bjoernager/rust
bjoernager/rust
1
Fork 0
Code Activity

Disable CFI for weakly linked syscalls

Browse source 
Currently, when enabling CFI via -Zsanitizer=cfi and executing e.g.
std::sys::random::getrandom, we can observe a CFI violation. This is
the case for all consumers of the std::sys::pal::weak::weak macro,
as it is defining weak functions which don't show up in LLVM IR
metadata. CFI fails for all these functions.

Similar to other such cases in
https://github.com/rust-lang/rust/issues/115199, this change stops
emitting the CFI typecheck for consumers of the macro via the
\#[no_sanitize(cfi)] attribute.
This commit is contained in:
Bastian Kersting 2025-03-04 14:31:03 +00:00
parent 2c6a12ec44
commit 02bb2d4410
6 changed files with 27 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

12
library/std/src/sys/fs/unix.rs
View file

@ -1454,6 +1454,18 @@ impl File {
Ok(()) Ok(())
} }
#[cfg_attr(
any(
target_os = "android",
all(
target_os = "linux",
target_env = "gnu",
target_pointer_width = "32",
not(target_arch = "riscv32")
)
),
no_sanitize(cfi)
)]
pub fn set_times(&self, times: FileTimes) -> io::Result<()> { pub fn set_times(&self, times: FileTimes) -> io::Result<()> {
#[cfg(not(any( #[cfg(not(any(
target_os = "redox", target_os = "redox",

1
library/std/src/sys/pal/unix/fd.rs
View file

@ -251,6 +251,7 @@ impl FileDesc {
} }
#[cfg(all(target_os = "android", target_pointer_width = "32"))] #[cfg(all(target_os = "android", target_pointer_width = "32"))]
#[no_sanitize(cfi)]
pub fn read_vectored_at(&self, bufs: &mut [IoSliceMut<'_>], offset: u64) -> io::Result<usize> { pub fn read_vectored_at(&self, bufs: &mut [IoSliceMut<'_>], offset: u64) -> io::Result<usize> {
super::weak::weak!(fn preadv64(libc::c_int, *const libc::iovec, libc::c_int, off64_t) -> isize); super::weak::weak!(fn preadv64(libc::c_int, *const libc::iovec, libc::c_int, off64_t) -> isize);

1
library/std/src/sys/pal/unix/process/process_unix.rs
View file

@ -434,6 +434,7 @@ impl Command {
target_os = "nto", target_os = "nto",
target_vendor = "apple", target_vendor = "apple",
))] ))]
#[cfg_attr(target_os = "linux", no_sanitize(cfi))]
fn posix_spawn( fn posix_spawn(
&mut self, &mut self,
stdio: &ChildPipes, stdio: &ChildPipes,

1
library/std/src/sys/pal/unix/thread.rs
View file

@ -188,6 +188,7 @@ impl Thread {
} }
#[cfg(any(target_os = "solaris", target_os = "illumos", target_os = "nto"))] #[cfg(any(target_os = "solaris", target_os = "illumos", target_os = "nto"))]
#[no_sanitize(cfi)]
pub fn set_name(name: &CStr) { pub fn set_name(name: &CStr) {
weak! { weak! {
fn pthread_setname_np( fn pthread_setname_np(

9
library/std/src/sys/pal/unix/time.rs
View file

@ -96,6 +96,15 @@ impl Timespec {
} }
} }
#[cfg_attr(
all(
target_os = "linux",
target_env = "gnu",
target_pointer_width = "32",
not(target_arch = "riscv32")
),
no_sanitize(cfi)
)]
pub fn now(clock: libc::clockid_t) -> Timespec { pub fn now(clock: libc::clockid_t) -> Timespec {
use crate::mem::MaybeUninit; use crate::mem::MaybeUninit;
use crate::sys::cvt; use crate::sys::cvt;

3
library/std/src/sys/pal/unix/weak.rs
View file

@ -144,6 +144,9 @@ unsafe fn fetch(name: &str) -> *mut libc::c_void {
#[cfg(not(any(target_os = "linux", target_os = "android")))] #[cfg(not(any(target_os = "linux", target_os = "android")))]
pub(crate) macro syscall { pub(crate) macro syscall {
(fn $name:ident($($arg_name:ident: $t:ty),*) -> $ret:ty) => ( (fn $name:ident($($arg_name:ident: $t:ty),*) -> $ret:ty) => (
// FIXME: Rust currently omits weak function definitions
// and its metadata from LLVM IR.
#[no_sanitize(cfi)]
unsafe fn $name($($arg_name: $t),*) -> $ret { unsafe fn $name($($arg_name: $t),*) -> $ret {
weak! { fn $name($($t),*) -> $ret } weak! { fn $name($($t),*) -> $ret }