r=Mark-Simulacrumbors-1/+43
`std::path::absolute` Implements #59117 by adding a `std::path::absolute` function that creates an absolute path without reading the filesystem. This is intended to be a drop-in replacement for [`std::fs::canonicalize`](https://doc.rust-lang.org/std/fs/fn.canonicalize.html) in cases where it isn't necessary to resolve symlinks. It can be used on paths that don't exist or where resolving symlinks is unwanted. It can also be used to avoid circumstances where `canonicalize` might otherwise fail. On Windows this is a wrapper around [`GetFullPathNameW`](https://docs.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-getfullpathnamew). On Unix it partially implements the POSIX [pathname resolution](https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap04.html#tag_04_13) specification, stopping just short of actually resolving symlinks.
2022-02-13make Instant::{duration_since, elapsed, sub} saturating and remove workaroundsThe8472-19/+0
This removes all mutex/atomics based workarounds for non-monotonic clocks and makes the previously panicking methods saturating instead. Effectively this moves the monotonization from `Instant` construction to the comparisons. This has some observable effects, especially on platforms without monotonic clocks: * Incorrectly ordered Instant comparisons no longer panic. This may hide some programming errors until someone actually looks at the resulting `Duration` * `checked_duration_since` will now return `None` in more cases. Previously it only happened when one compared instants obtained in the wrong order or manually created ones. Now it also does on backslides. The upside is reduced complexity and lower overhead of `Instant::now`.
2022-02-10Rename to `InvalidFilename`Yuki Okushi-1/+1
2022-02-10Rename `FilenameTooLong` to `FilenameInvalid`Yuki Okushi-1/+1
2022-02-09Rollup merge of #93445 - yaahc:exitcode-constructor, r=dtolnayYuki Okushi-0/+6
Add From<u8> for ExitCode This should cover a mostly cross-platform subset of supported exit codes. We decided to stick with `u8` initially since its the common subset between all platforms that we support (excluding wasm which I think only works with `true` or `false`). Posix is supposed to take i32s, but in practice many unix platforms mask out all but the low 8 bits or in some cases the 8-15th bits. Windows takes a u32 instead of an i32. Bourne-compatible shells also report signals as exitcode 128 + `signal_no`, so there's some ambiguity there when returning exit codes > 127, but it is possible to disambiguate them on the other side so we decided against restricting the possible codes further than to `u8`. ## Related - Detailed analysis of exit code support on various platforms: https://internals.rust-lang.org/t/mini-pre-rfc-redesigning-process-exitstatus/5426 - https://github.com/rust-lang/rust/issues/48711 - https://github.com/rust-lang/rust/issues/43301 - https://rust-lang.zulipchat.com/#narrow/stream/219381-t-libs/topic/Termination.2FExit.20Status.20Stabilization
2022-02-08Fix `absolute` issuesChris Denton-2/+1
2022-02-08`std::path::absolute`Chris Denton-1/+44
2022-02-06Add From<u8> for ExitCodeJane Lusby-0/+6
This should cover a mostly cross-platform subset of supported exit codes.
2022-02-04Hide Repr details from io::Error, and rework `io::Error::new_const`.Thom Chiovoloni-52/+46
2022-02-04Rename `BorrowedFd::borrow_raw_fd` to `BorrowedFd::borrow_raw`.Dan Gohman-6/+6
Also, rename `BorrowedHandle::borrow_raw_handle` and `BorrowedSocket::borrow_raw_socket` to `BorrowedHandle::borrow_raw` and `BorrowedSocket::borrow_raw`. This is just a minor rename to reduce redundancy in the user code calling these functions, and to eliminate an inessential difference between `BorrowedFd` code and `BorrowedHandle`/`BorrowedSocket` code. While here, add a simple test exercising `BorrowedFd::borrow_raw_fd`.
2022-01-31fix error handling for pthread_sigmask(3)Ralf Sager-5/+5
Errors from pthread_sigmask(3) were handled using cvt(), which expects a return value of -1 on error and uses errno. However, pthread_sigmask(3) returns 0 on success and an error number otherwise. Fix it by replacing cvt() with cvt_nz().
2022-01-31Rollup merge of #93471 - cuviper:direntry-file_type-stat, r=the8472Matthias Krüger-2/+2
unix: Use metadata for `DirEntry::file_type` fallback When `DirEntry::file_type` fails to match a known `d_type`, we should fall back to `DirEntry::metadata` instead of a bare `lstat`, because this is faster and more reliable on targets with `fstatat`.
2022-01-29unix: Use metadata for `DirEntry::file_type` fallbackJosh Stone-2/+2
When `DirEntry::file_type` fails to match a known `d_type`, we should fall back to `DirEntry::metadata` instead of a bare `lstat`, because this is faster and more reliable on targets with `fstatat`.
2022-01-29fs: Don't copy d_name from struct direntTavian Barnes-2/+10
The dirent returned from readdir() is only guaranteed to be valid for d_reclen bytes on common platforms. Since we copy the name separately anyway, we can copy everything except d_name into DirEntry::entry. Fixes #93384.
2022-01-29Auto merge of #93351 - anp:fuchsia-remove-dir-all, r=tmandrybors-2/+0
Bump libc and fix remove_dir_all on Fuchsia after CVE fix With the previous `is_dir` impl, we would attempt to unlink a directory in the None branch, but Fuchsia supports returning ENOTEMPTY from unlinkat() without the AT_REMOVEDIR flag because we don't currently differentiate unlinking files and directories by default. On the Fuchsia side I've opened https://fxbug.dev/92273 to discuss whether this is the correct behavior, but it doesn't seem like addressing the error code is necessary to make our tests happy. Depends on https://github.com/rust-lang/libc/pull/2654 since we apparently haven't needed to reference DT_UNKNOWN before this.
2022-01-28Fix remove_dir_all on Fuchsia after CVE fix.Adam Perry-2/+0
With the previous `is_dir` impl, we would attempt to unlink a directory in the None branch, but Fuchsia supports returning ENOTEMPTY from unlinkat() without the AT_REMOVEDIR flag because we don't currently differentiate unlinking files and directories by default. On the Fuchsia side I've opened https://fxbug.dev/92273 to discuss whether this is the correct behavior, but it doesn't seem like addressing the error code is necessary to make our tests happy. Updates std's libc crate to include DT_UNKNOWN for Fuchsia.
2022-01-26Rollup merge of #92778 - tavianator:linux-readdir-no-r, r=joshtriplettMatthias Krüger-36/+58
fs: Use readdir() instead of readdir_r() on Linux and Android See #40021 for more details. Fixes #86649. Fixes #34668.
2022-01-25Rollup merge of #88794 - sunfishcode:sunfishcode/try-clone, r=joshtriplettMatthias Krüger-15/+2
Add a `try_clone()` function to `OwnedFd`. As suggested in #88564. This adds a `try_clone()` to `OwnedFd` by refactoring the code out of the existing `File`/`Socket` code. r? ``@joshtriplett``
2022-01-24Rollup merge of #93152 - ivmarkov:master, r=m-ou-seMatthias Krüger-3/+7
Fix STD compilation for the ESP-IDF target (regression from CVE-2022-21658) Commit https://github.com/rust-lang/rust/commit/54e22eb7dbb615bd44355028d3fd867aa93c0972 broke the compilation of STD for the ESP-IDF embedded "unix-like" Tier 3 target, because the fix for [CVE-2022-21658](https://blog.rust-lang.org/2022/01/20/Rust-1.58.1.html) uses [libc flags](https://github.com/esp-rs/esp-idf-svc/runs/4892221554?check_suite_focus=true) which are not supported on the ESP-IDF platform. This PR simply redirects the ESP-IDF compilation to the "classic" implementation, similar to REDOX. This should be safe because: * Neither of the two filesystems supported by ESP-IDF (spiffs and fatfs) support [symlinks](https://github.com/natevw/fatfs/blob/master/README.md) in the first place * There is no notion of fs permissions at all, as the ESP-IDF is an embedded platform that does not have the notion of users, groups, etc. * Similarly, ESP-IDF has just one "process" - the firmware itself - which contains the user code and the "OS" fused together and running with all permissions
2022-01-22Rollup merge of #92828 - Amanieu:unwind-abort, r=dtolnayMatthias Krüger-1/+6
Print a helpful message if unwinding aborts when it reaches a nounwind function This is implemented by routing `TerminatorKind::Abort` back through the panic handler, but with a special flag in the `PanicInfo` which indicates that the panic handler should *not* attempt to unwind the stack and should instead abort immediately. This is useful for the planned change in https://github.com/rust-lang/lang-team/issues/97 which would make `Drop` impls `nounwind` by default. ### Code ```rust #![feature(c_unwind)] fn panic() { panic!() } extern "C" fn nounwind() { panic(); } fn main() { nounwind(); } ``` ### Before ``` $ ./test thread 'main' panicked at 'explicit panic', test.rs:4:5 note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace Illegal instruction (core dumped) ``` ### After ``` $ ./test thread 'main' panicked at 'explicit panic', test.rs:4:5 note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace thread 'main' panicked at 'panic in a function that cannot unwind', test.rs:7:1 stack backtrace: 0: 0x556f8f86ec9b - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::hdccefe11a6ac4396 1: 0x556f8f88ac6c - core::fmt::write::he152b28c41466ebb 2: 0x556f8f85d6e2 - std::io::Write::write_fmt::h0c261480ab86f3d3 3: 0x556f8f8654fa - std::panicking::default_hook::{{closure}}::h5d7346f3ff7f6c1b 4: 0x556f8f86512b - std::panicking::default_hook::hd85803a1376cac7f 5: 0x556f8f865a91 - std::panicking::rust_panic_with_hook::h4dc1c5a3036257ac 6: 0x556f8f86f079 - std::panicking::begin_panic_handler::{{closure}}::hdda1d83c7a9d34d2 7: 0x556f8f86edc4 - std::sys_common::backtrace::__rust_end_short_backtrace::h5b70ed0cce71e95f 8: 0x556f8f865592 - rust_begin_unwind 9: 0x556f8f85a764 - core::panicking::panic_no_unwind::h2606ab3d78c87899 10: 0x556f8f85b910 - test::nounwind::hade6c7ee65050347 11: 0x556f8f85b936 - test::main::hdc6e02cb36343525 12: 0x556f8f85b7e3 - core::ops::function::FnOnce::call_once::h4d02663acfc7597f 13: 0x556f8f85b739 - std::sys_common::backtrace::__rust_begin_short_backtrace::h071d40135adb0101 14: 0x556f8f85c149 - std::rt::lang_start::{{closure}}::h70dbfbf38b685e93 15: 0x556f8f85c791 - std::rt::lang_start_internal::h798f1c0268d525aa 16: 0x556f8f85c131 - std::rt::lang_start::h476a7ee0a0bb663f 17: 0x556f8f85b963 - main 18: 0x7f64c0822b25 - __libc_start_main 19: 0x556f8f85ae8e - _start 20: 0x0 - <unknown> thread panicked while panicking. aborting. Aborted (core dumped) ```
2022-01-21Old versions of Android generate SIGSEGV from libc::abortAmanieu d'Antras-1/+6