rustix UB if noreturn syscall actually returns

UB if noreturn syscall actually returns

Open rusty-snake opened this issue 7 months ago • 5 comments

trafficstars

https://github.com/bytecodealliance/rustix/blob/cb01fbe4660844b67fdd4eee2a5f769518f6a655/src/backend/linux_raw/arch/x86_64.rs#L55-L63

https://github.com/bytecodealliance/rustix/blob/cb01fbe4660844b67fdd4eee2a5f769518f6a655/src/backend/linux_raw/runtime/syscalls.rs#L143-L146

Every syscall may return

Every syscall may return with any value because of seccomp-bpf.

This includes pure syscalls like getuid that may return the current uid as 4294967295_u32 (-EPERM) or exit/exit_group returning. While such seccomp-bpf filters will have huge compatibility problems and are unlikely in real-world, they must be handled in a safe way.

In the case of exit/exit_group there are two safe possibilities that maintain -> ! to the caller:

Infinity loop

// Note that this is a pseudo example. If the `sys_exit` function is `-> !`,
// Rust is free to remove the loop because returning from `-> !` is UB.
// The loop must be implemented in assembly with a backward jump
// if the `asm!` is marked `noreturn` as return from the `noreturn`-`asm!`
// is already UB.
loop {
    sys_exit(code)
}

Segfault, i.e. ud2 (x86-64) after the syscall.

Apr 05 '25 09:04 rusty-snake

rustix rustix copied to clipboard

UB if noreturn syscall actually returns

Every syscall may return

rustix
rustix copied to clipboard