netbsd: Simplify weak lookup. #484
Conversation
briansmith
force-pushed
the
b/netbsd-weak
branch
6 times, most recently
from
c008fee
to
1a0a475
Compare
|
What about the following comment about
Is it no longer relevant? To be safe it may be worth to use |
briansmith
force-pushed
the
b/netbsd-weak
branch
2 times, most recently
from
e8095c6
to
5d152be
Compare
briansmith
force-pushed
the
b/netbsd-weak
branch
5 times, most recently
from
40669fd
to
ea3436e
Compare
Thanks. As I mentioned in the other comment, I did make this change. |
briansmith
force-pushed
the
b/netbsd-weak
branch
from
ea3436e
to
bbf8763
Compare
src/netbsd.rs
Outdated
| let ptr = match unsafe { libc::dlsym(libc::RTLD_DEFAULT, name_ptr) } { | ||
| ptr if !ptr.is_null() => ptr, | ||
| _ => polyfill_using_kern_arand as *mut libc::c_void, | ||
| }; |
There was a problem hiding this comment.
I think the following code will be a bit easier to read:
let mut ptr = unsafe { libc::dlsym(libc::RTLD_DEFAULT, name_ptr) };
// If getrandom(2) is not availalbe, use KERN_ARAND polyfill
if ptr.is_null() {
ptr = polyfill_using_kern_arand as *mut libc::c_void;
}There was a problem hiding this comment.
In other PRs, @josephlr asked me to write things the way I wrote it here, and to not write it the let mut ... way.
There was a problem hiding this comment.
BTW, the other reason I use a match is because it helps with code coverage measurement. Though we don't have that yet, I hope we do soon.
There was a problem hiding this comment.
Ok. :) I don't have a strong preference here, so I will wait for him to confirm that he prefers this way.
it helps with code coverage measurement
I think the if branch should be handled by code coverage tools without issues.
There was a problem hiding this comment.
In other PRs, @josephlr asked me to write things the way I wrote it here, and to not write it the
let mut ...way.
Looking at this, I think that was a bad call on my part (sorry). I agree w/ @newpavlov that the if is more readable here. @briansmith's point is a good one about code coverage, but we would ideally handle that via branch coverage (see #288 (comment))
briansmith
force-pushed
the
b/netbsd-weak
branch
from
bbf8763
to
f6bfcdd
Compare
src/netbsd.rs
Outdated
| let ptr = match unsafe { libc::dlsym(libc::RTLD_DEFAULT, name_ptr) } { | ||
| ptr if !ptr.is_null() => ptr, | ||
| _ => polyfill_using_kern_arand as *mut libc::c_void, | ||
| }; |
There was a problem hiding this comment.
In other PRs, @josephlr asked me to write things the way I wrote it here, and to not write it the
let mut ...way.
Looking at this, I think that was a bad call on my part (sorry). I agree w/ @newpavlov that the if is more readable here. @briansmith's point is a good one about code coverage, but we would ideally handle that via branch coverage (see #288 (comment))
src/netbsd.rs
Outdated
| @@ -24,28 +44,33 @@ fn kern_arnd(buf: &mut [MaybeUninit<u8>]) -> libc::ssize_t { | |||
|
|
|||
| type GetRandomFn = unsafe extern "C" fn(*mut u8, libc::size_t, libc::c_uint) -> libc::ssize_t; | |||
There was a problem hiding this comment.
Should the first argument be *mut c_void here? That's what the man pages has: https://man.freebsd.org/cgi/man.cgi?query=getrandom&sektion=2
I'm not sure if it particularly matters
There was a problem hiding this comment.
I'm not sure if it particularly matters
In theory it could matter depending on the CFI rules. I changed it.
Match the type signature that the NetBSD man page gives for getrandom.
Remove LazyPtr. Avoid constructing an invalid pointer as a sentinel to indicate that the pointer is uninitialized. Now, a null pointer means it is uninitialized, and a non-null pointer means it is initialized. This is less questionable from a safety perspective, and should also be more efficient. Reduce duplication between the "getrandom is available" and the fallback case.
briansmith
force-pushed
the
b/netbsd-weak
branch
from
f6bfcdd
to
9bf6192
Compare
| if ptr.is_null() { | ||
| // Verify `polyfill_using_kern_arand` has the right signature. | ||
| const POLYFILL: GetRandomFn = polyfill_using_kern_arand; | ||
| ptr = POLYFILL as *mut c_void; |
There was a problem hiding this comment.
I tweaked this by splitting the conversion into two clearly-correct parts because polyfill_using_kern_arand as *mut c_void is quite a dangerous cast.
| @@ -22,30 +42,37 @@ fn kern_arnd(buf: &mut [MaybeUninit<u8>]) -> libc::ssize_t { | |||
| } | |||
| } | |||
|
|
|||
| type GetRandomFn = unsafe extern "C" fn(*mut u8, libc::size_t, libc::c_uint) -> libc::ssize_t; | |||
| type GetRandomFn = unsafe extern "C" fn(*mut c_void, libc::size_t, libc::c_uint) -> libc::ssize_t; | |||
There was a problem hiding this comment.
I changed this signature as @josephlr suggested.
| // the one in libstd, meaning that the use of non-Relaxed operations is | ||
| // probably unnecessary. | ||
| let mut fptr = GETRANDOM.load(Ordering::Acquire); | ||
| if fptr.is_null() { |
There was a problem hiding this comment.
Changed this from the match style that people didn't like.
| static NAME: &[u8] = b"getrandom\0"; | ||
| let name_ptr = NAME.as_ptr().cast::<libc::c_char>(); | ||
| unsafe { libc::dlsym(libc::RTLD_DEFAULT, name_ptr) } | ||
| let mut ptr = unsafe { libc::dlsym(libc::RTLD_DEFAULT, name_ptr) }; | ||
| if ptr.is_null() { |
There was a problem hiding this comment.
Changed this from the match style that people didn't like.
Remove LazyPtr. Avoid constructing an invalid pointer as a sentinel to indicate that the pointer is uninitialized. Now, a null pointer means it is uninitialized, and a non-null pointer means it is initialized. This is less questionable from a safety perspective, and should also be more efficient.
Reduce duplication between the "getrandom is available" and the fallback case.