1 use crate::os::unix::prelude::*;
3 use crate::ffi::{CStr, CString, OsStr, OsString};
5 use crate::io::{self, Error, IoSlice, IoSliceMut, ReadBuf, SeekFrom};
7 use crate::os::unix::io::{AsFd, AsRawFd, BorrowedFd, FromRawFd, IntoRawFd};
8 use crate::path::{Path, PathBuf};
11 use crate::sys::fd::FileDesc;
12 use crate::sys::time::SystemTime;
13 use crate::sys::{cvt, cvt_r};
14 use crate::sys_common::{AsInner, AsInnerMut, FromInner, IntoInner};
17 all(target_os = "linux", target_env = "gnu"),
20 target_os = "watchos",
22 use crate::sys::weak::syscall;
23 #[cfg(any(target_os = "android", target_os = "macos"))]
24 use crate::sys::weak::weak;
26 use libc::{c_int, mode_t};
31 target_os = "watchos",
32 all(target_os = "linux", target_env = "gnu")
35 #[cfg(any(target_os = "linux", target_os = "emscripten", target_os = "android"))]
37 #[cfg(any(target_os = "linux", target_os = "emscripten"))]
40 target_os = "android",
41 target_os = "solaris",
42 target_os = "fuchsia",
46 use libc::readdir as readdir64;
47 #[cfg(target_os = "linux")]
49 #[cfg(any(target_os = "emscripten", target_os = "l4re"))]
50 use libc::readdir64_r;
52 target_os = "android",
54 target_os = "emscripten",
55 target_os = "solaris",
56 target_os = "illumos",
58 target_os = "fuchsia",
61 use libc::readdir_r as readdir64_r;
62 #[cfg(target_os = "android")]
64 dirent as dirent64, fstat as fstat64, fstatat as fstatat64, ftruncate64, lseek64,
65 lstat as lstat64, off64_t, open as open64, stat as stat64,
69 target_os = "emscripten",
74 dirent as dirent64, fstat as fstat64, ftruncate as ftruncate64, lseek as lseek64,
75 lstat as lstat64, off_t as off64_t, open as open64, stat as stat64,
77 #[cfg(any(target_os = "linux", target_os = "emscripten", target_os = "l4re"))]
78 use libc::{dirent64, fstat64, ftruncate64, lseek64, lstat64, off64_t, open64, stat64};
80 pub use crate::sys_common::fs::try_exists;
82 pub struct File(FileDesc);
84 // FIXME: This should be available on Linux with all `target_env`.
85 // But currently only glibc exposes `statx` fn and structs.
86 // We don't want to import unverified raw C structs here directly.
87 // https://github.com/rust-lang/rust/pull/67774
88 macro_rules! cfg_has_statx {
89 ({ $($then_tt:tt)* } else { $($else_tt:tt)* }) => {
91 if #[cfg(all(target_os = "linux", target_env = "gnu"))] {
98 ($($block_inner:tt)*) => {
99 #[cfg(all(target_os = "linux", target_env = "gnu"))]
108 pub struct FileAttr {
110 statx_extra_fields: Option<StatxExtraFields>,
114 struct StatxExtraFields {
115 // This is needed to check if btime is supported by the filesystem.
117 stx_btime: libc::statx_timestamp,
118 // With statx, we can overcome 32-bit `time_t` too.
119 #[cfg(target_pointer_width = "32")]
120 stx_atime: libc::statx_timestamp,
121 #[cfg(target_pointer_width = "32")]
122 stx_ctime: libc::statx_timestamp,
123 #[cfg(target_pointer_width = "32")]
124 stx_mtime: libc::statx_timestamp,
128 // We prefer `statx` on Linux if available, which contains file creation time,
129 // as well as 64-bit timestamps of all kinds.
130 // Default `stat64` contains no creation time and may have 32-bit `time_t`.
136 ) -> Option<io::Result<FileAttr>> {
137 use crate::sync::atomic::{AtomicU8, Ordering};
139 // Linux kernel prior to 4.11 or glibc prior to glibc 2.28 don't support `statx`
140 // We store the availability in global to avoid unnecessary syscalls.
144 static STATX_STATE: AtomicU8 = AtomicU8::new(0);
148 pathname: *const c_char,
151 statxbuf: *mut libc::statx
155 match STATX_STATE.load(Ordering::Relaxed) {
157 // It is a trick to call `statx` with null pointers to check if the syscall
158 // is available. According to the manual, it is expected to fail with EFAULT.
159 // We do this mainly for performance, since it is nearly hundreds times
160 // faster than a normal successful call.
161 let err = cvt(statx(0, ptr::null(), 0, libc::STATX_ALL, ptr::null_mut()))
163 .and_then(|e| e.raw_os_error());
164 // We don't check `err == Some(libc::ENOSYS)` because the syscall may be limited
165 // and returns `EPERM`. Listing all possible errors seems not a good idea.
166 // See: https://github.com/rust-lang/rust/issues/65662
167 if err != Some(libc::EFAULT) {
168 STATX_STATE.store(1, Ordering::Relaxed);
171 STATX_STATE.store(2, Ordering::Relaxed);
177 let mut buf: libc::statx = mem::zeroed();
178 if let Err(err) = cvt(statx(fd, path, flags, mask, &mut buf)) {
179 return Some(Err(err));
182 // We cannot fill `stat64` exhaustively because of private padding fields.
183 let mut stat: stat64 = mem::zeroed();
184 // `c_ulong` on gnu-mips, `dev_t` otherwise
185 stat.st_dev = libc::makedev(buf.stx_dev_major, buf.stx_dev_minor) as _;
186 stat.st_ino = buf.stx_ino as libc::ino64_t;
187 stat.st_nlink = buf.stx_nlink as libc::nlink_t;
188 stat.st_mode = buf.stx_mode as libc::mode_t;
189 stat.st_uid = buf.stx_uid as libc::uid_t;
190 stat.st_gid = buf.stx_gid as libc::gid_t;
191 stat.st_rdev = libc::makedev(buf.stx_rdev_major, buf.stx_rdev_minor) as _;
192 stat.st_size = buf.stx_size as off64_t;
193 stat.st_blksize = buf.stx_blksize as libc::blksize_t;
194 stat.st_blocks = buf.stx_blocks as libc::blkcnt64_t;
195 stat.st_atime = buf.stx_atime.tv_sec as libc::time_t;
196 // `i64` on gnu-x86_64-x32, `c_ulong` otherwise.
197 stat.st_atime_nsec = buf.stx_atime.tv_nsec as _;
198 stat.st_mtime = buf.stx_mtime.tv_sec as libc::time_t;
199 stat.st_mtime_nsec = buf.stx_mtime.tv_nsec as _;
200 stat.st_ctime = buf.stx_ctime.tv_sec as libc::time_t;
201 stat.st_ctime_nsec = buf.stx_ctime.tv_nsec as _;
203 let extra = StatxExtraFields {
204 stx_mask: buf.stx_mask,
205 stx_btime: buf.stx_btime,
206 // Store full times to avoid 32-bit `time_t` truncation.
207 #[cfg(target_pointer_width = "32")]
208 stx_atime: buf.stx_atime,
209 #[cfg(target_pointer_width = "32")]
210 stx_ctime: buf.stx_ctime,
211 #[cfg(target_pointer_width = "32")]
212 stx_mtime: buf.stx_mtime,
215 Some(Ok(FileAttr { stat, statx_extra_fields: Some(extra) }))
220 pub struct FileAttr {
225 // all DirEntry's will have a reference to this struct
226 struct InnerReadDir {
232 inner: Arc<InnerReadDir>,
234 target_os = "android",
236 target_os = "solaris",
237 target_os = "illumos",
238 target_os = "fuchsia",
244 struct Dir(*mut libc::DIR);
246 unsafe impl Send for Dir {}
247 unsafe impl Sync for Dir {}
250 target_os = "android",
252 target_os = "solaris",
253 target_os = "illumos",
254 target_os = "fuchsia",
257 pub struct DirEntry {
258 dir: Arc<InnerReadDir>,
260 // We need to store an owned copy of the entry name on platforms that use
261 // readdir() (not readdir_r()), because a) struct dirent may use a flexible
262 // array to store the name, b) it lives only until the next readdir() call.
266 // Define a minimal subset of fields we need from `dirent64`, especially since
267 // we're not using the immediate `d_name` on these targets. Keeping this as an
268 // `entry` field in `DirEntry` helps reduce the `cfg` boilerplate elsewhere.
270 target_os = "android",
272 target_os = "solaris",
273 target_os = "illumos",
274 target_os = "fuchsia",
277 struct dirent64_min {
279 #[cfg(not(any(target_os = "solaris", target_os = "illumos")))]
284 target_os = "android",
286 target_os = "solaris",
287 target_os = "illumos",
288 target_os = "fuchsia",
291 pub struct DirEntry {
292 dir: Arc<InnerReadDir>,
293 // The full entry includes a fixed-length `d_name`.
297 #[derive(Clone, Debug)]
298 pub struct OpenOptions {
311 #[derive(Clone, PartialEq, Eq, Debug)]
312 pub struct FilePermissions {
316 #[derive(Copy, Clone)]
317 pub struct FileTimes([libc::timespec; 2]);
319 #[derive(Copy, Clone, PartialEq, Eq, Hash, Debug)]
320 pub struct FileType {
325 pub struct DirBuilder {
331 fn from_stat64(stat: stat64) -> Self {
332 Self { stat, statx_extra_fields: None }
335 #[cfg(target_pointer_width = "32")]
336 pub fn stx_mtime(&self) -> Option<&libc::statx_timestamp> {
337 if let Some(ext) = &self.statx_extra_fields {
338 if (ext.stx_mask & libc::STATX_MTIME) != 0 {
339 return Some(&ext.stx_mtime);
345 #[cfg(target_pointer_width = "32")]
346 pub fn stx_atime(&self) -> Option<&libc::statx_timestamp> {
347 if let Some(ext) = &self.statx_extra_fields {
348 if (ext.stx_mask & libc::STATX_ATIME) != 0 {
349 return Some(&ext.stx_atime);
355 #[cfg(target_pointer_width = "32")]
356 pub fn stx_ctime(&self) -> Option<&libc::statx_timestamp> {
357 if let Some(ext) = &self.statx_extra_fields {
358 if (ext.stx_mask & libc::STATX_CTIME) != 0 {
359 return Some(&ext.stx_ctime);
367 fn from_stat64(stat: stat64) -> Self {
374 pub fn size(&self) -> u64 {
375 self.stat.st_size as u64
377 pub fn perm(&self) -> FilePermissions {
378 FilePermissions { mode: (self.stat.st_mode as mode_t) }
381 pub fn file_type(&self) -> FileType {
382 FileType { mode: self.stat.st_mode as mode_t }
386 #[cfg(target_os = "netbsd")]
388 pub fn modified(&self) -> io::Result<SystemTime> {
389 Ok(SystemTime::new(self.stat.st_mtime as i64, self.stat.st_mtimensec as i64))
392 pub fn accessed(&self) -> io::Result<SystemTime> {
393 Ok(SystemTime::new(self.stat.st_atime as i64, self.stat.st_atimensec as i64))
396 pub fn created(&self) -> io::Result<SystemTime> {
397 Ok(SystemTime::new(self.stat.st_birthtime as i64, self.stat.st_birthtimensec as i64))
401 #[cfg(not(target_os = "netbsd"))]
403 #[cfg(not(any(target_os = "vxworks", target_os = "espidf", target_os = "horizon")))]
404 pub fn modified(&self) -> io::Result<SystemTime> {
405 #[cfg(target_pointer_width = "32")]
407 if let Some(mtime) = self.stx_mtime() {
408 return Ok(SystemTime::new(mtime.tv_sec, mtime.tv_nsec as i64));
412 Ok(SystemTime::new(self.stat.st_mtime as i64, self.stat.st_mtime_nsec as i64))
415 #[cfg(any(target_os = "vxworks", target_os = "espidf"))]
416 pub fn modified(&self) -> io::Result<SystemTime> {
417 Ok(SystemTime::new(self.stat.st_mtime as i64, 0))
420 #[cfg(target_os = "horizon")]
421 pub fn modified(&self) -> io::Result<SystemTime> {
422 Ok(SystemTime::from(self.stat.st_mtim))
425 #[cfg(not(any(target_os = "vxworks", target_os = "espidf", target_os = "horizon")))]
426 pub fn accessed(&self) -> io::Result<SystemTime> {
427 #[cfg(target_pointer_width = "32")]
429 if let Some(atime) = self.stx_atime() {
430 return Ok(SystemTime::new(atime.tv_sec, atime.tv_nsec as i64));
434 Ok(SystemTime::new(self.stat.st_atime as i64, self.stat.st_atime_nsec as i64))
437 #[cfg(any(target_os = "vxworks", target_os = "espidf"))]
438 pub fn accessed(&self) -> io::Result<SystemTime> {
439 Ok(SystemTime::new(self.stat.st_atime as i64, 0))
442 #[cfg(target_os = "horizon")]
443 pub fn accessed(&self) -> io::Result<SystemTime> {
444 Ok(SystemTime::from(self.stat.st_atim))
448 target_os = "freebsd",
449 target_os = "openbsd",
452 target_os = "watchos",
454 pub fn created(&self) -> io::Result<SystemTime> {
455 Ok(SystemTime::new(self.stat.st_birthtime as i64, self.stat.st_birthtime_nsec as i64))
459 target_os = "freebsd",
460 target_os = "openbsd",
463 target_os = "watchos",
465 pub fn created(&self) -> io::Result<SystemTime> {
467 if let Some(ext) = &self.statx_extra_fields {
468 return if (ext.stx_mask & libc::STATX_BTIME) != 0 {
469 Ok(SystemTime::new(ext.stx_btime.tv_sec, ext.stx_btime.tv_nsec as i64))
471 Err(io::const_io_error!(
472 io::ErrorKind::Uncategorized,
473 "creation time is not available for the filesystem",
479 Err(io::const_io_error!(
480 io::ErrorKind::Unsupported,
481 "creation time is not available on this platform \
487 impl AsInner<stat64> for FileAttr {
488 fn as_inner(&self) -> &stat64 {
493 impl FilePermissions {
494 pub fn readonly(&self) -> bool {
495 // check if any class (owner, group, others) has write permission
496 self.mode & 0o222 == 0
499 pub fn set_readonly(&mut self, readonly: bool) {
501 // remove write permission for all classes; equivalent to `chmod a-w <file>`
504 // add write permission for all classes; equivalent to `chmod a+w <file>`
508 pub fn mode(&self) -> u32 {
514 pub fn set_accessed(&mut self, t: SystemTime) {
515 self.0[0] = t.t.to_timespec().expect("Invalid system time");
518 pub fn set_modified(&mut self, t: SystemTime) {
519 self.0[1] = t.t.to_timespec().expect("Invalid system time");
523 struct TimespecDebugAdapter<'a>(&'a libc::timespec);
525 impl fmt::Debug for TimespecDebugAdapter<'_> {
526 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
527 f.debug_struct("timespec")
528 .field("tv_sec", &self.0.tv_sec)
529 .field("tv_nsec", &self.0.tv_nsec)
534 impl fmt::Debug for FileTimes {
535 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
536 f.debug_struct("FileTimes")
537 .field("accessed", &TimespecDebugAdapter(&self.0[0]))
538 .field("modified", &TimespecDebugAdapter(&self.0[1]))
543 impl Default for FileTimes {
544 fn default() -> Self {
545 // Redox doesn't appear to support `UTIME_OMIT`, so we stub it out here, and always return
546 // an error in `set_times`.
547 // ESP-IDF and HorizonOS do not support `futimens` at all and the behavior for those OS is therefore
548 // the same as for Redox.
549 #[cfg(any(target_os = "redox", target_os = "espidf", target_os = "horizon"))]
550 let omit = libc::timespec { tv_sec: 0, tv_nsec: 0 };
551 #[cfg(not(any(target_os = "redox", target_os = "espidf", target_os = "horizon")))]
552 let omit = libc::timespec { tv_sec: 0, tv_nsec: libc::UTIME_OMIT as _ };
558 pub fn is_dir(&self) -> bool {
559 self.is(libc::S_IFDIR)
561 pub fn is_file(&self) -> bool {
562 self.is(libc::S_IFREG)
564 pub fn is_symlink(&self) -> bool {
565 self.is(libc::S_IFLNK)
568 pub fn is(&self, mode: mode_t) -> bool {
569 self.mode & libc::S_IFMT == mode
573 impl FromInner<u32> for FilePermissions {
574 fn from_inner(mode: u32) -> FilePermissions {
575 FilePermissions { mode: mode as mode_t }
579 impl fmt::Debug for ReadDir {
580 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
581 // This will only be called from std::fs::ReadDir, which will add a "ReadDir()" frame.
582 // Thus the result will be e g 'ReadDir("/home")'
583 fmt::Debug::fmt(&*self.inner.root, f)
587 impl Iterator for ReadDir {
588 type Item = io::Result<DirEntry>;
591 target_os = "android",
593 target_os = "solaris",
594 target_os = "fuchsia",
596 target_os = "illumos"
598 fn next(&mut self) -> Option<io::Result<DirEntry>> {
601 // As of POSIX.1-2017, readdir() is not required to be thread safe; only
602 // readdir_r() is. However, readdir_r() cannot correctly handle platforms
603 // with unlimited or variable NAME_MAX. Many modern platforms guarantee
604 // thread safety for readdir() as long an individual DIR* is not accessed
605 // concurrently, which is sufficient for Rust.
606 super::os::set_errno(0);
607 let entry_ptr = readdir64(self.inner.dirp.0);
608 if entry_ptr.is_null() {
609 // null can mean either the end is reached or an error occurred.
610 // So we had to clear errno beforehand to check for an error now.
611 return match super::os::errno() {
613 e => Some(Err(Error::from_raw_os_error(e))),
617 // Only d_reclen bytes of *entry_ptr are valid, so we can't just copy the
618 // whole thing (#93384). Instead, copy everything except the name.
619 let mut copy: dirent64 = mem::zeroed();
620 // Can't dereference entry_ptr, so use the local entry to get
621 // offsetof(struct dirent, d_name)
622 let copy_bytes = &mut copy as *mut _ as *mut u8;
623 let copy_name = &mut copy.d_name as *mut _ as *mut u8;
624 let name_offset = copy_name.offset_from(copy_bytes) as usize;
625 let entry_bytes = entry_ptr as *const u8;
626 let entry_name = entry_bytes.add(name_offset);
627 ptr::copy_nonoverlapping(entry_bytes, copy_bytes, name_offset);
629 let entry = dirent64_min {
630 d_ino: copy.d_ino as u64,
631 #[cfg(not(any(target_os = "solaris", target_os = "illumos")))]
632 d_type: copy.d_type as u8,
637 // d_name is guaranteed to be null-terminated.
638 name: CStr::from_ptr(entry_name as *const _).to_owned(),
639 dir: Arc::clone(&self.inner),
641 if ret.name_bytes() != b"." && ret.name_bytes() != b".." {
642 return Some(Ok(ret));
649 target_os = "android",
651 target_os = "solaris",
652 target_os = "fuchsia",
654 target_os = "illumos"
656 fn next(&mut self) -> Option<io::Result<DirEntry>> {
657 if self.end_of_stream {
662 let mut ret = DirEntry { entry: mem::zeroed(), dir: Arc::clone(&self.inner) };
663 let mut entry_ptr = ptr::null_mut();
665 let err = readdir64_r(self.inner.dirp.0, &mut ret.entry, &mut entry_ptr);
667 if entry_ptr.is_null() {
668 // We encountered an error (which will be returned in this iteration), but
669 // we also reached the end of the directory stream. The `end_of_stream`
670 // flag is enabled to make sure that we return `None` in the next iteration
671 // (instead of looping forever)
672 self.end_of_stream = true;
674 return Some(Err(Error::from_raw_os_error(err)));
676 if entry_ptr.is_null() {
679 if ret.name_bytes() != b"." && ret.name_bytes() != b".." {
680 return Some(Ok(ret));
689 let r = unsafe { libc::closedir(self.0) };
691 r == 0 || crate::io::Error::last_os_error().kind() == crate::io::ErrorKind::Interrupted,
692 "unexpected error during closedir: {:?}",
693 crate::io::Error::last_os_error()
699 pub fn path(&self) -> PathBuf {
700 self.dir.root.join(self.file_name_os_str())
703 pub fn file_name(&self) -> OsString {
704 self.file_name_os_str().to_os_string()
707 #[cfg(any(target_os = "linux", target_os = "emscripten", target_os = "android"))]
708 pub fn metadata(&self) -> io::Result<FileAttr> {
709 let fd = cvt(unsafe { dirfd(self.dir.dirp.0) })?;
710 let name = self.name_cstr().as_ptr();
713 if let Some(ret) = unsafe { try_statx(
716 libc::AT_SYMLINK_NOFOLLOW | libc::AT_STATX_SYNC_AS_STAT,
723 let mut stat: stat64 = unsafe { mem::zeroed() };
724 cvt(unsafe { fstatat64(fd, name, &mut stat, libc::AT_SYMLINK_NOFOLLOW) })?;
725 Ok(FileAttr::from_stat64(stat))
728 #[cfg(not(any(target_os = "linux", target_os = "emscripten", target_os = "android")))]
729 pub fn metadata(&self) -> io::Result<FileAttr> {
734 target_os = "solaris",
735 target_os = "illumos",
737 target_os = "vxworks"
739 pub fn file_type(&self) -> io::Result<FileType> {
740 self.metadata().map(|m| m.file_type())
744 target_os = "solaris",
745 target_os = "illumos",
747 target_os = "vxworks"
749 pub fn file_type(&self) -> io::Result<FileType> {
750 match self.entry.d_type {
751 libc::DT_CHR => Ok(FileType { mode: libc::S_IFCHR }),
752 libc::DT_FIFO => Ok(FileType { mode: libc::S_IFIFO }),
753 libc::DT_LNK => Ok(FileType { mode: libc::S_IFLNK }),
754 libc::DT_REG => Ok(FileType { mode: libc::S_IFREG }),
755 libc::DT_SOCK => Ok(FileType { mode: libc::S_IFSOCK }),
756 libc::DT_DIR => Ok(FileType { mode: libc::S_IFDIR }),
757 libc::DT_BLK => Ok(FileType { mode: libc::S_IFBLK }),
758 _ => self.metadata().map(|m| m.file_type()),
765 target_os = "watchos",
767 target_os = "emscripten",
768 target_os = "android",
769 target_os = "solaris",
770 target_os = "illumos",
773 target_os = "fuchsia",
775 target_os = "vxworks",
776 target_os = "espidf",
777 target_os = "horizon"
779 pub fn ino(&self) -> u64 {
780 self.entry.d_ino as u64
784 target_os = "freebsd",
785 target_os = "openbsd",
786 target_os = "netbsd",
787 target_os = "dragonfly"
789 pub fn ino(&self) -> u64 {
790 self.entry.d_fileno as u64
796 target_os = "watchos",
797 target_os = "netbsd",
798 target_os = "openbsd",
799 target_os = "freebsd",
800 target_os = "dragonfly"
802 fn name_bytes(&self) -> &[u8] {
805 slice::from_raw_parts(
806 self.entry.d_name.as_ptr() as *const u8,
807 self.entry.d_namlen as usize,
814 target_os = "watchos",
815 target_os = "netbsd",
816 target_os = "openbsd",
817 target_os = "freebsd",
818 target_os = "dragonfly"
820 fn name_bytes(&self) -> &[u8] {
821 self.name_cstr().to_bytes()
825 target_os = "android",
827 target_os = "solaris",
828 target_os = "illumos",
829 target_os = "fuchsia",
832 fn name_cstr(&self) -> &CStr {
833 unsafe { CStr::from_ptr(self.entry.d_name.as_ptr()) }
836 target_os = "android",
838 target_os = "solaris",
839 target_os = "illumos",
840 target_os = "fuchsia",
843 fn name_cstr(&self) -> &CStr {
847 pub fn file_name_os_str(&self) -> &OsStr {
848 OsStr::from_bytes(self.name_bytes())
853 pub fn new() -> OpenOptions {
868 pub fn read(&mut self, read: bool) {
871 pub fn write(&mut self, write: bool) {
874 pub fn append(&mut self, append: bool) {
875 self.append = append;
877 pub fn truncate(&mut self, truncate: bool) {
878 self.truncate = truncate;
880 pub fn create(&mut self, create: bool) {
881 self.create = create;
883 pub fn create_new(&mut self, create_new: bool) {
884 self.create_new = create_new;
887 pub fn custom_flags(&mut self, flags: i32) {
888 self.custom_flags = flags;
890 pub fn mode(&mut self, mode: u32) {
891 self.mode = mode as mode_t;
894 fn get_access_mode(&self) -> io::Result<c_int> {
895 match (self.read, self.write, self.append) {
896 (true, false, false) => Ok(libc::O_RDONLY),
897 (false, true, false) => Ok(libc::O_WRONLY),
898 (true, true, false) => Ok(libc::O_RDWR),
899 (false, _, true) => Ok(libc::O_WRONLY | libc::O_APPEND),
900 (true, _, true) => Ok(libc::O_RDWR | libc::O_APPEND),
901 (false, false, false) => Err(Error::from_raw_os_error(libc::EINVAL)),
905 fn get_creation_mode(&self) -> io::Result<c_int> {
906 match (self.write, self.append) {
909 if self.truncate || self.create || self.create_new {
910 return Err(Error::from_raw_os_error(libc::EINVAL));
914 if self.truncate && !self.create_new {
915 return Err(Error::from_raw_os_error(libc::EINVAL));
920 Ok(match (self.create, self.truncate, self.create_new) {
921 (false, false, false) => 0,
922 (true, false, false) => libc::O_CREAT,
923 (false, true, false) => libc::O_TRUNC,
924 (true, true, false) => libc::O_CREAT | libc::O_TRUNC,
925 (_, _, true) => libc::O_CREAT | libc::O_EXCL,
931 pub fn open(path: &Path, opts: &OpenOptions) -> io::Result<File> {
932 let path = cstr(path)?;
933 File::open_c(&path, opts)
936 pub fn open_c(path: &CStr, opts: &OpenOptions) -> io::Result<File> {
937 let flags = libc::O_CLOEXEC
938 | opts.get_access_mode()?
939 | opts.get_creation_mode()?
940 | (opts.custom_flags as c_int & !libc::O_ACCMODE);
941 // The third argument of `open64` is documented to have type `mode_t`. On
942 // some platforms (like macOS, where `open64` is actually `open`), `mode_t` is `u16`.
943 // However, since this is a variadic function, C integer promotion rules mean that on
944 // the ABI level, this still gets passed as `c_int` (aka `u32` on Unix platforms).
945 let fd = cvt_r(|| unsafe { open64(path.as_ptr(), flags, opts.mode as c_int) })?;
946 Ok(File(unsafe { FileDesc::from_raw_fd(fd) }))
949 pub fn file_attr(&self) -> io::Result<FileAttr> {
950 let fd = self.as_raw_fd();
953 if let Some(ret) = unsafe { try_statx(
955 b"\0" as *const _ as *const c_char,
956 libc::AT_EMPTY_PATH | libc::AT_STATX_SYNC_AS_STAT,
963 let mut stat: stat64 = unsafe { mem::zeroed() };
964 cvt(unsafe { fstat64(fd, &mut stat) })?;
965 Ok(FileAttr::from_stat64(stat))
968 pub fn fsync(&self) -> io::Result<()> {
969 cvt_r(|| unsafe { os_fsync(self.as_raw_fd()) })?;
972 #[cfg(any(target_os = "macos", target_os = "ios", target_os = "watchos"))]
973 unsafe fn os_fsync(fd: c_int) -> c_int {
974 libc::fcntl(fd, libc::F_FULLFSYNC)
976 #[cfg(not(any(target_os = "macos", target_os = "ios", target_os = "watchos")))]
977 unsafe fn os_fsync(fd: c_int) -> c_int {
982 pub fn datasync(&self) -> io::Result<()> {
983 cvt_r(|| unsafe { os_datasync(self.as_raw_fd()) })?;
986 #[cfg(any(target_os = "macos", target_os = "ios", target_os = "watchos"))]
987 unsafe fn os_datasync(fd: c_int) -> c_int {
988 libc::fcntl(fd, libc::F_FULLFSYNC)
991 target_os = "freebsd",
993 target_os = "android",
994 target_os = "netbsd",
995 target_os = "openbsd"
997 unsafe fn os_datasync(fd: c_int) -> c_int {
1001 target_os = "android",
1002 target_os = "freebsd",
1004 target_os = "linux",
1005 target_os = "macos",
1006 target_os = "netbsd",
1007 target_os = "openbsd",
1008 target_os = "watchos",
1010 unsafe fn os_datasync(fd: c_int) -> c_int {
1015 pub fn truncate(&self, size: u64) -> io::Result<()> {
1017 size.try_into().map_err(|e| io::Error::new(io::ErrorKind::InvalidInput, e))?;
1018 cvt_r(|| unsafe { ftruncate64(self.as_raw_fd(), size) }).map(drop)
1021 pub fn read(&self, buf: &mut [u8]) -> io::Result<usize> {
1025 pub fn read_vectored(&self, bufs: &mut [IoSliceMut<'_>]) -> io::Result<usize> {
1026 self.0.read_vectored(bufs)
1030 pub fn is_read_vectored(&self) -> bool {
1031 self.0.is_read_vectored()
1034 pub fn read_at(&self, buf: &mut [u8], offset: u64) -> io::Result<usize> {
1035 self.0.read_at(buf, offset)
1038 pub fn read_buf(&self, buf: &mut ReadBuf<'_>) -> io::Result<()> {
1039 self.0.read_buf(buf)
1042 pub fn write(&self, buf: &[u8]) -> io::Result<usize> {
1046 pub fn write_vectored(&self, bufs: &[IoSlice<'_>]) -> io::Result<usize> {
1047 self.0.write_vectored(bufs)
1051 pub fn is_write_vectored(&self) -> bool {
1052 self.0.is_write_vectored()
1055 pub fn write_at(&self, buf: &[u8], offset: u64) -> io::Result<usize> {
1056 self.0.write_at(buf, offset)
1059 pub fn flush(&self) -> io::Result<()> {
1063 pub fn seek(&self, pos: SeekFrom) -> io::Result<u64> {
1064 let (whence, pos) = match pos {
1065 // Casting to `i64` is fine, too large values will end up as
1066 // negative which will cause an error in `lseek64`.
1067 SeekFrom::Start(off) => (libc::SEEK_SET, off as i64),
1068 SeekFrom::End(off) => (libc::SEEK_END, off),
1069 SeekFrom::Current(off) => (libc::SEEK_CUR, off),
1071 let n = cvt(unsafe { lseek64(self.as_raw_fd(), pos as off64_t, whence) })?;
1075 pub fn duplicate(&self) -> io::Result<File> {
1076 self.0.duplicate().map(File)
1079 pub fn set_permissions(&self, perm: FilePermissions) -> io::Result<()> {
1080 cvt_r(|| unsafe { libc::fchmod(self.as_raw_fd(), perm.mode) })?;
1084 pub fn set_times(&self, times: FileTimes) -> io::Result<()> {
1086 if #[cfg(any(target_os = "redox", target_os = "espidf", target_os = "horizon"))] {
1087 // Redox doesn't appear to support `UTIME_OMIT`.
1088 // ESP-IDF and HorizonOS do not support `futimens` at all and the behavior for those OS is therefore
1089 // the same as for Redox.
1091 Err(io::const_io_error!(
1092 io::ErrorKind::Unsupported,
1093 "setting file times not supported",
1095 } else if #[cfg(any(target_os = "android", target_os = "macos"))] {
1096 // futimens requires macOS 10.13, and Android API level 19
1098 weak!(fn futimens(c_int, *const libc::timespec) -> c_int);
1099 match futimens.get() {
1100 Some(futimens) => futimens(self.as_raw_fd(), times.0.as_ptr()),
1101 #[cfg(target_os = "macos")]
1103 fn ts_to_tv(ts: &libc::timespec) -> libc::timeval {
1106 tv_usec: (ts.tv_nsec / 1000) as _
1109 let timevals = [ts_to_tv(×.0[0]), ts_to_tv(×.0[1])];
1110 libc::futimes(self.as_raw_fd(), timevals.as_ptr())
1112 // futimes requires even newer Android.
1113 #[cfg(target_os = "android")]
1114 None => return Err(io::const_io_error!(
1115 io::ErrorKind::Unsupported,
1116 "setting file times requires Android API level >= 19",
1122 cvt(unsafe { libc::futimens(self.as_raw_fd(), times.0.as_ptr()) })?;
1130 pub fn new() -> DirBuilder {
1131 DirBuilder { mode: 0o777 }
1134 pub fn mkdir(&self, p: &Path) -> io::Result<()> {
1136 cvt(unsafe { libc::mkdir(p.as_ptr(), self.mode) })?;
1140 pub fn set_mode(&mut self, mode: u32) {
1141 self.mode = mode as mode_t;
1145 fn cstr(path: &Path) -> io::Result<CString> {
1146 Ok(CString::new(path.as_os_str().as_bytes())?)
1149 impl AsInner<FileDesc> for File {
1150 fn as_inner(&self) -> &FileDesc {
1155 impl AsInnerMut<FileDesc> for File {
1156 fn as_inner_mut(&mut self) -> &mut FileDesc {
1161 impl IntoInner<FileDesc> for File {
1162 fn into_inner(self) -> FileDesc {
1167 impl FromInner<FileDesc> for File {
1168 fn from_inner(file_desc: FileDesc) -> Self {
1173 impl AsFd for File {
1174 fn as_fd(&self) -> BorrowedFd<'_> {
1179 impl AsRawFd for File {
1180 fn as_raw_fd(&self) -> RawFd {
1185 impl IntoRawFd for File {
1186 fn into_raw_fd(self) -> RawFd {
1187 self.0.into_raw_fd()
1191 impl FromRawFd for File {
1192 unsafe fn from_raw_fd(raw_fd: RawFd) -> Self {
1193 Self(FromRawFd::from_raw_fd(raw_fd))
1197 impl fmt::Debug for File {
1198 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
1199 #[cfg(any(target_os = "linux", target_os = "netbsd"))]
1200 fn get_path(fd: c_int) -> Option<PathBuf> {
1201 let mut p = PathBuf::from("/proc/self/fd");
1202 p.push(&fd.to_string());
1206 #[cfg(target_os = "macos")]
1207 fn get_path(fd: c_int) -> Option<PathBuf> {
1208 // FIXME: The use of PATH_MAX is generally not encouraged, but it
1209 // is inevitable in this case because macOS defines `fcntl` with
1210 // `F_GETPATH` in terms of `MAXPATHLEN`, and there are no
1211 // alternatives. If a better method is invented, it should be used
1213 let mut buf = vec![0; libc::PATH_MAX as usize];
1214 let n = unsafe { libc::fcntl(fd, libc::F_GETPATH, buf.as_ptr()) };
1218 let l = buf.iter().position(|&c| c == 0).unwrap();
1219 buf.truncate(l as usize);
1220 buf.shrink_to_fit();
1221 Some(PathBuf::from(OsString::from_vec(buf)))
1224 #[cfg(all(target_os = "freebsd", target_arch = "x86_64"))]
1225 fn get_path(fd: c_int) -> Option<PathBuf> {
1226 let info = Box::<libc::kinfo_file>::new_zeroed();
1227 let mut info = unsafe { info.assume_init() };
1228 info.kf_structsize = mem::size_of::<libc::kinfo_file>() as libc::c_int;
1229 let n = unsafe { libc::fcntl(fd, libc::F_KINFO, &mut *info) };
1233 let buf = unsafe { CStr::from_ptr(info.kf_path.as_mut_ptr()).to_bytes().to_vec() };
1234 Some(PathBuf::from(OsString::from_vec(buf)))
1237 #[cfg(target_os = "vxworks")]
1238 fn get_path(fd: c_int) -> Option<PathBuf> {
1239 let mut buf = vec![0; libc::PATH_MAX as usize];
1240 let n = unsafe { libc::ioctl(fd, libc::FIOGETNAME, buf.as_ptr()) };
1244 let l = buf.iter().position(|&c| c == 0).unwrap();
1245 buf.truncate(l as usize);
1246 Some(PathBuf::from(OsString::from_vec(buf)))
1250 target_os = "linux",
1251 target_os = "macos",
1252 target_os = "vxworks",
1253 all(target_os = "freebsd", target_arch = "x86_64"),
1254 target_os = "netbsd"
1256 fn get_path(_fd: c_int) -> Option<PathBuf> {
1257 // FIXME(#24570): implement this for other Unix platforms
1261 #[cfg(any(target_os = "linux", target_os = "macos", target_os = "vxworks"))]
1262 fn get_mode(fd: c_int) -> Option<(bool, bool)> {
1263 let mode = unsafe { libc::fcntl(fd, libc::F_GETFL) };
1267 match mode & libc::O_ACCMODE {
1268 libc::O_RDONLY => Some((true, false)),
1269 libc::O_RDWR => Some((true, true)),
1270 libc::O_WRONLY => Some((false, true)),
1275 #[cfg(not(any(target_os = "linux", target_os = "macos", target_os = "vxworks")))]
1276 fn get_mode(_fd: c_int) -> Option<(bool, bool)> {
1277 // FIXME(#24570): implement this for other Unix platforms
1281 let fd = self.as_raw_fd();
1282 let mut b = f.debug_struct("File");
1284 if let Some(path) = get_path(fd) {
1285 b.field("path", &path);
1287 if let Some((read, write)) = get_mode(fd) {
1288 b.field("read", &read).field("write", &write);
1294 pub fn readdir(p: &Path) -> io::Result<ReadDir> {
1295 let root = p.to_path_buf();
1298 let ptr = libc::opendir(p.as_ptr());
1300 Err(Error::last_os_error())
1302 let inner = InnerReadDir { dirp: Dir(ptr), root };
1304 inner: Arc::new(inner),
1306 target_os = "android",
1307 target_os = "linux",
1308 target_os = "solaris",
1309 target_os = "illumos",
1310 target_os = "fuchsia",
1311 target_os = "redox",
1313 end_of_stream: false,
1319 pub fn unlink(p: &Path) -> io::Result<()> {
1321 cvt(unsafe { libc::unlink(p.as_ptr()) })?;
1325 pub fn rename(old: &Path, new: &Path) -> io::Result<()> {
1326 let old = cstr(old)?;
1327 let new = cstr(new)?;
1328 cvt(unsafe { libc::rename(old.as_ptr(), new.as_ptr()) })?;
1332 pub fn set_perm(p: &Path, perm: FilePermissions) -> io::Result<()> {
1334 cvt_r(|| unsafe { libc::chmod(p.as_ptr(), perm.mode) })?;
1338 pub fn rmdir(p: &Path) -> io::Result<()> {
1340 cvt(unsafe { libc::rmdir(p.as_ptr()) })?;
1344 pub fn readlink(p: &Path) -> io::Result<PathBuf> {
1345 let c_path = cstr(p)?;
1346 let p = c_path.as_ptr();
1348 let mut buf = Vec::with_capacity(256);
1352 cvt(unsafe { libc::readlink(p, buf.as_mut_ptr() as *mut _, buf.capacity()) })? as usize;
1355 buf.set_len(buf_read);
1358 if buf_read != buf.capacity() {
1359 buf.shrink_to_fit();
1361 return Ok(PathBuf::from(OsString::from_vec(buf)));
1364 // Trigger the internal buffer resizing logic of `Vec` by requiring
1365 // more space than the current capacity. The length is guaranteed to be
1366 // the same as the capacity due to the if statement above.
1371 pub fn symlink(original: &Path, link: &Path) -> io::Result<()> {
1372 let original = cstr(original)?;
1373 let link = cstr(link)?;
1374 cvt(unsafe { libc::symlink(original.as_ptr(), link.as_ptr()) })?;
1378 pub fn link(original: &Path, link: &Path) -> io::Result<()> {
1379 let original = cstr(original)?;
1380 let link = cstr(link)?;
1382 if #[cfg(any(target_os = "vxworks", target_os = "redox", target_os = "android", target_os = "espidf", target_os = "horizon"))] {
1383 // VxWorks, Redox and ESP-IDF lack `linkat`, so use `link` instead. POSIX leaves
1384 // it implementation-defined whether `link` follows symlinks, so rely on the
1385 // `symlink_hard_link` test in library/std/src/fs/tests.rs to check the behavior.
1386 // Android has `linkat` on newer versions, but we happen to know `link`
1387 // always has the correct behavior, so it's here as well.
1388 cvt(unsafe { libc::link(original.as_ptr(), link.as_ptr()) })?;
1389 } else if #[cfg(target_os = "macos")] {
1390 // On MacOS, older versions (<=10.9) lack support for linkat while newer
1391 // versions have it. We want to use linkat if it is available, so we use weak!
1392 // to check. `linkat` is preferable to `link` because it gives us a flag to
1393 // specify how symlinks should be handled. We pass 0 as the flags argument,
1394 // meaning it shouldn't follow symlinks.
1395 weak!(fn linkat(c_int, *const c_char, c_int, *const c_char, c_int) -> c_int);
1397 if let Some(f) = linkat.get() {
1398 cvt(unsafe { f(libc::AT_FDCWD, original.as_ptr(), libc::AT_FDCWD, link.as_ptr(), 0) })?;
1400 cvt(unsafe { libc::link(original.as_ptr(), link.as_ptr()) })?;
1403 // Where we can, use `linkat` instead of `link`; see the comment above
1404 // this one for details on why.
1405 cvt(unsafe { libc::linkat(libc::AT_FDCWD, original.as_ptr(), libc::AT_FDCWD, link.as_ptr(), 0) })?;
1411 pub fn stat(p: &Path) -> io::Result<FileAttr> {
1415 if let Some(ret) = unsafe { try_statx(
1418 libc::AT_STATX_SYNC_AS_STAT,
1425 let mut stat: stat64 = unsafe { mem::zeroed() };
1426 cvt(unsafe { stat64(p.as_ptr(), &mut stat) })?;
1427 Ok(FileAttr::from_stat64(stat))
1430 pub fn lstat(p: &Path) -> io::Result<FileAttr> {
1434 if let Some(ret) = unsafe { try_statx(
1437 libc::AT_SYMLINK_NOFOLLOW | libc::AT_STATX_SYNC_AS_STAT,
1444 let mut stat: stat64 = unsafe { mem::zeroed() };
1445 cvt(unsafe { lstat64(p.as_ptr(), &mut stat) })?;
1446 Ok(FileAttr::from_stat64(stat))
1449 pub fn canonicalize(p: &Path) -> io::Result<PathBuf> {
1450 let path = CString::new(p.as_os_str().as_bytes())?;
1453 let r = libc::realpath(path.as_ptr(), ptr::null_mut());
1455 return Err(io::Error::last_os_error());
1457 buf = CStr::from_ptr(r).to_bytes().to_vec();
1458 libc::free(r as *mut _);
1460 Ok(PathBuf::from(OsString::from_vec(buf)))
1463 fn open_from(from: &Path) -> io::Result<(crate::fs::File, crate::fs::Metadata)> {
1464 use crate::fs::File;
1465 use crate::sys_common::fs::NOT_FILE_ERROR;
1467 let reader = File::open(from)?;
1468 let metadata = reader.metadata()?;
1469 if !metadata.is_file() {
1470 return Err(NOT_FILE_ERROR);
1472 Ok((reader, metadata))
1475 #[cfg(target_os = "espidf")]
1476 fn open_to_and_set_permissions(
1478 reader_metadata: crate::fs::Metadata,
1479 ) -> io::Result<(crate::fs::File, crate::fs::Metadata)> {
1480 use crate::fs::OpenOptions;
1481 let writer = OpenOptions::new().open(to)?;
1482 let writer_metadata = writer.metadata()?;
1483 Ok((writer, writer_metadata))
1486 #[cfg(not(target_os = "espidf"))]
1487 fn open_to_and_set_permissions(
1489 reader_metadata: crate::fs::Metadata,
1490 ) -> io::Result<(crate::fs::File, crate::fs::Metadata)> {
1491 use crate::fs::OpenOptions;
1492 use crate::os::unix::fs::{OpenOptionsExt, PermissionsExt};
1494 let perm = reader_metadata.permissions();
1495 let writer = OpenOptions::new()
1496 // create the file with the correct mode right away
1502 let writer_metadata = writer.metadata()?;
1503 if writer_metadata.is_file() {
1504 // Set the correct file permissions, in case the file already existed.
1505 // Don't set the permissions on already existing non-files like
1506 // pipes/FIFOs or device nodes.
1507 writer.set_permissions(perm)?;
1509 Ok((writer, writer_metadata))
1513 target_os = "linux",
1514 target_os = "android",
1515 target_os = "macos",
1517 target_os = "watchos",
1519 pub fn copy(from: &Path, to: &Path) -> io::Result<u64> {
1520 let (mut reader, reader_metadata) = open_from(from)?;
1521 let (mut writer, _) = open_to_and_set_permissions(to, reader_metadata)?;
1523 io::copy(&mut reader, &mut writer)
1526 #[cfg(any(target_os = "linux", target_os = "android"))]
1527 pub fn copy(from: &Path, to: &Path) -> io::Result<u64> {
1528 let (mut reader, reader_metadata) = open_from(from)?;
1529 let max_len = u64::MAX;
1530 let (mut writer, _) = open_to_and_set_permissions(to, reader_metadata)?;
1532 use super::kernel_copy::{copy_regular_files, CopyResult};
1534 match copy_regular_files(reader.as_raw_fd(), writer.as_raw_fd(), max_len) {
1535 CopyResult::Ended(bytes) => Ok(bytes),
1536 CopyResult::Error(e, _) => Err(e),
1537 CopyResult::Fallback(written) => match io::copy::generic_copy(&mut reader, &mut writer) {
1538 Ok(bytes) => Ok(bytes + written),
1544 #[cfg(any(target_os = "macos", target_os = "ios", target_os = "watchos"))]
1545 pub fn copy(from: &Path, to: &Path) -> io::Result<u64> {
1546 use crate::sync::atomic::{AtomicBool, Ordering};
1548 const COPYFILE_ACL: u32 = 1 << 0;
1549 const COPYFILE_STAT: u32 = 1 << 1;
1550 const COPYFILE_XATTR: u32 = 1 << 2;
1551 const COPYFILE_DATA: u32 = 1 << 3;
1553 const COPYFILE_SECURITY: u32 = COPYFILE_STAT | COPYFILE_ACL;
1554 const COPYFILE_METADATA: u32 = COPYFILE_SECURITY | COPYFILE_XATTR;
1555 const COPYFILE_ALL: u32 = COPYFILE_METADATA | COPYFILE_DATA;
1557 const COPYFILE_STATE_COPIED: u32 = 8;
1559 #[allow(non_camel_case_types)]
1560 type copyfile_state_t = *mut libc::c_void;
1561 #[allow(non_camel_case_types)]
1562 type copyfile_flags_t = u32;
1568 state: copyfile_state_t,
1569 flags: copyfile_flags_t,
1571 fn copyfile_state_alloc() -> copyfile_state_t;
1572 fn copyfile_state_free(state: copyfile_state_t) -> libc::c_int;
1573 fn copyfile_state_get(
1574 state: copyfile_state_t,
1576 dst: *mut libc::c_void,
1580 struct FreeOnDrop(copyfile_state_t);
1581 impl Drop for FreeOnDrop {
1582 fn drop(&mut self) {
1583 // The code below ensures that `FreeOnDrop` is never a null pointer
1585 // `copyfile_state_free` returns -1 if the `to` or `from` files
1586 // cannot be closed. However, this is not considered this an
1588 copyfile_state_free(self.0);
1593 // MacOS prior to 10.12 don't support `fclonefileat`
1594 // We store the availability in a global to avoid unnecessary syscalls
1595 static HAS_FCLONEFILEAT: AtomicBool = AtomicBool::new(true);
1599 dst_dirfd: libc::c_int,
1605 let (reader, reader_metadata) = open_from(from)?;
1607 // Opportunistically attempt to create a copy-on-write clone of `from`
1608 // using `fclonefileat`.
1609 if HAS_FCLONEFILEAT.load(Ordering::Relaxed) {
1611 let clonefile_result =
1612 cvt(unsafe { fclonefileat(reader.as_raw_fd(), libc::AT_FDCWD, to.as_ptr(), 0) });
1613 match clonefile_result {
1614 Ok(_) => return Ok(reader_metadata.len()),
1615 Err(err) => match err.raw_os_error() {
1616 // `fclonefileat` will fail on non-APFS volumes, if the
1617 // destination already exists, or if the source and destination
1618 // are on different devices. In all these cases `fcopyfile`
1620 Some(libc::ENOTSUP) | Some(libc::EEXIST) | Some(libc::EXDEV) => (),
1621 Some(libc::ENOSYS) => HAS_FCLONEFILEAT.store(false, Ordering::Relaxed),
1622 _ => return Err(err),
1627 // Fall back to using `fcopyfile` if `fclonefileat` does not succeed.
1628 let (writer, writer_metadata) = open_to_and_set_permissions(to, reader_metadata)?;
1630 // We ensure that `FreeOnDrop` never contains a null pointer so it is
1631 // always safe to call `copyfile_state_free`
1632 let state = unsafe {
1633 let state = copyfile_state_alloc();
1634 if state.is_null() {
1635 return Err(crate::io::Error::last_os_error());
1640 let flags = if writer_metadata.is_file() { COPYFILE_ALL } else { COPYFILE_DATA };
1642 cvt(unsafe { fcopyfile(reader.as_raw_fd(), writer.as_raw_fd(), state.0, flags) })?;
1644 let mut bytes_copied: libc::off_t = 0;
1648 COPYFILE_STATE_COPIED,
1649 &mut bytes_copied as *mut libc::off_t as *mut libc::c_void,
1652 Ok(bytes_copied as u64)
1655 pub fn chown(path: &Path, uid: u32, gid: u32) -> io::Result<()> {
1656 let path = cstr(path)?;
1657 cvt(unsafe { libc::chown(path.as_ptr(), uid as libc::uid_t, gid as libc::gid_t) })?;
1661 pub fn fchown(fd: c_int, uid: u32, gid: u32) -> io::Result<()> {
1662 cvt(unsafe { libc::fchown(fd, uid as libc::uid_t, gid as libc::gid_t) })?;
1666 pub fn lchown(path: &Path, uid: u32, gid: u32) -> io::Result<()> {
1667 let path = cstr(path)?;
1668 cvt(unsafe { libc::lchown(path.as_ptr(), uid as libc::uid_t, gid as libc::gid_t) })?;
1672 #[cfg(not(any(target_os = "fuchsia", target_os = "vxworks")))]
1673 pub fn chroot(dir: &Path) -> io::Result<()> {
1674 let dir = cstr(dir)?;
1675 cvt(unsafe { libc::chroot(dir.as_ptr()) })?;
1679 pub use remove_dir_impl::remove_dir_all;
1681 // Fallback for REDOX, ESP-ID, Horizon, and Miri
1682 #[cfg(any(target_os = "redox", target_os = "espidf", target_os = "horizon", miri))]
1683 mod remove_dir_impl {
1684 pub use crate::sys_common::fs::remove_dir_all;
1687 // Modern implementation using openat(), unlinkat() and fdopendir()
1688 #[cfg(not(any(target_os = "redox", target_os = "espidf", target_os = "horizon", miri)))]
1689 mod remove_dir_impl {
1690 use super::{cstr, lstat, Dir, DirEntry, InnerReadDir, ReadDir};
1691 use crate::ffi::CStr;
1693 use crate::os::unix::io::{AsRawFd, FromRawFd, IntoRawFd};
1694 use crate::os::unix::prelude::{OwnedFd, RawFd};
1695 use crate::path::{Path, PathBuf};
1696 use crate::sync::Arc;
1697 use crate::sys::{cvt, cvt_r};
1699 #[cfg(not(all(target_os = "macos", not(target_arch = "aarch64")),))]
1700 use libc::{fdopendir, openat, unlinkat};
1701 #[cfg(all(target_os = "macos", not(target_arch = "aarch64")))]
1702 use macos_weak::{fdopendir, openat, unlinkat};
1704 #[cfg(all(target_os = "macos", not(target_arch = "aarch64")))]
1706 use crate::sys::weak::weak;
1707 use libc::{c_char, c_int, DIR};
1709 fn get_openat_fn() -> Option<unsafe extern "C" fn(c_int, *const c_char, c_int) -> c_int> {
1710 weak!(fn openat(c_int, *const c_char, c_int) -> c_int);
1714 pub fn has_openat() -> bool {
1715 get_openat_fn().is_some()
1718 pub unsafe fn openat(dirfd: c_int, pathname: *const c_char, flags: c_int) -> c_int {
1719 get_openat_fn().map(|openat| openat(dirfd, pathname, flags)).unwrap_or_else(|| {
1720 crate::sys::unix::os::set_errno(libc::ENOSYS);
1725 pub unsafe fn fdopendir(fd: c_int) -> *mut DIR {
1726 #[cfg(all(target_os = "macos", target_arch = "x86"))]
1727 weak!(fn fdopendir(c_int) -> *mut DIR, "fdopendir$INODE64$UNIX2003");
1728 #[cfg(all(target_os = "macos", target_arch = "x86_64"))]
1729 weak!(fn fdopendir(c_int) -> *mut DIR, "fdopendir$INODE64");
1730 fdopendir.get().map(|fdopendir| fdopendir(fd)).unwrap_or_else(|| {
1731 crate::sys::unix::os::set_errno(libc::ENOSYS);
1732 crate::ptr::null_mut()
1736 pub unsafe fn unlinkat(dirfd: c_int, pathname: *const c_char, flags: c_int) -> c_int {
1737 weak!(fn unlinkat(c_int, *const c_char, c_int) -> c_int);
1738 unlinkat.get().map(|unlinkat| unlinkat(dirfd, pathname, flags)).unwrap_or_else(|| {
1739 crate::sys::unix::os::set_errno(libc::ENOSYS);
1745 pub fn openat_nofollow_dironly(parent_fd: Option<RawFd>, p: &CStr) -> io::Result<OwnedFd> {
1746 let fd = cvt_r(|| unsafe {
1748 parent_fd.unwrap_or(libc::AT_FDCWD),
1750 libc::O_CLOEXEC | libc::O_RDONLY | libc::O_NOFOLLOW | libc::O_DIRECTORY,
1753 Ok(unsafe { OwnedFd::from_raw_fd(fd) })
1756 fn fdreaddir(dir_fd: OwnedFd) -> io::Result<(ReadDir, RawFd)> {
1757 let ptr = unsafe { fdopendir(dir_fd.as_raw_fd()) };
1759 return Err(io::Error::last_os_error());
1761 let dirp = Dir(ptr);
1762 // file descriptor is automatically closed by libc::closedir() now, so give up ownership
1763 let new_parent_fd = dir_fd.into_raw_fd();
1764 // a valid root is not needed because we do not call any functions involving the full path
1765 // of the DirEntrys.
1766 let dummy_root = PathBuf::new();
1769 inner: Arc::new(InnerReadDir { dirp, root: dummy_root }),
1771 target_os = "android",
1772 target_os = "linux",
1773 target_os = "solaris",
1774 target_os = "illumos",
1775 target_os = "fuchsia",
1776 target_os = "redox",
1778 end_of_stream: false,
1785 target_os = "solaris",
1786 target_os = "illumos",
1787 target_os = "haiku",
1788 target_os = "vxworks",
1790 fn is_dir(_ent: &DirEntry) -> Option<bool> {
1795 target_os = "solaris",
1796 target_os = "illumos",
1797 target_os = "haiku",
1798 target_os = "vxworks",
1800 fn is_dir(ent: &DirEntry) -> Option<bool> {
1801 match ent.entry.d_type {
1802 libc::DT_UNKNOWN => None,
1803 libc::DT_DIR => Some(true),
1808 fn remove_dir_all_recursive(parent_fd: Option<RawFd>, path: &CStr) -> io::Result<()> {
1809 // try opening as directory
1810 let fd = match openat_nofollow_dironly(parent_fd, &path) {
1811 Err(err) if matches!(err.raw_os_error(), Some(libc::ENOTDIR | libc::ELOOP)) => {
1812 // not a directory - don't traverse further
1813 // (for symlinks, older Linux kernels may return ELOOP instead of ENOTDIR)
1814 return match parent_fd {
1816 Some(parent_fd) => {
1817 cvt(unsafe { unlinkat(parent_fd, path.as_ptr(), 0) }).map(drop)
1819 // ...unless this was supposed to be the deletion root directory
1826 // open the directory passing ownership of the fd
1827 let (dir, fd) = fdreaddir(fd)?;
1830 let child_name = child.name_cstr();
1831 match is_dir(&child) {
1833 remove_dir_all_recursive(Some(fd), child_name)?;
1836 cvt(unsafe { unlinkat(fd, child_name.as_ptr(), 0) })?;
1839 // POSIX specifies that calling unlink()/unlinkat(..., 0) on a directory can succeed
1840 // if the process has the appropriate privileges. This however can causing orphaned
1841 // directories requiring an fsck e.g. on Solaris and Illumos. So we try recursing
1842 // into it first instead of trying to unlink() it.
1843 remove_dir_all_recursive(Some(fd), child_name)?;
1848 // unlink the directory after removing its contents
1850 unlinkat(parent_fd.unwrap_or(libc::AT_FDCWD), path.as_ptr(), libc::AT_REMOVEDIR)
1855 fn remove_dir_all_modern(p: &Path) -> io::Result<()> {
1856 // We cannot just call remove_dir_all_recursive() here because that would not delete a passed
1857 // symlink. No need to worry about races, because remove_dir_all_recursive() does not recurse
1859 let attr = lstat(p)?;
1860 if attr.file_type().is_symlink() {
1861 crate::fs::remove_file(p)
1863 remove_dir_all_recursive(None, &cstr(p)?)
1867 #[cfg(not(all(target_os = "macos", not(target_arch = "aarch64"))))]
1868 pub fn remove_dir_all(p: &Path) -> io::Result<()> {
1869 remove_dir_all_modern(p)
1872 #[cfg(all(target_os = "macos", not(target_arch = "aarch64")))]
1873 pub fn remove_dir_all(p: &Path) -> io::Result<()> {
1874 if macos_weak::has_openat() {
1875 // openat() is available with macOS 10.10+, just like unlinkat() and fdopendir()
1876 remove_dir_all_modern(p)
1878 // fall back to classic implementation
1879 crate::sys_common::fs::remove_dir_all(p)