Re: [PATCH v2] rust: add flags for shadow call stack sanitizer
From: Alice Ryhl
Date: Tue Jun 04 2024 - 10:55:10 EST
On Tue, Jun 4, 2024 at 4:29 PM Will Deacon <will@xxxxxxxxxx> wrote:
>
> On Tue, Apr 30, 2024 at 11:09:25AM +0000, Alice Ryhl wrote:
> > Will Deacon <will@xxxxxxxxxx> wrote:
> > > On Tue, Mar 05, 2024 at 01:14:19PM +0100, Miguel Ojeda wrote:
> > >> Otherwise partially reverting to the `target.json` approach sounds good too.
> > >>
> > >> I added the `-Zuse-sync-unwind=n` to the list at
> > >> https://github.com/Rust-for-Linux/linux/issues/2. Given the default is
> > >> what we want, I have put it in the "Good to have" section.
> > >
> > > I think we have time to do this properly, like we did for the clang
> > > enablement a few years ago. In hindsight, avoiding hacks for the early
> > > toolchains back then was a really good idea because it meant we could
> > > rely on a solid baseline set of compiler features from the start.
> > >
> > > So, please can we fix this in rustc and just have SCS dependent on that?
> >
> > Just to keep you in the loop, I've posted a PR to make rustc recognize
> > the reserve-x18 target feature, so that the -Ctarget-feature=+reserve-x18
> > flag stops emitting a warning.
> >
> > This should be sufficient for adding support for CONFIG_DYNAMIC_SCS.
> >
> > You can find it here:
> > https://github.com/rust-lang/rust/pull/124323
> >
> > As for non-dynamic SCS, I plan to tackle that after the PR is merged.
> > See the "Future possibilities" section in the linked PR for more info on
> > that.
>
> Thanks for persevering with this, Alice. I read the pull request above,
> but it looks like you went with:
>
> https://github.com/rust-lang/rust/pull/124655
>
> instead, which was merged (hurrah!). Do we need anything else?
Yeah, it took a while, but I've managed to get a -Zfixed-x18 flag in.
It will be available starting with Rust 1.80, which will be released
on the 25th of July.
A few things:
1. The -Zsanitizer=shadow-call-stack flag still doesn't work because
the compiler thinks that the target doesn't support it. I'll fix this
eventually, but at least CONFIG_DYNAMIC_SCS works now.
2. I haven't convinced the Rust maintainers that -Zfixed-x18 is the
way to go long term (flags starting with -Z are unstable and may
change). Some of the maintainers want to instead add a x18-available
target feature (that is, the inverse of the current reserve-x18 target
feature), that you can disable with -Ctarget-feature=-x18-available.
And a few questions for you:
By the time support for 1.80 goes in, we are probably supporting more
than one Rust compiler. For pre-1.80 compilers, should we fall back to
-Ctarget-feature=+reserve-x18 (which emits a warning, but works), or
fail compilation?
Similarly, we should probably submit a fix to the stable branches so
that SCS+Rust doesn't silently break in a hard-to-debug way. Do you
prefer a backport with -Ctarget-feature=+reserve-x18 or one that fails
compilation?
Alice