Skip to content

fix: repair wasi-libc sysroot patches so patched sysroot builds succesfully #1424

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
airhorns wants to merge 1 commit into
base: main
Choose a base branch
from
+23 −125
Open

fix: repair wasi-libc sysroot patches so patched sysroot builds succesfully #1424

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
73 changes: 3 additions & 70 deletions registry/native/patches/wasi-libc/0008-sockets.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,72 +1,5 @@
Implement socket(), connect(), bind(), listen(), accept(), send(),
recv(), sendto(), recvfrom(), getaddrinfo(), freeaddrinfo(),
gai_strerror(), gethostname(), setsockopt(), poll(), and select()
via host_net WASM imports.

Replaces the wasi-libc stubs (which return -ENOSYS or are #ifdef'd out)
with implementations that call our host_net.net_socket, net_connect,
net_bind, net_listen, net_accept, net_send, net_recv, net_sendto,
net_recvfrom, net_getaddrinfo, net_close, net_setsockopt, and net_poll
WASM imports.

Un-omits netdb.h from the sysroot headers so C programs can use
getaddrinfo/freeaddrinfo/gai_strerror. Un-gates bind() and listen()
declarations from the wasip2-only guard.

Supports AF_INET, AF_INET6, and AF_UNIX address families in
sockaddr serialization (sockaddr_to_string / string_to_sockaddr).

Import signatures match wasmvm/crates/wasi-ext/src/lib.rs exactly.

--- a/scripts/install-include-headers.sh 2026-03-20 04:05:48.609869966 -0700
+++ b/scripts/install-include-headers.sh 2026-03-20 04:05:57.781880813 -0700
@@ -69,10 +69,11 @@
"net/ethernet.h" "net/route.h" "netinet/if_ether.h" "netinet/ether.h" \
"sys/timerfd.h" "libintl.h" "sys/sysmacros.h" "aio.h")
# Exclude `netdb.h` from all of the p1 targets.
-if [[ $TARGET_TRIPLE == *"wasi" || $TARGET_TRIPLE == *"wasi-threads" || \
- $TARGET_TRIPLE == *"wasip1" || $TARGET_TRIPLE == *"wasip1-threads" ]]; then
- MUSL_OMIT_HEADERS+=("netdb.h")
-fi
+# NOTE: commented out by secureexec 0008-sockets patch — we provide getaddrinfo via host_net
+#if [[ $TARGET_TRIPLE == *"wasi" || $TARGET_TRIPLE == *"wasi-threads" || \
+# $TARGET_TRIPLE == *"wasip1" || $TARGET_TRIPLE == *"wasip1-threads" ]]; then
+# MUSL_OMIT_HEADERS+=("netdb.h")
+#fi

# Remove all the `MUSL_OMIT_HEADERS` previously copied over.
for OMIT_HEADER in "${MUSL_OMIT_HEADERS[@]}"; do

--- a/libc-top-half/musl/include/sys/socket.h 2026-03-20 04:05:48.609869966 -0700
+++ b/libc-top-half/musl/include/sys/socket.h 2026-03-20 04:06:04.989889334 -0700
@@ -401,3 +401 @@
-#if (defined __wasilibc_unmodified_upstream) || (defined __wasilibc_use_wasip2)
int socket (int, int, int);
-#endif
@@ -411,5 +409,3 @@
-#if (defined __wasilibc_unmodified_upstream) || (defined __wasilibc_use_wasip2)
int connect (int, const struct sockaddr *, socklen_t);
int bind (int, const struct sockaddr *, socklen_t);
int listen (int, int);
-#endif
@@ -420,4 +416,2 @@
-#if (defined __wasilibc_unmodified_upstream) || (defined __wasilibc_use_wasip2)
int getsockname (int, struct sockaddr *__restrict, socklen_t *__restrict);
int getpeername (int, struct sockaddr *__restrict, socklen_t *__restrict);
-#endif
@@ -427,4 +421,2 @@
-#if (defined __wasilibc_unmodified_upstream) || (defined __wasilibc_use_wasip2)
ssize_t sendto (int, const void *, size_t, int, const struct sockaddr *, socklen_t);
ssize_t recvfrom (int, void *__restrict, size_t, int, struct sockaddr *__restrict, socklen_t *__restrict);
-#endif
@@ -437,3 +429 @@
-#if (defined __wasilibc_unmodified_upstream) || (defined __wasilibc_use_wasip2)
int setsockopt (int, int, int, const void *, socklen_t);
-#endif

#ifdef __wasilibc_unmodified_upstream /* WASI has no sockatmark */
int sockatmark (int);

diff --git a/libc-bottom-half/headers/public/__struct_sockaddr_un.h b/libc-bottom-half/headers/public/__struct_sockaddr_un.h
index 6371194..60634cf 100644
--- a/libc-bottom-half/headers/public/__struct_sockaddr_un.h
+++ b/libc-bottom-half/headers/public/__struct_sockaddr_un.h
@@ -5,6 +5,7 @@
Expand All @@ -82,7 +15,7 @@ new file mode 100644
index 0000000..975e62a
--- /dev/null
+++ b/libc-bottom-half/sources/host_socket.c
@@ -0,0 +1,779 @@
@@ -0,0 +1,696 @@
+// Socket API via wasmVM host_net imports.
+//
+// Replaces wasi-libc's ENOSYS stubs with calls to our custom WASM imports:
Expand Down
45 changes: 10 additions & 35 deletions registry/native/patches/wasi-libc/0012-posix-spawn-cwd.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,63 +2,38 @@ Fix posix_spawn to propagate cwd to child processes.

posix_spawn previously passed an empty cwd (len=0) to proc_spawn,
causing children to fall back to the kernel-worker's init.cwd instead
of the parent's current working directory. In practice many shells
track cwd primarily through the `PWD` environment variable, so relying
on `getcwd()` alone is not sufficient. This fix:
of the parent's current working directory. This fix:

1. Processes FDOP_CHDIR file_actions to capture explicit cwd overrides
2. Falls back to the inherited `PWD` environment when available
3. Then falls back to `getcwd()`
4. Passes the resolved cwd to proc_spawn

This complements the follow-up getcwd.c initialization patch (reading
PWD at WASM startup) to ensure full cwd propagation from parent shell
to spawned commands.
2. Falls back to getcwd() when no explicit cwd is set
3. Passes the resolved cwd to proc_spawn

diff --git a/libc-bottom-half/sources/host_spawn_wait.c b/libc-bottom-half/sources/host_spawn_wait.c
index 851932a..d5849a4 100644
--- a/libc-bottom-half/sources/host_spawn_wait.c
+++ b/libc-bottom-half/sources/host_spawn_wait.c
@@ -101,6 +101,16 @@ static int __addfdop(posix_spawn_file_actions_t *fa, struct __fdop *op) {
return 0;
}

+static const char *find_pwd_in_env(char *const envp[]) {
+ if (!envp) return NULL;
+ for (int i = 0; envp[i]; i++) {
+ const char *entry = envp[i];
+ if (strncmp(entry, "PWD=", 4) == 0 && entry[4] == '/') {
+ return entry + 4;
+ }
+ }
+ return NULL;
+}
+
int posix_spawn_file_actions_adddup2(posix_spawn_file_actions_t *fa, int srcfd, int fd) {
if (srcfd < 0 || fd < 0) return EBADF;
struct __fdop *op = malloc(sizeof(*op));
@@ -229,6 +239,7 @@ int posix_spawn(pid_t *restrict res, const char *restrict path,
@@ -232,6 +232,7 @@ int posix_spawn(pid_t *restrict res, const char *restrict path,
}

// Process file_actions in order: extract stdio overrides and handle close/open
+ const char *spawn_cwd = NULL;
uint32_t stdin_fd = 0, stdout_fd = 1, stderr_fd = 2;
if (fa && fa->__actions) {
for (struct __fdop *op = fa->__actions; op; op = op->next) {
@@ -253,15 +264,25 @@ int posix_spawn(pid_t *restrict res, const char *restrict path,
else if (op->fd == 2) stderr_fd = (uint32_t)opened;
@@ -259,16 +260,26 @@ int posix_spawn(pid_t *restrict res, const char *restrict path,
else close(opened);
break;
+ }
}
+ case FDOP_CHDIR:
+ if (op->path[0] == '/') spawn_cwd = op->path;
+ spawn_cwd = op->path;
+ break;
}
}
}

+ // Resolve cwd: explicit chdir action > inherited PWD > getcwd() > empty
+ // Resolve cwd: explicit chdir action > current getcwd > empty (kernel fallback)
+ char cwd_buf[1024];
+ const char *cwd_str = spawn_cwd;
+ if (!cwd_str) cwd_str = find_pwd_in_env(env);
+ if (!cwd_str && getcwd(cwd_buf, sizeof(cwd_buf))) {
+ cwd_str = cwd_buf;
+ }
Expand Down
30 changes: 10 additions & 20 deletions registry/native/scripts/patch-wasi-libc.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -151,32 +151,22 @@ else
case "$MODE" in
check)
echo -n "Checking $PATCH_NAME ... "
if git -C "$WASI_LIBC_SRC_DIR" apply --check --recount "$PATCH" > /dev/null 2>&1; then
git -C "$WASI_LIBC_SRC_DIR" apply --recount "$PATCH" > /dev/null 2>&1
if git -C "$WASI_LIBC_SRC_DIR" apply --check "$PATCH" > /dev/null 2>&1; then
git -C "$WASI_LIBC_SRC_DIR" apply "$PATCH" > /dev/null 2>&1
echo "OK (applies cleanly)"
elif git -C "$WASI_LIBC_SRC_DIR" apply -R --check --recount "$PATCH" > /dev/null 2>&1; then
elif git -C "$WASI_LIBC_SRC_DIR" apply -R --check "$PATCH" > /dev/null 2>&1; then
echo "OK (already applied)"
else
# Check if new files from this patch exist (layered patch scenario)
NEW_FILES=$(
sed -n 's|^+++ b/\([^[:space:]]*\).*|\1|p' "$PATCH" | while read -r f; do
[ -f "$WASI_LIBC_SRC_DIR/$f" ] && echo "$f"
done || true
)
if [ -n "$NEW_FILES" ]; then
echo "OK (applied, modified by later patch)"
else
echo "FAIL (does not apply)"
FAILED=1
fi
echo "FAIL (does not apply)"
FAILED=1
fi
;;
apply)
echo -n "Applying $PATCH_NAME ... "
if git -C "$WASI_LIBC_SRC_DIR" apply --check --recount "$PATCH" > /dev/null 2>&1; then
git -C "$WASI_LIBC_SRC_DIR" apply --recount "$PATCH" > /dev/null 2>&1
if git -C "$WASI_LIBC_SRC_DIR" apply --check "$PATCH" > /dev/null 2>&1; then
git -C "$WASI_LIBC_SRC_DIR" apply "$PATCH" > /dev/null 2>&1
echo "applied"
elif git -C "$WASI_LIBC_SRC_DIR" apply -R --check --recount "$PATCH" > /dev/null 2>&1; then
elif git -C "$WASI_LIBC_SRC_DIR" apply -R --check "$PATCH" > /dev/null 2>&1; then
echo "already applied (skipping)"
else
echo "FAIL (does not apply)"
Expand All @@ -185,8 +175,8 @@ else
;;
reverse)
echo -n "Reversing $PATCH_NAME ... "
if git -C "$WASI_LIBC_SRC_DIR" apply -R --check --recount "$PATCH" > /dev/null 2>&1; then
git -C "$WASI_LIBC_SRC_DIR" apply -R --recount "$PATCH" > /dev/null 2>&1
if git -C "$WASI_LIBC_SRC_DIR" apply -R --check "$PATCH" > /dev/null 2>&1; then
git -C "$WASI_LIBC_SRC_DIR" apply -R "$PATCH" > /dev/null 2>&1
echo "reversed"
else
echo "not applied (skipping)"
Expand Down