Re: [PATCH] x86: Enable IBT in Rust if enabled in C

From: Matthew Maurer
Date: Tue Oct 10 2023 - 10:06:54 EST

Next message: Dan Carpenter: "Re: [PATCH 23/23] locktorture: Check the correct variable for allocation failure"
Previous message: Shuah Khan: "Re: linux-next: duplicate patches in the nolibc tree"
In reply to: Peter Zijlstra: "Re: [PATCH] x86: Enable IBT in Rust if enabled in C"
Next in thread: Peter Zijlstra: "Re: [PATCH] x86: Enable IBT in Rust if enabled in C"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Oct 10, 2023 at 1:12 AM Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
>
> On Mon, Oct 09, 2023 at 10:42:54PM +0000, Matthew Maurer wrote:
> > These flags are not made conditional on compiler support because at the
> > moment exactly one version of rustc supported, and that one supports
> > these flags.
> >
> > Building without these additional flags will manifest as objtool
> > printing a large number of errors about missing ENDBR and if CFI is
> > enabled (not currently possible) will result in incorrectly structured
> > function prefixes.
>
> Well, I would also imagine running it on actual IBT enabled hardware
> will get you a non-booting kernel.
>
> > Signed-off-by: Matthew Maurer <mmaurer@xxxxxxxxxx>
> > ---
> >
> > Split out the IBT additions as per
> > https://lkml.kernel.org/linux-fsdevel/CANiq72kK6ppBE7j=z7uua1cJMKaLoR5U3NUAZXT5MrNEs9ZhfQ@xxxxxxxxxxxxxx/
> >
> > arch/x86/Makefile | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/arch/x86/Makefile b/arch/x86/Makefile
> > index 5bfe5caaa444..941f7abf6dbf 100644
> > --- a/arch/x86/Makefile
> > +++ b/arch/x86/Makefile
> > @@ -81,6 +81,7 @@ ifeq ($(CONFIG_X86_KERNEL_IBT),y)
> > # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104816
> > #
> > KBUILD_CFLAGS += $(call cc-option,-fcf-protection=branch -fno-jump-tables)
> > +KBUILD_RUSTFLAGS += -Zcf-protection=branch -Zno-jump-tables
>
> One question, -Zcf-protection=branch, will that ever emit NOTRACK
> prefix? The kernel very explicitly does not support (enable) NOTRACK.
rustc does this via LLVM, so its code generation works very similarly to clang.
It does not create its own explicit NOTRACKs, but LLVM will by default
with just -Zcf-protection-branch.
I've linked a godbolt showing that at least for the basic case, your
no-jump-tables approach from clang ports over.
https://godbolt.org/z/bc4n6sq5q
Whether rust generates NOTRACK should end up being roughly equivalent
to whether clang generates it, and if LLVM gains a code generation
flag for NOTRACK being disallowed some day, we can pass that through
as well.
>
> > else
> > KBUILD_CFLAGS += $(call cc-option,-fcf-protection=none)
> > endif
> > --
> > 2.42.0.609.gbb76f46606-goog
> >

Next message: Dan Carpenter: "Re: [PATCH 23/23] locktorture: Check the correct variable for allocation failure"
Previous message: Shuah Khan: "Re: linux-next: duplicate patches in the nolibc tree"
In reply to: Peter Zijlstra: "Re: [PATCH] x86: Enable IBT in Rust if enabled in C"
Next in thread: Peter Zijlstra: "Re: [PATCH] x86: Enable IBT in Rust if enabled in C"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]