On Tue, Jul 30, 2024 at 3:29 AM Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote: > > On Tue, Jul 30, 2024 at 09:40:11AM +0000, Alice Ryhl wrote: > > Introduce a Kconfig option for enabling the experimental option to > > normalize integer types. This ensures that integer types of the same > > size and signedness are considered compatible by the Control Flow > > Integrity sanitizer. > > > > This option exists for compatibility with Rust, as C and Rust do not > > have the same set of integer types. There are cases where C has two > > different integer types of the same size and alignment, but Rust only > > has one integer type of that size and alignment. When Rust calls into > > C functions using such types in their signature, this results in CFI > > failures. > > > > This patch introduces a dedicated option for this because it is > > undesirable to have CONFIG_RUST affect CC_FLAGS in this way. > > To be clear, any code compiled with this is incompatible with code > compiled without this, as the function signatures will differ, right? > > Specifically, it will map things like 'unsigned long long' and 'unsigned > long' -- which are both u64 on LP64 targets to the same 'type', right? > > I suppose it has been decided the security impact of this change is > minimal? I looked into this last year, and integer normalization reduced the number of unique type hashes in the kernel by ~1%, which should be fine. Sami
