lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250410141534.GI9833@noisy.programming.kicks-ass.net>
Date: Thu, 10 Apr 2025 16:15:34 +0200
From: Peter Zijlstra <peterz@...radead.org>
To: Miguel Ojeda <miguel.ojeda.sandonis@...il.com>
Cc: Paweł Anikiel <panikiel@...gle.com>,
	Sami Tolvanen <samitolvanen@...gle.com>,
	Kees Cook <kees@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>,
	Borislav Petkov <bp@...en8.de>,
	Dave Hansen <dave.hansen@...ux.intel.com>,
	Ingo Molnar <mingo@...hat.com>,
	Josh Poimboeuf <jpoimboe@...nel.org>,
	Masahiro Yamada <masahiroy@...nel.org>,
	Miguel Ojeda <ojeda@...nel.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Alice Ryhl <aliceryhl@...gle.com>,
	Nathan Chancellor <nathan@...nel.org>, x86@...nel.org,
	linux-kernel@...r.kernel.org, rust-for-linux@...r.kernel.org
Subject: Re: [PATCH] x86/Kconfig: make CFI_AUTO_DEFAULT depend on !RUST

On Thu, Apr 10, 2025 at 04:05:54PM +0200, Miguel Ojeda wrote:
> On Thu, Apr 10, 2025 at 3:57 PM Peter Zijlstra <peterz@...radead.org> wrote:
> >
> > Remove the offending Rust code? Afaict from this github issue, it is
> > just some formatting nonsense. Surely code can be adjusted to not use
> > that?
> 
> If you mean not using the formatting machinery from our side, then
> that is a major change -- we should just fix it upstream, really.

That is what I mean, yeah. I've no idea what is or is not common in
this rust code. It still looks like line noise to me :/

But given that FineIBT isn't at all new, I was under the assumption that
this was some shiny new rust driver that did something that hadn't been
done before. And it could now not do that.

> If you mean fixing it upstream, definitely, but we should still
> prevent people from building an invalid kernel, i.e. when Alice's PR
> or similar lands upstream, then we can relax the `depends on` based on
> the Rust version (which is something we have done for other bits).

So why wasn't any of this a problem when Rust enabled kCFI? Surely the
testing back then included FineIBT. That has been in longer than rust's
kcfi support (integer type confusion etc.).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ