Re: [PATCH v2 0/2] Rust KCFI support

From: Gatlin Newhouse
Date: Fri Aug 16 2024 - 20:14:00 EST

Next message: pr-tracker-bot: "Re: [git pull] vfs.git memcontrol oops fix"
Previous message: Sean Christopherson: "Re: [PATCH v4 4/4] KVM: SVM: Add Bus Lock Detect support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Aug 01, 2024 at 01:35:16PM UTC, Alice Ryhl wrote:
> The control flow integrity (kCFI) sanitizer is an important sanitizer
> that is often used in production. This patch series makes it possible to
> use kCFI and Rust together.
>
> The second patch in this series depends on the next version of [1],
> which Miguel will send soon. It also depends on [2].
>
> Link: https://lore.kernel.org/r/20240709160615.998336-12-ojeda@xxxxxxxxxx [1]
> Link: https://lore.kernel.org/r/20240730-target-json-arrays-v1-1-2b376fd0ecf4@xxxxxxxxxx [2]
> Signed-off-by: Alice Ryhl <aliceryhl@xxxxxxxxxx>
> ---
> Changes in v2:
> - Fix for FineIBT.
> - Add more info to commit messages and config descrptions.
> - Link to v1: https://lore.kernel.org/r/20240730-kcfi-v1-0-bbb948752a30@xxxxxxxxxx
>
> ---
> Alice Ryhl (1):
> cfi: add CONFIG_CFI_ICALL_NORMALIZE_INTEGERS
>
> Matthew Maurer (1):
> rust: cfi: add support for CFI_CLANG with Rust
>
> Makefile | 10 ++++++++++
> arch/Kconfig | 16 ++++++++++++++++
> arch/x86/Makefile | 4 ++++
> init/Kconfig | 4 +++-
> rust/Makefile | 2 +-
> scripts/generate_rust_target.rs | 1 +
> 6 files changed, 35 insertions(+), 2 deletions(-)

To test this patch: I started from v6.11-rc3 tag and applied the new version of
Miguel's RUSTC_VERSION_TEXT patch [1] and the Support Arrays in Target JSON
patch [2], before applying this patch. I am on Rust's beta channel and
Clang/LLVM 19.

I also built a v6.11-rc3 kernel without these patches to establish a baseline
for LKDTM output in dmesg when testing CFI [3]. I built the v6.11-rc3 kernel by
starting with an x86_64_defconfig, then enabling CFI_CLANG, CFI_PERMISSIVE, and
LKDTM.

When applying [1], there was an patch does not apply error. I had to manually
change the init/Kconfig RUSTC_VERSION_TEXT to Miguel's change in [1]. No issues
encountered applying [2] afterwards. Similarly, was able to automerge this
patch without any issues.

Then I built the kernel starting with x86_64_defconfig and enabling: RUST,
CFI_CLANG, CFI_ICALL_NORMALIZE_INTEGERS, CFI_PERMISSIVE and LKDTM. Compiled the
kernel, load into qemu with Busybox rootfs, test CFI within LKDTM per Kees's
blog [3]. I saw the same expected behavior from LKDTM after applying these
patches when compared with the behavior from LKDTM on a v6.11-rc3 build without
these patches.

Link: https://lore.kernel.org/lkml/20240808221138.873750-1-ojeda@xxxxxxxxxx/ [1]
Link: https://lore.kernel.org/all/20240730-target-json-arrays-v1-1-2b376fd0ecf4@xxxxxxxxxx/ [2]
Link: https://outflux.net/blog/archives/2019/11/20/experimenting-with-clang-cfi-on-upstream-linux/ [3]

Tested-by: Gatlin Newhouse <gatlin.newhouse@xxxxxxxxx>

--
Gatlin Newhouse

Next message: pr-tracker-bot: "Re: [git pull] vfs.git memcontrol oops fix"
Previous message: Sean Christopherson: "Re: [PATCH v4 4/4] KVM: SVM: Add Bus Lock Detect support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]