mirror of
https://github.com/cloud-hypervisor/cloud-hypervisor.git
synced 2024-10-02 11:35:46 +00:00
device_manager: provide a few safety comments
Signed-off-by: Wei Liu <liuwe@microsoft.com>
This commit is contained in:
parent
ad8ed80eb1
commit
84630aa0b5
@ -492,6 +492,7 @@ pub fn create_pty(non_blocking: bool) -> io::Result<(File, File, PathBuf)> {
|
|||||||
.open("/dev/ptmx")?,
|
.open("/dev/ptmx")?,
|
||||||
};
|
};
|
||||||
let mut unlock: libc::c_ulong = 0;
|
let mut unlock: libc::c_ulong = 0;
|
||||||
|
// SAFETY: FFI call into libc, trivially safe
|
||||||
unsafe {
|
unsafe {
|
||||||
libc::ioctl(
|
libc::ioctl(
|
||||||
main.as_raw_fd(),
|
main.as_raw_fd(),
|
||||||
@ -500,6 +501,7 @@ pub fn create_pty(non_blocking: bool) -> io::Result<(File, File, PathBuf)> {
|
|||||||
)
|
)
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// SAFETY: FFI call into libc, trivally safe
|
||||||
let sub_fd = unsafe {
|
let sub_fd = unsafe {
|
||||||
libc::ioctl(
|
libc::ioctl(
|
||||||
main.as_raw_fd(),
|
main.as_raw_fd(),
|
||||||
@ -514,6 +516,7 @@ pub fn create_pty(non_blocking: bool) -> io::Result<(File, File, PathBuf)> {
|
|||||||
let proc_path = PathBuf::from(format!("/proc/self/fd/{}", sub_fd));
|
let proc_path = PathBuf::from(format!("/proc/self/fd/{}", sub_fd));
|
||||||
let path = read_link(proc_path)?;
|
let path = read_link(proc_path)?;
|
||||||
|
|
||||||
|
// SAFETY: sub_fd is checked to be valid before being wrapped in File
|
||||||
Ok((main, unsafe { File::from_raw_fd(sub_fd) }, path))
|
Ok((main, unsafe { File::from_raw_fd(sub_fd) }, path))
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1674,20 +1677,21 @@ impl DeviceManager {
|
|||||||
fd: RawFd,
|
fd: RawFd,
|
||||||
f: F,
|
f: F,
|
||||||
) -> vmm_sys_util::errno::Result<()> {
|
) -> vmm_sys_util::errno::Result<()> {
|
||||||
// Safe because we check the return value of isatty.
|
// SAFETY: safe because we check the return value of isatty.
|
||||||
if unsafe { isatty(fd) } != 1 {
|
if unsafe { isatty(fd) } != 1 {
|
||||||
return Ok(());
|
return Ok(());
|
||||||
}
|
}
|
||||||
|
|
||||||
// The following pair are safe because termios gets totally overwritten by tcgetattr and we
|
// SAFETY: The following pair are safe because termios gets totally overwritten by tcgetattr
|
||||||
// check the return result.
|
// and we check the return result.
|
||||||
let mut termios: termios = unsafe { zeroed() };
|
let mut termios: termios = unsafe { zeroed() };
|
||||||
let ret = unsafe { tcgetattr(fd, &mut termios as *mut _) };
|
let ret = unsafe { tcgetattr(fd, &mut termios as *mut _) };
|
||||||
if ret < 0 {
|
if ret < 0 {
|
||||||
return vmm_sys_util::errno::errno_result();
|
return vmm_sys_util::errno::errno_result();
|
||||||
}
|
}
|
||||||
f(&mut termios);
|
f(&mut termios);
|
||||||
// Safe because the syscall will only read the extent of termios and we check the return result.
|
// SAFETY: Safe because the syscall will only read the extent of termios and we check
|
||||||
|
// the return result.
|
||||||
let ret = unsafe { tcsetattr(fd, TCSANOW, &termios as *const _) };
|
let ret = unsafe { tcsetattr(fd, TCSANOW, &termios as *const _) };
|
||||||
if ret < 0 {
|
if ret < 0 {
|
||||||
return vmm_sys_util::errno::errno_result();
|
return vmm_sys_util::errno::errno_result();
|
||||||
@ -1697,6 +1701,7 @@ impl DeviceManager {
|
|||||||
}
|
}
|
||||||
|
|
||||||
fn set_raw_mode(&self, f: &mut File) -> vmm_sys_util::errno::Result<()> {
|
fn set_raw_mode(&self, f: &mut File) -> vmm_sys_util::errno::Result<()> {
|
||||||
|
// SAFETY: FFI call. Variable t is guaranteed to be a valid termios from modify_mode.
|
||||||
self.modify_mode(f.as_raw_fd(), |t| unsafe { cfmakeraw(t) })
|
self.modify_mode(f.as_raw_fd(), |t| unsafe { cfmakeraw(t) })
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1746,6 +1751,7 @@ impl DeviceManager {
|
|||||||
}
|
}
|
||||||
ConsoleOutputMode::Tty => {
|
ConsoleOutputMode::Tty => {
|
||||||
// If an interactive TTY then we can accept input
|
// If an interactive TTY then we can accept input
|
||||||
|
// SAFETY: FFI call. Trivially safe.
|
||||||
if unsafe { libc::isatty(libc::STDIN_FILENO) == 1 } {
|
if unsafe { libc::isatty(libc::STDIN_FILENO) == 1 } {
|
||||||
Endpoint::FilePair(
|
Endpoint::FilePair(
|
||||||
// Duplicating the file descriptors like this is needed as otherwise
|
// Duplicating the file descriptors like this is needed as otherwise
|
||||||
|
Loading…
Reference in New Issue
Block a user