From patchwork Tue Mar 5 11:58:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alice Ryhl X-Patchwork-Id: 13582271 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 84123C54E41 for ; Tue, 5 Mar 2024 11:59:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Message-ID: Mime-Version:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=EnSYEHoAzyNDvTr7UeUgjhKnIGZAY7X/TwF/jU3W+Ks=; b=oCy nQIs5ND+kLqSjVGEFK65uHtF45tzaIQT0BBjWAg5nAiM3Fbolh84yVwvfF6bsd0RZ5rLhOTusGVUp pXoD7QtfcjzVkJPHxr8EiL2xDOJ/MiQcfM1T7fzy1TP2P9W6k5zxDkpczG8cWqzwlig4qzO3fGzHq piuyC2fl40+rNrw+02yBorhOgA6U0/hFTw6bbjUJdrv+OJSFELPhVJRn0eQqLBlCTdK8EgqYt+OCq ZW+SVIMNUQXyQBFUIlrBhvvAJVQdv4w4Wt53ctlVUgFh8Til1PAY0jW7QH19GO/hvxYK4WiOvgML/ t6DLA9d5nJzOS2A4fk0DVk0nWzAMNSA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1rhTRj-0000000DSnf-3UQl; Tue, 05 Mar 2024 11:58:59 +0000 Received: from mail-yb1-xb49.google.com ([2607:f8b0:4864:20::b49]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1rhTRg-0000000DSn1-101O for linux-arm-kernel@lists.infradead.org; Tue, 05 Mar 2024 11:58:58 +0000 Received: by mail-yb1-xb49.google.com with SMTP id 3f1490d57ef6-dcc0bcf9256so7184533276.3 for ; Tue, 05 Mar 2024 03:58:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1709639933; x=1710244733; darn=lists.infradead.org; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=Hozc51XP3BO0o1BYePnyEPgabGPbvjIMHS8HEHlaKbA=; b=DBaRibp7w2UOCxmrvAC5VdmxeSUevEWKXYfyec4Ug/sk+afFcNrycL/lLMU+EcNQfl zVtRwfHkmxVDj8+M+hWDaSWp2DMtlykEczzHMonzfGfkx0sE3Wcke/oF9gfE2D2k/LcT QIY1wnuGA4WrsyOLt8bu3jBgSvi202veBfQDSIUXx6FFFJcTjMR2T7AT8W8mmLZHETP9 IvxeRo7kqnPWqn6fJ0Ua0kGJjTkuYy8BnyaqPuqRnUiSV0kVtUAhAckOkannNMqH87xz oJiRlqz7Eephlxrm9TjTH6sALwC6CGF/5QR0/o+9Iqe6c+fSsHbPXLgDgG6GGrFHWQcm I+kQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709639933; x=1710244733; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=Hozc51XP3BO0o1BYePnyEPgabGPbvjIMHS8HEHlaKbA=; b=RBrnYfi6izwOUazsZQH+eCH8ZZc6IDlE9KSCcaTRdcUHmmth4l2JY8txWJAd+6Pymx tVaCs/DODixZw0VmaVc8FCQBhm3QVsSKcdPXzmGMI020coCP/29CvYATv/Bl7Lk3IrXp uQ8bgX5MV7KILjtVJJq+5jNwNa82lW6Y5QotYVjUwJLbzy8wHqzV0Ca/Gp0OMW2ZaniV f7JSuR6/kHLDLyHtyO7fHl93QY6fPXeln9Z82zBSABxKsw8k3VRcSGMIFuTS1EV4REvs /DZBVF4KYZW/spVaCbh2hAxIacNwwnkTDoLa+aQYNnCzHGfY4t1ctWpNJqP7SDUl6wIJ DLcA== X-Forwarded-Encrypted: i=1; AJvYcCW/dv/QiSjoHlfVTtapykmdHWuCeXfWkvirsoeJhHPQSEFcqpMihlsQdnToN6A/SmjO3VRx8mWyXISa+AIOQWT0P23l4SGxyb8eNiGmLs9aHdmtZOE= X-Gm-Message-State: AOJu0YwmHfHTOJmUYLJK/+w+IoGDe3lJ1KFiBHh7CIZabuQpJrLMSo2S GeO6lpofFzk/Tl4U4+ZLPEQcNMU+dxv1eggbC/W9QnPgKLrrynjeV6xvR8PSttS9C8XrACKV1Nb XbT9+ljiHWb0BGw== X-Google-Smtp-Source: AGHT+IGtkyRjezXpYuKLv219plL2ChUtQcYNxwWKysP9iLUmgqXXI4qu/9Fzh+shZ2KYFCoqcQICZQfvC50NeFc= X-Received: from aliceryhl2.c.googlers.com ([fda3:e722:ac3:cc00:68:949d:c0a8:572]) (user=aliceryhl job=sendgmr) by 2002:a05:6902:f02:b0:dcc:53c6:1133 with SMTP id et2-20020a0569020f0200b00dcc53c61133mr387214ybb.13.1709639933402; Tue, 05 Mar 2024 03:58:53 -0800 (PST) Date: Tue, 05 Mar 2024 11:58:45 +0000 Mime-Version: 1.0 X-B4-Tracking: v=1; b=H4sIAPQI52UC/32NQQ7CIBBFr9LM2jFAqaauvIfpYgJTIGIx0FRN0 7uLPYDL95L//gqFc+ACl2aFzEsoIU0V1KEB42lyjMFWBiWUFq3QWDzZ9EJDMWKZydyxN7I/k25 P0vZQd8/MY3jvzdtQ2Ycyp/zZLxb5s/9qi0SJo+g6plELUubqUnKRjyY9YNi27Qu11U05swAAA A== X-Developer-Key: i=aliceryhl@google.com; a=openpgp; fpr=49F6C1FAA74960F43A5B86A1EE7A392FDE96209F X-Developer-Signature: v=1; a=openpgp-sha256; l=3571; i=aliceryhl@google.com; h=from:subject:message-id; bh=7PxlTkj360DZ8nVuDS7rKHmqSVpwgjXZS4/4TNCTeKw=; b=owEBbQKS/ZANAwAKAQRYvu5YxjlGAcsmYgBl5wj2Nz7DwoaN21odkmrdYihFSQ09qs4VB8MPj FpmgQm0ExKJAjMEAAEKAB0WIQSDkqKUTWQHCvFIvbIEWL7uWMY5RgUCZecI9gAKCRAEWL7uWMY5 Rs3ID/4oaO+LZxloHPGCoqFKPWlzfItOuEOtdeeU0RXJy7AFuvU46WHtf5LmMCTFx21GbRMctzM lXiTlnvg+NParm1UlZRTYcSI2fT3ffsuNZ7a+eUDHT1/VcYLJEG2iRqPir4JfKcQfwD8qWspIZb xFRuc0oibWDAw5+3BQfBucrriRhsektrObfPcZ9fK+9U/LCPCDCjQ/arfo3ezaF1g1OPk5UlRDc CqA2yCabuxDwhsXmoapOJPdaCR/vssc+a1tOnDLoDgqCOxub5ijuOpF9H8LrH0XHiStj2+nOeS1 Wt1mk9UmPZG96xCcTb1EzKnGGYc7pJAW+V/GfYbVao26Ts/Jp/7GBJazP8m6s7MuJtaYBP/Iju8 Ne7kzcI3zhGo5uietKjBmkRYmYadS70sgALRLc8K8fsSyWsBAnX9bficLF881wbl8bxcXItqCCb GZH4vYCdepHU+P0hcftGgrdNaGS2HBKeP1ebN3ZlP3ce368NxI9vvMe7cpyEhjK6YeLqOlYiHmD g0B2i7urc5sg/d1+8CY3GuAknH5sEoAj0oRMQSNbqIumMpAA6BeU3JtooBbT6Z20rgW4AYwpyOY 81J4C56kflgYLvy8ZjABiuVgHzN0RmY//KX+QpCt3erqq6DD893efurBgfQkTb93d5EC4JrUtYK ixKX+pqjxnEuEIQ== X-Mailer: b4 0.13-dev-26615 Message-ID: <20240305-shadow-call-stack-v2-1-c7b4a3f4d616@google.com> Subject: [PATCH v2] rust: add flags for shadow call stack sanitizer From: Alice Ryhl To: Catalin Marinas , Will Deacon , Jamie Cunliffe , Sami Tolvanen Cc: Masahiro Yamada , Nathan Chancellor , Nicolas Schier , Ard Biesheuvel , Marc Zyngier , Mark Rutland , Mark Brown , Nick Desaulniers , Kees Cook , Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , " =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= " , Benno Lossin , Andreas Hindborg , Valentin Obst , linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, rust-for-linux@vger.kernel.org, Alice Ryhl X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240305_035856_308046_F95D1803 X-CRM114-Status: GOOD ( 21.88 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Add flags to support the shadow call stack sanitizer, both in the dynamic and non-dynamic modes. Right now, the compiler will emit the warning "unknown feature specified for `-Ctarget-feature`: `reserve-x18`". However, the compiler still passes it to the codegen backend, so the flag will work just fine. Once rustc starts recognizing the flag (or provides another way to enable the feature), it will stop emitting this warning. See [1] for the relevant issue. Currently, the compiler thinks that the aarch64-unknown-none target doesn't support -Zsanitizer=shadow-call-stack, so the build will fail if you enable shadow call stack in non-dynamic mode. However, I still think it is reasonable to add the flag now, as it will at least fail the build when using an invalid configuration, until the Rust compiler is fixed to list -Zsanitizer=shadow-call-stack as supported for the target. See [2] for the feature request to add this. I have tested this change with Rust Binder on an Android device using CONFIG_DYNAMIC_SCS. Without the -Ctarget-feature=+reserve-x18 flag, the phone crashes immediately on boot, and with the flag, the phone appears to work normally. This contains a TODO to add the -Zuse-sync-unwind=n flag. The flag defaults to n, so it isn't a problem today, but the flag is unstable, so the default could change in a future compiler release. Link: https://github.com/rust-lang/rust/issues/121970 [1] Link: https://github.com/rust-lang/rust/issues/121972 [2] Signed-off-by: Alice Ryhl Acked-by: Miguel Ojeda Reviewed-by: Sami Tolvanen --- This patch raises the question of whether we should change the Rust aarch64 support to use a custom target.json specification. If we do that, then we can fix both the warning for dynamic SCS and the build-failure for non-dynamic SCS without waiting for a new version of rustc with the mentioned issues fixed. --- Changes in v2: - Add -Cforce-unwind-tables flag. - Link to v1: https://lore.kernel.org/r/20240304-shadow-call-stack-v1-1-f055eaf40a2c@google.com --- Makefile | 1 + arch/arm64/Makefile | 4 ++++ 2 files changed, 5 insertions(+) --- base-commit: 90d35da658da8cff0d4ecbb5113f5fac9d00eb72 change-id: 20240304-shadow-call-stack-9c197a4361d9 Best regards, diff --git a/Makefile b/Makefile index 0e36eff14608..345066643a76 100644 --- a/Makefile +++ b/Makefile @@ -936,6 +936,7 @@ ifdef CONFIG_SHADOW_CALL_STACK ifndef CONFIG_DYNAMIC_SCS CC_FLAGS_SCS := -fsanitize=shadow-call-stack KBUILD_CFLAGS += $(CC_FLAGS_SCS) +KBUILD_RUSTFLAGS += -Zsanitizer=shadow-call-stack endif export CC_FLAGS_SCS endif diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile index a88cdf910687..9bd5522c18e9 100644 --- a/arch/arm64/Makefile +++ b/arch/arm64/Makefile @@ -48,9 +48,12 @@ KBUILD_AFLAGS += $(call cc-option,-mabi=lp64) ifneq ($(CONFIG_UNWIND_TABLES),y) KBUILD_CFLAGS += -fno-asynchronous-unwind-tables -fno-unwind-tables KBUILD_AFLAGS += -fno-asynchronous-unwind-tables -fno-unwind-tables +KBUILD_RUSTFLAGS += -Cforce-unwind-tables=n else KBUILD_CFLAGS += -fasynchronous-unwind-tables KBUILD_AFLAGS += -fasynchronous-unwind-tables +# TODO: Pass -Zuse-sync-unwind=n once we upgrade to Rust 1.77.0 +KBUILD_RUSTFLAGS += -Cforce-unwind-tables=y endif ifeq ($(CONFIG_STACKPROTECTOR_PER_TASK),y) @@ -103,6 +106,7 @@ endif ifeq ($(CONFIG_SHADOW_CALL_STACK), y) KBUILD_CFLAGS += -ffixed-x18 +KBUILD_RUSTFLAGS += -Ctarget-feature=+reserve-x18 endif ifeq ($(CONFIG_CPU_BIG_ENDIAN), y)