origin-studio 0.16.0

An alternative `std`-like implementation built on origin
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210

//! The following is derived from Rust's
//! library/std/src/sys/unix/stack_overflow.rs at revision
//! 3e35b39d9dbfcd937c6b9163a3514d6a4775c198.

macro_rules! rtprintpanic {
    ($($t:tt)*) => {
        #[cfg(feature = "std")]
        let _ = $crate::io::Write::write_fmt(&mut $crate::io::stderr(), format_args!($($t)*));
    }
}

macro_rules! rtabort {
    ($($t:tt)*) => {
        {
            rtprintpanic!("fatal runtime error: {}\n", format_args!($($t)*));
            origin::program::trap();
        }
    }
}

use core::ffi::c_void;

pub(crate) struct Handler {
    data: *mut c_void,
}

impl Handler {
    pub(crate) unsafe fn new() -> Handler {
        make_handler()
    }

    fn null() -> Handler {
        Handler {
            data: core::ptr::null_mut(),
        }
    }
}

impl Drop for Handler {
    fn drop(&mut self) {
        unsafe {
            drop_handler(self.data);
        }
    }
}

use core::{mem, ptr};

use origin::signal::{
    sigaction, Sigaction, SigactionFlags, Siginfo, Signal, SIGSTKSZ, SIG_DFL, SS_DISABLE,
};
use rustix::mm::{mmap_anonymous, munmap, MapFlags, ProtFlags};
use rustix::runtime::kernel_sigaltstack;

use core::sync::atomic::{AtomicBool, AtomicPtr, Ordering};
use rustix::param::page_size;

// Signal handler for the SIGSEGV and SIGBUS handlers. We've got guard pages
// (unmapped pages) at the end of every thread's stack, so if a thread ends
// up running into the guard page it'll trigger this handler. We want to
// detect these cases and print out a helpful error saying that the stack
// has overflowed. All other signals, however, should go back to what they
// were originally supposed to do.
//
// This handler currently exists purely to print an informative message
// whenever a thread overflows its stack. We then abort to exit and
// indicate a crash, but to avoid a misleading SIGSEGV that might lead
// users to believe that unsafe code has accessed an invalid pointer; the
// SIGSEGV encountered when overflowing the stack is expected and
// well-defined.
//
// If this is not a stack overflow, the handler un-registers itself and
// then returns (to allow the original signal to be delivered again).
// Returning from this kind of signal handler is technically not defined
// to work when reading the POSIX spec strictly, but in practice it turns
// out many large systems and all implementations allow returning from a
// signal handler to work. For a more detailed explanation see the
// comments on #26458.
unsafe extern "C" fn signal_handler(signum: Signal, info: *mut Siginfo, _data: *mut c_void) {
    let (stack_addr, _stack_size, guard_size) = origin::thread::stack(origin::thread::current());
    let guard_end = stack_addr.addr();
    let guard_start = guard_end - guard_size;

    let addr = (*info)
        .__bindgen_anon_1
        .__bindgen_anon_1
        ._sifields
        ._sigfault
        ._addr
        .addr();

    // If the faulting address is within the guard page, then we print a
    // message saying so and abort.
    if guard_start <= addr && addr < guard_end {
        rtprintpanic!(
            "\nthread '{}' has overflowed its stack\n",
            rustix::thread::name()
                .map(|c_str| alloc_crate::format!("{:?}", c_str))
                .unwrap_or("<unknown>".into())
        );
        rtabort!("stack overflow");
    } else {
        // Unregister ourselves by reverting back to the default behavior.
        let mut action: Sigaction = mem::zeroed();
        action.sa_handler_kernel = SIG_DFL;
        let _ = sigaction(signum, Some(action));

        // See comment above for why this function returns.
    }
}

static MAIN_ALTSTACK: AtomicPtr<c_void> = AtomicPtr::new(ptr::null_mut());
static NEED_ALTSTACK: AtomicBool = AtomicBool::new(false);

pub unsafe fn init() {
    for &signal in &[Signal::SEGV, Signal::BUS] {
        let mut action = sigaction(signal, None).unwrap();
        // Configure our signal handler if one is not already set. Ignore
        // the warnings about unpredictability since `SigDfl` isn't a real
        // function anyway.
        #[allow(unpredictable_function_pointer_comparisons)]
        if action.sa_handler_kernel == SIG_DFL {
            action.sa_flags = SigactionFlags::SIGINFO | SigactionFlags::ONSTACK;
            action.sa_handler_kernel = Some(mem::transmute(
                signal_handler as unsafe extern "C" fn(_, _, _),
            ));
            let _ = sigaction(signal, Some(action));
            NEED_ALTSTACK.store(true, Ordering::Relaxed);
        }
    }

    let handler = make_handler();
    MAIN_ALTSTACK.store(handler.data, Ordering::Relaxed);
    mem::forget(handler);
}

// Calling the cleanup function isn't necessary.
/*
pub unsafe fn cleanup() {
    drop_handler(MAIN_ALTSTACK.load(Ordering::Relaxed));
}
*/

unsafe fn get_stackp() -> *mut c_void {
    // OpenBSD requires this flag for stack mapping
    // otherwise the said mapping will fail as a no-op on most systems
    // and has a different meaning on FreeBSD
    #[cfg(any(target_os = "openbsd", target_os = "netbsd", target_os = "linux"))]
    let flags = MapFlags::PRIVATE | MapFlags::STACK;
    #[cfg(not(any(target_os = "openbsd", target_os = "netbsd", target_os = "linux")))]
    let flags = MapFlags::PRIVATE;
    let stackp = match mmap_anonymous(
        ptr::null_mut(),
        SIGSTKSZ + page_size(),
        ProtFlags::READ | ProtFlags::WRITE,
        flags,
    ) {
        Ok(stackp) => stackp,
        Err(err) => panic!("failed to allocate an alternative stack: {}", err),
    };
    match rustix::mm::mprotect(stackp, page_size(), rustix::mm::MprotectFlags::empty()) {
        Ok(guard_result) => guard_result,
        Err(err) => panic!("failed to set up alternative stack guard page: {}", err),
    };
    stackp.add(page_size())
}

unsafe fn get_stack() -> rustix::runtime::Stack {
    rustix::runtime::Stack {
        ss_sp: get_stackp(),
        ss_flags: 0,
        ss_size: SIGSTKSZ as _,
    }
}

unsafe fn make_handler() -> Handler {
    if !NEED_ALTSTACK.load(Ordering::Relaxed) {
        return Handler::null();
    }
    let mut stack = kernel_sigaltstack(None).unwrap();
    // Configure alternate signal stack, if one is not already set.
    if stack.ss_flags & SS_DISABLE != 0 {
        stack = get_stack();
        let _ = kernel_sigaltstack(Some(stack)).unwrap();
        Handler {
            data: stack.ss_sp as *mut c_void,
        }
    } else {
        Handler::null()
    }
}

unsafe fn drop_handler(data: *mut c_void) {
    if !data.is_null() {
        let stack = rustix::runtime::Stack {
            ss_sp: ptr::null_mut(),
            ss_flags: SS_DISABLE,
            // Workaround for bug in macOS implementation of sigaltstack
            // UNIX2003 which returns ENOMEM when disabling a stack while
            // passing ss_size smaller than MINSIGSTKSZ. According to POSIX
            // both ss_sp and ss_size should be ignored in this case.
            ss_size: SIGSTKSZ as _,
        };
        let _ = kernel_sigaltstack(Some(stack));
        // We know from `get_stackp` that the alternate stack we installed is part of a
        // mapping that started one page earlier, so walk back a page and unmap
        // from there.
        let _ = munmap(data.sub(page_size()), SIGSTKSZ + page_size());
    }
}