-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
readdir_r
is deprecated as of glibc-2.24
#34668
Comments
Interesting! Are we sure that We also support back to glibc 2.5 I believe so we may want to make sure that 2.5-2.24 are all threadsafe before we stop using |
I don't know about all Unix platforms -- "modern" is deliciously vague. That needs to be investigated. The only difference in glibc's It should be ok to continue using the deprecated Actually, that CVE was not fixed in RHEL5, which I'm guessing is where you got the baseline of glibc 2.5. So I guess that's not a good idea to keep using it after all, for safety rather than deprecation. |
This essentially makes this issue inactionable until…
If we are concerned about the CVE thing, the only option in foreseeable future is to re-implement readdir by ourselves in the way we need it to be implemented (i.e. MT-safely) without calling out to the platform’s libc. ¹: Confirming that every target we currently support has a MT-safe implementation is not enough, because any target could easily make the function non-MT-safe without breaking any promises. |
I think that's overly strict. Surely there are other cases where we rely on effective platform behavior, not merely what is POSIX-required? |
Just to make sure I understand as well, this CVE business is only a problem if you're using a buggy glibc, right? If you're running with an updated glibc there's no reason to not use If that's the case I'm tempted to leave this as-is for now and give the world a chance to catch up with the |
Even with that particular bug fixed, One hassle of |
Aha, good point! I suspect it may not happen too much in practice though as I'm not sure I've ever seen a bug report with PRs are of course always welcome for the Solaris bits though! |
std: fix `readdir` errors for solaris A `NULL` from `readdir` could be the end of stream or an error. The only way to know is to check `errno`, so it must be set to a known value first, like a 0 that POSIX will never use. This currently only matters for solaris targets, as the other unix platforms are using `readdir_r` with a direct error return indication. However, this is getting deprecated (#34668) so they should all eventually switch to `readdir`. This PR adds `set_errno`, uses it to clear the value before calling `readdir`, then checks it again after to see the reason for a `NULL`. A few other small fixes are included just to get solaris compiling at all. I couldn't get cross-compilation completely going, so I don't have a good way to test this beyond a smoke-test cargo build of std. I'd appreciate input from someone more familiar with solaris -- cc @nbaksalyar?
Per readdir(3c) on Solaris:
So yes, you are correct. As for MT-Safe on Solaris, readdir(3c) provides this guidance:
...
This seems roughly equivalent to the guidance provided by glibc's man page. |
Ugh. And I just found a use case for the non-extant opendir_r. That is, to walk a directory in a fork() child. Hint: if you're multi-threaded it's not safe to call malloc() in a fork() child. |
…shtriplett fs: Use readdir() instead of readdir_r() on Linux and Android See rust-lang#40021 for more details. Fixes rust-lang#86649. Fixes rust-lang#34668.
Per bug 19056, glibc-2.24 has deprecated
readdir_r
andreaddir64_r
in favor of plainreaddir
andreaddir64
. The reasons are discussed on the updated manpage.It states that
readdir
is already thread-safe in "modern" implementations, including glibc. We should see if all platforms targeted byunix/fs.rs
satisfy this. Note that the Solaris (Illumos) port is already using plainreaddir
.It requires external synchronization if a particular directory stream may be shared among threads, but I believe we avoid that naturally from the lack of
&mut
aliasing.Dir
isSync
, but onlyReadDir
accesses it, and only from its mutableIterator
implementation.The text was updated successfully, but these errors were encountered: