| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 Mar 2024 12:09:44 -0800 From: Sami Tolvanen <samitolvanen@...gle.com> To: Alice Ryhl <aliceryhl@...gle.com> Cc: Catalin Marinas <catalin.marinas@....com>, Will Deacon <will@...nel.org>, Jamie Cunliffe <Jamie.Cunliffe@....com>, Masahiro Yamada <masahiroy@...nel.org>, Nathan Chancellor <nathan@...nel.org>, Nicolas Schier <nicolas@...sle.eu>, Ard Biesheuvel <ardb@...nel.org>, Marc Zyngier <maz@...nel.org>, Mark Rutland <mark.rutland@....com>, Mark Brown <broonie@...nel.org>, Nick Desaulniers <ndesaulniers@...gle.com>, Kees Cook <keescook@...omium.org>, Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>, Wedson Almeida Filho <wedsonaf@...il.com>, Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>, Björn Roy Baron <bjorn3_gh@...tonmail.com>, Benno Lossin <benno.lossin@...ton.me>, Andreas Hindborg <a.hindborg@...sung.com>, linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, rust-for-linux@...r.kernel.org Subject: Re: [PATCH] rust: add flags for shadow call stack sanitizer On Mon, Mar 4, 2024 at 5:17 AM Alice Ryhl <aliceryhl@...gle.com> wrote: > > Add flags to support the shadow call stack sanitizer, both in the > dynamic and non-dynamic modes. > > Right now, the compiler will emit the warning "unknown feature specified > for `-Ctarget-feature`: `reserve-x18`". However, the compiler still > passes it to the codegen backend, so the flag will work just fine. Once > rustc starts recognizing the flag (or provides another way to enable the > feature), it will stop emitting this warning. See [1] for the relevant > issue. > > Currently, the compiler thinks that the aarch64-unknown-none target > doesn't support -Zsanitizer=shadow-call-stack, so the build will fail if > you enable shadow call stack in non-dynamic mode. However, I still think > it is reasonable to add the flag now, as it will at least fail the build > when using an invalid configuration, until the Rust compiler is fixed to > list -Zsanitizer=shadow-call-stack as supported for the target. See [2] > for the feature request to add this. > > I have tested this change with Rust Binder on an Android device using > CONFIG_DYNAMIC_SCS. Without the -Ctarget-feature=+reserve-x18 flag, the > phone crashes immediately on boot, and with the flag, the phone appears > to work normally. > > Link: https://github.com/rust-lang/rust/issues/121970 [1] > Link: https://github.com/rust-lang/rust/issues/121972 [2] > Signed-off-by: Alice Ryhl <aliceryhl@...gle.com> > --- > It's not 100% clear to me whether this patch is enough for full SCS > support in Rust. If there is some issue where this makes things compile > and work without actually applying SCS to the Rust code, please let me > know. Is there some way to verify that it is actually working? Perhaps you could write a Rust version of the CFI_BACKWARD test in LKDTM? Alternatively, the simplest way to verify this is to look at the disassembly and verify that shadow stack instructions are emitted to Rust functions too. In case of dynamic SCS, you might need to dump function memory in a debugger to verify that PAC instructions were patched correctly. If they're not, the code will just quietly continue working without using shadow stacks. > This patch raises the question of whether we should change the Rust > aarch64 support to use a custom target.json specification. If we do > that, then we can fix both the warning for dynamic SCS and the > build-failure for non-dynamic SCS without waiting for a new version of > rustc with the mentioned issues fixed. Sure, having a custom target description for the kernel might be useful for other purposes too. In the meantime: Reviewed-by: Sami Tolvanen <samitolvanen@...gle.com> Sami
Powered by blists - more mailing lists