On Thu, Sep 26, 2024 at 2:01 AM Sami Tolvanen <samitolvanen@xxxxxxxxxx> wrote: > > Hi Alice, > > On Wed, Sep 25, 2024 at 08:10:18AM +0000, Alice Ryhl wrote: > > An alternative solution is to inspect a binary created by clang or rustc > > to see whether the faulty CFI tags are in the binary. This would be a > > precise check, but it would involve hard-coding the *hashed* version of > > the CFI tag. This is because there's no way to get clang or rustc to > > output the unhased version of the CFI tag. Relying on the precise > > hashing algorithm using by CFI seems too fragile, so I have not pursued > > this option. > > I suppose there would be no need to hardcode hashes in the test, > it's enough to verify that the hashes for the compiler-emitted > functions change when integer normalization is enabled. Still, I > agree that this doesn't sound worth it in this case. Future compilers could change it so that the same hash works in both cases. After all, the signatures in question have no integers in them. > > diff --git a/arch/Kconfig b/arch/Kconfig > > index ee58df8b1080..b8066bf43153 100644 > > --- a/arch/Kconfig > > +++ b/arch/Kconfig > > @@ -829,7 +829,7 @@ config CFI_CLANG > > config CFI_ICALL_NORMALIZE_INTEGERS > > bool "Normalize CFI tags for integers" > > depends on CFI_CLANG > > - depends on $(cc-option,-fsanitize=kcfi -fsanitize-cfi-icall-experimental-normalize-integers) > > + depends on HAVE_CFI_ICALL_NORMALIZE_INTEGERS > > help > > This option normalizes the CFI tags for integer types so that all > > integer types of the same size and signedness receive the same CFI > > @@ -842,6 +842,22 @@ config CFI_ICALL_NORMALIZE_INTEGERS > > > > This option is necessary for using CFI with Rust. If unsure, say N. > > > > +config HAVE_CFI_ICALL_NORMALIZE_INTEGERS > > + def_bool !GCOV_KERNEL && !KASAN > > + depends on CFI_CLANG > > + depends on $(cc-option,-fsanitize=kcfi -fsanitize-cfi-icall-experimental-normalize-integers) > > This looks reasonable to me. Thanks for the fix! > > Reviewed-by: Sami Tolvanen <samitolvanen@xxxxxxxxxx> Thanks for taking a look! Alice
