On Thu, Aug 01, 2024 at 01:35:16PM UTC, Alice Ryhl wrote: > The control flow integrity (kCFI) sanitizer is an important sanitizer > that is often used in production. This patch series makes it possible to > use kCFI and Rust together. > > The second patch in this series depends on the next version of [1], > which Miguel will send soon. It also depends on [2]. > > Link: https://lore.kernel.org/r/20240709160615.998336-12-ojeda@xxxxxxxxxx [1] > Link: https://lore.kernel.org/r/20240730-target-json-arrays-v1-1-2b376fd0ecf4@xxxxxxxxxx [2] > Signed-off-by: Alice Ryhl <aliceryhl@xxxxxxxxxx> > --- > Changes in v2: > - Fix for FineIBT. > - Add more info to commit messages and config descrptions. > - Link to v1: https://lore.kernel.org/r/20240730-kcfi-v1-0-bbb948752a30@xxxxxxxxxx > > --- > Alice Ryhl (1): > cfi: add CONFIG_CFI_ICALL_NORMALIZE_INTEGERS > > Matthew Maurer (1): > rust: cfi: add support for CFI_CLANG with Rust > > Makefile | 10 ++++++++++ > arch/Kconfig | 16 ++++++++++++++++ > arch/x86/Makefile | 4 ++++ > init/Kconfig | 4 +++- > rust/Makefile | 2 +- > scripts/generate_rust_target.rs | 1 + > 6 files changed, 35 insertions(+), 2 deletions(-) To test this patch: I started from v6.11-rc3 tag and applied the new version of Miguel's RUSTC_VERSION_TEXT patch [1] and the Support Arrays in Target JSON patch [2], before applying this patch. I am on Rust's beta channel and Clang/LLVM 19. I also built a v6.11-rc3 kernel without these patches to establish a baseline for LKDTM output in dmesg when testing CFI [3]. I built the v6.11-rc3 kernel by starting with an x86_64_defconfig, then enabling CFI_CLANG, CFI_PERMISSIVE, and LKDTM. When applying [1], there was an patch does not apply error. I had to manually change the init/Kconfig RUSTC_VERSION_TEXT to Miguel's change in [1]. No issues encountered applying [2] afterwards. Similarly, was able to automerge this patch without any issues. Then I built the kernel starting with x86_64_defconfig and enabling: RUST, CFI_CLANG, CFI_ICALL_NORMALIZE_INTEGERS, CFI_PERMISSIVE and LKDTM. Compiled the kernel, load into qemu with Busybox rootfs, test CFI within LKDTM per Kees's blog [3]. I saw the same expected behavior from LKDTM after applying these patches when compared with the behavior from LKDTM on a v6.11-rc3 build without these patches. Link: https://lore.kernel.org/lkml/20240808221138.873750-1-ojeda@xxxxxxxxxx/ [1] Link: https://lore.kernel.org/all/20240730-target-json-arrays-v1-1-2b376fd0ecf4@xxxxxxxxxx/ [2] Link: https://outflux.net/blog/archives/2019/11/20/experimenting-with-clang-cfi-on-upstream-linux/ [3] Tested-by: Gatlin Newhouse <gatlin.newhouse@xxxxxxxxx> -- Gatlin Newhouse
