| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Dec 2021 15:01:56 -0800
From: Nick Desaulniers <ndesaulniers@...gle.com>
To: Miguel Ojeda <ojeda@...nel.org>,
Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>,
Masahiro Yamada <masahiroy@...nel.org>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
rust-for-linux@...r.kernel.org, linux-doc@...r.kernel.org,
linux-kernel@...r.kernel.org, Alex Gaynor <alex.gaynor@...il.com>,
Wedson Almeida Filho <wedsonaf@...gle.com>,
Sven Van Asbroeck <thesven73@...il.com>,
Gary Guo <gary@...yguo.net>
Subject: Re: [PATCH 05/19] rust: add `compiler_builtins` crate
On Mon, Dec 6, 2021 at 6:05 AM Miguel Ojeda <ojeda@...nel.org> wrote:
>
> Rust provides `compiler_builtins` as a port of LLVM's `compiler-rt`.
> Since we do not need the vast majority of them, we avoid the
> dependency by providing our own crate.
>
> Co-developed-by: Alex Gaynor <alex.gaynor@...il.com>
> Signed-off-by: Alex Gaynor <alex.gaynor@...il.com>
> Co-developed-by: Wedson Almeida Filho <wedsonaf@...gle.com>
> Signed-off-by: Wedson Almeida Filho <wedsonaf@...gle.com>
> Co-developed-by: Sven Van Asbroeck <thesven73@...il.com>
> Signed-off-by: Sven Van Asbroeck <thesven73@...il.com>
> Co-developed-by: Gary Guo <gary@...yguo.net>
> Signed-off-by: Gary Guo <gary@...yguo.net>
> Signed-off-by: Miguel Ojeda <ojeda@...nel.org>
> ---
> rust/compiler_builtins.rs | 57 +++++++++++++++++++++++++++++++++++++++
> 1 file changed, 57 insertions(+)
> create mode 100644 rust/compiler_builtins.rs
>
> diff --git a/rust/compiler_builtins.rs b/rust/compiler_builtins.rs
> new file mode 100644
> index 000000000000..a5a0be72591b
> --- /dev/null
> +++ b/rust/compiler_builtins.rs
> @@ -0,0 +1,57 @@
> +// SPDX-License-Identifier: GPL-2.0
> +
> +//! Our own `compiler_builtins`.
> +//!
> +//! Rust provides [`compiler_builtins`] as a port of LLVM's [`compiler-rt`].
> +//! Since we do not need the vast majority of them, we avoid the dependency
> +//! by providing this file.
> +//!
> +//! At the moment, some builtins are required that should not be. For instance,
> +//! [`core`] has floating-point functionality which we should not be compiling
> +//! in. We will work with upstream [`core`] to provide feature flags to disable
> +//! the parts we do not need. For the moment, we define them to [`panic!`] at
> +//! runtime for simplicity to catch mistakes, instead of performing surgery
Rather than panic at runtime, could we do some binary post processing
in Kbuild with $(NM) to error the build if any of the below symbols
are referenced from .o files produced by .rs sources?
If we provide definitions of these symbols, then I worry about C code
that previously would have failed to link at build time when
referencing these will now succeed at linking when CONFIG_RUST=y is
enabled, but may panic at runtime IF we happen to hit those code
paths.
> +//! on `core.o`.
> +//!
> +//! In any case, all these symbols are weakened to ensure we do not override
> +//! those that may be provided by the rest of the kernel.
> +//!
> +//! [`compiler_builtins`]: https://github.com/rust-lang/compiler-builtins
> +//! [`compiler-rt`]: https://compiler-rt.llvm.org/
> +
> +#![feature(compiler_builtins)]
> +#![compiler_builtins]
> +#![no_builtins]
> +#![no_std]
> +
> +macro_rules! define_panicking_intrinsics(
> + ($reason: tt, { $($ident: ident, )* }) => {
> + $(
> + #[doc(hidden)]
> + #[no_mangle]
> + pub extern "C" fn $ident() {
> + panic!($reason);
> + }
> + )*
> + }
> +);
> +
> +define_panicking_intrinsics!("`i128` should not be used", {
> + __ashrti3,
> + __muloti4,
> + __multi3,
> +});
> +
> +define_panicking_intrinsics!("`u128` should not be used", {
> + __ashlti3,
> + __lshrti3,
> + __udivmodti4,
> + __udivti3,
> + __umodti3,
> +});
> +
> +#[cfg(target_arch = "arm")]
> +define_panicking_intrinsics!("`u64` division/modulo should not be used", {
> + __aeabi_uldivmod,
> + __mulodi4,
> +});
> --
> 2.34.0
>
--
Thanks,
~Nick Desaulniers
Powered by blists - more mailing lists