Commit Graph

6122 Commits

Author SHA1 Message Date
Matthias Krüger
888422880c
Rollup merge of #128106 - hallfox:patch-1, r=ChrisDenton
Fix return type of FileAttr methods on AIX target

At some point it seems `SystemTime::new` changed from returning `SystemTime` to `io::Result<SystemTime>`. This seems to have been addressed on other platforms, but was never changed for AIX.

This was caught by running
```
python3 x.py build --host x86_64-unknown-linux-gnu --target powerpc64-ibm-aix
```
2024-07-24 05:05:36 +02:00
Matthias Krüger
ee77dda778
Rollup merge of #128092 - ChrisDenton:wrappers, r=workingjubilee
Remove wrapper functions from c.rs

I'd like for the windows `c.rs` just to contain the basic platform definitions and not anything higher level unless absolutely necessary. So this removes some wrapper functions that weren't really necessary in any case. The functions are only used in a few places which themselves are relatively thin wrappers. The "interesting" bit is that we had an `AlertableIoFn` that abstracted over `ReadFileEx` and `WriteFileEx`. I've replaced this with a closure.

Also I removed an `#[allow(unsafe_op_in_unsafe_fn)]` while I was moving things around.
2024-07-24 05:05:34 +02:00
bors
f751af4d78 Auto merge of #127153 - NobodyXu:pipe, r=ChrisDenton
Initial implementation of anonymous_pipe API

ACP completed in rust-lang/libs-team#375
Tracking issue: #127154

try-job: x86_64-msvc
try-job: i686-mingw
2024-07-24 00:03:14 +00:00
Taylor Foxhall
1f59a8030d
Fix return type of FileAttr methods on AIX target
At some point it seems `SystemTime::new` changed from returning `SystemTime` to `io::Result<SystemTime>`. This seems to have been addressed on other platforms, but was never changed for AIX.

This was caught by running 
```
python3 x.py build --host x86_64-unknown-linux-gnu --target powerpc64-ibm-aix
```
2024-07-23 12:36:52 -04:00
Jiahao XU
c9c8a14884
Initial implementation of anonymous_pipe
Co-authored-by: Alphyr <47725341+a1phyr@users.noreply.github.com>
Co-authored-by: Jubilee <46493976+workingjubilee@users.noreply.github.com>
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
2024-07-23 23:13:56 +10:00
Chris Denton
8c3ce60e30
Remove wrapper functions from c.rs 2024-07-23 10:51:24 +00:00
Jubilee Young
e4d89bc802 std: Unsafe-wrap backtrace code held in-common 2024-07-23 01:17:26 -07:00
Jubilee Young
ed809e9b79 std: Unsafe-wrap alloc code held in-common 2024-07-23 01:14:39 -07:00
许杰友 Jieyou Xu (Joe)
7d81e092a1
Rollup merge of #127996 - ian-h-chamberlain:fix/horizon-warnings-unsafe-in-unsafe, r=tgross35
Clean up warnings + `unsafe_op_in_unsafe_fn` when building std for armv6k-nintendo-3ds

See #127747

ping `@AzureMarker` `@Meziu`

I could only find one instance needing an extra `unsafe` that was not also shared with many other `unix` targets (presumably these will get covered in larger sweeping changes, I didn't want to introduce churn that would potentially conflict with those). The one codepath I found is shared with `vita` however, so also pinging `@nikarh` `@pheki` `@zetanumbers` just to make sure they're aware of this change.

Also removed one unused import from `process_unsupported` which should simply fix the warning for any target that uses it.
2024-07-22 16:44:06 +08:00
Jubilee
6af66e836f
Rollup merge of #127583 - Nilstrieb:invalid-utf8, r=joboet
Deal with invalid UTF-8 from `gai_strerror`

When the system is using a non-UTF-8 locale, the value will indeed not be UTF-8. That sucks for everyone involved, but is no reason for panic. We can "handle" this gracefully by just using from lossy, replacing the invalid UTF-8 with � and keeping the accidentally valid UTF-8. Good luck when debugging, but at least it's not a crash.

We already do this for `strerror_r`.

fixes #127563
2024-07-21 17:44:27 -07:00
Ian Chamberlain
dba6b74dd8
Fix warnings when checking armv6k-nintendo-3ds
Also fix one instance of unsafe_op_in_unsafe_fn that's specific to
horizon + vita - most others should be common with other code.
2024-07-21 20:12:54 -04:00
Nilstrieb
ae42efc522 Deal with invalid UTF-8 from gai_strerror
When the system is using a non-UTF-8 locale, the value will indeed not
be UTF-8. That sucks for everyone involved, but is no reason for panic.
We can "handle" this gracefully by just using from lossy, replacing the
invalid UTF-8 with the ? and keeping the accidentally valid UTF-8.
Good luck when debugging, but at least it's not a crash.

We already do this for `strerror_r`.
2024-07-21 13:22:03 +02:00
Matthias Krüger
8fe93c9bec
Rollup merge of #128005 - ChrisDenton:msvc-include, r=joboet
Remove _tls_used hack

All the MSVC targets use `target_thread_locals` (see the [base spec](1afc5fd042/compiler/rustc_target/src/spec/base/windows_msvc.rs (L34))) so this hack is no longer needed. The compiler will ensure that thread locals work properly.
2024-07-20 19:29:00 +02:00
Matthias Krüger
b3d682c577
Rollup merge of #127734 - ChrisDenton:netc, r=Mark-Simulacrum
Windows: move BSD socket shims to netc

On Windows we need to alter a few types so that they can be used in the cross-platform socket code. Currently these alterations are spread throughout the `c` module with some more in the `netc` module.

Let's gather all our BSD compatibility shims in the `netc` module so it's all in one place and easier to discover.
2024-07-20 19:28:57 +02:00
Chris Denton
af735f3bd3
Remove _tls_used hack 2024-07-20 12:37:36 +00:00
Matthias Krüger
6b9982d4fb
Rollup merge of #127873 - workingjubilee:forbid-unsafe-ops-for-kmc-solid, r=Amanieu
kmc-solid: `#![forbid(unsafe_op_in_unsafe_fn)]`

The path logic _should_ handle the forbiddance in the itron sources correctly, despite them being an "out-of-line" module.
2024-07-20 13:24:53 +02:00
Matthias Krüger
2ee3668ad5
Rollup merge of #127843 - workingjubilee:break-up-big-ass-stack-overflow-fn, r=joboet
unix: document unsafety for std `sig{action,altstack}`

I found many surprising elements here while trying to wrap a measly 5 functions with `unsafe`. I would rather not "just" mindlessly wrap this code with `unsafe { }`, so I decided to document it properly.

On Unix, this code covers the "create and setup signal handler" part of the stack overflow code, and serves as the primary safety boundary for the signal handler. It is rarely audited, very gnarly, and worth extra attention. It calls other unsafe functions defined in this module, but "can we correctly map the right memory, or find the right address ranges?" are separate questions, and get increasingly platform-specific. The question here is the more general "are we doing everything in the correct order, and setting up the handler in the correct way?"

As part of this audit, I noticed that we do some peculiar things that we should probably refrain from. However, I avoided making changes that I deemed might have a different final result in Rust programs. I did, however, reorder some events so that the signal handler is installed _after_ we install the alternate stack. We do not run much code between these events, but it is probably best if the timespan between the handler being available and the new stack being installed is 0 nanoseconds.
2024-07-20 13:24:53 +02:00
Matthias Krüger
4da2869bc7
Rollup merge of #127918 - ChrisDenton:thread-name-string, r=joboet
Safely enforce thread name requirements

The requirements for the thread name to be both UTF-8 and null terminated are easily enforced by a wrapper type so lets do that. The fact this used to be just a bare `CString` has tripped me up before because it was entirely safe to use a non UTF-8 `CString`.
2024-07-20 07:13:43 +02:00
Matthias Krüger
bc86893a1a
Rollup merge of #123196 - Ayush1325:uefi-process, r=joboet
Add Process support for UEFI

UEFI does not have an actual process. However, it does provide methods to launch and execute another UEFI image. Having process support is important since it is possible to run rust test suit using `Command::output` and is the first step towards being able to run it for UEFI.

Here is an overview of how the support is implemented.

- We create a copy of the SystemTable. This is required since at least OVMF seems to crash if the original system table is modified.
- Stdout and Stderr pipe works by registering a new `simple_text_output` Protocol and pointing the child system table to use those.
- `Stdio::Inherit` just points the console to the current running image console which seems to work with even 3 levels of process.
- `spawn` is left unimplemented since it does not make sense for UEFI architecture. Additionally, since https://github.com/rust-lang/rust/pull/105458 was merged, the `spawn` and `output` implementations are completely independent.
2024-07-20 07:13:41 +02:00
Jubilee Young
e9b3e9c7f4 std: forbid unwrapped unsafe in unsupported_backslash 2024-07-19 13:46:06 -07:00
Jubilee Young
1d83da8847 kmc-solid: forbid(unsafe_op_in_unsafe_fn) 2024-07-19 13:46:06 -07:00
bors
ff4b39867e Auto merge of #127982 - matthiaskrgr:rollup-nzyvphj, r=matthiaskrgr
Rollup of 6 pull requests

Successful merges:

 - #127295 (CFI: Support provided methods on traits)
 - #127814 (`C-cmse-nonsecure-call`: improved error messages)
 - #127949 (fix: explain E0120 better cover cases when its raised)
 - #127966 (Use structured suggestions for unconstrained generic parameters on impl blocks)
 - #127976 (Lazy type aliases: Diagostics: Detect bivariant ty params that are only used recursively)
 - #127978 (Avoid ref when using format! for perf)

r? `@ghost`
`@rustbot` modify labels: rollup
2024-07-19 18:40:33 +00:00
Matthias Krüger
e28be0d168
Rollup merge of #127978 - nyurik:lib-refs, r=workingjubilee
Avoid ref when using format! for perf

Clean up a few minor refs in `format!` macro, as it has a performance cost. Apparently the compiler is unable to inline `format!("{}", &variable)`, and does a run-time double-reference instead (format macro already does one level referencing).  Inlining format args prevents accidental `&` misuse.
2024-07-19 20:03:58 +02:00
Yuri Astrakhan
91275b2c2b Avoid ref when using format! for perf
Clean up a few minor refs in `format!` macro, as it has a tiny perf
cost. A few more minor related cleanups.
2024-07-19 12:23:49 -04:00
Matthias Krüger
45e4e96385
Rollup merge of #112328 - juliusl:pr/windows-add-change-time, r=ChrisDenton
Feat. adding ext that returns change_time

Addresses #112327
2024-07-19 17:06:49 +02:00
Ayush Singh
e2903989da
uefi: process: Fixes from PR
- Update system table crc32
- Fix unsound use of Box
- Free exit data
- Code improvements
- Introduce OwnedTable
- Update r-efi to latest version
- Use extended_varargs_abi_support for
  install_multiple_protocol_interfaces and
  uninstall_multiple_protocol_interfaces
- Fix comments
- Stub out args implementation

Signed-off-by: Ayush Singh <ayushdevel1325@gmail.com>
2024-07-19 17:44:27 +05:30
Ayush Singh
56e2a57505
uefi: process: Final Touchups
Signed-off-by: Ayush Singh <ayushdevel1325@gmail.com>
2024-07-19 17:43:45 +05:30
Ayush Singh
c899e05457
uefi: process: Add CommandArgs support
Signed-off-by: Ayush Singh <ayushdevel1325@gmail.com>
2024-07-19 17:43:45 +05:30
Ayush Singh
29c198c85f
uefi: process: Add support for args
Also fix stdio inherit

Signed-off-by: Ayush Singh <ayushdevel1325@gmail.com>
2024-07-19 17:43:45 +05:30
Ayush Singh
d44b3fb120
uefi: process Implement inherit
Only tested in 2 levels right now. Need args support for 3 levels

Signed-off-by: Ayush Singh <ayushdevel1325@gmail.com>
2024-07-19 17:43:45 +05:30
Ayush Singh
725376567a
uefi: process: Add null protocol
Signed-off-by: Ayush Singh <ayushdevel1325@gmail.com>
2024-07-19 17:43:45 +05:30
Ayush Singh
87d7a07f50
uefi: process: Add stderr support
Implement stderr support in similar fashion.

Signed-off-by: Ayush Singh <ayushdevel1325@gmail.com>
2024-07-19 17:43:44 +05:30
Ayush Singh
6737a02a50
uefi: process: Add support to capture stdout
Use a custom simple_text_output protocol to capture output.

Signed-off-by: Ayush Singh <ayushdevel1325@gmail.com>
2024-07-19 17:43:44 +05:30
Ayush Singh
a8d7121e4a
uefi: Add process
Signed-off-by: Ayush Singh <ayushdevel1325@gmail.com>
2024-07-19 17:43:37 +05:30
Jubilee
529fcbcd6d
unix: acquire-load NEED_ALTSTACK
Co-authored-by: Jonas Böttiger <jonasboettiger@icloud.com>
2024-07-18 15:24:40 -07:00
Jubilee Young
c1740eee1e unix: Unsafe-wrap stack_overflow::{drop,make}_handler
Note that current_guard is probably not unsafe for future work.
2024-07-18 15:22:47 -07:00
Jubilee Young
fa628ceaff unix: Unsafe-wrap stack_overflow::cleanup
Editorialize on the wisdom of this as we do.
2024-07-18 15:22:17 -07:00
Jubilee Young
357ba1f8ec unix: lift init of sigaltstack before sigaction
This is technically "not necessary", as we will "just" segfault instead
if we e.g. arrive inside the handler fn with the null altstack. However,
it seems incorrect to go about this hoping that segfaulting is okay,
seeing as how our purpose here is to mitigate stack overflow problems.

Make sure NEED_ALTSTACK syncs with PAGE_SIZE when we do.

Co-authored-by: Jonas Böttiger <jonasboettiger@icloud.com>
2024-07-18 15:18:38 -07:00
Jubilee Young
9e354daf7b unix: Unsafe-wrap stack_overflow::signal_handler
sometimes a safety comment is a prayer.
avoid fuzzy provenance casts after deref.

Co-authored-by: Jonas Böttiger <jonasboettiger@icloud.com>
2024-07-18 15:12:18 -07:00
Chris Denton
9432955a01
Move ThreadName conversions to &cstr/&str 2024-07-18 19:53:09 +00:00
Chris Denton
8e4a9205e9
Style change 2024-07-18 18:10:36 +00:00
Chris Denton
939ee38304
Make Thread::new_inner a safe function 2024-07-18 17:33:52 +00:00
Matthias Krüger
f62aa415c3
Rollup merge of #124881 - Sp00ph:reentrant_lock_tid, r=joboet
Use ThreadId instead of TLS-address in `ReentrantLock`

Fixes #123458

`ReentrantLock` currently uses the address of a thread local variable as an ID that's unique across all currently running threads. This can lead to uninituitive behavior as in #123458 if TLS blocks get reused. This PR changes `ReentrantLock` to instead use the `ThreadId` provided by `std` as the unique ID. `ThreadId` guarantees uniqueness across the lifetime of the whole process, so we don't need to worry about reusing IDs of terminated threads. The main appeal of this PR is thus the possibility of changing the `ReentrantLock` API to guarantee that if a thread leaks a lock guard, no other thread may ever acquire that lock again.

This does entail some complications:
- previously, the only way to retrieve the current thread ID would've been using `thread::current().id()` which creates a temporary `Arc` and which isn't available in TLS destructors. As part of this PR, the thread ID instead gets cached in its own thread local, as suggested [here](https://github.com/rust-lang/rust/issues/123458#issuecomment-2038207704).
- `ThreadId` is always 64-bit whereas the current implementation uses a usize-sized ID. Since this ID needs to be updated atomically, we can't simply use a single atomic variable on 32 bit platforms. Instead, we fall back to using a (sound) seqlock on 32-bit platforms, which works because only one thread at a time can write to the ID. This seqlock is technically susceptible to the ABA problem, but the attack vector to create actual unsoundness has to be very specific:
  - You would need to be able to lock+unlock the lock exactly 2^31 times (or a multiple thereof) while a thread trying to lock it sleeps
  - The sleeping thread would have to suspend after reading one half of the thread id but before reading the other half
  - The teared result from combining the halves of the thread ID would have to exactly line up with the sleeping thread's ID

The risk of this occurring seems slim enough to be acceptable to me, but correct me if I'm wrong. This also means that the size of the lock increases by 8 bytes on 32-bit platforms, but this also shouldn't be an issue.

Performance wise, I did some crude testing of the only case where this could lead to real slowdowns, which is the case of locking a `ReentrantLock` that's already locked by the current thread. On both aarch64 and x86-64, there is (expectedly) pretty much no performance hit. I didn't have any 32-bit platforms to test the seqlock performance on, so I did the next best thing and just forced the 64-bit platforms to use the seqlock implementation. There, the performance degraded by ~1-2ns/(lock+unlock) on x86-64 and ~6-8ns/(lock+unlock) on aarch64, which is measurable but seems acceptable to me seeing as 32-bit platforms should be a small minority anyways.

cc `@joboet` `@RalfJung` `@CAD97`
2024-07-18 18:10:14 +02:00
Markus Everling
fe89962237 Update ReentrantLock implementation, add CURRENT_ID thread local.
This changes `ReentrantLock` to use `ThreadId` for the thread ownership check instead of the address of a thread local. Unlike TLS blocks, `ThreadId` is guaranteed to be unique across the lifetime of the process, so if any thread ever terminates while holding a `ReentrantLockGuard`, no other thread may ever acquire that lock again.

On platforms with 64-bit atomics, this is a very simple change. On other platforms, the approach used is slightly more involved, as explained in the module comment.

This also adds a `CURRENT_ID` thread local in addition to the already existing `CURRENT`. This allows us to access the current `ThreadId` without the relatively heavy machinery used by `thread::current().id()`.
2024-07-18 14:09:25 +00:00
Chris Denton
a605e2f498
Safely enforce thread name requirements 2024-07-18 13:45:20 +00:00
Matthias Krüger
3aafbd28e5
Rollup merge of #127077 - tbu-:pr_doc_fd_to_owned, r=workingjubilee
Make language around `ToOwned` for `BorrowedFd` more precise
2024-07-18 08:08:58 +02:00
Trevor Gross
8bb057874d
Rollup merge of #127861 - Kriskras99:patch-1, r=tgross35
Document the column numbers for the dbg! macro

The line numbers were also made consistent, some examples used the line numbers as shown on the playground while others used the line numbers that you would expect when just seeing the documentation.

The second option was chosen to make everything consistent.
2024-07-17 19:53:29 -05:00
Trevor Gross
3c4f820c5b
Rollup merge of #127845 - workingjubilee:actually-break-up-big-ass-stack-overflow-fn, r=joboet
unix: break `stack_overflow::install_main_guard` into smaller fn

This was one big deeply-indented function for no reason. This made it hard to reason about the boundaries of its safety. Or just, y'know, read. Simplify it by splitting it into platform-specific functions, but which are still asked to keep compiling (a desirable property, since all of these OS use a similar API).

This is mostly a whitespace change, so I suggest reviewing it only after setting Files changed -> (the options gear) -> [x] Hide whitespace as that will make it easier to see how the code was actually broken up instead of raw line diffs.
2024-07-17 19:53:28 -05:00
Julius Liu
35428cff60 feat: adding ext that returns change_time for Windows 2024-07-17 13:34:18 -07:00
bors
fcc325f1bc Auto merge of #125942 - timokroeger:windows-once-futex, r=ChrisDenton
Windows: Use futex implementation for `Once`

Keep the queue implementation for win7.
Inspired by PR #121956

<!--
If this PR is related to an unstable feature or an otherwise tracked effort,
please link to the relevant tracking issue here. If you don't know of a related
tracking issue or there are none, feel free to ignore this.

This PR will get automatically assigned to a reviewer. In case you would like
a specific user to review your work, you can assign it to them by using

    r​? <reviewer name>
-->
2024-07-17 19:28:24 +00:00