Re: [PATCH v2 0/2] Rust KCFI support

From: Kees Cook
Date: Tue Aug 06 2024 - 15:31:51 EST


On Thu, Aug 01, 2024 at 01:35:16PM +0000, Alice Ryhl wrote:
> The control flow integrity (kCFI) sanitizer is an important sanitizer
> that is often used in production. This patch series makes it possible to
> use kCFI and Rust together.
>
> The second patch in this series depends on the next version of [1],
> which Miguel will send soon. It also depends on [2].
>
> Link: https://lore.kernel.org/r/20240709160615.998336-12-ojeda@xxxxxxxxxx [1]
> Link: https://lore.kernel.org/r/20240730-target-json-arrays-v1-1-2b376fd0ecf4@xxxxxxxxxx [2]
> Signed-off-by: Alice Ryhl <aliceryhl@xxxxxxxxxx>
> ---
> Changes in v2:
> - Fix for FineIBT.
> - Add more info to commit messages and config descrptions.
> - Link to v1: https://lore.kernel.org/r/20240730-kcfi-v1-0-bbb948752a30@xxxxxxxxxx
>
> ---
> Alice Ryhl (1):
> cfi: add CONFIG_CFI_ICALL_NORMALIZE_INTEGERS
>
> Matthew Maurer (1):
> rust: cfi: add support for CFI_CLANG with Rust
>
> Makefile | 10 ++++++++++
> arch/Kconfig | 16 ++++++++++++++++
> arch/x86/Makefile | 4 ++++
> init/Kconfig | 4 +++-
> rust/Makefile | 2 +-
> scripts/generate_rust_target.rs | 1 +
> 6 files changed, 35 insertions(+), 2 deletions(-)

This is great to have! I assume this will go via the Rust tree, so:

Acked-by: Kees Cook <kees@xxxxxxxxxx>

--
Kees Cook