From: Alice Ryhl <aliceryhl@google.com>
To: Nathan Chancellor <nathan@kernel.org>
Cc: "Catalin Marinas" <catalin.marinas@arm.com>,
"Will Deacon" <will@kernel.org>,
"Jamie Cunliffe" <Jamie.Cunliffe@arm.com>,
"Sami Tolvanen" <samitolvanen@google.com>,
"Masahiro Yamada" <masahiroy@kernel.org>,
"Nicolas Schier" <nicolas@fjasle.eu>,
"Ard Biesheuvel" <ardb@kernel.org>,
"Marc Zyngier" <maz@kernel.org>,
"Mark Rutland" <mark.rutland@arm.com>,
"Mark Brown" <broonie@kernel.org>,
"Nick Desaulniers" <ndesaulniers@google.com>,
"Kees Cook" <keescook@chromium.org>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Wedson Almeida Filho" <wedsonaf@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <benno.lossin@proton.me>,
"Andreas Hindborg" <a.hindborg@samsung.com>,
"Valentin Obst" <kernel@valentinobst.de>,
linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
rust-for-linux@vger.kernel.org, stable@vger.kernel.org
Subject: Re: [PATCH v3 1/2] rust: SHADOW_CALL_STACK is incompatible with Rust
Date: Mon, 29 Jul 2024 16:25:00 +0200 [thread overview]
Message-ID: <CAH5fLgi-4FMeXQf2DjFYX85fPrfs8PeBarOFTbUtwf-+bPNz0A@mail.gmail.com> (raw)
In-Reply-To: <20240704164548.GB1394865@thelio-3990X>
On Thu, Jul 4, 2024 at 6:45 PM Nathan Chancellor <nathan@kernel.org> wrote:
>
> On Thu, Jul 04, 2024 at 03:07:57PM +0000, Alice Ryhl wrote:
> > When using the shadow call stack sanitizer, all code must be compiled
> > with the -ffixed-x18 flag, but this flag is not currently being passed
> > to Rust. This results in crashes that are extremely difficult to debug.
> >
> > To ensure that nobody else has to go through the same debugging session
> > that I had to, prevent configurations that enable both SHADOW_CALL_STACK
> > and RUST.
> >
> > It is rather common for people to backport 724a75ac9542 ("arm64: rust:
> > Enable Rust support for AArch64"), so I recommend applying this fix all
> > the way back to 6.1.
> >
> > Cc: <stable@vger.kernel.org> # 6.1 and later
> > Fixes: 724a75ac9542 ("arm64: rust: Enable Rust support for AArch64")
> > Signed-off-by: Alice Ryhl <aliceryhl@google.com>
>
> Would it be better to move this to arch/arm64/Kconfig?
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index 167e51067508..080907776db9 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -90,7 +90,7 @@ config ARM64
> select ARCH_SUPPORTS_DEBUG_PAGEALLOC
> select ARCH_SUPPORTS_HUGETLBFS
> select ARCH_SUPPORTS_MEMORY_FAILURE
> - select ARCH_SUPPORTS_SHADOW_CALL_STACK if CC_HAVE_SHADOW_CALL_STACK
> + select ARCH_SUPPORTS_SHADOW_CALL_STACK if CC_HAVE_SHADOW_CALL_STACK && !RUST
> select ARCH_SUPPORTS_LTO_CLANG if CPU_LITTLE_ENDIAN
> select ARCH_SUPPORTS_LTO_CLANG_THIN
> select ARCH_SUPPORTS_CFI_CLANG
>
> RISC-V probably needs the same change, which further leads me to believe
> that this workaround should be architecture specific, as they may be
> fixed and enabled at different rates.
>
> diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
> index 6b4d71aa9bed..4d89afdd385d 100644
> --- a/arch/riscv/Kconfig
> +++ b/arch/riscv/Kconfig
> @@ -213,6 +213,7 @@ config HAVE_SHADOW_CALL_STACK
> def_bool $(cc-option,-fsanitize=shadow-call-stack)
> # https://github.com/riscv-non-isa/riscv-elf-psabi-doc/commit/a484e843e6eeb51f0cb7b8819e50da6d2444d769
> depends on $(ld-option,--no-relax-gp)
> + depends on !RUST
>
> config RISCV_USE_LINKER_RELAXATION
> def_bool y
Thanks for taking a look. For now, I went with placing the `depends
on` in CONFIG_RUST as suggested by the others. This avoids cases where
enabling Rust results in changes to how mitigations are configured.
As for riscv, it doesn't need any special flags. Please see the commit
message for more details on riscv support.
https://lore.kernel.org/all/20240729-shadow-call-stack-v4-0-2a664b082ea4@google.com/
Alice
next prev parent reply other threads:[~2024-07-29 14:25 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-04 15:07 [PATCH v3 0/2] Rust and the shadow call stack sanitizer Alice Ryhl
2024-07-04 15:07 ` [PATCH v3 1/2] rust: SHADOW_CALL_STACK is incompatible with Rust Alice Ryhl
2024-07-04 16:45 ` Nathan Chancellor
2024-07-29 14:25 ` Alice Ryhl [this message]
2024-07-04 15:07 ` [PATCH v3 2/2] rust: add flags for shadow call stack sanitizer Alice Ryhl
2024-07-04 16:39 ` Nathan Chancellor
2024-07-04 17:16 ` Conor Dooley
2024-07-09 0:10 ` Sami Tolvanen
2024-07-09 9:52 ` Alice Ryhl
2024-07-09 9:51 ` Alice Ryhl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAH5fLgi-4FMeXQf2DjFYX85fPrfs8PeBarOFTbUtwf-+bPNz0A@mail.gmail.com \
--to=aliceryhl@google.com \
--cc=Jamie.Cunliffe@arm.com \
--cc=a.hindborg@samsung.com \
--cc=alex.gaynor@gmail.com \
--cc=ardb@kernel.org \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=broonie@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=gary@garyguo.net \
--cc=keescook@chromium.org \
--cc=kernel@valentinobst.de \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=masahiroy@kernel.org \
--cc=maz@kernel.org \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=nicolas@fjasle.eu \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=samitolvanen@google.com \
--cc=stable@vger.kernel.org \
--cc=wedsonaf@gmail.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).