Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp163441rdg; Tue, 10 Oct 2023 07:07:06 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHxqcQl24Y5PswMKIzatX1JpZI9wlu5xdH228pCT8G3O/oFu7xjgGK8GbP5S0vlhpUfOkVF X-Received: by 2002:a17:902:d50a:b0:1c0:b17a:7576 with SMTP id b10-20020a170902d50a00b001c0b17a7576mr22151837plg.42.1696946825413; Tue, 10 Oct 2023 07:07:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696946825; cv=none; d=google.com; s=arc-20160816; b=Ro6Z6hIIqIs4pcWlxOly9UNMcDJnxtolsf0RRAtcdjBANDGSzOOw1ZTubPfDZrqMgl xzLwRkA6srFZFE2T7XkErqOPFqVqyVdXSCDZcovgdL+LscRm+UYKwLp0HvC+n1T1HeyW FSM5q8CahmJ3nXtXtM0Dah7UjFIrQQDBn/yex9LZcpnbqy/UDbUAS5Q67yJRa/I7hjRm D2c18/IR47M673k2kNpPMIrEr1K3Dt2V82QKETUSD7sgc6HR64tfGzqAYNeT/7GSJ9av gwc+fcAZ4ozpq5dddjmtuv99MG5IHooGfi/i2M0kr/YTMacaAFAZtusFGe47pHfysBdK s2ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=snHcN93gkfPlnwzR9HtGrNjopcC++Hr98wY8FskSEf0=; fh=SdO8GKaauWRbaQKfGngYR1V+NVkIoffI/2tUDSrplFc=; b=ytoAsBEeG/C2msimYWmRkASTMLg3R4UVkcFjYsMlL/BjjvyvvE8FH7j/Q6Ab3EmHjL Xl5IZnOV26j9HLosxFPSF5CnTsn2IedOWMrrhSUP5dcVSOC2ORisvBIfQBPNWJy3f5f2 CjGtuK6yNcudWzplnVKcX2f7qYYh/doy4RoW1CrhAE/A1oHoSAMjfgY4ujWy4nx3HiWM u7HsvO95osRXeoK8+6I+at0F8I4ARnKrGFzbN/tMSY5JCB++2SSpEiBDM1y9yPy5GwhO +sY2CAZd21aFnDYcWiaiG12Ze6/gFmUYzs8bLIj+/WpPpuIjQeeS5sQgV3G1jsqIJDJw e6pw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=DJZfdlVv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from fry.vger.email (fry.vger.email. [2620:137:e000::3:8]) by mx.google.com with ESMTPS id n17-20020a170902e55100b001c0a165a219si12673579plf.134.2023.10.10.07.07.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Oct 2023 07:07:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) client-ip=2620:137:e000::3:8; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=DJZfdlVv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id BB1ED80F5856; Tue, 10 Oct 2023 07:07:02 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232604AbjJJOGw (ORCPT + 99 others); Tue, 10 Oct 2023 10:06:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57544 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232043AbjJJOGu (ORCPT ); Tue, 10 Oct 2023 10:06:50 -0400 Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6E31E99 for ; Tue, 10 Oct 2023 07:06:48 -0700 (PDT) Received: by mail-ed1-x52d.google.com with SMTP id 4fb4d7f45d1cf-51e24210395so34315a12.0 for ; Tue, 10 Oct 2023 07:06:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1696946807; x=1697551607; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=snHcN93gkfPlnwzR9HtGrNjopcC++Hr98wY8FskSEf0=; b=DJZfdlVvANys9URU2brHpA6aKsue3PL343CI23THDgwzku2VoC9BlZYjQ1WJRsmh0P uHoSIZ6Fv1jP5/vVbiH+Jb9LOz+ZEgi213KVQOHHVEAfB8c0t2RlchQHgFC2H68fz6ua UgPrmzmLp7XQ1pKfjpCbR3emuBENrN4Iz1gCPeXfRgqAKkSF5AYoRTGO0yGqk5U77Kww 9frwvYTU3jvQCfrM39ydrgL081CYiwd2mvSh8vXME40gKE3pATx76QoDUQrSabh6LliS Exh/uKEsVd01SzMrYjVqtGRADTHl/NtJzBuYwR/xAMCmgqgWjJ/4XTTantIrKeIxVIJU 34Tg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696946807; x=1697551607; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=snHcN93gkfPlnwzR9HtGrNjopcC++Hr98wY8FskSEf0=; b=Wv8z8Vuq68hoNsvxiwwdfCwVIuw2b8hEyFkgULGJnsZWUj9EbeeXD6rC0mWBSK2cGW BPxJ0pli41rqGPrvlD33r2DIEilKZ/p1LF4cxvLIuAQLzOgi7LUTjHOIUvZTPIcq8dSm 0WGoNujf5sSFpc2DxC/P/PVY5b7ZDAL8QnN2tHHn2iyj8w0Jx46LJvI57p9zGTf4TU0m 9KU02f7On5FXd8nTr5hHASlFGT0AfPXRbUXT/HqHSDNpcH1oUiuvc+lnqcyn2+WH6QU0 DyEckbcvRLqW6PGxmL5g1JsTLls4OvCz8VLI7zWn5fyi8orFOEME4pdz2bkGqWZ/L1cC 8ryA== X-Gm-Message-State: AOJu0YzRbt+J5xvIuy6gbUrrpdurlqRd2R+bp1lNNhW1s1lFe4Z1mi5z 5fT6SlA5RNk9jodexA3sXJVH4Ef6MwcnULMGXUmUSQ== X-Received: by 2002:a50:9fa4:0:b0:538:5f9e:f0fc with SMTP id c33-20020a509fa4000000b005385f9ef0fcmr532198edf.0.1696946806732; Tue, 10 Oct 2023 07:06:46 -0700 (PDT) MIME-Version: 1.0 References: <20231009224347.2076221-1-mmaurer@google.com> <20231010081220.GD377@noisy.programming.kicks-ass.net> In-Reply-To: <20231010081220.GD377@noisy.programming.kicks-ass.net> From: Matthew Maurer Date: Tue, 10 Oct 2023 07:06:32 -0700 Message-ID: Subject: Re: [PATCH] x86: Enable IBT in Rust if enabled in C To: Peter Zijlstra Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , "H. Peter Anvin" , Boqun Feng , Gary Guo , =?UTF-8?Q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-4.8 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Tue, 10 Oct 2023 07:07:02 -0700 (PDT) On Tue, Oct 10, 2023 at 1:12=E2=80=AFAM Peter Zijlstra wrote: > > On Mon, Oct 09, 2023 at 10:42:54PM +0000, Matthew Maurer wrote: > > These flags are not made conditional on compiler support because at the > > moment exactly one version of rustc supported, and that one supports > > these flags. > > > > Building without these additional flags will manifest as objtool > > printing a large number of errors about missing ENDBR and if CFI is > > enabled (not currently possible) will result in incorrectly structured > > function prefixes. > > Well, I would also imagine running it on actual IBT enabled hardware > will get you a non-booting kernel. > > > Signed-off-by: Matthew Maurer > > --- > > > > Split out the IBT additions as per > > https://lkml.kernel.org/linux-fsdevel/CANiq72kK6ppBE7j=3Dz7uua1cJMKaLoR= 5U3NUAZXT5MrNEs9ZhfQ@mail.gmail.com/ > > > > arch/x86/Makefile | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/arch/x86/Makefile b/arch/x86/Makefile > > index 5bfe5caaa444..941f7abf6dbf 100644 > > --- a/arch/x86/Makefile > > +++ b/arch/x86/Makefile > > @@ -81,6 +81,7 @@ ifeq ($(CONFIG_X86_KERNEL_IBT),y) > > # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D104816 > > # > > KBUILD_CFLAGS +=3D $(call cc-option,-fcf-protection=3Dbranch -fno-jump= -tables) > > +KBUILD_RUSTFLAGS +=3D -Zcf-protection=3Dbranch -Zno-jump-tables > > One question, -Zcf-protection=3Dbranch, will that ever emit NOTRACK > prefix? The kernel very explicitly does not support (enable) NOTRACK. rustc does this via LLVM, so its code generation works very similarly to cl= ang. It does not create its own explicit NOTRACKs, but LLVM will by default with just -Zcf-protection-branch. I've linked a godbolt showing that at least for the basic case, your no-jump-tables approach from clang ports over. https://godbolt.org/z/bc4n6sq5q Whether rust generates NOTRACK should end up being roughly equivalent to whether clang generates it, and if LLVM gains a code generation flag for NOTRACK being disallowed some day, we can pass that through as well. > > > else > > KBUILD_CFLAGS +=3D $(call cc-option,-fcf-protection=3Dnone) > > endif > > -- > > 2.42.0.609.gbb76f46606-goog > >