lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAH5fLgh850oUinnGS=1A47Es11qc9OL+Kw_6d-_Lvx7jcQmj=A@mail.gmail.com>
Date: Tue, 9 Jul 2024 11:51:28 +0200
From: Alice Ryhl <aliceryhl@...gle.com>
To: Conor Dooley <conor@...nel.org>
Cc: Catalin Marinas <catalin.marinas@....com>, Will Deacon <will@...nel.org>, 
	Jamie Cunliffe <Jamie.Cunliffe@....com>, Sami Tolvanen <samitolvanen@...gle.com>, 
	Masahiro Yamada <masahiroy@...nel.org>, Nathan Chancellor <nathan@...nel.org>, 
	Nicolas Schier <nicolas@...sle.eu>, Ard Biesheuvel <ardb@...nel.org>, Marc Zyngier <maz@...nel.org>, 
	Mark Rutland <mark.rutland@....com>, Mark Brown <broonie@...nel.org>, 
	Nick Desaulniers <ndesaulniers@...gle.com>, Kees Cook <keescook@...omium.org>, 
	Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>, 
	Wedson Almeida Filho <wedsonaf@...il.com>, Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>, 
	Björn Roy Baron <bjorn3_gh@...tonmail.com>, 
	Benno Lossin <benno.lossin@...ton.me>, Andreas Hindborg <a.hindborg@...sung.com>, 
	Valentin Obst <kernel@...entinobst.de>, linux-kbuild@...r.kernel.org, 
	linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, 
	rust-for-linux@...r.kernel.org
Subject: Re: [PATCH v3 2/2] rust: add flags for shadow call stack sanitizer

On Thu, Jul 4, 2024 at 7:17 PM Conor Dooley <conor@...nel.org> wrote:
>
> On Thu, Jul 04, 2024 at 03:07:58PM +0000, Alice Ryhl wrote:
> > As of rustc 1.80.0, the Rust compiler supports the -Zfixed-x18 flag, so
> > we can now use Rust with the shadow call stack sanitizer.
> >
> > On older versions of Rust, it is possible to use shadow call stack by
> > passing -Ctarget-feature=+reserve-x18 instead of -Zfixed-x18. However,
> > this flag emits a warning, so this patch does not add support for that.
> >
> > Currently, the compiler thinks that the aarch64-unknown-none target
> > doesn't support -Zsanitizer=shadow-call-stack, so the build will fail if
> > you enable shadow call stack in non-dynamic mode. See [2] for the
> > feature request to add this. Kconfig is not configured to reject this
> > configuration because that leads to cyclic Kconfig rules.
> >
> > Link: https://github.com/rust-lang/rust/issues/121972 [1]
> > Signed-off-by: Alice Ryhl <aliceryhl@...gle.com>
> > ---
> >  Makefile            | 1 +
> >  arch/Kconfig        | 2 +-
> >  arch/arm64/Makefile | 3 +++
> >  3 files changed, 5 insertions(+), 1 deletion(-)
> >
> > diff --git a/Makefile b/Makefile
> > index c11a10c8e710..4ae741601a1c 100644
> > --- a/Makefile
> > +++ b/Makefile
> > @@ -945,6 +945,7 @@ ifdef CONFIG_SHADOW_CALL_STACK
> >  ifndef CONFIG_DYNAMIC_SCS
> >  CC_FLAGS_SCS := -fsanitize=shadow-call-stack
> >  KBUILD_CFLAGS        += $(CC_FLAGS_SCS)
> > +KBUILD_RUSTFLAGS += -Zsanitizer=shadow-call-stack
> >  endif
> >  export CC_FLAGS_SCS
> >  endif
> > diff --git a/arch/Kconfig b/arch/Kconfig
> > index 238448a9cb71..5a6e296df5e6 100644
> > --- a/arch/Kconfig
> > +++ b/arch/Kconfig
> > @@ -690,7 +690,7 @@ config SHADOW_CALL_STACK
> >       bool "Shadow Call Stack"
> >       depends on ARCH_SUPPORTS_SHADOW_CALL_STACK
> >       depends on DYNAMIC_FTRACE_WITH_ARGS || DYNAMIC_FTRACE_WITH_REGS || !FUNCTION_GRAPH_TRACER
> > -     depends on !RUST
> > +     depends on !RUST || RUSTC_VERSION >= 108000
> >       depends on MMU
> >       help
> >         This option enables the compiler's Shadow Call Stack, which
>
> For these security related options, like CFI_CLANG or RANDSTRUCT, I'm
> inclined to say that RUST is actually what should grow the depends on.
> That way it'll be RUST that gets silently disabled in configs when patch
> 1 gets backported (where it is mostly useless anyway) rather than SCS
> nor will it disable SCS when someone enables RUST in their config,
> instead it'd be a conscious choice.

Okay, I'll make that change. I suspect this will also break the
Kconfig cycle mentioned in the commit message. Thanks for the
suggestion!

Alice

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ