Atomic as_mut_ptr
I encountered the following pattern a few times: In Rust we use some atomic type like `AtomicI32`, and an FFI interface exposes this as `*mut i32` (or some similar `libc` type).
It was not obvious to me if a just transmuting a pointer to the atomic was acceptable, or if this should use a cast that goes through an `UnsafeCell`. See https://github.com/rust-lang/rust/issues/66136#issuecomment-557802477
Transmuting the pointer directly:
```rust
let atomic = AtomicI32::new(1);
let ptr = &atomic as *const AtomicI32 as *mut i32;
unsafe {
ffi(ptr);
}
```
A dance with `UnsafeCell`:
```rust
let atomic = AtomicI32::new(1);
unsafe {
let ptr = (&*(&atomic as *const AtomicI32 as *const UnsafeCell<i32>)).get();
ffi(ptr);
}
```
Maybe in the end both ways could be valid. But why not expose a direct method to get a pointer from the standard library?
An `as_mut_ptr` method on atomics can be safe, because only the use of the resulting pointer is where things can get unsafe. I documented its use for FFI, and "Doing non-atomic reads and writes on the resulting integer can be a data race."
The standard library could make use this method in a few places in the WASM module.
cc @RalfJung as you answered my original question.
This commit applies rustfmt with rust-lang/rust's default settings to
files in src/libstd/sys *that are not involved in any currently open PR*
to minimize merge conflicts. THe list of files involved in open PRs was
determined by querying GitHub's GraphQL API with this script:
https://gist.github.com/dtolnay/aa9c34993dc051a4f344d1b10e4487e8
With the list of files from the script in outstanding_files, the
relevant commands were:
$ find src/libstd/sys -name '*.rs' \
| xargs rustfmt --edition=2018 --unstable-features --skip-children
$ rg libstd/sys outstanding_files | xargs git checkout --
Repeating this process several months apart should get us coverage of
most of the rest of the files.
To confirm no funny business:
$ git checkout $THIS_COMMIT^
$ git show --pretty= --name-only $THIS_COMMIT \
| xargs rustfmt --edition=2018 --unstable-features --skip-children
$ git diff $THIS_COMMIT # there should be no difference
Fallback to .init_array when no arguments are available on glibc Linux
Linux is one of the only platforms where `std::env::args` doesn't work in a cdylib.
Add unix::process::CommandExt::arg0
This allows argv[0] to be overridden on the executable's command-line. This also makes the program
executed independent of argv[0].
Does Fuchsia have the same semantics? I'm assuming so.
Addresses: #66510
This allows argv[0] to be overridden on the executable's command-line. This also makes the program
executed independent of argv[0].
Does Fuchsia have the same semantics?
Addresses: #66510
Use KERN_ARND syscall for random numbers on NetBSD, same as FreeBSD.
This system call is present on all supported NetBSD versions and provides an endless stream of non-blocking random data from the kernel's ChaCha20-based CSPRNG. It doesn't require a file like `/dev/urandom` to be opened.
The system call is documented here (under kern.arandom):
https://netbsd.gw.com/cgi-bin/man-cgi?sysctl+7+NetBSD-7.0
And defined here:
https://nxr.netbsd.org/xref/src/sys/sys/sysctl.h#273
The semantics are the same as FreeBSD so reading 256 bytes per call is fine.
Similar change for getrandom crate: rust-random/getrandom#115
This system call is present on all supported NetBSD versions and
provides an endless stream of non-blocking random data from the
kernel's ChaCha20-based CSPRNG. It doesn't require a file descriptor
to be opened.
The system call is documented here (under kern.arandom):
https://netbsd.gw.com/cgi-bin/man-cgi?sysctl+7+NetBSD-7.0
And defined here:
https://nxr.netbsd.org/xref/src/sys/sys/sysctl.h#273
The semantics are the same as FreeBSD so reading 256 bytes per call
is fine.
Similar change for getrandom crate: rust-random/getrandom#115
Redesign the interface to the unikernel HermitCore
We are developing the unikernel HermitCore, where the kernel is written in Rust and is already part of the Rust Standard Library. The interface between the standard library and the kernel based on a small C library. With this pull request, we remove completely the dependency to C and use lld as linker. Currently, the kernel will be linked to the application as static library, which is published at https://github.com/hermitcore/libhermit-rs.
We don’t longer support the C interface to the kernel. Consequently, we remove this part from the Rust Standard Library.
SGX: Clear additional flag on enclave entry
An attacker could set both the AC flag in CR0 as in rflags. This causes the enclave to perform an AEX upon a misaligned memory access, and an attacker learns some information about the internal enclave state.
The AC flag in rflags is copied from userspace upon an enclave entry. Upon AEX it is copied and later restored. This patch forces the rflag.AC bit to be reset right after an enter.
Fix check of `statx` and handle EPERM
Should fix#65662https://github.com/rust-lang/rust/issues/65662#issuecomment-544593939
> I think a reasonable solution might be to do something like try to stat AT_CWD initially and if that fails with EPERM or ENOSYS we disable the syscall entirely, otherwise it's cached as always good to use.
r? @alexcrichton
