On Thu, Jan 25, 2024 at 01:50:05PM +0100, Miguel Ojeda wrote: > On Thu, Jan 25, 2024 at 1:31 PM Conor Dooley <conor.dooley@xxxxxxxxxxxxx> wrote: > > > Recently, there has been a thread in our Zulip and a couple people are > > > experimenting: https://rust-for-linux.zulipchat.com/#narrow/stream/288089-General/topic/Bindgen.20--.20GCC.20backend.20port > > > > That link for me goes to a message on 22/01, so later than the email you > > sent. > > Zulip seems to scroll to the latest message in the topic -- you should > be able to scroll a bit up, but if that doesn't work, this link should > go to the first message: > https://rust-for-linux.zulipchat.com/#narrow/stream/288089-General/topic/Bindgen.20--.20GCC.20backend.20port/near/412609074 Ah, thanks for the direct link :) > > > That said, I gave things another spin today, in a different environment, > > as a final check before sending and found an issue causing kernel > > panics. RISC-V (and x86/arm64) supports kcfi (CFI_CLANG) but enabling I mention x86 and arm64 here, because my grepping didn't see the flag being set for x86 (in tree) or arm64 (in that series) if CFI_CLANG was set or any mutual exclusion. Has noone tried CFI_CLANG + RUST there or just not run into any issues? > > sanitisers seems to be a nightly only option for rustc. The kernel I > > built today had CFI_CLANG enabled and that caused panics when the rust > > samples were loaded. > > > > The CFI_CLANG Kconfig entry has a cc-option test for whether the option > > is supported, but from a quick check I don't see a comparable test to > > use for rust. Even if a test was added, the current flag is an unstable > > one, so I am not sure if testing for it is the right call in the first > > place, given the stabilised flag would be entirely different? > > Yeah, KCFI and other mitigations is WIP -- Cc'ing Ramon and Matthew > who may be able to tell us the latest status. Also CC Sami I guess, since he is the one who added the CFI_CLANG bits to the kernel, and can probably comment on the suitability of adding a check etc. > Testing for unstable flags is fine, i.e. we only support a single > compiler, so we can change the name when we do the upgrade. Actually, thinking about it for a moment - if only a single compiler version is supported (the minimum, right?) then you could just add the -Zsanitizer=kcfi flag whenever CFI_CLANG and RUST are both set. I'm not sure if that is a better option though. It's a choice between CFI_CLANG being disabled if the check is not updated when the toolchain is bumped versus being enabled for C and not for RUST. I think I prefer the former though, tracking down the cause of the latter I would rather not wish on a user. I vote for having the check, even if it can only ever be true at the moment. Cheers, Conor.
Attachment:
signature.asc
Description: PGP signature
