Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

linux: try to use libc getrandom to allow interposition #78785

Merged
merged 3 commits into from
Nov 18, 2020
Merged

linux: try to use libc getrandom to allow interposition #78785

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7a15f02
linux: try to use libc getrandom to allow interposition
cuviper Nov 5, 2020
a035626
Try weak symbols for all linux syscall! wrappers
cuviper Nov 5, 2020
cd22381
Use syscall! for copy_file_range too
cuviper Nov 5, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 9 additions & 9 deletions library/std/src/sys/unix/kernel_copy.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -445,15 +445,15 @@ pub(super) fn copy_regular_files(reader: RawFd, writer: RawFd, max_len: u64) ->
// We store the availability in a global to avoid unnecessary syscalls
static HAS_COPY_FILE_RANGE: AtomicBool = AtomicBool::new(true);

unsafe fn copy_file_range(
fd_in: libc::c_int,
off_in: *mut libc::loff_t,
fd_out: libc::c_int,
off_out: *mut libc::loff_t,
len: libc::size_t,
flags: libc::c_uint,
) -> libc::c_long {
libc::syscall(libc::SYS_copy_file_range, fd_in, off_in, fd_out, off_out, len, flags)
syscall! {
fn copy_file_range(
fd_in: libc::c_int,
off_in: *mut libc::loff_t,
fd_out: libc::c_int,
off_out: *mut libc::loff_t,
len: libc::size_t,
flags: libc::c_uint
) -> libc::ssize_t
}

let has_copy_file_range = HAS_COPY_FILE_RANGE.load(Ordering::Relaxed);
Expand Down
15 changes: 12 additions & 3 deletions library/std/src/sys/unix/rand.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,19 @@ mod imp {
use crate::io::Read;

#[cfg(any(target_os = "linux", target_os = "android"))]
fn getrandom(buf: &mut [u8]) -> libc::c_long {
unsafe {
libc::syscall(libc::SYS_getrandom, buf.as_mut_ptr(), buf.len(), libc::GRND_NONBLOCK)
fn getrandom(buf: &mut [u8]) -> libc::ssize_t {
// A weak symbol allows interposition, e.g. for perf measurements that want to
// disable randomness for consistency. Otherwise, we'll try a raw syscall.
// (`getrandom` was added in glibc 2.25, musl 1.1.20, android API level 28)
syscall! {
fn getrandom(
buffer: *mut libc::c_void,
length: libc::size_t,
flags: libc::c_uint
Copy link
Member

@RalfJung RalfJung Nov 19, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Even though this says c_uint, in Miri we are seeing the flags argument being passed as a ptr-sized value when dlsym returns NULL. Before this change it was always of size 4. Did something go wrong with the type logic?

) -> libc::ssize_t
}

unsafe { getrandom(buf.as_mut_ptr().cast(), buf.len(), libc::GRND_NONBLOCK) }
}

#[cfg(not(any(target_os = "linux", target_os = "android")))]
Expand Down
20 changes: 14 additions & 6 deletions library/std/src/sys/unix/weak.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ unsafe fn fetch(name: &str) -> usize {
libc::dlsym(libc::RTLD_DEFAULT, name.as_ptr()) as usize
}

#[cfg(not(target_os = "linux"))]
#[cfg(not(any(target_os = "linux", target_os = "android")))]
macro_rules! syscall {
(fn $name:ident($($arg_name:ident: $t:ty),*) -> $ret:ty) => (
unsafe fn $name($($arg_name: $t),*) -> $ret {
Expand All @@ -84,18 +84,26 @@ macro_rules! syscall {
)
}

#[cfg(target_os = "linux")]
#[cfg(any(target_os = "linux", target_os = "android"))]
macro_rules! syscall {
(fn $name:ident($($arg_name:ident: $t:ty),*) -> $ret:ty) => (
unsafe fn $name($($arg_name:$t),*) -> $ret {
// This looks like a hack, but concat_idents only accepts idents
// (not paths).
use libc::*;

syscall(
concat_idents!(SYS_, $name),
$($arg_name as c_long),*
) as $ret
weak! { fn $name($($t),*) -> $ret }

// Use a weak symbol from libc when possible, allowing `LD_PRELOAD`
// interposition, but if it's not found just use a raw syscall.
if let Some(fun) = $name.get() {
fun($($arg_name),*)
} else {
syscall(
concat_idents!(SYS_, $name),
$($arg_name as c_long),*
Copy link
Member

@RalfJung RalfJung Nov 19, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is probably where all arguments are made ptr-sized. It is not clear to me what that is done (we do have proper type information after all!), nor why it should even be allowed. Isn't it UB when the caller and callee types do not match?

Copy link
Member

@m-ou-se m-ou-se Nov 19, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is to make sure they're all integral/pointer values that fit in a machine word. As long as that's the case, the exact type doesn't matter. The ABI of a variadic function like syscall will just put each argument into their own register, extended to a usize/c_long.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this a guarantee made by C? For all ABIs? And what happens with the value that is passed, logically, to the syscall? It should get truncated to the smaller of "type used" and "type expected", I guess?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I propose we do something like #79196.

) as $ret
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would this work for sendfile? The sendfile64 libc wrapper is available on 32bit and 64bit. But on 64bit only the raw sendfile syscall is available since it's already 64bit-wide.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The macro is assuming that the libc function name matches SYS_name exactly. We would need something new to deal with different names among libc and 32/64-bit syscalls.

It's also meant for cases where the function is relatively new, not yet in the minimum libc we intend to support, so the syscall is a fallback. I don't think that's the case for sendfile64, because it has been around since glibc 2.3.

}
)
}