Android/Linux/rdrand: Use once_cell::race::OnceBool instead of LazyBool.

briansmith · briansmith · commit 7b2d78d190ab · 2024-06-18T22:48:06.000-07:00
Remove src/lazy.rs.

`lazy::LazyBool` had "Last to win the race" semantics; when multiple
threads see an uninitialized LazyBool, all of them will calculate a
value. As they finish, each one will overwrite the value set by the
previous thread. If two threads calculate different values for the
boolean, then the value of the boolean can change during the period
where the threads are racing. This doesn't seem to be a huge issue
with the way it is currently used, but it is hard to reason about.

`once_cell::race::OnceBool` has "first to win the race" semantics. When
multiple threads see an uninitialized OnceBool, all of them will
calculate a vlaue. The first one to finish will write its value; the
rest will have their work ignored. Thus there is never any change in
the stored value at any point. This is much easier to reason about.

The different semantics come down to the fact that once_cell uses
`AtomicUsize::compare_exchange` whereas lazy.rs was using
`AtomicUsize::store`.
diff --git a/Cargo.toml b/Cargo.toml
@@ -13,6 +13,10 @@ exclude = [".*"]
 
 [dependencies]
 cfg-if = "1"
+once_cell = { version = "1.19.0", default-features = false, optional = true }
+
+[target.'cfg(any(target_os = "android", target_os = "linux", all(target_arch = "x86_64", target_env = "sgx")))'.dependencies]
+once_cell = { version = "1.19.0", default-features = false, features = ["race"] }
 
 # When built as part of libstd
 compiler_builtins = { version = "0.1", optional = true }
@@ -30,6 +34,10 @@ windows-targets = "0.52"
 [target.'cfg(all(any(target_arch = "wasm32", target_arch = "wasm64"), target_os = "unknown"))'.dependencies]
 wasm-bindgen = { version = "0.2.62", default-features = false, optional = true }
 js-sys = { version = "0.3", optional = true }
+
+[target.'cfg(any(target_arch = "x86", target_arch = "x86_64"))'.dev-dependencies]
+once_cell = { version = "1.19.0", default-features = false, features = ["race"] }
+
 [target.'cfg(all(any(target_arch = "wasm32", target_arch = "wasm64"), target_os = "unknown"))'.dev-dependencies]
 wasm-bindgen-test = "0.3.18"
 
@@ -40,7 +48,7 @@ std = []
 # Bumps minimum supported Linux kernel version to 3.17 and Android API level to 23 (Marshmallow).
 linux_disable_fallback = []
 # Feature to enable fallback RDRAND-based implementation on x86/x86_64
-rdrand = []
+rdrand = ["once_cell/race"]
 # Feature to enable JavaScript bindings on wasm*-unknown-unknown
 js = ["wasm-bindgen", "js-sys"]
 # Feature to enable custom RNG implementations
diff --git a/src/lazy.rs b/src/lazy.rs
diff --git a/src/lib.rs b/src/lib.rs
@@ -216,7 +216,6 @@ use crate::util::{slice_as_uninit_mut, slice_assume_init_mut};
 use core::mem::MaybeUninit;
 
 mod error;
-mod lazy;
 mod util;
 // To prevent a breaking change when targets are added, we always export the
 // register_custom_getrandom macro, so old Custom RNG crates continue to build.
diff --git a/src/linux_android_with_fallback.rs b/src/linux_android_with_fallback.rs
@@ -1,11 +1,12 @@
 //! Implementation for Linux / Android with `/dev/urandom` fallback
-use crate::{lazy::LazyBool, linux_android, use_file, util_libc::last_os_error, Error};
+use crate::{linux_android, use_file, util_libc::last_os_error, Error};
 use core::mem::MaybeUninit;
+use once_cell::race::OnceBool;
 
 pub fn getrandom_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     // getrandom(2) was introduced in Linux 3.17
-    static HAS_GETRANDOM: LazyBool = LazyBool::new();
-    if HAS_GETRANDOM.unsync_init(is_getrandom_available) {
+    static HAS_GETRANDOM: OnceBool = OnceBool::new();
+    if HAS_GETRANDOM.get_or_init(is_getrandom_available) {
         linux_android::getrandom_inner(dest)
     } else {
         use_file::getrandom_inner(dest)
diff --git a/src/rdrand.rs b/src/rdrand.rs
@@ -1,6 +1,7 @@
 //! RDRAND backend for x86(-64) targets
-use crate::{lazy::LazyBool, util::slice_as_uninit, Error};
+use crate::{util::slice_as_uninit, Error};
 use core::mem::{size_of, MaybeUninit};
+use once_cell::race::OnceBool;
 
 cfg_if! {
     if #[cfg(target_arch = "x86_64")] {
@@ -94,8 +95,8 @@ fn is_rdrand_good() -> bool {
 }
 
 pub fn getrandom_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
-    static RDRAND_GOOD: LazyBool = LazyBool::new();
-    if !RDRAND_GOOD.unsync_init(is_rdrand_good) {
+    static RDRAND_GOOD: OnceBool = OnceBool::new();
+    if !RDRAND_GOOD.get_or_init(is_rdrand_good) {
         return Err(Error::NO_RDRAND);
     }
     // SAFETY: After this point, we know rdrand is supported.
diff --git a/tests/rdrand.rs b/tests/rdrand.rs
@@ -6,8 +6,6 @@
 use getrandom::Error;
 #[macro_use]
 extern crate cfg_if;
-#[path = "../src/lazy.rs"]
-mod lazy;
 #[path = "../src/rdrand.rs"]
 mod rdrand;
 #[path = "../src/util.rs"]
