unix: stack_start_aligned is a safe fn · model-checking/verify-rust-std@d167f00
@@ -306,9 +306,8 @@ mod imp {
306306 ret
307307}
308308309-unsafe fn get_stack_start_aligned() -> Option<*mut libc::c_void> {
310-let page_size = PAGE_SIZE.load(Ordering::Relaxed);
311-let stackptr = get_stack_start()?;
309+fn stack_start_aligned(page_size: usize) -> Option<*mut libc::c_void> {
310+let stackptr = unsafe { get_stack_start()? };
312311let stackaddr = stackptr.addr();
313312314313// Ensure stackaddr is page aligned! A parent process might
@@ -345,6 +344,7 @@ mod imp {
345344}
346345}
347346347+#[forbid(unsafe_op_in_unsafe_fn)]
348348unsafe fn install_main_guard_linux(page_size: usize) -> Option<Range<usize>> {
349349// Linux doesn't allocate the whole stack right away, and
350350// the kernel has its own stack-guard mechanism to fault
@@ -356,11 +356,12 @@ mod imp {
356356// Instead, we'll just note where we expect rlimit to start
357357// faulting, so our handler can report "stack overflow", and
358358// trust that the kernel's own stack guard will work.
359-let stackptr = get_stack_start_aligned()?;
359+let stackptr = stack_start_aligned(page_size)?;
360360let stackaddr = stackptr.addr();
361361Some(stackaddr - page_size..stackaddr)
362362}
363363364+#[forbid(unsafe_op_in_unsafe_fn)]
364365unsafe fn install_main_guard_linux_musl(_page_size: usize) -> Option<Range<usize>> {
365366// For the main thread, the musl's pthread_attr_getstack
366367// returns the current stack size, rather than maximum size
@@ -374,7 +375,7 @@ mod imp {
374375// at the bottom. If we try to remap the bottom of the stack
375376// ourselves, FreeBSD's guard page moves upwards. So we'll just use
376377// the builtin guard page.
377-let stackptr = get_stack_start_aligned()?;
378+let stackptr = stack_start_aligned(page_size)?;
378379let guardaddr = stackptr.addr();
379380// Technically the number of guard pages is tunable and controlled
380381// by the security.bsd.stack_guard_page sysctl.
@@ -405,6 +406,7 @@ mod imp {
405406Some(guardaddr..guardaddr + pages * page_size)
406407}
407408409+#[forbid(unsafe_op_in_unsafe_fn)]
408410unsafe fn install_main_guard_bsds(page_size: usize) -> Option<Range<usize>> {
409411// OpenBSD stack already includes a guard page, and stack is
410412// immutable.
@@ -413,7 +415,7 @@ mod imp {
413415// We'll just note where we expect rlimit to start
414416// faulting, so our handler can report "stack overflow", and
415417// trust that the kernel's own stack guard will work.
416-let stackptr = get_stack_start_aligned()?;
418+let stackptr = stack_start_aligned(page_size)?;
417419let stackaddr = stackptr.addr();
418420Some(stackaddr - page_size..stackaddr)
419421}
@@ -427,7 +429,7 @@ mod imp {
427429// than the initial mmap() used, so we mmap() here with
428430// read/write permissions and only then mprotect() it to
429431// no permissions at all. See issue #50313.
430-let stackptr = get_stack_start_aligned()?;
432+let stackptr = stack_start_aligned(page_size)?;
431433let result = mmap64(
432434 stackptr,
433435 page_size,