From: Will Deacon <will@kernel.org>
To: Alice Ryhl <aliceryhl@google.com>
Cc: "Catalin Marinas" <catalin.marinas@arm.com>,
"Jamie Cunliffe" <Jamie.Cunliffe@arm.com>,
"Sami Tolvanen" <samitolvanen@google.com>,
"Nathan Chancellor" <nathan@kernel.org>,
"Conor Dooley" <conor@kernel.org>,
"Masahiro Yamada" <masahiroy@kernel.org>,
"Nicolas Schier" <nicolas@fjasle.eu>,
"Ard Biesheuvel" <ardb@kernel.org>,
"Marc Zyngier" <maz@kernel.org>,
"Mark Rutland" <mark.rutland@arm.com>,
"Mark Brown" <broonie@kernel.org>,
"Nick Desaulniers" <ndesaulniers@google.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Wedson Almeida Filho" <wedsonaf@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <benno.lossin@proton.me>,
"Andreas Hindborg" <a.hindborg@samsung.com>,
"Valentin Obst" <kernel@valentinobst.de>,
linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
rust-for-linux@vger.kernel.org, "Kees Cook" <kees@kernel.org>
Subject: Re: [PATCH v5] rust: support for shadow call stack sanitizer
Date: Tue, 20 Aug 2024 15:35:04 +0100 [thread overview]
Message-ID: <20240820143503.GD28338@willie-the-truck> (raw)
In-Reply-To: <20240806-shadow-call-stack-v5-1-26dccb829154@google.com>
On Tue, Aug 06, 2024 at 10:01:44AM +0000, Alice Ryhl wrote:
> This patch adds all of the flags that are needed to support the shadow
> call stack (SCS) sanitizer with Rust, and updates Kconfig to allow
> configurations that work.
Minor nit, but some folks have allergic reactions to "This patch".
See:
https://docs.kernel.org/process/submitting-patches.html#describe-your-changes
I think the commit message is much better now, though, so thank you for
adding so much more detail for v5. If you end up respinning anyway, you
could move this all to the imperative.
> Makefile | 1 +
> arch/arm64/Makefile | 3 +++
> init/Kconfig | 2 +-
> 3 files changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/Makefile b/Makefile
> index 44c02a6f60a1..eb01a26d8354 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -927,6 +927,7 @@ ifdef CONFIG_SHADOW_CALL_STACK
> ifndef CONFIG_DYNAMIC_SCS
> CC_FLAGS_SCS := -fsanitize=shadow-call-stack
> KBUILD_CFLAGS += $(CC_FLAGS_SCS)
> +KBUILD_RUSTFLAGS += -Zsanitizer=shadow-call-stack
> endif
> export CC_FLAGS_SCS
> endif
> diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
> index f6bc3da1ef11..b058c4803efb 100644
> --- a/arch/arm64/Makefile
> +++ b/arch/arm64/Makefile
> @@ -57,9 +57,11 @@ KBUILD_AFLAGS += $(call cc-option,-mabi=lp64)
> ifneq ($(CONFIG_UNWIND_TABLES),y)
> KBUILD_CFLAGS += -fno-asynchronous-unwind-tables -fno-unwind-tables
> KBUILD_AFLAGS += -fno-asynchronous-unwind-tables -fno-unwind-tables
> +KBUILD_RUSTFLAGS += -Cforce-unwind-tables=n
> else
> KBUILD_CFLAGS += -fasynchronous-unwind-tables
> KBUILD_AFLAGS += -fasynchronous-unwind-tables
> +KBUILD_RUSTFLAGS += -Cforce-unwind-tables=y -Zuse-sync-unwind=n
> endif
>
> ifeq ($(CONFIG_STACKPROTECTOR_PER_TASK),y)
> @@ -114,6 +116,7 @@ endif
>
> ifeq ($(CONFIG_SHADOW_CALL_STACK), y)
> KBUILD_CFLAGS += -ffixed-x18
> +KBUILD_RUSTFLAGS += -Zfixed-x18
> endif
>
> ifeq ($(CONFIG_CPU_BIG_ENDIAN), y)
> diff --git a/init/Kconfig b/init/Kconfig
> index fe76c5d0a72e..d857f6f90885 100644
> --- a/init/Kconfig
> +++ b/init/Kconfig
> @@ -1909,7 +1909,7 @@ config RUST
> depends on !MODVERSIONS
> depends on !GCC_PLUGINS
> depends on !RANDSTRUCT
> - depends on !SHADOW_CALL_STACK
> + depends on !SHADOW_CALL_STACK || RUSTC_VERSION >= 108000 && UNWIND_PATCH_PAC_INTO_SCS
Sorry, I didn't spot this in v4, but since UNWIND_PATCH_PAC_INTO_SCS is
specific to arm64 and the only other architecture selecting
ARCH_SUPPORTS_SHADOW_CALL_STACK is riscv, I can't help but feel it would
be cleaner to move this logic into the arch code selecting HAVE_RUST.
That is, it's up to the architecture to make sure that it has whatever
it needs for SCS to work with Rust if it claims to support Rust.
What do you think?
Will
next prev parent reply other threads:[~2024-08-20 14:36 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-06 10:01 [PATCH v5] rust: support for shadow call stack sanitizer Alice Ryhl
2024-08-06 19:37 ` Kees Cook
2024-08-06 20:27 ` Sami Tolvanen
2024-08-20 14:35 ` Will Deacon [this message]
2024-08-20 15:13 ` Alice Ryhl
2024-08-23 12:24 ` Will Deacon
2024-08-23 12:38 ` Alice Ryhl
2024-08-23 12:57 ` Will Deacon
2024-08-23 13:09 ` Alice Ryhl
2024-08-23 13:21 ` Will Deacon
2024-08-27 11:36 ` Alice Ryhl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240820143503.GD28338@willie-the-truck \
--to=will@kernel.org \
--cc=Jamie.Cunliffe@arm.com \
--cc=a.hindborg@samsung.com \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=ardb@kernel.org \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=broonie@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=conor@kernel.org \
--cc=gary@garyguo.net \
--cc=kees@kernel.org \
--cc=kernel@valentinobst.de \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=masahiroy@kernel.org \
--cc=maz@kernel.org \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=nicolas@fjasle.eu \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=samitolvanen@google.com \
--cc=wedsonaf@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox