| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <oehf6r5eftrnuvzulg2yhukf7gjh7jltfdqmtffiok3ro63xe7@y3iplw2gpcy2> Date: Fri, 16 Aug 2024 17:13:47 -0700 From: Gatlin Newhouse <gatlin.newhouse@...il.com> To: Alice Ryhl <aliceryhl@...gle.com> Cc: Masahiro Yamada <masahiroy@...nel.org>, Nathan Chancellor <nathan@...nel.org>, Nicolas Schier <nicolas@...sle.eu>, Sami Tolvanen <samitolvanen@...gle.com>, Peter Zijlstra <peterz@...radead.org>, Miguel Ojeda <ojeda@...nel.org>, Kees Cook <kees@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>, Wedson Almeida Filho <wedsonaf@...il.com>, Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>, Björn Roy Baron <bjorn3_gh@...tonmail.com>, Benno Lossin <benno.lossin@...ton.me>, Andreas Hindborg <a.hindborg@...sung.com>, Matthew Maurer <mmaurer@...gle.com>, linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org, rust-for-linux@...r.kernel.org Subject: Re: [PATCH v2 0/2] Rust KCFI support On Thu, Aug 01, 2024 at 01:35:16PM UTC, Alice Ryhl wrote: > The control flow integrity (kCFI) sanitizer is an important sanitizer > that is often used in production. This patch series makes it possible to > use kCFI and Rust together. > > The second patch in this series depends on the next version of [1], > which Miguel will send soon. It also depends on [2]. > > Link: https://lore.kernel.org/r/20240709160615.998336-12-ojeda@kernel.org [1] > Link: https://lore.kernel.org/r/20240730-target-json-arrays-v1-1-2b376fd0ecf4@google.com [2] > Signed-off-by: Alice Ryhl <aliceryhl@...gle.com> > --- > Changes in v2: > - Fix for FineIBT. > - Add more info to commit messages and config descrptions. > - Link to v1: https://lore.kernel.org/r/20240730-kcfi-v1-0-bbb948752a30@google.com > > --- > Alice Ryhl (1): > cfi: add CONFIG_CFI_ICALL_NORMALIZE_INTEGERS > > Matthew Maurer (1): > rust: cfi: add support for CFI_CLANG with Rust > > Makefile | 10 ++++++++++ > arch/Kconfig | 16 ++++++++++++++++ > arch/x86/Makefile | 4 ++++ > init/Kconfig | 4 +++- > rust/Makefile | 2 +- > scripts/generate_rust_target.rs | 1 + > 6 files changed, 35 insertions(+), 2 deletions(-) To test this patch: I started from v6.11-rc3 tag and applied the new version of Miguel's RUSTC_VERSION_TEXT patch [1] and the Support Arrays in Target JSON patch [2], before applying this patch. I am on Rust's beta channel and Clang/LLVM 19. I also built a v6.11-rc3 kernel without these patches to establish a baseline for LKDTM output in dmesg when testing CFI [3]. I built the v6.11-rc3 kernel by starting with an x86_64_defconfig, then enabling CFI_CLANG, CFI_PERMISSIVE, and LKDTM. When applying [1], there was an patch does not apply error. I had to manually change the init/Kconfig RUSTC_VERSION_TEXT to Miguel's change in [1]. No issues encountered applying [2] afterwards. Similarly, was able to automerge this patch without any issues. Then I built the kernel starting with x86_64_defconfig and enabling: RUST, CFI_CLANG, CFI_ICALL_NORMALIZE_INTEGERS, CFI_PERMISSIVE and LKDTM. Compiled the kernel, load into qemu with Busybox rootfs, test CFI within LKDTM per Kees's blog [3]. I saw the same expected behavior from LKDTM after applying these patches when compared with the behavior from LKDTM on a v6.11-rc3 build without these patches. Link: https://lore.kernel.org/lkml/20240808221138.873750-1-ojeda@kernel.org/ [1] Link: https://lore.kernel.org/all/20240730-target-json-arrays-v1-1-2b376fd0ecf4@google.com/ [2] Link: https://outflux.net/blog/archives/2019/11/20/experimenting-with-clang-cfi-on-upstream-linux/ [3] Tested-by: Gatlin Newhouse <gatlin.newhouse@...il.com> -- Gatlin Newhouse
Powered by blists - more mailing lists