From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 36FFDC5321D for ; Mon, 26 Aug 2024 20:13:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:In-Reply-To:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=84+imUcc2WQeqq5EgbvH+Qq3jxOUGxYNo0zXpUNRF+8=; b=IJ32zA1SCwqaOajNzZg2OqVe2Z HqkIJ6/qk4FIXYIn+VzAv2Thh6oGNBXI7IIhPHwBvDKPJrMT97IeiI60Qhepn6LiYmxKt0MbwDrCs GcbRf7GhjhdYYoamf/Xxl/9S/bCyo1JjZXFJeiWzdzB7IfMuPPA4TVR+ofrVhzC6dHdhR9fu/3Peh verivTEXgfY78rSxxpfqxLUT8/4N4YZl0bkZcP/w0GgHDGEraIhJySW5TfcsNCv+CfOP9c0ql0l2n fGm0maTfdpbZ3Ibuy2QjztkDt/jVocoyFBPE6sd2zMFg6/5QIk22N7FBWGkCEW47lV5B/o3Qbrwin 1EirFQmg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1sig5P-00000008alZ-2eEG; Mon, 26 Aug 2024 20:13:11 +0000 Received: from nyc.source.kernel.org ([2604:1380:45d1:ec00::3]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1sig4Z-00000008abz-3PMM for linux-arm-kernel@lists.infradead.org; Mon, 26 Aug 2024 20:12:21 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id F3119A40B07; Mon, 26 Aug 2024 20:12:11 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7CCB9C8B7AA; Mon, 26 Aug 2024 20:12:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724703138; bh=rbSh8CmH7ijmLi8lho/8tDPvmVlxo2BscRK2x9bo/Fw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=j623cd1/U+2g5Dgk9F6SU74+/4hy9tkDdQijiKKVQX7xKpQBNo4w8X3i97Zf7AH8F MAKj58+DtCiZHysZnZEx2lzG5YffQiYv0rF4QKSblwO48L9HfCtNUJc0Sdma1dAAsZ uLvB0jqLlFH0/+HMVcyrpNgZRa9N9ECKg7CkzqZDBno2E68wM8nR00nmjey4zEwgN2 CcBz8SBJz7Id8HQwf/u5R/2caJ3aJ0SqTJPohbSxZ1IoFsoTuI1yayYYJUDCdRKiVP Dozcyqa6rOiFOK/+MYs6H5qwnxeg104wP4JMhxlMYxFuHwJi1JXdgVxKKaTGhqbJUW B08nfstphiQaA== Date: Mon, 26 Aug 2024 13:12:18 -0700 From: Kees Cook To: Alice Ryhl Cc: Catalin Marinas , Will Deacon , Ard Biesheuvel , Jamie Cunliffe , Sami Tolvanen , Nathan Chancellor , Conor Dooley , Masahiro Yamada , Nicolas Schier , Marc Zyngier , Mark Rutland , Mark Brown , Nick Desaulniers , Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , =?iso-8859-1?Q?Bj=F6rn?= Roy Baron , Benno Lossin , Andreas Hindborg , Valentin Obst , linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, rust-for-linux@vger.kernel.org Subject: Re: [PATCH v6] rust: support for shadow call stack sanitizer Message-ID: <202408261311.3C191659@keescook> References: <20240826-shadow-call-stack-v6-1-495a7e3eb0ef@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240826-shadow-call-stack-v6-1-495a7e3eb0ef@google.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240826_131219_995473_AEB5DB99 X-CRM114-Status: GOOD ( 25.13 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Mon, Aug 26, 2024 at 02:22:52PM +0000, Alice Ryhl wrote: > This patch adds all of the flags that are needed to support the shadow > call stack (SCS) sanitizer with Rust, and updates Kconfig to allow only > configurations that work. > > The -Zfixed-x18 flag is required to use SCS on arm64, and requires rustc > version 1.80.0 or greater. This restriction is reflected in Kconfig. > > When CONFIG_DYNAMIC_SCS is enabled, the build will be configured to > include unwind tables in the build artifacts. Dynamic SCS uses the > unwind tables at boot to find all places that need to be patched. The > -Cforce-unwind-tables=y flag ensures that unwind tables are available > for Rust code. > > In non-dynamic mode, the -Zsanitizer=shadow-call-stack flag is what > enables the SCS sanitizer. Using this flag requires rustc version 1.82.0 > or greater on the targets used by Rust in the kernel. This restriction > is reflected in Kconfig. > > It is possible to avoid the requirement of rustc 1.80.0 by using > -Ctarget-feature=+reserve-x18 instead of -Zfixed-x18. However, this flag > emits a warning during the build, so this patch does not add support for > using it and instead requires 1.80.0 or greater. > > The dependency is placed on `select HAVE_RUST` to avoid a situation > where enabling Rust silently turns off the sanitizer. Instead, turning > on the sanitizer results in Rust being disabled. We generally do not > want changes to CONFIG_RUST to result in any mitigations being changed > or turned off. > > At the time of writing, rustc 1.82.0 only exists via the nightly release > channel. There is a chance that the -Zsanitizer=shadow-call-stack flag > will end up needing 1.83.0 instead, but I think it is small. > > Signed-off-by: Alice Ryhl Thanks for continuing to chase this down. Reviewed-by: Kees Cook -- Kees Cook