Re: [tip: x86/core] x86/ibt: Implement FineIBT-BHI mitigation
From: Peter Zijlstra
Date: Mon Mar 10 2025 - 12:05:05 EST
On Mon, Mar 10, 2025 at 05:00:47PM +0100, Miguel Ojeda wrote:
> On Wed, Feb 26, 2025 at 8:53 PM Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
> >
> > On Wed, Feb 26, 2025 at 12:54:35PM -0000, tip-bot2 for Peter Zijlstra wrote:
> >
> > > +config CC_HAS_KCFI_ARITY
> > > + def_bool $(cc-option,-fsanitize=kcfi -fsanitize-kcfi-arity)
> > > + depends on CC_IS_CLANG && !RUST
> > > +
> >
> > Miguel, can we work on fixing that !RUST dep?
>
> Thanks for the ping Peter -- we discussed `rustc` in the couple PRs
> that added it to LLVM back then, and I think the conclusion was that
> it shouldn't be a fundamental problem to add it to `rustc`.
>
> From a quick look, the Clang flag that eventually landed just emits
> one more `llvm.module.flags` and LLVM takes care of the rest. So it
> should be straightforward to add a `-Csanitize-kcfi-arity` in `rustc`
> and then pass it at the same time to both Clang and `rustc` in the
> kernel.
>
> But I may be missing something -- Cc'ing Ramon and Matthew, since they
> are the ones behind sanitizers and kCFI in upstream Rust.
>
> I added it to our list, and created an issue in upstream Rust for it:
>
> https://github.com/rust-lang/rust/issues/138311
> https://github.com/Rust-for-Linux/linux/issues/355
>
> I will also mention it in the meeting with upstream Rust in a couple days.
Thanks!, let me know if there's anything I can do. I'm happy to test
patches.