FD corruption experiments#6576
Draft
theduke wants to merge 4 commits into
Draft
Conversation
theduke
commented
May 7, 2026
theduke
commented
Collaborator
- fix stdio fd_close ordering race
- fix stale fd cleanup removals
- fix stale fd cleanup removals
Close stdio descriptors before flushing so an async flush cannot remove a newer fd mapping installed at the same number. Add a regression test that keeps the replacement fd alive while the original stdout flush is still in flight.
Rely on close_fd() as the only fd-map removal path during async cleanup so close_all() and close_cloexec_fds() cannot delete descriptors created mid-cleanup. Keep the regression test enabled to guard the reproduced stale-clear race.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR addresses file-descriptor (FD) reuse races during close/cleanup in WASIX by ensuring flush operations operate on captured file handles rather than fd numbers that may be reallocated concurrently.
Changes:
- Refactors
fd_closeto close the FD first while retaining a flush handle, preventing async flush/close from impacting a newly-reused fd number. - Updates
WasiFs::close_allandWasiFs::close_cloexec_fdsto snapshot targets, remove them from the fd map under a write lock, then flush via captured handles to avoid stale cleanup removing newly-created/reused FDs. - Adds regression tests covering fd-slot reuse and concurrent descriptor creation during cleanup.
Reviewed changes
Copilot reviewed 23 out of 23 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| lib/wasix/src/syscalls/wasi/fd_close.rs | Introduces close_fd_and_prepare_flush and adds a regression test for stdio fd reuse during delayed flush. |
| lib/wasix/src/fs/mod.rs | Reworks cleanup routines to remove FDs before flushing via captured targets; adds tests for concurrent creation and fd-slot reuse during cleanup. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.