Re: [tip: x86/core] x86/ibt: Implement FineIBT-BHI mitigation

[Ramon de C Valle]

On Mon, Mar 10, 2025 at 9:04 AM Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
>
> On Mon, Mar 10, 2025 at 05:00:47PM +0100, Miguel Ojeda wrote:
> > On Wed, Feb 26, 2025 at 8:53 PM Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
> > >
> > > On Wed, Feb 26, 2025 at 12:54:35PM -0000, tip-bot2 for Peter Zijlstra wrote:
> > >
> > > > +config CC_HAS_KCFI_ARITY
> > > > +     def_bool $(cc-option,-fsanitize=kcfi -fsanitize-kcfi-arity)
> > > > +     depends on CC_IS_CLANG && !RUST
> > > > +
> > >
> > > Miguel, can we work on fixing that !RUST dep?
> >
> > Thanks for the ping Peter -- we discussed `rustc` in the couple PRs
> > that added it to LLVM back then, and I think the conclusion was that
> > it shouldn't be a fundamental problem to add it to `rustc`.
> >
> > From a quick look, the Clang flag that eventually landed just emits
> > one more `llvm.module.flags` and LLVM takes care of the rest. So it
> > should be straightforward to add a `-Csanitize-kcfi-arity` in `rustc`
> > and then pass it at the same time to both Clang and `rustc` in the
> > kernel.
> >
> > But I may be missing something -- Cc'ing Ramon and Matthew, since they
> > are the ones behind sanitizers and kCFI in upstream Rust.
> >
> > I added it to our list, and created an issue in upstream Rust for it:
> >
> >     https://github.com/rust-lang/rust/issues/138311
> >     https://github.com/Rust-for-Linux/linux/issues/355
> >
> > I will also mention it in the meeting with upstream Rust in a couple days.
>
> Thanks!, let me know if there's anything I can do. I'm happy to test
> patches.

I've submitted a PR for it:
https://github.com/rust-lang/rust/pull/138368. Let me know if you're
able to give it a try.