check libc before using SYS_getrandom on Linux
#285
Comments
|
Good catch, this library aims to have an identical implementation to the standard library (see rust-lang/rust#62079), so we shouldn't deviate unless it's necessary. I think adding this sort of detection would be fine. Our logic would then become:
|
|
Personally, on Linux I prefer using syscalls directly, to the point of thinking that ideally we should not rely on Regardless of the approach used by
Assuming we will add the |
How does the Rust stdlib ensure that the
Reasonably policy. But, let's make sure that the standard library is doing the right thing. |
The I am not sure how we test that both code paths (weak symbol found, weak symbol not found and fallback to syscall) are correct in CI/CD. |
|
@ahgamut after looking at this again, I think the correct approach is to not compile for a Linux target unless you are actually targeting Linux. Given Cosmopolitan's goals of being a compile-once/run-everywhere libc, it shouldn't be using the Given that the Linux fallback logic is already fairly complex, I don't think it makes sense to make it more complex. An alternative would be to only use the syscall wrapper on Linux targets which lack |
|
I think we should make a plan for how to support |
I agree with this. Or, if it is really important for it to be a I spent some time trying to figure out how to make this weak symbol lookup bulletproof, in #429 and privately, and my conclusion is that we should try to avoid the weak symbol lookup whenever practical. There are just too many hazards to do it on the off chance that we might maybe be Cosmopolitan Libc, when we're probably not. So I think we should close this as Not Planned. |
|
Also, this is a little bit off topic, but it is likely that especially with the x86_64-unknown-linux-none target now existing, more libraries that are currently using libc are going to start trying to find ways to avoid libc, e.g. by issuing more syscalls directly, and even by issuing syscalls directly in inline/external assembly language code, avoiding even |
|
@briansmith I agree here. While some of the issues with dynamic symbol lookup would be a problem even if we used If/When |
Use of `libc::getrandom` will automatically give us optimizations like vDSO (#503) and can help with testing of fallback logic (#289). It was also requested in #285. In that discussion we decided against using this approach, but in the light of the vDSO optimization it may be worth to reconsider it. In `linux_android_with_fallback` use of `libc::syscall` is replaced by `dlsym`-based code similar to what we use in the `netbsd` backend.
Hi,
I was porting HVM to run on Cosmopolitan Libc, and I noticed a small difference between how
getrandomis handled by this crate when compared to the Rust standard library.The Rust standard library has a
syscallmacro which creates a weak symbol forgetrandom, so if the underlying libc providesgetrandom, that function is called instead of making a syscall. The standard library usesgetrandomfor HashMap keys here.The
getrandomcrate makes the Linux syscall directly without first checking forgetrandomin the libc.The pattern used in the Rust standard library is flexible to which libc is used, be it glibc, musl, or Cosmopolitan.
Could you change https://github.com/rust-random/getrandom/blob/master/src/linux_android.rs to check if
getrandomis provided by the libc first, before using the syscall?The text was updated successfully, but these errors were encountered: