| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 4 Jun 2024 16:53:16 +0200 From: Alice Ryhl <aliceryhl@...gle.com> To: Will Deacon <will@...nel.org> Cc: Jamie.Cunliffe@....com, a.hindborg@...sung.com, alex.gaynor@...il.com, ardb@...nel.org, benno.lossin@...ton.me, bjorn3_gh@...tonmail.com, boqun.feng@...il.com, broonie@...nel.org, catalin.marinas@....com, gary@...yguo.net, keescook@...omium.org, kernel@...entinobst.de, linux-arm-kernel@...ts.infradead.org, linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org, mark.rutland@....com, masahiroy@...nel.org, maz@...nel.org, miguel.ojeda.sandonis@...il.com, nathan@...nel.org, ndesaulniers@...gle.com, nicolas@...sle.eu, ojeda@...nel.org, rust-for-linux@...r.kernel.org, samitolvanen@...gle.com, wedsonaf@...il.com Subject: Re: [PATCH v2] rust: add flags for shadow call stack sanitizer On Tue, Jun 4, 2024 at 4:29 PM Will Deacon <will@...nel.org> wrote: > > On Tue, Apr 30, 2024 at 11:09:25AM +0000, Alice Ryhl wrote: > > Will Deacon <will@...nel.org> wrote: > > > On Tue, Mar 05, 2024 at 01:14:19PM +0100, Miguel Ojeda wrote: > > >> Otherwise partially reverting to the `target.json` approach sounds good too. > > >> > > >> I added the `-Zuse-sync-unwind=n` to the list at > > >> https://github.com/Rust-for-Linux/linux/issues/2. Given the default is > > >> what we want, I have put it in the "Good to have" section. > > > > > > I think we have time to do this properly, like we did for the clang > > > enablement a few years ago. In hindsight, avoiding hacks for the early > > > toolchains back then was a really good idea because it meant we could > > > rely on a solid baseline set of compiler features from the start. > > > > > > So, please can we fix this in rustc and just have SCS dependent on that? > > > > Just to keep you in the loop, I've posted a PR to make rustc recognize > > the reserve-x18 target feature, so that the -Ctarget-feature=+reserve-x18 > > flag stops emitting a warning. > > > > This should be sufficient for adding support for CONFIG_DYNAMIC_SCS. > > > > You can find it here: > > https://github.com/rust-lang/rust/pull/124323 > > > > As for non-dynamic SCS, I plan to tackle that after the PR is merged. > > See the "Future possibilities" section in the linked PR for more info on > > that. > > Thanks for persevering with this, Alice. I read the pull request above, > but it looks like you went with: > > https://github.com/rust-lang/rust/pull/124655 > > instead, which was merged (hurrah!). Do we need anything else? Yeah, it took a while, but I've managed to get a -Zfixed-x18 flag in. It will be available starting with Rust 1.80, which will be released on the 25th of July. A few things: 1. The -Zsanitizer=shadow-call-stack flag still doesn't work because the compiler thinks that the target doesn't support it. I'll fix this eventually, but at least CONFIG_DYNAMIC_SCS works now. 2. I haven't convinced the Rust maintainers that -Zfixed-x18 is the way to go long term (flags starting with -Z are unstable and may change). Some of the maintainers want to instead add a x18-available target feature (that is, the inverse of the current reserve-x18 target feature), that you can disable with -Ctarget-feature=-x18-available. And a few questions for you: By the time support for 1.80 goes in, we are probably supporting more than one Rust compiler. For pre-1.80 compilers, should we fall back to -Ctarget-feature=+reserve-x18 (which emits a warning, but works), or fail compilation? Similarly, we should probably submit a fix to the stable branches so that SCS+Rust doesn't silently break in a hard-to-debug way. Do you prefer a backport with -Ctarget-feature=+reserve-x18 or one that fails compilation? Alice
Powered by blists - more mailing lists