implement open_at

tokio-epoll-uring/src/ops/mod.rs

@@ -4,4 +4,5 @@
 pub use crate::system::submission::op_fut::Op;
 
 pub mod nop;
+pub mod open_at;
 pub mod read;

tokio-epoll-uring/src/ops/open_at.rs

@@ -0,0 +1,59 @@
+use crate::system::submission::op_fut::Op;
+use std::ffi::CString;
+use std::os::fd::{FromRawFd, OwnedFd};
+use std::os::unix::prelude::OsStrExt;
+use std::path::Path;
+
+use uring_common::io_uring;
+pub use uring_common::open_options::OpenOptions;
+
+pub struct OpenAtOp {
+    dir_fd: Option<OwnedFd>,
+    _path: CString, // need to keep it alive for the lifetime of the operation
+    sqe: io_uring::squeue::Entry,
+}
+
+impl OpenAtOp {
+    pub(crate) fn new_cwd(path: &Path, options: &OpenOptions) -> std::io::Result<Self> {
+        let path = CString::new(path.as_os_str().as_bytes())?;
+        // SAFETY: we keep `path` alive inside the OpenAtOp, so, the pointer stored in the SQE remains valid.
+        let sqe = unsafe {
+            uring_common::open_options_io_uring_ext::OpenOptionsIoUringExt::as_openat_sqe(
+                options,
+                path.as_ptr(),
+            )
+        }?;
+        Ok(OpenAtOp {
+            dir_fd: None,
+            _path: path,
+            sqe,
+        })
+    }
+}
+
+impl crate::sealed::Sealed for OpenAtOp {}
+
+impl Op for OpenAtOp {
+    type Resources = Option<OwnedFd>;
+    type Success = OwnedFd;
+    type Error = std::io::Error;
+
+    fn make_sqe(&mut self) -> io_uring::squeue::Entry {
+        self.sqe.clone()
+    }
+
+    fn on_failed_submission(self) -> Self::Resources {
+        self.dir_fd
+    }
+
+    fn on_op_completion(self, res: i32) -> (Self::Resources, Result<Self::Success, Self::Error>) {
+        // https://man.archlinux.org/man/io_uring_prep_openat.3.en
+        // and https://man.archlinux.org/man/openat.2.en
+        let res = if res < 0 {
+            Err(std::io::Error::from_raw_os_error(-res))
+        } else {
+            Ok(unsafe { OwnedFd::from_raw_fd(res) })
+        };
+        (self.dir_fd, res)
+    }
+}

tokio-epoll-uring/src/system/lifecycle/handle.rs

@@ -1,11 +1,11 @@
 //! Owned handle to an explicitly [`System::launch`](crate::System::launch)ed system.
 
 use futures::FutureExt;
-use std::{os::fd::OwnedFd, task::ready};
+use std::{os::fd::OwnedFd, path::Path, task::ready};
 use uring_common::buf::IoBufMut;
 
 use crate::{
-    ops::read::ReadOp,
+    ops::{open_at::OpenAtOp, read::ReadOp},
     system::submission::{op_fut::execute_op, SubmitSide},
 };
 
@@ -119,4 +119,26 @@ impl crate::SystemHandle {
         let inner = self.inner.as_ref().unwrap();
         execute_op(op, inner.submit_side.weak(), None)
     }
+    pub fn open<P: AsRef<Path>>(
+        &self,
+        path: P,
+        options: &crate::ops::open_at::OpenOptions,
+    ) -> impl std::future::Future<
+        Output = Result<OwnedFd, crate::system::submission::op_fut::Error<std::io::Error>>,
+    > {
+        let op = match OpenAtOp::new_cwd(path.as_ref(), options) {
+            Ok(op) => op,
+            Err(e) => {
+                return futures::future::Either::Left(async move {
+                    Err(crate::system::submission::op_fut::Error::Op(e))
+                })
+            }
+        };
+        let inner = self.inner.as_ref().unwrap();
+        let weak = inner.submit_side.weak();
+        futures::future::Either::Right(async move {
+            let (_, res) = execute_op(op, weak, None).await;
+            res
+        })
+    }
 }

uring-common/src/lib.rs

@@ -1,3 +1,5 @@
 pub mod buf;
+pub mod open_options;
+pub mod open_options_io_uring_ext;
 
 pub use io_uring;

uring-common/src/open_options.rs

@@ -0,0 +1,199 @@
+// Copyright (c) 2021 Carl Lerche
+//
+// Permission is hereby granted, free of charge, to any
+// person obtaining a copy of this software and associated
+// documentation files (the "Software"), to deal in the
+// Software without restriction, including without
+// limitation the rights to use, copy, modify, merge,
+// publish, distribute, sublicense, and/or sell copies of
+// the Software, and to permit persons to whom the Software
+// is furnished to do so, subject to the following
+// conditions:
+//
+// The above copyright notice and this permission notice
+// shall be included in all copies or substantial portions
+// of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
+// ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+// TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+// SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+// IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+// DEALINGS IN THE SOFTWARE.
+//
+//
+// Based on tokio-uring.git:d5e90539bd6d1c518e848298564a098c300866bc
+
+use std::io;
+use std::os::unix::fs::OpenOptionsExt;
+
+/// Options and flags which can be used to configure how a file is opened.
+#[derive(Debug, Clone)]
+pub struct OpenOptions {
+    read: bool,
+    write: bool,
+    append: bool,
+    truncate: bool,
+    create: bool,
+    create_new: bool,
+    pub(crate) mode: libc::mode_t,
+    pub(crate) custom_flags: libc::c_int,
+}
+
+impl OpenOptions {
+    /// Creates a blank new set of options ready for configuration.
+    ///
+    /// All options are initially set to `false`.
+    pub fn new() -> OpenOptions {
+        OpenOptions {
+            // generic
+            read: false,
+            write: false,
+            append: false,
+            truncate: false,
+            create: false,
+            create_new: false,
+            mode: 0o666,
+            custom_flags: 0,
+        }
+    }
+
+    /// Sets the option for read access.
+    ///
+    /// This option, when true, will indicate that the file should be
+    /// `read`-able if opened.
+    pub fn read(&mut self, read: bool) -> &mut OpenOptions {
+        self.read = read;
+        self
+    }
+
+    /// Sets the option for write access.
+    ///
+    /// This option, when true, will indicate that the file should be
+    /// `write`-able if opened.
+    ///
+    /// If the file already exists, any write calls on it will overwrite its
+    /// contents, without truncating it.
+    pub fn write(&mut self, write: bool) -> &mut OpenOptions {
+        self.write = write;
+        self
+    }
+
+    /// Sets the option for the append mode.
+    ///
+    /// This option, when true, means that writes will append to a file instead
+    /// of overwriting previous contents. Note that setting
+    /// `.write(true).append(true)` has the same effect as setting only
+    /// `.append(true)`.
+    ///
+    /// For most filesystems, the operating system guarantees that all writes
+    /// are atomic: no writes get mangled because another process writes at the
+    /// same time.
+    ///
+    /// ## Note
+    ///
+    /// This function doesn't create the file if it doesn't exist. Use the
+    /// [`OpenOptions::create`] method to do so.
+    pub fn append(&mut self, append: bool) -> &mut OpenOptions {
+        self.append = append;
+        self
+    }
+
+    /// Sets the option for truncating a previous file.
+    ///
+    /// If a file is successfully opened with this option set it will truncate
+    /// the file to 0 length if it already exists.
+    ///
+    /// The file must be opened with write access for truncate to work.
+    pub fn truncate(&mut self, truncate: bool) -> &mut OpenOptions {
+        self.truncate = truncate;
+        self
+    }
+
+    /// Sets the option to create a new file, or open it if it already exists.
+    ///
+    /// In order for the file to be created, [`OpenOptions::write`] or
+    /// [`OpenOptions::append`] access must be used.
+    pub fn create(&mut self, create: bool) -> &mut OpenOptions {
+        self.create = create;
+        self
+    }
+
+    /// Sets the option to create a new file, failing if it already exists.
+    ///
+    /// No file is allowed to exist at the target location, also no (dangling) symlink. In this
+    /// way, if the call succeeds, the file returned is guaranteed to be new.
+    ///
+    /// This option is useful because it is atomic. Otherwise between checking
+    /// whether a file exists and creating a new one, the file may have been
+    /// created by another process (a TOCTOU race condition / attack).
+    ///
+    /// If `.create_new(true)` is set, [`.create()`] and [`.truncate()`] are
+    /// ignored.
+    ///
+    /// The file must be opened with write or append access in order to create
+    /// a new file.
+    ///
+    /// [`.create()`]: OpenOptions::create
+    /// [`.truncate()`]: OpenOptions::truncate
+    pub fn create_new(&mut self, create_new: bool) -> &mut OpenOptions {
+        self.create_new = create_new;
+        self
+    }
+
+    pub fn access_mode(&self) -> io::Result<libc::c_int> {
+        match (self.read, self.write, self.append) {
+            (true, false, false) => Ok(libc::O_RDONLY),
+            (false, true, false) => Ok(libc::O_WRONLY),
+            (true, true, false) => Ok(libc::O_RDWR),
+            (false, _, true) => Ok(libc::O_WRONLY | libc::O_APPEND),
+            (true, _, true) => Ok(libc::O_RDWR | libc::O_APPEND),
+            (false, false, false) => Err(io::Error::from_raw_os_error(libc::EINVAL)),
+        }
+    }
+
+    pub fn creation_mode(&self) -> io::Result<libc::c_int> {
+        match (self.write, self.append) {
+            (true, false) => {}
+            (false, false) => {
+                if self.truncate || self.create || self.create_new {
+                    return Err(io::Error::from_raw_os_error(libc::EINVAL));
+                }
+            }
+            (_, true) => {
+                if self.truncate && !self.create_new {
+                    return Err(io::Error::from_raw_os_error(libc::EINVAL));
+                }
+            }
+        }
+
+        Ok(match (self.create, self.truncate, self.create_new) {
+            (false, false, false) => 0,
+            (true, false, false) => libc::O_CREAT,
+            (false, true, false) => libc::O_TRUNC,
+            (true, true, false) => libc::O_CREAT | libc::O_TRUNC,
+            (_, _, true) => libc::O_CREAT | libc::O_EXCL,
+        })
+    }
+}
+
+impl Default for OpenOptions {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
+impl OpenOptionsExt for OpenOptions {
+    fn mode(&mut self, mode: u32) -> &mut OpenOptions {
+        self.mode = mode;
+        self
+    }
+
+    fn custom_flags(&mut self, flags: i32) -> &mut OpenOptions {
+        self.custom_flags = flags;
+        self
+    }
+}

uring-common/src/open_options_io_uring_ext.rs

@@ -0,0 +1,42 @@
+// It's an ext trait to avoid changes in `open_options.rs`.
+//
+// See also: https://github.com/neondatabase/tokio-epoll-uring/pull/25
+
+use std::io;
+
+use crate::open_options::OpenOptions;
+
+/// Extension trait to allow re-use of [`OpenOptions`] in other crates that
+/// build on top of [`io_uring`].
+pub trait OpenOptionsIoUringExt {
+    /// Turn `self` into an [`::io_uring::opcode::OpenAt`] SQE for the given `path`.
+    ///
+    /// # Safety
+    ///
+    /// The returned SQE stores the provided `path` pointer.
+    /// The caller must ensure that it remains valid until either the returned
+    /// SQE is dropped without being submitted, or if the SQE is submitted until
+    /// the corresponding completion is observed.
+    unsafe fn as_openat_sqe(
+        &self,
+        path: *const libc::c_char,
+    ) -> io::Result<io_uring::squeue::Entry>;
+}
+
+impl OpenOptionsIoUringExt for OpenOptions {
+    unsafe fn as_openat_sqe(
+        &self,
+        path: *const libc::c_char,
+    ) -> io::Result<io_uring::squeue::Entry> {
+        use io_uring::{opcode, types};
+        let flags = libc::O_CLOEXEC
+            | self.access_mode()?
+            | self.creation_mode()?
+            | (self.custom_flags & !libc::O_ACCMODE);
+
+        Ok(opcode::OpenAt::new(types::Fd(libc::AT_FDCWD), path)
+            .flags(flags)
+            .mode(self.mode)
+            .build())
+    }
+}