std/sys/pal/unix/
weak.rs

1//! Support for "weak linkage" to symbols on Unix
2//!
3//! Some I/O operations we do in std require newer versions of OSes but we need
4//! to maintain binary compatibility with older releases for now. In order to
5//! use the new functionality when available we use this module for detection.
6//!
7//! One option to use here is weak linkage, but that is unfortunately only
8//! really workable with ELF. Otherwise, use dlsym to get the symbol value at
9//! runtime. This is also done for compatibility with older versions of glibc,
10//! and to avoid creating dependencies on GLIBC_PRIVATE symbols. It assumes that
11//! we've been dynamically linked to the library the symbol comes from, but that
12//! is currently always the case for things like libpthread/libc.
13//!
14//! A long time ago this used weak linkage for the __pthread_get_minstack
15//! symbol, but that caused Debian to detect an unnecessarily strict versioned
16//! dependency on libc6 (#23628) because it is GLIBC_PRIVATE. We now use `dlsym`
17//! for a runtime lookup of that symbol to avoid the ELF versioned dependency.
18
19// There are a variety of `#[cfg]`s controlling which targets are involved in
20// each instance of `weak!` and `syscall!`. Rather than trying to unify all of
21// that, we'll just allow that some unix targets don't use this module at all.
22#![allow(dead_code, unused_macros)]
23#![forbid(unsafe_op_in_unsafe_fn)]
24
25use crate::ffi::CStr;
26use crate::marker::PhantomData;
27use crate::sync::atomic::{self, AtomicPtr, Ordering};
28use crate::{mem, ptr};
29
30// We can use true weak linkage on ELF targets.
31#[cfg(all(unix, not(target_vendor = "apple")))]
32pub(crate) macro weak {
33    (fn $name:ident($($param:ident : $t:ty),* $(,)?) -> $ret:ty;) => (
34        let ref $name: ExternWeak<unsafe extern "C" fn($($t),*) -> $ret> = {
35            unsafe extern "C" {
36                #[linkage = "extern_weak"]
37                static $name: Option<unsafe extern "C" fn($($t),*) -> $ret>;
38            }
39            #[allow(unused_unsafe)]
40            ExternWeak::new(unsafe { $name })
41        };
42    )
43}
44
45// On non-ELF targets, use the dlsym approximation of weak linkage.
46#[cfg(target_vendor = "apple")]
47pub(crate) use self::dlsym as weak;
48
49pub(crate) struct ExternWeak<F: Copy> {
50    weak_ptr: Option<F>,
51}
52
53impl<F: Copy> ExternWeak<F> {
54    #[inline]
55    pub(crate) fn new(weak_ptr: Option<F>) -> Self {
56        ExternWeak { weak_ptr }
57    }
58
59    #[inline]
60    pub(crate) fn get(&self) -> Option<F> {
61        self.weak_ptr
62    }
63}
64
65pub(crate) macro dlsym {
66    (fn $name:ident($($param:ident : $t:ty),* $(,)?) -> $ret:ty;) => (
67         dlsym!(
68            #[link_name = stringify!($name)]
69            fn $name($($param : $t),*) -> $ret;
70        );
71    ),
72    (
73        #[link_name = $sym:expr]
74        fn $name:ident($($param:ident : $t:ty),* $(,)?) -> $ret:ty;
75    ) => (
76        static DLSYM: DlsymWeak<unsafe extern "C" fn($($t),*) -> $ret> =
77            DlsymWeak::new(concat!($sym, '\0'));
78        let $name = &DLSYM;
79    )
80}
81pub(crate) struct DlsymWeak<F> {
82    name: &'static str,
83    func: AtomicPtr<libc::c_void>,
84    _marker: PhantomData<F>,
85}
86
87impl<F> DlsymWeak<F> {
88    pub(crate) const fn new(name: &'static str) -> Self {
89        DlsymWeak {
90            name,
91            func: AtomicPtr::new(ptr::without_provenance_mut(1)),
92            _marker: PhantomData,
93        }
94    }
95
96    #[inline]
97    pub(crate) fn get(&self) -> Option<F> {
98        unsafe {
99            // Relaxed is fine here because we fence before reading through the
100            // pointer (see the comment below).
101            match self.func.load(Ordering::Relaxed) {
102                func if func.addr() == 1 => self.initialize(),
103                func if func.is_null() => None,
104                func => {
105                    let func = mem::transmute_copy::<*mut libc::c_void, F>(&func);
106                    // The caller is presumably going to read through this value
107                    // (by calling the function we've dlsymed). This means we'd
108                    // need to have loaded it with at least C11's consume
109                    // ordering in order to be guaranteed that the data we read
110                    // from the pointer isn't from before the pointer was
111                    // stored. Rust has no equivalent to memory_order_consume,
112                    // so we use an acquire fence (sorry, ARM).
113                    //
114                    // Now, in practice this likely isn't needed even on CPUs
115                    // where relaxed and consume mean different things. The
116                    // symbols we're loading are probably present (or not) at
117                    // init, and even if they aren't the runtime dynamic loader
118                    // is extremely likely have sufficient barriers internally
119                    // (possibly implicitly, for example the ones provided by
120                    // invoking `mprotect`).
121                    //
122                    // That said, none of that's *guaranteed*, and so we fence.
123                    atomic::fence(Ordering::Acquire);
124                    Some(func)
125                }
126            }
127        }
128    }
129
130    // Cold because it should only happen during first-time initialization.
131    #[cold]
132    unsafe fn initialize(&self) -> Option<F> {
133        assert_eq!(size_of::<F>(), size_of::<*mut libc::c_void>());
134
135        let val = unsafe { fetch(self.name) };
136        // This synchronizes with the acquire fence in `get`.
137        self.func.store(val, Ordering::Release);
138
139        if val.is_null() {
140            None
141        } else {
142            Some(unsafe { mem::transmute_copy::<*mut libc::c_void, F>(&val) })
143        }
144    }
145}
146
147unsafe fn fetch(name: &str) -> *mut libc::c_void {
148    let name = match CStr::from_bytes_with_nul(name.as_bytes()) {
149        Ok(cstr) => cstr,
150        Err(..) => return ptr::null_mut(),
151    };
152    unsafe { libc::dlsym(libc::RTLD_DEFAULT, name.as_ptr()) }
153}
154
155#[cfg(not(any(target_os = "linux", target_os = "android")))]
156pub(crate) macro syscall {
157    (fn $name:ident($($param:ident : $t:ty),* $(,)?) -> $ret:ty;) => (
158        // FIXME(#115199): Rust currently omits weak function definitions
159        // and its metadata from LLVM IR.
160        #[no_sanitize(cfi)]
161        unsafe fn $name($($param: $t),*) -> $ret {
162            weak!(fn $name($($param: $t),*) -> $ret;);
163
164            if let Some(fun) = $name.get() {
165                unsafe { fun($($param),*) }
166            } else {
167                super::os::set_errno(libc::ENOSYS);
168                -1
169            }
170        }
171    )
172}
173
174#[cfg(any(target_os = "linux", target_os = "android"))]
175pub(crate) macro syscall {
176    (
177        fn $name:ident($($param:ident : $t:ty),* $(,)?) -> $ret:ty;
178    ) => (
179        unsafe fn $name($($param: $t),*) -> $ret {
180            weak!(fn $name($($param: $t),*) -> $ret;);
181
182            // Use a weak symbol from libc when possible, allowing `LD_PRELOAD`
183            // interposition, but if it's not found just use a raw syscall.
184            if let Some(fun) = $name.get() {
185                unsafe { fun($($param),*) }
186            } else {
187                unsafe { libc::syscall(libc::${concat(SYS_, $name)}, $($param),*) as $ret }
188            }
189        }
190    )
191}
192
193#[cfg(any(target_os = "linux", target_os = "android"))]
194pub(crate) macro raw_syscall {
195    (fn $name:ident($($param:ident : $t:ty),* $(,)?) -> $ret:ty;) => (
196        unsafe fn $name($($param: $t),*) -> $ret {
197            unsafe { libc::syscall(libc::${concat(SYS_, $name)}, $($param),*) as $ret }
198        }
199    )
200}