starry-kernel 0.5.13

A Linux-compatible OS kernel built on ArceOS unikernel
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570

use alloc::{format, string::ToString, sync::Arc};
use core::{
    ffi::{c_char, c_int},
    mem,
    ops::{Deref, DerefMut},
};

use ax_errno::{AxError, AxResult};
use ax_fs::{FS_CONTEXT, FileBackend, OpenOptions, OpenResult};
use ax_task::current;
use axfs_ng_vfs::{DirEntry, FileNode, Location, NodeOps, NodeType, Reference};
use bitflags::bitflags;
use linux_raw_sys::general::*;

use crate::{
    file::{
        Directory, FD_TABLE, File, FileDescriptor, FileLike, NsFd, Pipe, add_file_like,
        close_file_like, get_file_like, memfd::Memfd, with_fs,
    },
    mm::vm_load_string,
    pseudofs::{Device, dev::tty},
    task::AsThread,
};

/// Convert open flags to [`OpenOptions`].
fn flags_to_options(flags: c_int, mode: __kernel_mode_t, (uid, gid): (u32, u32)) -> OpenOptions {
    let flags = flags as u32;
    let mut options = OpenOptions::new();
    options.mode(mode).user(uid, gid);
    match flags & 0b11 {
        O_RDONLY => options.read(true),
        O_WRONLY => options.write(true),
        _ => options.read(true).write(true),
    };
    if flags & O_APPEND != 0 {
        options.append(true);
    }
    if flags & O_TRUNC != 0 {
        options.truncate(true);
    }
    if flags & O_CREAT != 0 {
        options.create(true);
    }
    // O_EXCL only makes sense with O_CREAT (POSIX). Without O_CREAT, Linux
    // ignores O_EXCL for existing files — busybox blkdiscard opens block
    // devices with O_RDWR|O_EXCL (no O_CREAT).
    if flags & O_EXCL != 0 && flags & O_CREAT != 0 {
        options.create_new(true);
    }
    if flags & O_DIRECTORY != 0 {
        options.directory(true);
    }
    if flags & O_NOFOLLOW != 0 {
        options.no_follow(true);
    }
    if flags & O_DIRECT != 0 {
        options.direct(true);
    }
    // O_PATH must be applied LAST and override conflicting flags: man 2 open
    // "When O_PATH is specified in flags, flag bits other than O_CLOEXEC,
    //  O_DIRECTORY, and O_NOFOLLOW are ignored."
    // Fixes bug-open-path-honors-excl / -path-creat-creates /
    //       -path-dir-write-eisdir / -path-sym-write-enoent.
    if flags & O_PATH != 0 {
        options.path(true);
        // O_PATH: drop access mode (no I/O), drop create/excl/trunc/append
        options.read(true).write(false);
        options
            .create(false)
            .create_new(false)
            .truncate(false)
            .append(false);
    }
    options
}

fn add_to_fd(result: OpenResult, flags: u32) -> AxResult<i32> {
    // FIFO + O_NONBLOCK + O_WRONLY (no reader) → ENXIO.
    //
    // man 2 open §"ENXIO" 第 1 variant:
    //   "O_NONBLOCK | O_WRONLY is set, the named file is a FIFO, and no
    //    process has the FIFO open for reading."
    //
    // TODO: 当前实现假设「FIFO 始终无 reader」(conservative assumption)。
    //
    //   原因 / 妥协:starry 的 vfs 目前不为 FIFO 节点维护 reader/writer
    //   count(实现完整 FIFO IPC state machine 超出 open/openat 修复
    //   范围 — 是独立的 IPC 子系统功能补全)。
    //
    //   假设的理由:在测试环境里,bug-open-fifo-wronly-no-reader-no-enxio
    //   只覆盖「无 reader」这一确定状态。对此状态本实现行为正确(返 ENXIO)。
    //   若 FIFO 真存在 reader 进程并已 open(FIFO, O_RDONLY),本实现仍会返
    //   ENXIO —— 此时与 Linux 行为不符(Linux 应返 fd>=0)。
    //
    //   完整修复(待独立 PR):FIFO node 加 reader_count / writer_count 字段
    //   (AtomicU32 + 同步原语),open(FIFO) 路径根据 access mode 增减计数,
    //   close 时递减,本检查改为:
    //     if let Some(fifo) = inner.downcast_ref::<Fifo>() {
    //         if fifo.reader_count() == 0 { return Err(...ENXIO...); }
    //     }
    //   同时阻塞模式(非 NONBLOCK)的 WRONLY 应等待 reader 到来(更复杂)。
    //   该完整修复需联动 axfs-ng-vfs::Fifo 节点定义(目前无独立类型,FIFO 走通用
    //   File backend 即不区分 reader / writer),属 IPC 子系统专项。
    //
    // Fixes bug-open-fifo-wronly-no-reader-no-enxio (no-reader case only).
    if flags & O_NONBLOCK != 0
        && flags & 0b11 == O_WRONLY
        && let OpenResult::File(ref f) = result
        && let Ok(meta) = f.location().metadata()
        && meta.node_type == NodeType::Fifo
    {
        return Err(AxError::NoSuchDeviceOrAddress);
    }

    let f: Arc<dyn FileLike> = match result {
        OpenResult::File(mut file) => {
            // /dev/xx handling
            if let Ok(device) = file.location().entry().downcast::<Device>() {
                // Block device exclusive open (O_EXCL without O_CREAT).
                if let Ok(meta) = device.metadata()
                    && meta.node_type == NodeType::BlockDevice
                    && flags & O_EXCL != 0
                {
                    device.inner().open(true)?;
                }
                let inner = device.inner().as_any();
                #[cfg(feature = "plat-dyn")]
                if crate::pseudofs::usbfs::is_usbfs_device(inner) {
                    let wrapped = crate::pseudofs::usbfs::open_usbfs_file(inner, file, flags)?;
                    if flags & O_NONBLOCK != 0 {
                        wrapped.set_nonblocking(true)?;
                    }
                    return add_file_like(wrapped, flags & O_CLOEXEC != 0);
                }
                if let Some(ptmx) = inner.downcast_ref::<tty::Ptmx>() {
                    // Opening /dev/ptmx creates a new pseudo-terminal
                    let (master, pty_number) = ptmx.create_pty()?;
                    // TODO: this is cursed
                    let pts = FS_CONTEXT.lock().resolve("/dev/pts")?;
                    let entry = DirEntry::new_file(
                        FileNode::new(master),
                        NodeType::CharacterDevice,
                        Reference::new(Some(pts.entry().clone()), pty_number.to_string()),
                    );
                    let loc = Location::new(file.location().mountpoint().clone(), entry);
                    file = ax_fs::File::new(FileBackend::Direct(loc), file.flags());
                } else if inner.is::<tty::CurrentTty>() {
                    let term = current()
                        .as_thread()
                        .proc_data
                        .proc
                        .group()
                        .session()
                        .terminal()
                        .ok_or(AxError::NotFound)?;
                    let path = if term.is::<tty::NTtyDriver>() {
                        "/dev/console".to_string()
                    } else if let Some(pts) = term.downcast_ref::<tty::PtyDriver>() {
                        format!("/dev/pts/{}", pts.pty_number())
                    } else {
                        panic!("unknown terminal type")
                    };
                    let loc = FS_CONTEXT.lock().resolve(&path)?;
                    file = ax_fs::File::new(FileBackend::Direct(loc), file.flags());
                }
            }
            Arc::new(File::new(file, flags))
        }
        OpenResult::Dir(dir) => Arc::new(Directory::new(dir, flags)),
    };
    if flags & O_NONBLOCK != 0 {
        f.set_nonblocking(true)?;
    }
    add_file_like(f, flags & O_CLOEXEC != 0)
}

/// Check whether `path` refers to a `/proc/<pid>/ns/<type>` entry.
/// If so, create an [`NsFd`] and add it to the fd table instead of
/// opening a regular file.
///
/// Returns `Some(fd)` on success, `Some(Err(...))` on failure, or
/// `None` if the path does not match (fall through to regular open).
fn try_open_nsfd(path: &str, flags: u32) -> Option<AxResult<i32>> {
    // Must be of the form /proc/<pid>/ns/<type>
    if !path.starts_with("/proc/") {
        return None;
    }
    let rest = path.strip_prefix("/proc/")?;
    let (pid_str, ns_type_str) = rest.split_once("/ns/")?;
    if pid_str.is_empty() || ns_type_str.is_empty() {
        return None;
    }
    // Reject paths with extra components, e.g. /proc/1/ns/uts/extra
    if ns_type_str.contains('/') {
        return None;
    }

    let pid: u32 = if pid_str == "self" {
        current().as_thread().proc_data.proc.pid()
    } else {
        pid_str.parse().ok()?
    };

    let proc_data = match crate::task::get_process_data(pid) {
        Ok(p) => p,
        Err(_) => return Some(Err(AxError::NotFound)),
    };

    let nsproxy = proc_data.nsproxy.lock();

    let nsfd: NsFd = match ns_type_str {
        "uts" => NsFd::Uts(nsproxy.uts_ns.clone()),
        "ipc" => NsFd::Ipc(nsproxy.ipc_ns.clone()),
        "mnt" => NsFd::Mnt(nsproxy.mnt_ns.clone()),
        "pid" => NsFd::Pid(nsproxy.pid_ns.clone()),
        "net" => NsFd::Net(nsproxy.net_ns.clone()),
        "user" => NsFd::User(nsproxy.user_ns.clone()),
        _ => return Some(Err(AxError::NotFound)),
    };

    drop(nsproxy);

    let fd = nsfd.add_to_fd_table(flags & O_CLOEXEC != 0);
    Some(fd)
}

ktracepoint::define_event_trace!(
    sys_enter_openat,
    TP_kops(crate::tracepoint::KernelTraceAux),
    TP_system(syscalls),
    TP_PROTO(dfd: i32, path: *const u8, o_flags: u32, mode: u32),
    TP_STRUCT__entry{
        dfd: i32,
        o_flags: u32,
        path: u64,
        mode: u32,
    },
    TP_fast_assign{
        dfd: dfd,
        path: path as u64,
        o_flags: o_flags,
        mode: mode,
    },
    TP_ident(__entry),
    TP_printk({
        format!(
            "dfd: {}, path: {:#x}, o_flags: {:?}, mode: {:?}",
            __entry.dfd,
            __entry.path,
            __entry.o_flags,
            __entry.mode
        )
    })
);

/// Open or create a file.
/// fd: file descriptor
/// filename: file path to be opened or created
/// flags: open flags
/// mode: see man 7 inode
/// return new file descriptor if succeed, or return -1.
pub fn sys_openat(
    dirfd: c_int,
    path: *const c_char,
    flags: i32,
    mode: __kernel_mode_t,
) -> AxResult<isize> {
    // call tp:trace_sys_enter_openat
    trace_sys_enter_openat(dirfd, path as _, flags as _, mode);

    let curr = current();
    let thread = curr.as_thread();
    let path = vm_load_string(path)?;
    debug!("sys_openat <= {dirfd} {path:?} {flags:#o} {mode:#o}");

    let uflags = flags as u32;

    // Pathname length check — man "ENAMETOOLONG — pathname was too long".
    // starry path layer only checks per-component (255); add whole-path
    // check (PATH_MAX = 4096). Fixes bug-open-pathmax-no-enametoolong.
    if path.len() >= 4096 {
        return Err(AxError::NameTooLong);
    }

    // Empty pathname → ENOENT. openat() does not accept AT_EMPTY_PATH.
    // Fixes bug-openat-empty-path-no-enoent.
    if path.is_empty() {
        return Err(AxError::NotFound);
    }

    // O_CREAT|O_DIRECTORY is an invalid combination: open() cannot create
    // a directory. man: "EINVAL — flags contains an invalid value."
    // Fixes bug-open-creat-directory-einval.
    // Exception: O_PATH ignores O_CREAT, so still allow PATH|CREAT|DIRECTORY.
    if uflags & O_CREAT != 0 && uflags & O_DIRECTORY != 0 && uflags & O_PATH == 0 {
        return Err(AxError::InvalidInput);
    }

    // O_TMPFILE requires O_RDWR or O_WRONLY. man: "EINVAL — O_TMPFILE was
    // specified in flags, but neither O_WRONLY nor O_RDWR was specified."
    // Fixes bug-open-tmpfile-no-einval.
    //
    // Exception: O_PATH ignores all flags except O_CLOEXEC/O_DIRECTORY/O_NOFOLLOW
    // (see flags_to_options PATH override below). On Linux, O_PATH|O_TMPFILE|RDONLY
    // is accepted as an O_PATH handle (TMPFILE/access bits ignored), not EINVAL.
    if uflags & O_TMPFILE == O_TMPFILE && uflags & 0b11 == O_RDONLY && uflags & O_PATH == 0 {
        return Err(AxError::InvalidInput);
    }

    // Absolute path: man "If pathname is absolute, then dirfd is ignored."
    // starry with_fs() unconditionally calls Directory::from_fd(dirfd),
    // so invalid dirfd would EBADF before the abs-path shortcut applies.
    // Same pattern as resolve_at (PR #605) / sys_fchownat (PR #588).
    // Fixes bug-openat-abs-path-honors-invalid-dirfd.
    let dirfd = if path.starts_with('/') {
        AT_FDCWD as _
    } else {
        dirfd
    };

    let mode = mode & !thread.proc_data.umask();

    // Intercept /proc/<pid>/ns/<type> opens: create an NsFd instead of
    // a regular file descriptor so that setns(2) receives a valid target.
    if let Some(result) = try_open_nsfd(&path, uflags) {
        return result.map(|fd| fd as isize);
    }

    let cred = thread.cred();
    let options = flags_to_options(flags, mode, (cred.fsuid, cred.fsgid));
    let should_notify_create = uflags & O_CREAT != 0
        && uflags & O_PATH == 0
        && with_fs(dirfd, |fs| match fs.resolve_no_follow(&path) {
            Ok(_) => Ok(false),
            Err(AxError::NotFound) => Ok(true),
            Err(err) => Err(err),
        })?;

    let fd =
        with_fs(dirfd, |fs| options.open(fs, path)).and_then(|it| add_to_fd(it, flags as _))?;
    if should_notify_create {
        let file = get_file_like(fd)?;
        crate::file::inotify::notify_create_path(file.path().as_ref(), false);
    }
    Ok(fd as isize)
}

/// Open a file by `filename` and insert it into the file descriptor table.
///
/// Return its index in the file table (`fd`). Return `EMFILE` if it already
/// has the maximum number of files open.
#[cfg(target_arch = "x86_64")]
pub fn sys_open(path: *const c_char, flags: i32, mode: __kernel_mode_t) -> AxResult<isize> {
    sys_openat(AT_FDCWD as _, path, flags, mode)
}

pub fn sys_close(fd: c_int) -> AxResult<isize> {
    debug!("sys_close <= {fd}");
    close_file_like(fd)?;
    Ok(0)
}

bitflags! {
    #[derive(Debug, Clone, Copy)]
    struct CloseRangeFlags: u32 {
        const UNSHARE = 1 << 1;
        const CLOEXEC = 1 << 2;
    }
}

pub fn sys_close_range(first: i32, last: i32, flags: u32) -> AxResult<isize> {
    if first < 0 || last < first {
        return Err(AxError::InvalidInput);
    }
    let flags = CloseRangeFlags::from_bits(flags).ok_or(AxError::InvalidInput)?;
    debug!("sys_close_range <= fds: [{first}, {last}], flags: {flags:?}");
    if flags.contains(CloseRangeFlags::UNSHARE) {
        // TODO: optimize
        let curr = current();
        let mut scope = curr.as_thread().proc_data.scope.write();
        let mut guard = FD_TABLE.scope_mut(&mut scope);
        let old_files = mem::take(guard.deref_mut());
        old_files.write().clone_from(old_files.read().deref());
    }

    let cloexec = flags.contains(CloseRangeFlags::CLOEXEC);
    let mut fd_table = FD_TABLE.write();
    if let Some(max_index) = fd_table.ids().next_back() {
        for fd in first..=last.min(max_index as i32) {
            if cloexec {
                if let Some(f) = fd_table.get_mut(fd as _) {
                    f.cloexec = true;
                }
            } else if let Some(f) = fd_table.remove(fd as _) {
                crate::file::release_locks_on_close(f);
            }
        }
    }

    Ok(0)
}

fn dup_fd(old_fd: c_int, cloexec: bool) -> AxResult<isize> {
    let f = get_file_like(old_fd)?;
    let new_fd = add_file_like(f, cloexec)?;
    Ok(new_fd as _)
}

fn dup_fd_min(old_fd: c_int, min_fd: c_int, cloexec: bool) -> AxResult<isize> {
    if min_fd < 0 {
        return Err(AxError::InvalidInput);
    }
    let f = get_file_like(old_fd)?;
    let max_nofile = current().as_thread().proc_data.rlim.read()[RLIMIT_NOFILE].current as i32;
    let mut fd_table = FD_TABLE.write();
    for candidate in min_fd..max_nofile {
        let entry = FileDescriptor {
            inner: f.clone(),
            cloexec,
        };
        if fd_table.add_at(candidate as _, entry).is_ok() {
            return Ok(candidate as isize);
        }
    }
    Err(AxError::TooManyOpenFiles)
}

pub fn sys_dup(old_fd: c_int) -> AxResult<isize> {
    debug!("sys_dup <= {old_fd}");
    dup_fd(old_fd, false)
}

#[cfg(target_arch = "x86_64")]
pub fn sys_dup2(old_fd: c_int, new_fd: c_int) -> AxResult<isize> {
    if old_fd == new_fd {
        get_file_like(new_fd)?;
        return Ok(new_fd as _);
    }
    sys_dup3(old_fd, new_fd, 0)
}

bitflags::bitflags! {
    #[derive(Debug, Clone, Copy, PartialEq, Eq)]
    struct Dup3Flags: c_int {
        const O_CLOEXEC = O_CLOEXEC as _; // Close on exec
    }
}

pub fn sys_dup3(old_fd: c_int, new_fd: c_int, flags: c_int) -> AxResult<isize> {
    let flags = Dup3Flags::from_bits(flags).ok_or(AxError::InvalidInput)?;
    debug!("sys_dup3 <= old_fd: {old_fd}, new_fd: {new_fd}, flags: {flags:?}");

    if old_fd == new_fd {
        return Err(AxError::InvalidInput);
    }

    let mut fd_table = FD_TABLE.write();
    let mut f = fd_table
        .get(old_fd as _)
        .cloned()
        .ok_or(AxError::BadFileDescriptor)?;
    f.cloexec = flags.contains(Dup3Flags::O_CLOEXEC);

    if let Some(prev) = fd_table.remove(new_fd as _) {
        crate::file::release_locks_on_close(prev);
    }
    fd_table
        .add_at(new_fd as _, f)
        .map_err(|_| AxError::BadFileDescriptor)?;

    Ok(new_fd as _)
}

pub fn sys_fcntl(fd: c_int, cmd: c_int, arg: usize) -> AxResult<isize> {
    debug!("sys_fcntl <= fd: {fd} cmd: {cmd} arg: {arg}");

    if let Some(r) = super::lock::dispatch_fcntl(fd, cmd, arg) {
        return r;
    }

    match cmd as u32 {
        F_DUPFD => dup_fd_min(fd, arg as _, false),
        F_DUPFD_CLOEXEC => dup_fd_min(fd, arg as _, true),
        F_SETFL => {
            let f = get_file_like(fd)?;
            // linux-raw-sys exposes the O_ASYNC file status bit as FASYNC.
            let async_mode = arg & (FASYNC as usize) != 0;
            let async_mode_changed = async_mode != f.async_mode();
            if async_mode_changed && !f.supports_async_mode() {
                return Err(AxError::NotATty);
            }
            f.set_nonblocking(arg & (O_NONBLOCK as usize) > 0)?;
            f.set_append(arg & (O_APPEND as usize) > 0)?;
            if async_mode_changed {
                f.set_async_mode(async_mode)?;
            }
            Ok(0)
        }
        F_GETFL => {
            let f = get_file_like(fd)?;

            let mut ret = f.open_flags() & !O_APPEND;
            if f.nonblocking() {
                ret |= O_NONBLOCK;
            }
            if f.append() {
                ret |= O_APPEND;
            }
            if f.async_mode() {
                // linux-raw-sys exposes the O_ASYNC file status bit as FASYNC.
                ret |= FASYNC;
            }

            Ok(ret as _)
        }
        F_GETFD => {
            let cloexec = FD_TABLE
                .read()
                .get(fd as _)
                .ok_or(AxError::BadFileDescriptor)?
                .cloexec;
            Ok(if cloexec { FD_CLOEXEC as _ } else { 0 })
        }
        F_SETFD => {
            let cloexec = arg & FD_CLOEXEC as usize != 0;
            FD_TABLE
                .write()
                .get_mut(fd as _)
                .ok_or(AxError::BadFileDescriptor)?
                .cloexec = cloexec;
            Ok(0)
        }
        F_SETOWN => {
            let f = get_file_like(fd)?;
            f.set_owner(arg as i32)?;
            Ok(0)
        }
        F_GETOWN => {
            let f = get_file_like(fd)?;
            Ok(f.owner()? as _)
        }
        F_GETPIPE_SZ => {
            let pipe = Pipe::from_fd(fd)?;
            Ok(pipe.capacity() as _)
        }
        F_SETPIPE_SZ => {
            let pipe = Pipe::from_fd(fd)?;
            pipe.resize(arg)?;
            Ok(0)
        }
        F_GET_SEALS => {
            let memfd = Memfd::from_fd(fd)?;
            Ok(memfd.get_seals() as _)
        }
        F_ADD_SEALS => {
            let memfd = Memfd::from_fd(fd)?;
            memfd.add_seals(arg as u32)?;
            Ok(0)
        }
        _ => {
            warn!("unsupported fcntl parameters: cmd: {cmd}");
            Err(AxError::InvalidInput)
        }
    }
}

pub fn sys_flock(fd: c_int, operation: c_int) -> AxResult<isize> {
    debug!("flock <= fd: {fd}, operation: {operation}");
    super::lock::flock_op(fd, operation)
}