Use getrandom for generating HashMap seed

rust-lang · Dec 18, 2020 · 688ba4b · 688ba4b
1 parent 8d006c0
commit 688ba4b
Show file tree

Hide file tree

Showing 16 changed files with 28 additions and 378 deletions.
diff --git a/Cargo.lock b/Cargo.lock
@@ -1284,7 +1284,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ee8025cf36f917e6a52cce185b7c7177689b838b7ec138364e50cc2277a56cf4"
 dependencies = [
  "cfg-if 0.1.10",
+ "compiler_builtins",
  "libc",
+ "rustc-std-workspace-core",
  "wasi",
 ]
 
@@ -4692,6 +4694,7 @@ dependencies = [
  "core",
  "dlmalloc",
  "fortanix-sgx-abi",
+ "getrandom 0.2.0",
  "hashbrown",
  "hermit-abi",
  "libc",

diff --git a/library/std/Cargo.toml b/library/std/Cargo.toml
@@ -21,6 +21,11 @@ compiler_builtins = { version = "0.1.35" }
 profiler_builtins = { path = "../profiler_builtins", optional = true }
 unwind = { path = "../unwind" }
 hashbrown = { version = "0.9.0", default-features = false, features = ['rustc-dep-of-std'] }
+# RDRAND feature is needed for SGX targets, but will work on other x86(-64) targets
+# unsupported in `getrandom` by default
+# FIXME: remove the Hermit part after its support will be added to `getrandom`
+[target.'cfg(not(any(all(target_arch = "wasm32", target_vendor = "unknown", target_os = "unknown")), all(target_arch = "aarch64", target_os = "hermit")))'.dependencies]
+getrandom = { version = "0.2.0", features = ['rustc-dep-of-std', 'rdrand'] }
 
 # Dependencies of the `backtrace` crate
 addr2line = { version = "0.14.0", optional = true, default-features = false }

diff --git a/library/std/src/collections/hash/map.rs b/library/std/src/collections/hash/map.rs
@@ -13,7 +13,6 @@ use crate::fmt::{self, Debug};
 use crate::hash::{BuildHasher, Hash, Hasher, SipHasher13};
 use crate::iter::{FromIterator, FusedIterator};
 use crate::ops::Index;
-use crate::sys;
 
 /// A hash map implemented with quadratic probing and SIMD lookup.
 ///
@@ -2783,13 +2782,24 @@ impl RandomState {
         // iteration order allows a form of DOS attack. To counter that we
         // increment one of the seeds on every RandomState creation, giving
         // every corresponding HashMap a different iteration order.
-        thread_local!(static KEYS: Cell<(u64, u64)> = {
-            Cell::new(sys::hashmap_random_keys())
+        thread_local!(static KEYS: Cell<[u64; 2]> = {
+            let mut buf = [0u8; 16];
+            // Use a constant seed on `wasm32-unknown-unknown` and Hermit targets.
+            // FIXME: remove the Hermit part after its support will be added to `getrandom`
+            // TODO: replace the WASM part with `cfg(target = "..")`:
+            // https://github.com/rust-lang/rust/issues/63217
+            #[cfg(not(any(
+                all(target_arch = "wasm32", target_vendor = "unknown", target_os = "unknown"),
+                all(target_arch = "aarch64", target_os = "hermit"),
+            )))]
+            getrandom::getrandom(&mut buf).expect("failed to get system entropy");
+            let n = u128::from_ne_bytes(buf);
+            Cell::new([n as u64, (n >> 64) as u64])
         });
 
         KEYS.with(|keys| {
-            let (k0, k1) = keys.get();
-            keys.set((k0.wrapping_add(1), k1));
+            let [k0, k1] = keys.get();
+            keys.set([k0.wrapping_add(1), k1]);
             RandomState { k0, k1 }
         })
     }

diff --git a/library/std/src/sys/hermit/mod.rs b/library/std/src/sys/hermit/mod.rs
@@ -83,11 +83,6 @@ pub fn abort_internal() -> ! {
     }
 }
 
-// FIXME: just a workaround to test the system
-pub fn hashmap_random_keys() -> (u64, u64) {
-    (1, 2)
-}
-
 // This function is needed by the panic runtime. The symbol is named in
 // pre-link args for the target specification, so keep that in sync.
 #[cfg(not(test))]

diff --git a/library/std/src/sys/sgx/mod.rs b/library/std/src/sys/sgx/mod.rs
@@ -142,24 +142,6 @@ pub extern "C" fn __rust_abort() {
     abort_internal();
 }
 
-pub mod rand {
-    pub fn rdrand64() -> u64 {
-        unsafe {
-            let mut ret: u64 = 0;
-            for _ in 0..10 {
-                if crate::arch::x86_64::_rdrand64_step(&mut ret) == 1 {
-                    return ret;
-                }
-            }
-            rtabort!("Failed to obtain random data");
-        }
-    }
-}
-
-pub fn hashmap_random_keys() -> (u64, u64) {
-    (self::rand::rdrand64(), self::rand::rdrand64())
-}
-
 pub use crate::sys_common::{AsInner, FromInner, IntoInner};
 
 pub trait TryIntoInner<Inner>: Sized {

diff --git a/library/std/src/sys/unix/mod.rs b/library/std/src/sys/unix/mod.rs
@@ -34,7 +34,6 @@ pub use crate::os::redox as platform;
 #[cfg(all(not(doc), target_os = "solaris"))]
 pub use crate::os::solaris as platform;
 
-pub use self::rand::hashmap_random_keys;
 pub use libc::strlen;
 
 #[macro_use]
@@ -65,7 +64,6 @@ pub mod os;
 pub mod path;
 pub mod pipe;
 pub mod process;
-pub mod rand;
 pub mod rwlock;
 pub mod stack_overflow;
 pub mod stdio;

diff --git a/library/std/src/sys/unix/rand.rs b/library/std/src/sys/unix/rand.rs
diff --git a/library/std/src/sys/unsupported/common.rs b/library/std/src/sys/unsupported/common.rs
@@ -29,10 +29,6 @@ pub fn abort_internal() -> ! {
     core::intrinsics::abort();
 }
 
-pub fn hashmap_random_keys() -> (u64, u64) {
-    (1, 2)
-}
-
 // This enum is used as the storage for a bunch of types which can't actually
 // exist.
 #[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, Debug, Hash)]

diff --git a/library/std/src/sys/vxworks/mod.rs b/library/std/src/sys/vxworks/mod.rs
@@ -3,7 +3,6 @@
 
 use crate::io::ErrorKind;
 
-pub use self::rand::hashmap_random_keys;
 pub use crate::os::vxworks as platform;
 pub use libc::strlen;
 
@@ -41,7 +40,6 @@ pub mod path;
 #[path = "../unix/pipe.rs"]
 pub mod pipe;
 pub mod process;
-pub mod rand;
 #[path = "../unix/rwlock.rs"]
 pub mod rwlock;
 #[path = "../unix/stack_overflow.rs"]