From: Gary Guo <gary@garyguo.net>
To: Miguel Ojeda <ojeda@kernel.org>
Cc: "Josh Poimboeuf" <jpoimboe@kernel.org>,
"Peter Zijlstra" <peterz@infradead.org>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Ingo Molnar" <mingo@redhat.com>,
"Borislav Petkov" <bp@alien8.de>,
"Dave Hansen" <dave.hansen@linux.intel.com>,
"Masahiro Yamada" <masahiroy@kernel.org>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
"Nathan Chancellor" <nathan@kernel.org>,
"Nicolas Schier" <nicolas@fjasle.eu>,
"Wedson Almeida Filho" <wedsonaf@gmail.com>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <benno.lossin@proton.me>,
"Andreas Hindborg" <a.hindborg@samsung.com>,
"Alice Ryhl" <aliceryhl@google.com>,
rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org,
patches@lists.linux.dev, "Daniel Borkmann" <daniel@iogearbox.net>
Subject: Re: [PATCH v2 2/6] x86/rust: support MITIGATION_RETPOLINE
Date: Wed, 24 Jul 2024 20:38:04 +0100 [thread overview]
Message-ID: <20240724203804.194290c1.gary@garyguo.net> (raw)
In-Reply-To: <20240724161501.1319115-3-ojeda@kernel.org>
On Wed, 24 Jul 2024 18:14:55 +0200
Miguel Ojeda <ojeda@kernel.org> wrote:
> Support `MITIGATION_RETPOLINE` by enabling the target features that
> Clang does.
>
> The existing target feature being enabled was a leftover from
> our old `rust` branch, and it is not enough: the target feature
> `retpoline-external-thunk` only implies `retpoline-indirect-calls`, but
> not `retpoline-indirect-branches` (see LLVM's `X86.td`), unlike Clang's
> flag of the same name `-mretpoline-external-thunk` which does imply both
> (see Clang's `lib/Driver/ToolChains/Arch/X86.cpp`).
>
> Without this, `objtool` would complain if enabled for Rust, e.g.:
>
> rust/core.o: warning: objtool:
> _R...escape_default+0x13: indirect jump found in RETPOLINE build
>
> In addition, change the comment to note that LLVM is the one disabling
> jump tables when retpoline is enabled, thus we do not need to use
> `-Zno-jump-tables` for Rust here -- see commit c58f2166ab39 ("Introduce
> the "retpoline" x86 mitigation technique ...") [1]:
>
> The goal is simple: avoid generating code which contains an indirect
> branch that could have its prediction poisoned by an attacker. In
> many cases, the compiler can simply use directed conditional
> branches and a small search tree. LLVM already has support for
> lowering switches in this way and the first step of this patch is
> to disable jump-table lowering of switches and introduce a pass to
> rewrite explicit indirectbr sequences into a switch over integers.
>
> As well as a live example at [2].
>
> These should be eventually enabled via `-Ctarget-feature` when `rustc`
> starts recognizing them (or via a new dedicated flag) [3].
>
> Cc: Daniel Borkmann <daniel@iogearbox.net>
> Link: https://github.com/llvm/llvm-project/commit/c58f2166ab3987f37cb0d7815b561bff5a20a69a [1]
> Link: https://godbolt.org/z/G4YPr58qG [2]
> Link: https://github.com/rust-lang/rust/issues/116852 [3]
> Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
Reviewed-by: Gary Guo <gary@garyguo.net>
> ---
> arch/x86/Makefile | 2 +-
> scripts/generate_rust_target.rs | 7 +++++++
> 2 files changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/Makefile b/arch/x86/Makefile
> index 801fd85c3ef6..e8214bff1aeb 100644
> --- a/arch/x86/Makefile
> +++ b/arch/x86/Makefile
> @@ -220,7 +220,7 @@ ifdef CONFIG_MITIGATION_RETPOLINE
> KBUILD_CFLAGS += $(RETPOLINE_CFLAGS)
> # Additionally, avoid generating expensive indirect jumps which
> # are subject to retpolines for small number of switch cases.
> - # clang turns off jump table generation by default when under
> + # LLVM turns off jump table generation by default when under
> # retpoline builds, however, gcc does not for x86. This has
> # only been fixed starting from gcc stable version 8.4.0 and
> # onwards, but not for older ones. See gcc bug #86952.
> diff --git a/scripts/generate_rust_target.rs b/scripts/generate_rust_target.rs
> index 641b713a033a..44952f0a3aac 100644
> --- a/scripts/generate_rust_target.rs
> +++ b/scripts/generate_rust_target.rs
> @@ -164,7 +164,14 @@ fn main() {
> );
> let mut features = "-3dnow,-3dnowa,-mmx,+soft-float".to_string();
> if cfg.has("MITIGATION_RETPOLINE") {
> + // The kernel uses `-mretpoline-external-thunk` (for Clang), which Clang maps to the
> + // target feature of the same name plus the other two target features in
> + // `clang/lib/Driver/ToolChains/Arch/X86.cpp`. These should be eventually enabled via
> + // `-Ctarget-feature` when `rustc` starts recognizing them (or via a new dedicated
> + // flag); see https://github.com/rust-lang/rust/issues/116852.
> features += ",+retpoline-external-thunk";
> + features += ",+retpoline-indirect-branches";
> + features += ",+retpoline-indirect-calls";
> }
> ts.push("features", features);
> ts.push("llvm-target", "x86_64-linux-gnu");
> --
> 2.45.2
next prev parent reply other threads:[~2024-07-24 19:38 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-24 16:14 [PATCH v2 0/6] Rust: support `CPU_MITIGATIONS` and enable `objtool` Miguel Ojeda
2024-07-24 16:14 ` [PATCH v2 1/6] rust: module: add static pointer to `{init,cleanup}_module()` Miguel Ojeda
2024-07-24 19:46 ` Gary Guo
2024-07-25 17:44 ` Miguel Ojeda
2024-07-25 17:46 ` Miguel Ojeda
2024-07-25 17:47 ` Miguel Ojeda
2024-07-30 11:18 ` Gary Guo
2024-07-24 16:14 ` [PATCH v2 2/6] x86/rust: support MITIGATION_RETPOLINE Miguel Ojeda
2024-07-24 19:38 ` Gary Guo [this message]
2024-07-24 16:14 ` [PATCH v2 3/6] x86/rust: support MITIGATION_RETHUNK Miguel Ojeda
2024-07-24 19:40 ` Gary Guo
2024-07-24 16:14 ` [PATCH v2 4/6] x86/rust: support MITIGATION_SLS Miguel Ojeda
2024-07-24 19:42 ` Gary Guo
2024-07-24 16:14 ` [PATCH v2 5/6] objtool: list `noreturn` Rust functions Miguel Ojeda
2024-07-24 19:35 ` Gary Guo
2024-07-25 8:33 ` Peter Zijlstra
2024-08-21 15:28 ` Gary Guo
2024-07-24 16:14 ` [PATCH v2 6/6] objtool/kbuild/rust: enable objtool for Rust Miguel Ojeda
2024-07-24 21:51 ` [PATCH v2 0/6] Rust: support `CPU_MITIGATIONS` and enable `objtool` Benno Lossin
2024-07-25 8:38 ` Peter Zijlstra
2024-07-25 9:53 ` Miguel Ojeda
2024-07-25 9:43 ` Alice Ryhl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240724203804.194290c1.gary@garyguo.net \
--to=gary@garyguo.net \
--cc=a.hindborg@samsung.com \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=bp@alien8.de \
--cc=daniel@iogearbox.net \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jpoimboe@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=masahiroy@kernel.org \
--cc=mingo@redhat.com \
--cc=nathan@kernel.org \
--cc=nicolas@fjasle.eu \
--cc=ojeda@kernel.org \
--cc=patches@lists.linux.dev \
--cc=peterz@infradead.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=wedsonaf@gmail.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox