unix: stack_start_aligned is a safe fn · patricklam/verify-rust-std@d167f00 (original) (raw)

`@@ -306,9 +306,8 @@ mod imp {

`

306

306

` ret

`

307

307

`}

`

308

308

``

309

``

`-

unsafe fn get_stack_start_aligned() -> Option<*mut libc::c_void> {

`

310

``

`-

let page_size = PAGE_SIZE.load(Ordering::Relaxed);

`

311

``

`-

let stackptr = get_stack_start()?;

`

``

309

`+

fn stack_start_aligned(page_size: usize) -> Option<*mut libc::c_void> {

`

``

310

`+

let stackptr = unsafe { get_stack_start()? };

`

312

311

`let stackaddr = stackptr.addr();

`

313

312

``

314

313

`// Ensure stackaddr is page aligned! A parent process might

`

`@@ -345,6 +344,7 @@ mod imp {

`

345

344

`}

`

346

345

`}

`

347

346

``

``

347

`+

#[forbid(unsafe_op_in_unsafe_fn)]

`

348

348

`unsafe fn install_main_guard_linux(page_size: usize) -> Option<Range> {

`

349

349

`// Linux doesn't allocate the whole stack right away, and

`

350

350

`// the kernel has its own stack-guard mechanism to fault

`

`@@ -356,11 +356,12 @@ mod imp {

`

356

356

`// Instead, we'll just note where we expect rlimit to start

`

357

357

`// faulting, so our handler can report "stack overflow", and

`

358

358

`// trust that the kernel's own stack guard will work.

`

359

``

`-

let stackptr = get_stack_start_aligned()?;

`

``

359

`+

let stackptr = stack_start_aligned(page_size)?;

`

360

360

`let stackaddr = stackptr.addr();

`

361

361

`Some(stackaddr - page_size..stackaddr)

`

362

362

`}

`

363

363

``

``

364

`+

#[forbid(unsafe_op_in_unsafe_fn)]

`

364

365

`unsafe fn install_main_guard_linux_musl(_page_size: usize) -> Option<Range> {

`

365

366

`// For the main thread, the musl's pthread_attr_getstack

`

366

367

`// returns the current stack size, rather than maximum size

`

`@@ -374,7 +375,7 @@ mod imp {

`

374

375

`// at the bottom. If we try to remap the bottom of the stack

`

375

376

`// ourselves, FreeBSD's guard page moves upwards. So we'll just use

`

376

377

`// the builtin guard page.

`

377

``

`-

let stackptr = get_stack_start_aligned()?;

`

``

378

`+

let stackptr = stack_start_aligned(page_size)?;

`

378

379

`let guardaddr = stackptr.addr();

`

379

380

`// Technically the number of guard pages is tunable and controlled

`

380

381

`// by the security.bsd.stack_guard_page sysctl.

`

`@@ -405,6 +406,7 @@ mod imp {

`

405

406

`Some(guardaddr..guardaddr + pages * page_size)

`

406

407

`}

`

407

408

``

``

409

`+

#[forbid(unsafe_op_in_unsafe_fn)]

`

408

410

`unsafe fn install_main_guard_bsds(page_size: usize) -> Option<Range> {

`

409

411

`// OpenBSD stack already includes a guard page, and stack is

`

410

412

`// immutable.

`

`@@ -413,7 +415,7 @@ mod imp {

`

413

415

`// We'll just note where we expect rlimit to start

`

414

416

`// faulting, so our handler can report "stack overflow", and

`

415

417

`// trust that the kernel's own stack guard will work.

`

416

``

`-

let stackptr = get_stack_start_aligned()?;

`

``

418

`+

let stackptr = stack_start_aligned(page_size)?;

`

417

419

`let stackaddr = stackptr.addr();

`

418

420

`Some(stackaddr - page_size..stackaddr)

`

419

421

`}

`

`@@ -427,7 +429,7 @@ mod imp {

`

427

429

`// than the initial mmap() used, so we mmap() here with

`

428

430

`// read/write permissions and only then mprotect() it to

`

429

431

`// no permissions at all. See issue #50313.

`

430

``

`-

let stackptr = get_stack_start_aligned()?;

`

``

432

`+

let stackptr = stack_start_aligned(page_size)?;

`

431

433

`let result = mmap64(

`

432

434

` stackptr,

`

433

435

` page_size,

`