dnrops
/
rust
mirror of https://github.com/rust-lang/rust.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rollup merge of #128209 - beetrees:no-macos-10.10, r=jieyouxu 

Remove macOS 10.10 dynamic linker bug workaround

Rust's current minimum macOS version is 10.12, so the hack can be removed. This PR also updates the `remove_dir_all` docs to reflect that all supported macOS versions are protected against TOCTOU race conditions (the fallback implementation was already removed in #127683).

try-job: dist-x86_64-apple
try-job: dist-aarch64-apple
try-job: dist-apple-various
try-job: aarch64-apple
try-job: x86_64-apple-1
This commit is contained in:
Guillaume Gomez 2024-09-20 19:46:37 +02:00 committed by GitHub
parent fb46739014 0444056aa3
commit bf6389f077
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 6 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
compiler/rustc_codegen_llvm/src/consts.rs
View File

@ -443,58 +443,6 @@ impl<'ll> CodegenCx<'ll, '_> {
if attrs.flags.contains(CodegenFnAttrFlags::THREAD_LOCAL) {
llvm::set_thread_local_mode(g, self.tls_model);
// Do not allow LLVM to change the alignment of a TLS on macOS.
//
// By default a global's alignment can be freely increased.
// This allows LLVM to generate more performant instructions
// e.g., using load-aligned into a SIMD register.
//
// However, on macOS 10.10 or below, the dynamic linker does not
// respect any alignment given on the TLS (radar 24221680).
// This will violate the alignment assumption, and causing segfault at runtime.
//
// This bug is very easy to trigger. In `println!` and `panic!`,
// the `LOCAL_STDOUT`/`LOCAL_STDERR` handles are stored in a TLS,
// which the values would be `mem::replace`d on initialization.
// The implementation of `mem::replace` will use SIMD
// whenever the size is 32 bytes or higher. LLVM notices SIMD is used
// and tries to align `LOCAL_STDOUT`/`LOCAL_STDERR` to a 32-byte boundary,
// which macOS's dyld disregarded and causing crashes
// (see issues #51794, #51758, #50867, #48866 and #44056).
//
// To workaround the bug, we trick LLVM into not increasing
// the global's alignment by explicitly assigning a section to it
// (equivalent to automatically generating a `#[link_section]` attribute).
// See the comment in the `GlobalValue::canIncreaseAlignment()` function
// of `lib/IR/Globals.cpp` for why this works.
//
// When the alignment is not increased, the optimized `mem::replace`
// will use load-unaligned instructions instead, and thus avoiding the crash.
//
// We could remove this hack whenever we decide to drop macOS 10.10 support.
if self.tcx.sess.target.is_like_osx {
// The `inspect` method is okay here because we checked for provenance, and
// because we are doing this access to inspect the final interpreter state
// (not as part of the interpreter execution).
//
// FIXME: This check requires that the (arbitrary) value of undefined bytes
// happens to be zero. Instead, we should only check the value of defined bytes
// and set all undefined bytes to zero if this allocation is headed for the
// BSS.
let all_bytes_are_zero = alloc.provenance().ptrs().is_empty()
&& alloc
.inspect_with_uninit_and_ptr_outside_interpreter(0..alloc.len())
.iter()
.all(|&byte| byte == 0);
let sect_name = if all_bytes_are_zero {
c"__DATA,__thread_bss"
} else {
c"__DATA,__thread_data"
};
llvm::LLVMSetSection(g, sect_name.as_ptr());
}
}
// Wasm statics with custom link sections get special treatment as they

13
library/std/src/fs.rs
View File

@ -2473,16 +2473,15 @@ pub fn remove_dir<P: AsRef<Path>>(path: P) -> io::Result<()> {
/// # Platform-specific behavior
///
/// This function currently corresponds to `openat`, `fdopendir`, `unlinkat` and `lstat` functions
/// on Unix (except for macOS before version 10.10 and REDOX) and the `CreateFileW`,
/// `GetFileInformationByHandleEx`, `SetFileInformationByHandle`, and `NtCreateFile` functions on
/// Windows. Note that, this [may change in the future][changes].
/// on Unix (except for REDOX) and the `CreateFileW`, `GetFileInformationByHandleEx`,
/// `SetFileInformationByHandle`, and `NtCreateFile` functions on Windows. Note that, this
/// [may change in the future][changes].
///
/// [changes]: io#platform-specific-behavior
///
/// On macOS before version 10.10 and REDOX, as well as when running in Miri for any target, this
/// function is not protected against time-of-check to time-of-use (TOCTOU) race conditions, and
/// should not be used in security-sensitive code on those platforms. All other platforms are
/// protected.
/// On REDOX, as well as when running in Miri for any target, this function is not protected against
/// time-of-check to time-of-use (TOCTOU) race conditions, and should not be used in
/// security-sensitive code on those platforms. All other platforms are protected.
///
/// # Errors
///

27
tests/codegen/issues/issue-44056-macos-tls-align.rs
View File

@ -1,27 +0,0 @@
//
//@ only-apple
//@ compile-flags: -O
#![crate_type = "rlib"]
#![feature(thread_local)]
// local_unnamed_addr does not appear when std is built with debug assertions.
// CHECK: @STATIC_VAR_1 = thread_local {{(local_unnamed_addr )?}}global <{ [32 x i8] }> zeroinitializer, section "__DATA,__thread_bss", align 4
#[no_mangle]
#[thread_local]
static mut STATIC_VAR_1: [u32; 8] = [0; 8];
// CHECK: @STATIC_VAR_2 = thread_local {{(local_unnamed_addr )?}}global <{ [32 x i8] }> <{{[^>]*}}>, section "__DATA,__thread_data", align 4
#[no_mangle]
#[thread_local]
static mut STATIC_VAR_2: [u32; 8] = [4; 8];
#[no_mangle]
pub unsafe fn f(x: &mut [u32; 8]) {
std::mem::swap(x, &mut STATIC_VAR_1)
}
#[no_mangle]
pub unsafe fn g(x: &mut [u32; 8]) {
std::mem::swap(x, &mut STATIC_VAR_2)
}