Re: [tip: x86/core] x86/ibt: Implement FineIBT-BHI mitigation
From: Miguel Ojeda
Date: Mon Mar 10 2025 - 12:01:17 EST
On Wed, Feb 26, 2025 at 8:53 PM Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
>
> On Wed, Feb 26, 2025 at 12:54:35PM -0000, tip-bot2 for Peter Zijlstra wrote:
>
> > +config CC_HAS_KCFI_ARITY
> > + def_bool $(cc-option,-fsanitize=kcfi -fsanitize-kcfi-arity)
> > + depends on CC_IS_CLANG && !RUST
> > +
>
> Miguel, can we work on fixing that !RUST dep?
Thanks for the ping Peter -- we discussed `rustc` in the couple PRs
that added it to LLVM back then, and I think the conclusion was that
it shouldn't be a fundamental problem to add it to `rustc`.
>From a quick look, the Clang flag that eventually landed just emits
one more `llvm.module.flags` and LLVM takes care of the rest. So it
should be straightforward to add a `-Csanitize-kcfi-arity` in `rustc`
and then pass it at the same time to both Clang and `rustc` in the
kernel.
But I may be missing something -- Cc'ing Ramon and Matthew, since they
are the ones behind sanitizers and kCFI in upstream Rust.
I added it to our list, and created an issue in upstream Rust for it:
https://github.com/rust-lang/rust/issues/138311
https://github.com/Rust-for-Linux/linux/issues/355
I will also mention it in the meeting with upstream Rust in a couple days.
Cheers,
Miguel