Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rollup of 5 pull requests #88889

Closed
wants to merge 20 commits into from
Closed

Rollup of 5 pull requests #88889

wants to merge 20 commits into from

Conversation

workingjubilee
Copy link
Member

Successful merges:

Failed merges:

r? @ghost
@rustbot modify labels: rollup

Create a similar rollup

WaffleLapkin and others added 20 commits September 7, 2021 16:41
@WaffleLapkin
Make UnsafeCell::get_mut const
efeb461
@GuillaumeGomez
Simplify std::os module reexports to fix rustdoc linking issues
e2d01ed
@hnj2
Allow missing code examples in trait impls.
c86c634
@pnkfelix
Revert "Allow formatting Anonymous{Struct, Union} declarations"
2691a39 
This reverts commit 64acb7d.
@pnkfelix
Revert "Add test for pretty printing anonymous types"
2041fb1 
This reverts commit d59b1f1.
@pnkfelix
Revert "Fix ast expanded printing for anonymous types"
5560f6d 
This reverts commit 5b4bc05.
@pnkfelix
Revert "Add test for restriction of anonymous types on validation"
f38ec9c 
This reverts commit 8a1dd69.
@pnkfelix
Manually crafted revert of d4ad050 .
b6aa7e3
@pnkfelix
Revert "Implement Anonymous{Struct, Union} in the AST"
91feb76 
This reverts commit 059b68d.

Note that this was manually adjusted to retain some of the refactoring
introduced by commit 059b68d, so that it could
likewise retain the correction introduced in commit
5b4bc05
@pnkfelix
Re-add 71a7f8f post-revert.
f26f1ed
@pnkfelix
regression test for issue rust-lang#88583.
35370a7
@bbjornse
add rustc option for using LLVM stack smash protection
eaa6461 
LLVM has built-in heuristics for adding stack canaries to functions. These
heuristics can be selected with LLVM function attributes. This patch adds a
rustc option `-Z stack-protector={none,basic,strong,all}` which controls the use
of these attributes. This gives rustc the same stack smash protection support as
clang offers through options `-fno-stack-protector`, `-fstack-protector`,
`-fstack-protector-strong`, and `-fstack-protector-all`. The protection this can
offer is demonstrated in test/ui/abi/stack-protector.rs. This fills a gap in the
current list of rustc exploit
mitigations (https://doc.rust-lang.org/rustc/exploit-mitigations.html),
originally discussed in rust-lang#15179.

Stack smash protection adds runtime overhead and is therefore still off by
default, but now users have the option to trade performance for security as they
see fit. An example use case is adding Rust code in an existing C/C++ code base
compiled with stack smash protection. Without the ability to add stack smash
protection to the Rust code, the code base artifacts could be exploitable in
ways not possible if the code base remained pure C/C++.

Stack smash protection support is present in LLVM for almost all the current
tier 1/tier 2 targets: see
test/assembly/stack-protector/stack-protector-target-support.rs. The one
exception is nvptx64-nvidia-cuda. This patch follows clang's example, and adds a
warning message printed if stack smash protection is used with this target (see
test/ui/stack-protector/warn-stack-protector-unsupported.rs). Support for tier 3
targets has not been checked.

Since the heuristics are applied at the LLVM level, the heuristics are expected
to add stack smash protection to a fraction of functions comparable to C/C++.
Some experiments demonstrating how Rust code is affected by the different
heuristics can be found in
test/assembly/stack-protector/stack-protector-heuristics-effect.rs. There is
potential for better heuristics using Rust-specific safety information. For
example it might be reasonable to skip stack smash protection in functions which
transitively only use safe Rust code, or which uses only a subset of functions
the user declares safe (such as anything under `std.*`). Such alternative
heuristics could be added at a later point.

LLVM also offers a "safestack" sanitizer as an alternative way to guard against
stack smashing (see rust-lang#26612). This could possibly also be included as a
stack-protection heuristic. An alternative is to add it as a sanitizer (rust-lang#39699).
This is what clang does: safestack is exposed with option
`-fsanitize=safe-stack`.

The options are only supported by the LLVM backend, but as with other codegen
options it is visible in the main codegen option help menu. The heuristic names
"basic", "strong", and "all" are hopefully sufficiently generic to be usable in
other backends as well.

Reviewed-by: Nikita Popov <nikic@php.net>

Extra commits during review:

- [address-review] make the stack-protector option unstable

- [address-review] reduce detail level of stack-protector option help text

- [address-review] correct grammar in comment

- [address-review] use compiler flag to avoid merging functions in test

- [address-review] specify min LLVM version in fortanix stack-protector test

  Only for Fortanix test, since this target specifically requests the
  `--x86-experimental-lvi-inline-asm-hardening` flag.

- [address-review] specify required LLVM components in stack-protector tests

- move stack protector option enum closer to other similar option enums

- rustc_interface/tests: sort debug option list in tracking hash test

- add an explicit `none` stack-protector option

Revert "set LLVM requirements for all stack protector support test revisions"

This reverts commit a49b74f92a4e7d701d6f6cf63d207a8aff2e0f68.
@GuillaumeGomez
Remove usage of cfg_if in std/src/os/mod.rs
64354a9
@WaffleLapkin
Fill in the tracking issue for #![feature(const_unsafecell_get_mut)]
2c30162
@GuillaumeGomez
Move fortanix module position in std::os reexports for alpha sort
b98ba6f
@workingjubilee
Rollup merge of rust-lang#84197 - bbjornse:stack-protector, r=nikic
a402621 
add codegen option for using LLVM stack smash protection

LLVM has built-in heuristics for adding stack canaries to functions. These
heuristics can be selected with LLVM function attributes. This PR adds a codegen
option `-C stack-protector={basic,strong,all}` which controls the use of these
attributes. This gives rustc the same stack smash protection support as clang
offers through options `-fstack-protector`, `-fstack-protector-strong`, and
`-fstack-protector-all`. The protection this can offer is demonstrated in
test/ui/abi/stack-protector.rs. This fills a gap in the current list of rustc
exploit mitigations (https://doc.rust-lang.org/rustc/exploit-mitigations.html),
originally discussed in rust-lang#15179.

Stack smash protection adds runtime overhead and is therefore still off by
default, but now users have the option to trade performance for security as they
see fit. An example use case is adding Rust code in an existing C/C++ code base
compiled with stack smash protection. Without the ability to add stack smash
protection to the Rust code, the code base artifacts could be exploitable in
ways not possible if the code base remained pure C/C++.

Stack smash protection support is present in LLVM for almost all the current
tier 1/tier 2 targets: see
test/assembly/stack-protector/stack-protector-target-support.rs. The one
exception is nvptx64-nvidia-cuda. This PR follows clang's example, and adds a
warning message printed if stack smash protection is used with this target (see
test/ui/stack-protector/warn-stack-protector-unsupported.rs). Support for tier 3
targets has not been checked.

Since the heuristics are applied at the LLVM level, the heuristics are expected
to add stack smash protection to a fraction of functions comparable to C/C++.
Some experiments demonstrating how Rust code is affected by the different
heuristics can be found in
test/assembly/stack-protector/stack-protector-heuristics-effect.rs. There is
potential for better heuristics using Rust-specific safety information. For
example it might be reasonable to skip stack smash protection in functions which
transitively only use safe Rust code, or which uses only a subset of functions
the user declares safe (such as anything under `std.*`). Such alternative
heuristics could be added at a later point.

LLVM also offers a "safestack" sanitizer as an alternative way to guard against
stack smashing (see rust-lang#26612). This could possibly also be included as a
stack-protection heuristic. An alternative is to add it as a sanitizer (rust-lang#39699).
This is what clang does: safestack is exposed with option
`-fsanitize=safe-stack`.

The options are only supported by the LLVM backend, but as with other codegen
options it is visible in the main codegen option help menu. The heuristic names
"basic", "strong", and "all" are hopefully sufficiently generic to be usable in
other backends as well.
@workingjubilee
Rollup merge of rust-lang#88619 - GuillaumeGomez:simplify-std-os-reex…
9116186 
…ports, r=Amanieu

Remove `cfg(doc)` from std::os module reexports to fix rustdoc linking issues

Fixes rust-lang#88304.

I tested it based on rust-lang#88292.

Not sure if it's the best approach, but at least it makes thing a bit simpler.

cc `@jyn514`
@workingjubilee
Rollup merge of rust-lang#88722 - WaffleLapkin:unsafe_cell_const_get_…
3dc37c6 
…mut, r=dtolnay

Make `UnsafeCell::get_mut` const
@workingjubilee
Rollup merge of rust-lang#88745 - hnj2:allow-trait-impl-missing-code,…
c31152d 
… r=GuillaumeGomez

Allow missing code examples in trait impls.

Excludes Trait implementations from the items that need to have doc code examples when using the `rustdoc::missing_doc_code_examples` lint.

For details see rust-lang#88741

fixes rust-lang#88741

r? ```@jyn514```
@workingjubilee
Rollup merge of rust-lang#88775 - pnkfelix:revert-anon-union-parsing,…
a5f470b 
… r=davidtwco

Revert anon union parsing

Revert PR rust-lang#84571 and rust-lang#85515, which implemented anonymous union parsing in a manner that broke the context-sensitivity for the `union` keyword and thus broke stable Rust code.

Fix rust-lang#88583.
@rustbot rustbot added the rollup A PR which is a rollup label Sep 12, 2021
@workingjubilee workingjubilee mentioned this pull request Sep 12, 2021
Closed
@workingjubilee
Copy link
Member Author

Whoops, nearly collided with #88890.

@workingjubilee workingjubilee deleted the rollup-pzw4xuj branch September 12, 2021 17:53
@rust-log-analyzer
Copy link
Collaborator

The job x86_64-gnu-tools failed! Check out the build log: (web) (plain)

Click to see the possible cause of the failure (guessed by this bot) 

 error: using a non-octal value to set unix file permissions
   --> $DIR/non_octal_unix_permissions.rs:12:18
    |
 LL |     options.mode(440);
    |                  ^^^ help: consider using an octal literal instead: `0o440`
    |
    = note: `-D clippy::non-octal-unix-permissions` implied by `-D warnings`
 error: using a non-octal value to set unix file permissions
-  --> $DIR/non_octal_unix_permissions.rs:17:47
-   |
-   |
-LL |     let _permissions = Permissions::from_mode(647);
-   |                                               ^^^ help: consider using an octal literal instead: `0o647`
-error: using a non-octal value to set unix file permissions
   --> $DIR/non_octal_unix_permissions.rs:26:26
    |
 LL |     permissions.set_mode(644);
 LL |     permissions.set_mode(644);
    |                          ^^^ help: consider using an octal literal instead: `0o644`
 error: using a non-octal value to set unix file permissions
   --> $DIR/non_octal_unix_permissions.rs:31:18
    |
    |
 LL |     builder.mode(755);
    |                  ^^^ help: consider using an octal literal instead: `0o755`
-error: aborting due to 4 previous errors
+error: aborting due to 3 previous errors
 
 
 

The actual stderr differed from the expected stderr.
Actual stderr saved to /checkout/obj/build/x86_64-unknown-linux-gnu/stage2-tools/release/test_build_base/non_octal_unix_permissions.stage-id.stderr
diff of fixed:

 // ignore-windows
 // run-rustfix
 #![warn(clippy::non_octal_unix_permissions)]
 use std::fs::{DirBuilder, File, OpenOptions, Permissions};
 use std::os::unix::fs::{DirBuilderExt, OpenOptionsExt, PermissionsExt};
 fn main() {
     let permissions = 0o760;
 
     // OpenOptionsExt::mode
     // OpenOptionsExt::mode
     let mut options = OpenOptions::new();
     options.mode(0o440);
     options.mode(0o400);
     options.mode(permissions);
 
     // PermissionsExt::from_mode
-    let _permissions = Permissions::from_mode(0o647);
+    let _permissions = Permissions::from_mode(647);
     let _permissions = Permissions::from_mode(0o000);
     let _permissions = Permissions::from_mode(permissions);
     // PermissionsExt::set_mode
     // PermissionsExt::set_mode
     let f = File::create("foo.txt").unwrap();
error: test failed, to rerun pass '--test compile-test'
     let metadata = f.metadata().unwrap();
     let mut permissions = metadata.permissions();
     permissions.set_mode(0o644);
     permissions.set_mode(0o704);
 
     // DirBuilderExt::mode
     // DirBuilderExt::mode
     let mut builder = DirBuilder::new();
     builder.mode(0o755);
     builder.mode(0o406);
 

The actual fixed differed from the expected fixed.
The actual fixed differed from the expected fixed.
Actual fixed saved to /checkout/obj/build/x86_64-unknown-linux-gnu/stage2-tools/release/test_build_base/non_octal_unix_permissions.stage-id.fixed
To only update this specific test, also pass `--test-args non_octal_unix_permissions.rs`

error: 2 errors occurred comparing output.
status: exit status: 1
status: exit status: 1
command: "/checkout/obj/build/x86_64-unknown-linux-gnu/stage2-tools-bin/clippy-driver" "tests/ui/non_octal_unix_permissions.rs" "-L" "/checkout/obj/build/x86_64-unknown-linux-gnu/stage2-tools/release/test_build_base" "--target=x86_64-unknown-linux-gnu" "--error-format" "json" "-C" "prefer-dynamic" "-o" "/checkout/obj/build/x86_64-unknown-linux-gnu/stage2-tools/release/test_build_base/non_octal_unix_permissions.stage-id" "-A" "unused" "--emit=metadata" "-L" "dependency=/checkout/obj/build/x86_64-unknown-linux-gnu/stage2-tools/release/deps" "-L" "dependency=/checkout/obj/build/x86_64-unknown-linux-gnu/stage2-tools/x86_64-unknown-linux-gnu/release/deps" "-Dwarnings" "-Zui-testing" "--extern" "serde_derive=/checkout/obj/build/x86_64-unknown-linux-gnu/stage2-tools/release/deps/libserde_derive-8bd56d0234290b82.so" "--extern" "if_chain=/checkout/obj/build/x86_64-unknown-linux-gnu/stage2-tools/x86_64-unknown-linux-gnu/release/deps/libif_chain-b3e76e8f62643cc6.rlib" "--extern" "serde=/checkout/obj/build/x86_64-unknown-linux-gnu/stage2-tools/x86_64-unknown-linux-gnu/release/deps/libserde-89222f6e0d369b36.rlib" "--extern" "regex=/checkout/obj/build/x86_64-unknown-linux-gnu/stage2-tools/x86_64-unknown-linux-gnu/release/deps/libregex-49c9d70aa8b59e5f.rlib" "--extern" "syn=/checkout/obj/build/x86_64-unknown-linux-gnu/stage2-tools/x86_64-unknown-linux-gnu/release/deps/libsyn-2c42e7af51424ce5.rlib" "--extern" "derive_new=/checkout/obj/build/x86_64-unknown-linux-gnu/stage2-tools/release/deps/libderive_new-ea1db0c41efed0d6.so" "--extern" "itertools=/checkout/obj/build/x86_64-unknown-linux-gnu/stage2-tools/x86_64-unknown-linux-gnu/release/deps/libitertools-b0f19a5fad83a10b.rlib" "--extern" "clippy_utils=/checkout/obj/build/x86_64-unknown-linux-gnu/stage2-tools/x86_64-unknown-linux-gnu/release/deps/libclippy_utils-bc2b0c8a9dcb9fb3.rlib" "--extern" "quote=/checkout/obj/build/x86_64-unknown-linux-gnu/stage2-tools/x86_64-unknown-linux-gnu/release/deps/libquote-c6bd037ba33baa25.rlib" "-L" "/checkout/obj/build/x86_64-unknown-linux-gnu/stage2-tools/release/test_build_base/non_octal_unix_permissions.stage-id.aux"
------------------------------------------

------------------------------------------
stderr:
stderr:
------------------------------------------
{"message":"using a non-octal value to set unix file permissions","code":{"code":"clippy::non_octal_unix_permissions","explanation":null},"level":"error","spans":[{"file_name":"tests/ui/non_octal_unix_permissions.rs","byte_start":339,"byte_end":342,"line_start":12,"line_end":12,"column_start":18,"column_end":21,"is_primary":true,"text":[{"text":"    options.mode(440);","highlight_start":18,"highlight_end":21}],"label":null,"suggested_replacement":null,"suggestion_applicability":null,"expansion":null}],"children":[{"message":"`-D clippy::non-octal-unix-permissions` implied by `-D warnings`","code":null,"level":"note","spans":[],"children":[],"rendered":null},{"message":"consider using an octal literal instead","code":null,"level":"help","spans":[{"file_name":"tests/ui/non_octal_unix_permissions.rs","byte_start":339,"byte_end":342,"line_start":12,"line_end":12,"column_start":18,"column_end":21,"is_primary":true,"text":[{"text":"    options.mode(440);","highlight_start":18,"highlight_end":21}],"label":null,"suggested_replacement":"0o440","suggestion_applicability":"MachineApplicable","expansion":null}],"children":[],"rendered":null}],"rendered":"error: using a non-octal value to set unix file permissions\n  --> tests/ui/non_octal_unix_permissions.rs:12:18\n   |\nLL |     options.mode(440);\n   |                  ^^^ help: consider using an octal literal instead: `0o440`\n   |\n   = note: `-D clippy::non-octal-unix-permissions` implied by `-D warnings`\n\n"}
{"message":"using a non-octal value to set unix file permissions","code":{"code":"clippy::non_octal_unix_permissions","explanation":null},"level":"error","spans":[{"file_name":"tests/ui/non_octal_unix_permissions.rs","byte_start":798,"byte_end":801,"line_start":26,"line_end":26,"column_start":26,"column_end":29,"is_primary":true,"text":[{"text":"    permissions.set_mode(644);","highlight_start":26,"highlight_end":29}],"label":null,"suggested_replacement":null,"suggestion_applicability":null,"expansion":null}],"children":[{"message":"consider using an octal literal instead","code":null,"level":"help","spans":[{"file_name":"tests/ui/non_octal_unix_permissions.rs","byte_start":798,"byte_end":801,"line_start":26,"line_end":26,"column_start":26,"column_end":29,"is_primary":true,"text":[{"text":"    permissions.set_mode(644);","highlight_start":26,"highlight_end":29}],"label":null,"suggested_replacement":"0o644","suggestion_applicability":"MachineApplicable","expansion":null}],"children":[],"rendered":null}],"rendered":"error: using a non-octal value to set unix file permissions\n  --> tests/ui/non_octal_unix_permissions.rs:26:26\n   |\nLL |     permissions.set_mode(644);\n   |                          ^^^ help: consider using an octal literal instead: `0o644`\n\n"}
{"message":"using a non-octal value to set unix file permissions","code":{"code":"clippy::non_octal_unix_permissions","explanation":null},"level":"error","spans":[{"file_name":"tests/ui/non_octal_unix_permissions.rs","byte_start":923,"byte_end":926,"line_start":31,"line_end":31,"column_start":18,"column_end":21,"is_primary":true,"text":[{"text":"    builder.mode(755);","highlight_start":18,"highlight_end":21}],"label":null,"suggested_replacement":null,"suggestion_applicability":null,"expansion":null}],"children":[{"message":"consider using an octal literal instead","code":null,"level":"help","spans":[{"file_name":"tests/ui/non_octal_unix_permissions.rs","byte_start":923,"byte_end":926,"line_start":31,"line_end":31,"column_start":18,"column_end":21,"is_primary":true,"text":[{"text":"    builder.mode(755);","highlight_start":18,"highlight_end":21}],"label":null,"suggested_replacement":"0o755","suggestion_applicability":"MachineApplicable","expansion":null}],"children":[],"rendered":null}],"rendered":"error: using a non-octal value to set unix file permissions\n  --> tests/ui/non_octal_unix_permissions.rs:31:18\n   |\nLL |     builder.mode(755);\n   |                  ^^^ help: consider using an octal literal instead: `0o755`\n\n"}

------------------------------------------

thread 'compile_test' panicked at 'Some tests failed', /cargo/registry/src/git.luolix.top-1ecc6299db9ec823/compiletest_rs-0.6.0/src/lib.rs:105:22

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
rollup A PR which is a rollup
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@workingjubilee @rust-log-analyzer @rustbot @WaffleLapkin @GuillaumeGomez @hnj2 @pnkfelix @bbjornse