Switch from .init_array constructors to /proc/self/auxv. (#385)

* Switch from `.init_array` constructors to /proc/self/auxv. In the linux_raw backend, switch from using a `.init_array` constructor for obtaining the aux values to reading them from /proc/self/auxv. This avoids problems in situation where other Rust code can run before the constructor, potentially distrupting the `__environ` value. Also, for the linux_raw backend, introduce a new "use-libc-auxv" feature, which enables use of libc to read the aux values, instead of reading them from /proc/self/auxv. The "use-libc-auxv" option is enabled by default, because it's more efficient and doesn't depend on /proc, so it's likely better for most users. Mustang, for its part, continues to be able to use the incoming auxv on the stack because it controls program startup. Since it doesn't have to worry about the hazards of /proc or QEMU, it can trust the incoming values, and do less checking. Fixes #382. * Remove the param `init` function from the libc backend. * Fix the no-std build. * Fix the backends test to accept that the default options now depend on libc. * Use `NonNull` in `check_raw_pointer`'s return type. This allows it to pack the return value into a single pointer-sized value. * Update more code to the new `check_raw_pointer` API. * Fix an unused-import warning. * Fix copy+paste. * Thread `check_elf_base` through `check_vdso_base` too.
bytecodealliance · Aug 8, 2022 · a2c6c7a · a2c6c7a
1 parent 7dd900a
commit a2c6c7a
Show file tree

Hide file tree

Showing 14 changed files with 729 additions and 377 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -100,7 +100,13 @@ targets = [
 ]
 
 [features]
-default = ["std"]
+
+# By default, use `std` and use libc for aux values.
+#
+# It turns out to be bizarrely awkward to obtain the aux values reliably and
+# efficiently on Linux from anywhere other than libc. We can do it, but most
+# users are better served by just using libc for this.
+default = ["std", "use-libc-auxv"]
 
 # This enables use of std. Disabling this enables `#![no_std], and requires
 # nightly Rust.
@@ -170,6 +176,11 @@ all-apis = [
     "time",
 ]
 
+# When using the linux_raw backend, and not using Mustang, should we use libc
+# for reading the aux vectors, instead of reading them ourselves from
+# /proc/self/auxv?
+use-libc-auxv = ["libc"]
+
 # Expose io-lifetimes' features for third-party crate impls.
 async-std = ["io-lifetimes/async-std"]
 tokio = ["io-lifetimes/tokio"]

diff --git a/src/backend/libc/param/auxv.rs b/src/backend/libc/param/auxv.rs
@@ -52,15 +52,3 @@ pub(crate) fn linux_execfn() -> &'static CStr {
         cstr!("")
     }
 }
-
-/// Initialize process-wide state.
-#[cfg(any(
-    target_vendor = "mustang",
-    not(any(target_env = "gnu", target_env = "musl")),
-))]
-#[inline]
-#[doc(hidden)]
-pub(crate) unsafe fn init(_envp: *mut *mut u8) {
-    // Nothing to do. This is the libc backend, and libc does the
-    // initialization for us.
-}
diff --git a/src/backend/linux_raw/elf.rs b/src/backend/linux_raw/elf.rs
@@ -1,6 +1,10 @@
 //! The ELF ABI.
 
 #![allow(non_snake_case)]
+#![cfg_attr(
+    all(not(target_vendor = "mustang"), feature = "use-libc-auxv"),
+    allow(dead_code)
+)]
 
 pub(super) const SELFMAG: usize = 4;
 pub(super) const ELFMAG: [u8; SELFMAG] = [0x7f, b'E', b'L', b'F'];