diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 204da807..6ad2c4c2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -132,6 +132,32 @@ jobs: RUSTFLAGS: -Dwarnings --cfg getrandom_backend="rdrand" run: cargo build --features=std + linux-raw: + name: Build Raw Linux + runs-on: ubuntu-24.04 + strategy: + matrix: + target: [ + arm-unknown-linux-gnueabihf, + aarch64-unknown-linux-gnu, + loongarch64-unknown-linux-gnu, + riscv32gc-unknown-linux-gnu, + riscv64gc-unknown-linux-gnu, + s390x-unknown-linux-gnu, + i686-unknown-linux-gnu, + x86_64-unknown-linux-gnu, + x86_64-unknown-linux-gnux32, + ] + steps: + - uses: actions/checkout@v4 + - uses: dtolnay/rust-toolchain@master + with: + toolchain: nightly-2025-02-15 + components: rust-src + - env: + RUSTFLAGS: -Dwarnings --cfg getrandom_backend="linux_raw" + run: cargo build -Zbuild-std=core --target=${{ matrix.target }} + web: name: ${{ matrix.target.description }} ${{ matrix.feature.description }} ${{ matrix.atomic.description }} runs-on: ubuntu-24.04 diff --git a/.github/workflows/nopanic.yaml b/.github/workflows/nopanic.yaml index 41e9f764..7ad20ce0 100644 --- a/.github/workflows/nopanic.yaml +++ b/.github/workflows/nopanic.yaml @@ -49,6 +49,13 @@ jobs: - name: Check (getrandom.rs) run: (exit $( grep -c panic target/release/libgetrandom_wrapper.so )) + - name: Build (linux_raw.rs) + env: + RUSTFLAGS: -Dwarnings --cfg getrandom_backend="linux_raw" + run: cargo build --release + - name: Check (linux_raw.rs) + run: (exit $( grep -c panic target/release/libgetrandom_wrapper.so )) + - name: Build (rdrand.rs) env: RUSTFLAGS: -Dwarnings --cfg getrandom_backend="rdrand" diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 5363968f..84b148b4 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -57,6 +57,10 @@ jobs: RUSTFLAGS: -Dwarnings --cfg getrandom_backend="linux_getrandom" RUSTDOCFLAGS: -Dwarnings --cfg getrandom_backend="linux_getrandom" run: cargo test --target=${{ matrix.target }} --features=std + - env: + RUSTFLAGS: -Dwarnings --cfg getrandom_backend="linux_raw" + RUSTDOCFLAGS: -Dwarnings --cfg getrandom_backend="linux_raw" + run: cargo test --target=${{ matrix.target }} --features=std - env: RUSTFLAGS: -Dwarnings --cfg getrandom_test_linux_fallback RUSTDOCFLAGS: -Dwarnings --cfg getrandom_test_linux_fallback diff --git a/.github/workflows/workspace.yml b/.github/workflows/workspace.yml index f1e44b42..29c0d5ab 100644 --- a/.github/workflows/workspace.yml +++ b/.github/workflows/workspace.yml @@ -57,6 +57,10 @@ jobs: run: cargo clippy --target x86_64-unknown-linux-gnu - name: Linux (linux_android_with_fallback.rs) run: cargo clippy --target x86_64-unknown-linux-gnu + - name: Linux (linux_raw.rs) + env: + RUSTFLAGS: -Dwarnings --cfg getrandom_backend="linux_raw" + run: cargo clippy --target x86_64-unknown-linux-gnu - name: NetBSD (netbsd.rs) run: cargo clippy -Zbuild-std=core --target x86_64-unknown-netbsd - name: Fortranix SGX (rdrand.rs) diff --git a/Cargo.toml b/Cargo.toml index 2441555b..69794a08 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -31,7 +31,7 @@ compiler_builtins = { version = "0.1", optional = true } core = { version = "1.0", optional = true, package = "rustc-std-workspace-core" } # getrandom / linux_android_with_fallback -[target.'cfg(all(any(target_os = "linux", target_os = "android"), not(any(getrandom_backend = "custom", getrandom_backend = "rdrand", getrandom_backend = "rndr"))))'.dependencies] +[target.'cfg(all(any(target_os = "linux", target_os = "android"), not(any(getrandom_backend = "custom", getrandom_backend = "linux_raw", getrandom_backend = "rdrand", getrandom_backend = "rndr"))))'.dependencies] libc = { version = "0.2.154", default-features = false } # apple-other @@ -81,7 +81,7 @@ wasm-bindgen-test = "0.3" [lints.rust.unexpected_cfgs] level = "warn" check-cfg = [ - 'cfg(getrandom_backend, values("custom", "rdrand", "rndr", "linux_getrandom", "wasm_js"))', + 'cfg(getrandom_backend, values("custom", "rdrand", "rndr", "linux_getrandom", "linux_raw", "wasm_js"))', 'cfg(getrandom_msan)', 'cfg(getrandom_test_linux_fallback)', 'cfg(getrandom_test_linux_without_fallback)', diff --git a/README.md b/README.md index 79082409..0c0a348f 100644 --- a/README.md +++ b/README.md @@ -80,6 +80,7 @@ of randomness based on their specific needs: | Backend name | Target | Target Triple | Implementation | ----------------- | -------------------- | ------------------------ | -------------- | `linux_getrandom` | Linux, Android | `*‑linux‑*` | [`getrandom`][1] system call (without `/dev/urandom` fallback). Bumps minimum supported Linux kernel version to 3.17 and Android API level to 23 (Marshmallow). +| `linux_raw` | Linux, Android | `*‑linux‑*` | Same as `linux_getrandom`, but uses raw `asm!`-based syscalls instead of `libc`. | `rdrand` | x86, x86-64 | `x86_64-*`, `i686-*` | [`RDRAND`] instruction | `rndr` | AArch64 | `aarch64-*` | [`RNDR`] register | `wasm_js` | Web Browser, Node.js | `wasm32‑unknown‑unknown`, `wasm32v1-none` | [`Crypto.getRandomValues`]. Requires feature `wasm_js` ([see below](#webassembly-support)). @@ -110,6 +111,15 @@ WILL NOT have any effect on its downstream users. [`.cargo/config.toml`]: https://doc.rust-lang.org/cargo/reference/config.html +### Raw Linux syscall support + +Currently the `linux_raw` backend supports only targets with stabilized `asm!` macro, +i.e. `arm`, `aarch64`, `loongarch64`, `riscv32`, `riscv64`, `s390x`, `x86`, and `x86_64`. + +Note that the raw syscall backend may be slower than backends based on `libc::getrandom`, +e.g. it does not implement vDSO optimizations and on `x86` it uses the infamously slow +`int 0x80` instruction to perform syscall. + ### WebAssembly support This crate fully supports the [WASI] and [Emscripten] targets. However, diff --git a/src/backends.rs b/src/backends.rs index 3b98a61d..af66e54e 100644 --- a/src/backends.rs +++ b/src/backends.rs @@ -13,6 +13,9 @@ cfg_if! { } else if #[cfg(getrandom_backend = "linux_getrandom")] { mod getrandom; pub use getrandom::*; + } else if #[cfg(getrandom_backend = "linux_raw")] { + mod linux_raw; + pub use linux_raw::*; } else if #[cfg(getrandom_backend = "rdrand")] { mod rdrand; pub use rdrand::*; diff --git a/src/backends/linux_raw.rs b/src/backends/linux_raw.rs new file mode 100644 index 00000000..a601f07b --- /dev/null +++ b/src/backends/linux_raw.rs @@ -0,0 +1,139 @@ +//! Implementation for Linux / Android using `asm!`-based syscalls. +use crate::{Error, MaybeUninit}; + +pub use crate::util::{inner_u32, inner_u64}; + +#[cfg(not(any(target_os = "android", target_os = "linux")))] +compile_error!("`linux_raw` backend can be enabled only for Linux/Android targets!"); + +#[allow(non_upper_case_globals)] +unsafe fn getrandom_syscall(buf: *mut u8, buflen: usize, flags: u32) -> isize { + let r0; + + // Based on `rustix` and `linux-raw-sys` code. + cfg_if! { + if #[cfg(target_arch = "arm")] { + const __NR_getrandom: u32 = 384; + // In thumb-mode, r7 is the frame pointer and is not permitted to be used in + // an inline asm operand, so we have to use a different register and copy it + // into r7 inside the inline asm. + // Theoretically, we could detect thumb mode in the build script, but several + // register moves are cheap enough compared to the syscall cost, so we do not + // bother with it. + core::arch::asm!( + "mov {tmp}, r7", + "mov r7, {nr}", + "svc 0", + "mov r7, {tmp}", + nr = const __NR_getrandom, + tmp = out(reg) _, + inlateout("r0") buf => r0, + in("r1") buflen, + in("r2") flags, + options(nostack, preserves_flags) + ); + } else if #[cfg(target_arch = "aarch64")] { + const __NR_getrandom: u32 = 278; + core::arch::asm!( + "svc 0", + in("x8") __NR_getrandom, + inlateout("x0") buf => r0, + in("x1") buflen, + in("x2") flags, + options(nostack, preserves_flags) + ); + } else if #[cfg(target_arch = "loongarch64")] { + const __NR_getrandom: u32 = 278; + core::arch::asm!( + "syscall 0", + in("$a7") __NR_getrandom, + inlateout("$a0") buf => r0, + in("$a1") buflen, + in("$a2") flags, + options(nostack, preserves_flags) + ); + } else if #[cfg(any(target_arch = "riscv32", target_arch = "riscv64"))] { + const __NR_getrandom: u32 = 278; + core::arch::asm!( + "ecall", + in("a7") __NR_getrandom, + inlateout("a0") buf => r0, + in("a1") buflen, + in("a2") flags, + options(nostack, preserves_flags) + ); + } else if #[cfg(target_arch = "s390x")] { + const __NR_getrandom: u32 = 349; + core::arch::asm!( + "svc 0", + in("r1") __NR_getrandom, + inlateout("r2") buf => r0, + in("r3") buflen, + in("r4") flags, + options(nostack, preserves_flags) + ); + } else if #[cfg(target_arch = "x86")] { + const __NR_getrandom: u32 = 355; + // `int 0x80` is famously slow, but implementing vDSO is too complex + // and `sysenter`/`syscall` have their own portability issues, + // so we use the simple "legacy" way of doing syscalls. + core::arch::asm!( + "int $$0x80", + in("eax") __NR_getrandom, + in("ebx") buf, + in("ecx") buflen, + in("edx") flags, + lateout("eax") r0, + options(nostack, preserves_flags) + ); + } else if #[cfg(target_arch = "x86_64")] { + #[cfg(target_pointer_width = "64")] + const __NR_getrandom: u32 = 318; + #[cfg(target_pointer_width = "32")] + const __NR_getrandom: u32 = (1 << 30) + 318; + + core::arch::asm!( + "syscall", + in("rax") __NR_getrandom, + in("rdi") buf, + in("rsi") buflen, + in("rdx") flags, + lateout("rax") r0, + lateout("rcx") _, + lateout("r11") _, + options(nostack, preserves_flags) + ); + } else { + compile_error!("`linux_raw` backend does not support this target arch"); + } + } + + r0 +} + +#[inline] +pub fn fill_inner(mut dest: &mut [MaybeUninit]) -> Result<(), Error> { + // Value of this error code is stable across all target arches. + const EINTR: isize = -4; + + loop { + let ret = unsafe { getrandom_syscall(dest.as_mut_ptr().cast(), dest.len(), 0) }; + match usize::try_from(ret) { + Ok(0) => return Err(Error::UNEXPECTED), + Ok(len) => { + dest = dest.get_mut(len..).ok_or(Error::UNEXPECTED)?; + if dest.is_empty() { + return Ok(()); + } + } + Err(_) if ret == EINTR => continue, + Err(_) => { + let code: u32 = ret + .wrapping_neg() + .try_into() + .map_err(|_| Error::UNEXPECTED)?; + return Err(Error::from_os_error(code)); + } + } + } +}