redox_syscall 0.7.4

A Rust library to access raw Redox system calls
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457

use bitflags::bitflags as inner_bitflags;
use core::{mem, ops::Deref, slice};

macro_rules! bitflags {
    (
        $(#[$outer:meta])*
        pub struct $BitFlags:ident: $T:ty {
            $(
                $(#[$inner:ident $($args:tt)*])*
                const $Flag:ident = $value:expr;
            )+
        }
    ) => {
        // First, use the inner bitflags
        inner_bitflags! {
            #[derive(PartialEq, Eq, PartialOrd, Ord, Hash, Debug, Clone, Copy, Default)]
            $(#[$outer])*
            pub struct $BitFlags: $T {
                $(
                    $(#[$inner $($args)*])*
                    const $Flag = $value;
                )+
            }
        }

        impl $BitFlags {
            #[deprecated = "use the safe `from_bits_retain` method instead"]
            pub unsafe fn from_bits_unchecked(bits: $T) -> Self {
                Self::from_bits_retain(bits)
            }
        }

        // Secondly, re-export all inner constants
        // (`pub use self::Struct::*` doesn't work)
        $(
            $(#[$inner $($args)*])*
            pub const $Flag: $BitFlags = $BitFlags::$Flag;
        )+
    }
}

pub const CLOCK_REALTIME: usize = 1;
pub const CLOCK_MONOTONIC: usize = 4;

bitflags! {
    pub struct EventFlags: usize {
        const EVENT_NONE = 0;
        const EVENT_READ = 1;
        const EVENT_WRITE = 2;
    }
}

pub const F_DUPFD: usize = 0;
pub const F_GETFD: usize = 1;
pub const F_SETFD: usize = 2;
pub const F_GETFL: usize = 3;
pub const F_SETFL: usize = 4;
pub const F_DUPFD_CLOEXEC: usize = 1030;

pub const FUTEX_WAIT: usize = 0;
pub const FUTEX_WAKE: usize = 1;
pub const FUTEX_REQUEUE: usize = 2;
pub const FUTEX_WAIT64: usize = 3;

// TODO: Split SendFdFlags into caller flags and flags that the scheme receives?
bitflags::bitflags! {
    #[derive(Clone, Copy, Debug)]
    pub struct SendFdFlags: usize {
        /// If set, the kernel will enforce that the file descriptors are exclusively owned.
        ///
        /// That is, there will no longer exist any other reference to those FDs when removed from
        /// the file table (sendfd always removes the FDs from the file table, but without this
        /// flag, it can be retained by SYS_DUPing them first).
        const EXCLUSIVE = 1;

        /// If set, the file descriptors will be cloned and *not* removed from the sender's file table.
        /// By default, `SYS_SENDFD` moves the file descriptors, removing them from the sender.
        const CLONE = 2;
    }
}
bitflags::bitflags! {
    #[derive(Clone, Copy, Debug)]
    pub struct FobtainFdFlags: usize {
        /// If set, the SYS_CALL payload specifies the destination file descriptor slots, otherwise the lowest
        /// available slots will be selected, and placed in the usize pointed to by SYS_CALL
        /// payload.
        const MANUAL_FD = 1;

        /// If set, the file descriptors received are guaranteed to be exclusively owned (by the file
        /// table the obtainer is running in).
        const EXCLUSIVE = 2;

        /// If set, the file descriptors received will be placed into the *upper* file table.
        const UPPER_TBL = 4;

        /// If set, the received file descriptors are marked as close-on-exec.
        const CLOEXEC = 8;

        // No, cloexec won't be stored in the kernel in the future, when the stable ABI is moved to
        // relibc, so no flag for that!
    }
}
bitflags::bitflags! {
    #[derive(Clone, Copy, Debug)]
    pub struct RecvFdFlags: usize {
        /// If set, the SYS_CALL payload specifies the destination file descriptor slots, otherwise the lowest
        /// available slots will be selected, and placed in the usize pointed to by SYS_CALL
        /// payload.
        const MANUAL_FD = 1;

        /// If set, the file descriptors received will be placed into the *upper* file table.
        const UPPER_TBL = 2;

        /// If set, the received file descriptors are marked as close-on-exec.
        const CLOEXEC = 4;
    }
}
bitflags::bitflags! {
    #[derive(Clone, Copy, Debug)]
    pub struct FmoveFdFlags: usize {
        /// If set, the kernel will enforce that the file descriptors are exclusively owned.
        ///
        /// That is, there will no longer exist any other reference to those FDs when removed from
        /// the file table (SYS_CALL always removes the FDs from the file table, but without this
        /// flag, it can be retained by SYS_DUPing them first).
        const EXCLUSIVE = 1;

        /// If set, the file descriptors will be cloned and *not* removed from the sender's file table.
        /// By default, sendfd moves the file descriptors, removing them from the sender.
        const CLONE = 2;
    }
}

bitflags! {
    pub struct MapFlags: usize {
        // TODO: Downgrade PROT_NONE to global constant? (bitflags specifically states zero flags
        // can cause buggy behavior).
        const PROT_NONE = 0x0000_0000;

        const PROT_EXEC = 0x0001_0000;
        const PROT_WRITE = 0x0002_0000;
        const PROT_READ = 0x0004_0000;

        const MAP_SHARED = 0x0001;
        const MAP_PRIVATE = 0x0002;

        const MAP_FIXED = 0x0004;
        const MAP_FIXED_NOREPLACE = 0x000C;

        /// For *userspace-backed mmaps*, return from the mmap call before all pages have been
        /// provided by the scheme. This requires the scheme to be trusted, as the current context
        /// can block indefinitely, if the scheme does not respond to the page fault handler's
        /// request, as it tries to map the page by requesting it from the scheme.
        ///
        /// In some cases however, such as the program loader, the data needs to be trusted as much
        /// with or without MAP_LAZY, and if so, mapping lazily will not cause insecureness by
        /// itself.
        ///
        /// For kernel-backed mmaps, this flag has no effect at all. It is unspecified whether
        /// kernel mmaps are lazy or not.
        const MAP_LAZY = 0x0010;
    }
}
bitflags! {
    pub struct MunmapFlags: usize {
        /// Indicates whether the funmap call must implicitly do an msync, for the changes to
        /// become visible later.
        ///
        /// This flag will currently be set if and only if MAP_SHARED | PROT_WRITE are set.
        const NEEDS_SYNC = 1;
    }
}

pub const MODE_TYPE: u16 = 0xF000;
pub const MODE_DIR: u16 = 0x4000;
pub const MODE_FILE: u16 = 0x8000;
pub const MODE_SYMLINK: u16 = 0xA000;
pub const MODE_FIFO: u16 = 0x1000;
pub const MODE_CHR: u16 = 0x2000;
pub const MODE_SOCK: u16 = 0xC000;

pub const MODE_PERM: u16 = 0x0FFF;
pub const MODE_SETUID: u16 = 0o4000;
pub const MODE_SETGID: u16 = 0o2000;

pub const O_RDONLY: usize = 0x0001_0000;
pub const O_WRONLY: usize = 0x0002_0000;
pub const O_RDWR: usize = 0x0003_0000;
pub const O_NONBLOCK: usize = 0x0004_0000;
pub const O_APPEND: usize = 0x0008_0000;
pub const O_SHLOCK: usize = 0x0010_0000;
pub const O_EXLOCK: usize = 0x0020_0000;
pub const O_ASYNC: usize = 0x0040_0000;
pub const O_FSYNC: usize = 0x0080_0000;
pub const O_CLOEXEC: usize = 0x0100_0000;
pub const O_CREAT: usize = 0x0200_0000;
pub const O_TRUNC: usize = 0x0400_0000;
pub const O_EXCL: usize = 0x0800_0000;
pub const O_DIRECTORY: usize = 0x1000_0000;
pub const O_STAT: usize = 0x2000_0000;
pub const O_SYMLINK: usize = 0x4000_0000;
pub const O_NOFOLLOW: usize = 0x8000_0000;
pub const O_ACCMODE: usize = O_RDONLY | O_WRONLY | O_RDWR;
pub const O_FCNTL_MASK: usize = O_NONBLOCK | O_APPEND | O_ASYNC | O_FSYNC;

/// Remove directory instead of unlinking file.
pub const AT_REMOVEDIR: usize = 0x200;

// The top 48 bits of PTRACE_* are reserved, for now

// NOT ABI STABLE!
#[derive(Clone, Copy, Debug, Default, Eq, PartialEq)]
#[repr(usize)]
pub enum ContextStatus {
    Runnable,
    Blocked,
    NotYetStarted,
    Dead,
    ForceKilled,
    Stopped,
    UnhandledExcp,
    #[default]
    Other, // reserved
}

#[derive(Clone, Copy, Debug, Eq, PartialEq)]
#[repr(usize)]
pub enum ContextVerb {
    Stop = 1,
    Unstop = 2,
    Interrupt = 3,
    ForceKill = usize::MAX,
}
impl ContextVerb {
    pub fn try_from_raw(raw: usize) -> Option<Self> {
        Some(match raw {
            1 => Self::Stop,
            2 => Self::Unstop,
            3 => Self::Interrupt,
            usize::MAX => Self::ForceKill,
            _ => return None,
        })
    }
}

// NOT ABI STABLE!
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
#[repr(u8)]
pub enum ProcSchemeVerb {
    Iopl = 255,
}
impl ProcSchemeVerb {
    pub fn try_from_raw(verb: u8) -> Option<Self> {
        Some(match verb {
            255 => Self::Iopl,
            _ => return None,
        })
    }
}

#[derive(Clone, Copy, Debug, Eq, PartialEq)]
#[repr(usize)]
pub enum SchemeSocketCall {
    ObtainFd = 0,
    MoveFd = 1,
}
impl SchemeSocketCall {
    pub fn try_from_raw(raw: usize) -> Option<Self> {
        Some(match raw {
            0 => Self::ObtainFd,
            1 => Self::MoveFd,
            _ => return None,
        })
    }
}

#[derive(Clone, Copy, Debug, Eq, PartialEq)]
#[repr(usize)]
#[non_exhaustive]
pub enum FsCall {
    Connect = 0,
}
impl FsCall {
    pub fn try_from_raw(raw: usize) -> Option<Self> {
        Some(match raw {
            0 => Self::Connect,
            _ => return None,
        })
    }
}

bitflags! {
    pub struct PtraceFlags: u64 {
        /// Stop before a syscall is handled. Send PTRACE_FLAG_IGNORE to not
        /// handle the syscall.
        const PTRACE_STOP_PRE_SYSCALL = 0x0000_0000_0000_0001;
        /// Stop after a syscall is handled.
        const PTRACE_STOP_POST_SYSCALL = 0x0000_0000_0000_0002;
        /// Stop after exactly one instruction. TODO: This may not handle
        /// fexec/signal boundaries. Should it?
        const PTRACE_STOP_SINGLESTEP = 0x0000_0000_0000_0004;
        /// Stop before a signal is handled. Send PTRACE_FLAG_IGNORE to not
        /// handle signal.
        const PTRACE_STOP_SIGNAL = 0x0000_0000_0000_0008;
        /// Stop on a software breakpoint, such as the int3 instruction for
        /// x86_64.
        const PTRACE_STOP_BREAKPOINT = 0x0000_0000_0000_0010;
        /// Stop just before exiting for good.
        const PTRACE_STOP_EXIT = 0x0000_0000_0000_0020;

        const PTRACE_STOP_MASK = 0x0000_0000_0000_00FF;


        /// Sent when a child is cloned, giving you the opportunity to trace it.
        /// If you don't catch this, the child is started as normal.
        const PTRACE_EVENT_CLONE = 0x0000_0000_0000_0100;

        /// Sent when current-addrspace is changed, allowing the tracer to reopen the memory file.
        const PTRACE_EVENT_ADDRSPACE_SWITCH = 0x0000_0000_0000_0200;

        const PTRACE_EVENT_MASK = 0x0000_0000_0000_0F00;

        /// Special meaning, depending on the event. Usually, when fired before
        /// an action, it will skip performing that action.
        const PTRACE_FLAG_IGNORE = 0x0000_0000_0000_1000;

        const PTRACE_FLAG_MASK = 0x0000_0000_0000_F000;
    }
}
impl Deref for PtraceFlags {
    type Target = [u8];
    fn deref(&self) -> &Self::Target {
        // Same as to_ne_bytes but in-place
        unsafe {
            slice::from_raw_parts(&self.bits() as *const _ as *const u8, mem::size_of::<u64>())
        }
    }
}

pub const SEEK_SET: usize = 0;
pub const SEEK_CUR: usize = 1;
pub const SEEK_END: usize = 2;

pub const SIGCHLD: usize = 17;
pub const SIGTSTP: usize = 20;
pub const SIGTTIN: usize = 21;
pub const SIGTTOU: usize = 22;

pub const ADDRSPACE_OP_MMAP: usize = 0;
pub const ADDRSPACE_OP_MUNMAP: usize = 1;
pub const ADDRSPACE_OP_MPROTECT: usize = 2;
pub const ADDRSPACE_OP_TRANSFER: usize = 3;

bitflags! {
    pub struct MremapFlags: usize {
        const FIXED = 1;
        const FIXED_REPLACE = 3;
        /// Alias's memory region at `old_address` to `new_address` such that both regions share
        /// the same frames.
        const KEEP_OLD = 1 << 2;
        // TODO: MAYMOVE, DONTUNMAP
    }
}
bitflags! {
    pub struct RwFlags: u32 {
        const NONBLOCK = 1;
        const APPEND = 2;
        // TODO: sync/dsync
        // TODO: O_DIRECT?
    }
}
bitflags! {
    pub struct SigcontrolFlags: usize {
        /// Prevents the kernel from jumping the context to the signal trampoline, but otherwise
        /// has absolutely no effect on which signals are blocked etc. Meant to be used for
        /// short-lived critical sections inside libc.
        const INHIBIT_DELIVERY = 1;
    }
}
bitflags! {
    pub struct CallFlags: usize {
        // reserved
        const RSVD0 = 1 << 0;
        const RSVD1 = 1 << 1;
        const RSVD2 = 1 << 2;
        const RSVD3 = 1 << 3;
        const RSVD4 = 1 << 4;
        const RSVD5 = 1 << 5;
        const RSVD6 = 1 << 6;
        const RSVD7 = 1 << 7;

        /// Remove the fd from the caller's file table before sending the message.
        const CONSUME = 1 << 8;

        const WRITE = 1 << 9;
        const READ = 1 << 10;

        /// Indicates the request is a bulk fd passing request.
        const FD = 1 << 11;
        /// Flags for the fd passing request.
        const FD_EXCLUSIVE = 1 << 12;
        const FD_CLONE = 1 << 13;
        const FD_UPPER = 1 << 14;
        const FD_CLOEXEC = 1 << 15;

        /// Call is a standard fs call, with metadata defined in `StdFsCallMeta`
        const STD_FS = 1 << 16;
    }
}

#[repr(u8)]
#[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord)]
pub enum StdFsCallKind {
    // TODO: remove old syscalls
    Fchmod = 1,
    Fchown = 2,
    Getdents = 3,
    Fstat = 4,
    Fstatvfs = 5,
    Fsync = 6,
    Ftruncate = 7,
    Futimens = 8,
    // 9 reserved in fscall RFC
    // Unlinkat = 10,
    Realpathat = 11,
    Lock = 12,
    Unlock = 13,
    GetLock = 14,
}

impl StdFsCallKind {
    pub fn try_from_raw(raw: u8) -> Option<Self> {
        use StdFsCallKind::*;

        // TODO: Use a library where this match can be automated.
        Some(match raw {
            1 => Fchmod,
            2 => Fchown,
            3 => Getdents,
            4 => Fstat,
            5 => Fstatvfs,
            6 => Fsync,
            7 => Ftruncate,
            8 => Futimens,
            // 9 reserved in fscall RFC
            // 10 => Unlinkat,
            11 => Realpathat,
            12 => Lock,
            13 => Unlock,
            14 => GetLock,
            _ => return None,
        })
    }
}

/// The tag for the fd number in the upper file descriptor table.
pub const UPPER_FDTBL_TAG: usize = 1 << (usize::BITS - 2);