Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Explicitly specify types to arguments of 'libc::syscall' #74

Merged
merged 2 commits into from
Aug 4, 2019
Merged

Explicitly specify types to arguments of 'libc::syscall' #74

merged 2 commits into from
Aug 4, 2019

Conversation

Aaron1011
Copy link
Contributor

The 'libc::syscall' function uses varargs - as a result, its arguments
are completely untyped. THe user must ensure that it is called with the
proper types for the targeted syscall - otherwise, the calling
convention might cause arguments to be put into the wrong registers.

This commit explicitly casts the arguments to 'libc::syscall' to the
proper type for the 'getrandom' syscall. This ensures that the correct
types for the target platform will always be used, instead of relying on
the types used happening to match those required by the target platform.

@Aaron1011 Aaron1011 mentioned this pull request Aug 4, 2019
Merged
RalfJung
RalfJung reviewed Aug 4, 2019
View reviewed changes
src/linux_android.rs Outdated
libc::syscall(libc::SYS_getrandom,
buf.as_mut_ptr() as *mut libc::c_void,
buf.len() as libc::size_t,
0 as libc::c_uint) as libc::ssize_t
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, you looked up the proper types, nice. :)
I am going to close my PR then.

I think it would be a good idea though to add a local helper method that takes arguments of the right types and just forwards them to the syscall. Then the types do not have to be duplicated.

@RalfJung RalfJung mentioned this pull request Aug 4, 2019
Closed
@newpavlov
Copy link
Member

Thank you for the fix! I would also prefer to have a helper function (something like getrandom_syscall), can you add it? And while you at it, it would be great if you'll fix formatting. Otherwise looks good to me!

@Aaron1011
Copy link
Contributor Author

It turns out that libc already has a wrapper for getrandom, so I just switched to that instead.

@newpavlov
Copy link
Member

newpavlov commented Aug 4, 2019
edited
Loading

Note the CI failures. getrandom was added only in glibc v2.25 and we have to support RHEL 5 which uses glibc v2.5 (see rust-lang/rust#62516), so we have to use libc::syscall here.

@Aaron1011
Copy link
Contributor Author

Oh, well. I'll switch back to the raw syscall.

@Aaron1011
Explicitly specify types to arguments of 'libc::syscall'
8599283 
The 'libc::syscall' function uses varargs - as a result, its arguments
are completely untyped. THe user must ensure that it is called with the
proper types for the targeted syscall - otherwise, the calling
convention might cause arguments to be put into the wrong registers.

This commit explicitly casts the arguments to 'libc::syscall' to the
proper type for the 'getrandom' syscall. This ensures that the correct
types for the target platform will always be used, instead of relying on
the types used happening to match those required by the target platform.
@newpavlov
Copy link
Member

newpavlov commented Aug 4, 2019
edited
Loading

Maybe it's worth to write the helper like this?

fn getrandom_syscall(buf: &mut [u8], block: bool) -> libc::ssize_t {
    let flags = if block { 0 }  else { libc::GRND_NONBLOCK };
    unsafe {
        libc::syscall(
            libc::SYS_getrandom,
            buf.as_mut_ptr() as *mut libc::c_void,
            buf.len() as libc::size_t,
            flags as libc::c_uint,
        ) as libc::ssize_t
    }
}

// and call it in `is_getrandom_available` as 
getrandom_syscall(&mut [], false)

It may remove the need for rust-lang/miri#884.

@Aaron1011
Copy link
Contributor Author

@newpavlov: That code is valid, though - other crates might try to do the same thing. As long as the Linux kernel accepts it, so should Miri.

@RalfJung
Copy link

RalfJung commented Aug 4, 2019

Agreed, that PR will land in Miri pending just a nit.

@newpavlov
Copy link
Member

I have fixed formatting and replaced 0 as *mut libc::c_void with core::ptr::null_mut(). And I think we are good to merge.

@newpavlov newpavlov merged commit 6716ad0 into rust-random:master Aug 4, 2019
@RalfJung
Copy link

RalfJung commented Aug 4, 2019

@newpavlov thanks!

What is your release schedule? If rust-lang/rust#63261 lands before a new release happens, we might see failures in https://github.com/RalfJung/miri-test-libstd.

@newpavlov
Copy link
Member

I will do release in an hour or two.

This was referenced Aug 5, 2019
Merged
Merged
@dhardy
Copy link
Member

dhardy commented Aug 6, 2019

I think this PR is the cause of this failure?

@RalfJung
Copy link

RalfJung commented Aug 6, 2019
edited
Loading

No, this PR just turned that failure from an ICE to an "invalid NULL ptr usage". getrandom 0.1.7 was broken and caused Miri to ICE. getrandom 0.1.8 is fixed, but Miri had a bug making it not work. (So, there used to be two bugs, this PR here just fixes one of them.)

That remaining bug (and the failure you are seeing) is fixed by rust-lang/miri#884, which is being landed in the Miri rustup component by rust-lang/rust#63320.

@RalfJung RalfJung mentioned this pull request Aug 6, 2019
Merged
bors added a commit to rust-lang/miri that referenced this pull request Aug 6, 2019
@bors
Auto merge of #891 - RalfJung:rustup, r=RalfJung
da5ecec 
test-cargo-miri: cargo update

With both rust-random/getrandom#74 and #884 having landed, this should work now.
froydnj pushed a commit to froydnj/getrandom that referenced this pull request Aug 3, 2020
@Aaron1011 @froydnj
Explicitly specify types to arguments of 'libc::syscall' (rust-random#74
df0b03f 
)

The 'libc::syscall' function uses varargs - as a result, its arguments
are completely untyped. THe user must ensure that it is called with the
proper types for the targeted syscall - otherwise, the calling
convention might cause arguments to be put into the wrong registers.

This commit explicitly casts the arguments to 'libc::syscall' to the
proper type for the 'getrandom' syscall. This ensures that the correct
types for the target platform will always be used, instead of relying on
the types used happening to match those required by the target platform.

This particular commit is a backport of
6716ad0, with the addition of
`sys_fill_exact` from master (originally committed in
65660e0) to make the backport more
obviously correct.

# Conflicts:
#	src/linux_android.rs
froydnj added a commit to froydnj/getrandom that referenced this pull request Aug 3, 2020
@froydnj
Explicitly specify types to arguments of 'libc::syscall' (rust-random#74
d0302a5 
)

The 'libc::syscall' function uses varargs - as a result, its arguments
are completely untyped. THe user must ensure that it is called with the
proper types for the targeted syscall - otherwise, the calling
convention might cause arguments to be put into the wrong registers.

This commit explicitly casts the arguments to 'libc::syscall' to the
proper type for the 'getrandom' syscall. This ensures that the correct
types for the target platform will always be used, instead of relying on
the types used happening to match those required by the target platform.

This particular commit is a backport of
6716ad0, with the addition of
`sys_fill_exact` from master (originally committed in
65660e0) to make the backport more
obviously correct.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RalfJung RalfJung RalfJung left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@Aaron1011 @newpavlov @RalfJung @dhardy