mbox series

[v2,0/2] Rust KCFI support

Message ID 20240801-kcfi-v2-0-c93caed3d121@google.com (mailing list archive)
Headers show
Series Rust KCFI support | expand

Message

Alice Ryhl Aug. 1, 2024, 1:35 p.m. UTC 
The control flow integrity (kCFI) sanitizer is an important sanitizer
that is often used in production. This patch series makes it possible to
use kCFI and Rust together.

The second patch in this series depends on the next version of [1],
which Miguel will send soon. It also depends on [2].

Link: https://lore.kernel.org/r/20240709160615.998336-12-ojeda@kernel.org [1]
Link: https://lore.kernel.org/r/20240730-target-json-arrays-v1-1-2b376fd0ecf4@google.com [2]
Signed-off-by: Alice Ryhl <aliceryhl@google.com>
---
Changes in v2:
- Fix for FineIBT.
- Add more info to commit messages and config descrptions.
- Link to v1: https://lore.kernel.org/r/20240730-kcfi-v1-0-bbb948752a30@google.com

---
Alice Ryhl (1):
      cfi: add CONFIG_CFI_ICALL_NORMALIZE_INTEGERS

Matthew Maurer (1):
      rust: cfi: add support for CFI_CLANG with Rust

 Makefile                        | 10 ++++++++++
 arch/Kconfig                    | 16 ++++++++++++++++
 arch/x86/Makefile               |  4 ++++
 init/Kconfig                    |  4 +++-
 rust/Makefile                   |  2 +-
 scripts/generate_rust_target.rs |  1 +
 6 files changed, 35 insertions(+), 2 deletions(-)
---
base-commit: 8718bc07faa6ddf4f7335a12e4cdd4ffc796bbd8
change-id: 20240725-kcfi-c592898e2bfb

Best regards,

Comments

Peter Zijlstra Aug. 1, 2024, 1:41 p.m. UTC | #1 
On Thu, Aug 01, 2024 at 01:35:16PM +0000, Alice Ryhl wrote:

> Alice Ryhl (1):
>       cfi: add CONFIG_CFI_ICALL_NORMALIZE_INTEGERS
> 
> Matthew Maurer (1):
>       rust: cfi: add support for CFI_CLANG with Rust

Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Sami Tolvanen Aug. 1, 2024, 8:33 p.m. UTC | #2 
Hi Alice,

On Thu, Aug 1, 2024 at 1:35 PM Alice Ryhl <aliceryhl@google.com> wrote:
>
> The control flow integrity (kCFI) sanitizer is an important sanitizer
> that is often used in production. This patch series makes it possible to
> use kCFI and Rust together.
>
> The second patch in this series depends on the next version of [1],
> which Miguel will send soon. It also depends on [2].
>
> Link: https://lore.kernel.org/r/20240709160615.998336-12-ojeda@kernel.org [1]
> Link: https://lore.kernel.org/r/20240730-target-json-arrays-v1-1-2b376fd0ecf4@google.com [2]
> Signed-off-by: Alice Ryhl <aliceryhl@google.com>
> ---
> Changes in v2:
> - Fix for FineIBT.
> - Add more info to commit messages and config descrptions.
> - Link to v1: https://lore.kernel.org/r/20240730-kcfi-v1-0-bbb948752a30@google.com
>
> ---
> Alice Ryhl (1):
>       cfi: add CONFIG_CFI_ICALL_NORMALIZE_INTEGERS
>
> Matthew Maurer (1):
>       rust: cfi: add support for CFI_CLANG with Rust

Thanks for sorting this out!

Reviewed-by: Sami Tolvanen <samitolvanen@google.com>

Sami
Kees Cook Aug. 6, 2024, 7:31 p.m. UTC | #3 
On Thu, Aug 01, 2024 at 01:35:16PM +0000, Alice Ryhl wrote:
> The control flow integrity (kCFI) sanitizer is an important sanitizer
> that is often used in production. This patch series makes it possible to
> use kCFI and Rust together.
> 
> The second patch in this series depends on the next version of [1],
> which Miguel will send soon. It also depends on [2].
> 
> Link: https://lore.kernel.org/r/20240709160615.998336-12-ojeda@kernel.org [1]
> Link: https://lore.kernel.org/r/20240730-target-json-arrays-v1-1-2b376fd0ecf4@google.com [2]
> Signed-off-by: Alice Ryhl <aliceryhl@google.com>
> ---
> Changes in v2:
> - Fix for FineIBT.
> - Add more info to commit messages and config descrptions.
> - Link to v1: https://lore.kernel.org/r/20240730-kcfi-v1-0-bbb948752a30@google.com
> 
> ---
> Alice Ryhl (1):
>       cfi: add CONFIG_CFI_ICALL_NORMALIZE_INTEGERS
> 
> Matthew Maurer (1):
>       rust: cfi: add support for CFI_CLANG with Rust
> 
>  Makefile                        | 10 ++++++++++
>  arch/Kconfig                    | 16 ++++++++++++++++
>  arch/x86/Makefile               |  4 ++++
>  init/Kconfig                    |  4 +++-
>  rust/Makefile                   |  2 +-
>  scripts/generate_rust_target.rs |  1 +
>  6 files changed, 35 insertions(+), 2 deletions(-)

This is great to have! I assume this will go via the Rust tree, so:

Acked-by: Kees Cook <kees@kernel.org>
Gatlin Newhouse Aug. 17, 2024, 12:13 a.m. UTC | #4 
On Thu, Aug 01, 2024 at 01:35:16PM UTC, Alice Ryhl wrote:
> The control flow integrity (kCFI) sanitizer is an important sanitizer
> that is often used in production. This patch series makes it possible to
> use kCFI and Rust together.
> 
> The second patch in this series depends on the next version of [1],
> which Miguel will send soon. It also depends on [2].
> 
> Link: https://lore.kernel.org/r/20240709160615.998336-12-ojeda@kernel.org [1]
> Link: https://lore.kernel.org/r/20240730-target-json-arrays-v1-1-2b376fd0ecf4@google.com [2]
> Signed-off-by: Alice Ryhl <aliceryhl@google.com>
> ---
> Changes in v2:
> - Fix for FineIBT.
> - Add more info to commit messages and config descrptions.
> - Link to v1: https://lore.kernel.org/r/20240730-kcfi-v1-0-bbb948752a30@google.com
> 
> ---
> Alice Ryhl (1):
>       cfi: add CONFIG_CFI_ICALL_NORMALIZE_INTEGERS
> 
> Matthew Maurer (1):
>       rust: cfi: add support for CFI_CLANG with Rust
> 
>  Makefile                        | 10 ++++++++++
>  arch/Kconfig                    | 16 ++++++++++++++++
>  arch/x86/Makefile               |  4 ++++
>  init/Kconfig                    |  4 +++-
>  rust/Makefile                   |  2 +-
>  scripts/generate_rust_target.rs |  1 +
>  6 files changed, 35 insertions(+), 2 deletions(-)

To test this patch: I started from v6.11-rc3 tag and applied the new version of
Miguel's RUSTC_VERSION_TEXT patch [1] and the Support Arrays in Target JSON
patch [2], before applying this patch. I am on Rust's beta channel and
Clang/LLVM 19.

I also built a v6.11-rc3 kernel without these patches to establish a baseline
for LKDTM output in dmesg when testing CFI [3]. I built the v6.11-rc3 kernel by
starting with an x86_64_defconfig, then enabling CFI_CLANG, CFI_PERMISSIVE, and
LKDTM.

When applying [1], there was an patch does not apply error. I had to manually
change the init/Kconfig RUSTC_VERSION_TEXT to Miguel's change in [1]. No issues
encountered applying [2] afterwards. Similarly, was able to automerge this
patch without any issues.

Then I built the kernel starting with x86_64_defconfig and enabling: RUST,
CFI_CLANG, CFI_ICALL_NORMALIZE_INTEGERS, CFI_PERMISSIVE and LKDTM. Compiled the
kernel, load into qemu with Busybox rootfs, test CFI within LKDTM per Kees's
blog [3]. I saw the same expected behavior from LKDTM after applying these
patches when compared with the behavior from LKDTM on a v6.11-rc3 build without
these patches.

Link: https://lore.kernel.org/lkml/20240808221138.873750-1-ojeda@kernel.org/ [1]
Link: https://lore.kernel.org/all/20240730-target-json-arrays-v1-1-2b376fd0ecf4@google.com/ [2]
Link: https://outflux.net/blog/archives/2019/11/20/experimenting-with-clang-cfi-on-upstream-linux/ [3]

Tested-by: Gatlin Newhouse <gatlin.newhouse@gmail.com>

--
Gatlin Newhouse
Miguel Ojeda Sept. 15, 2024, 7:09 p.m. UTC | #5 
On Sat, Aug 17, 2024 at 2:13 AM Gatlin Newhouse
<gatlin.newhouse@gmail.com> wrote:
>
> To test this patch: I started from v6.11-rc3 tag and applied the new version of
> Miguel's RUSTC_VERSION_TEXT patch [1] and the Support Arrays in Target JSON
> patch [2], before applying this patch. I am on Rust's beta channel and
> Clang/LLVM 19.
>
> I also built a v6.11-rc3 kernel without these patches to establish a baseline
> for LKDTM output in dmesg when testing CFI [3]. I built the v6.11-rc3 kernel by
> starting with an x86_64_defconfig, then enabling CFI_CLANG, CFI_PERMISSIVE, and
> LKDTM.
>
> When applying [1], there was an patch does not apply error. I had to manually
> change the init/Kconfig RUSTC_VERSION_TEXT to Miguel's change in [1]. No issues
> encountered applying [2] afterwards. Similarly, was able to automerge this
> patch without any issues.
>
> Then I built the kernel starting with x86_64_defconfig and enabling: RUST,
> CFI_CLANG, CFI_ICALL_NORMALIZE_INTEGERS, CFI_PERMISSIVE and LKDTM. Compiled the
> kernel, load into qemu with Busybox rootfs, test CFI within LKDTM per Kees's
> blog [3]. I saw the same expected behavior from LKDTM after applying these
> patches when compared with the behavior from LKDTM on a v6.11-rc3 build without
> these patches.
>
> Link: https://lore.kernel.org/lkml/20240808221138.873750-1-ojeda@kernel.org/ [1]
> Link: https://lore.kernel.org/all/20240730-target-json-arrays-v1-1-2b376fd0ecf4@google.com/ [2]
> Link: https://outflux.net/blog/archives/2019/11/20/experimenting-with-clang-cfi-on-upstream-linux/ [3]
>
> Tested-by: Gatlin Newhouse <gatlin.newhouse@gmail.com>

I wanted to point out that this is an excellent testing report.

Cheers,
Miguel
Miguel Ojeda Sept. 15, 2024, 7:09 p.m. UTC | #6 
On Thu, Aug 1, 2024 at 3:35 PM Alice Ryhl <aliceryhl@google.com> wrote:
>
> The control flow integrity (kCFI) sanitizer is an important sanitizer
> that is often used in production. This patch series makes it possible to
> use kCFI and Rust together.
>
> The second patch in this series depends on the next version of [1],
> which Miguel will send soon. It also depends on [2].
>
> Link: https://lore.kernel.org/r/20240709160615.998336-12-ojeda@kernel.org [1]
> Link: https://lore.kernel.org/r/20240730-target-json-arrays-v1-1-2b376fd0ecf4@google.com [2]
> Signed-off-by: Alice Ryhl <aliceryhl@google.com>

Applied to `rust-next` -- thanks everyone!

Cheers,
Miguel