Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp228854rdg; Tue, 10 Oct 2023 08:39:23 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG7sHgb6BIXZStBPWttCiWnaUO6T5jqVsVRkC1CrVOJ67OL4RkD/87irCR2c8MrMZ7aBTSN X-Received: by 2002:a05:6a20:12c9:b0:15c:b7ba:6a4d with SMTP id v9-20020a056a2012c900b0015cb7ba6a4dmr22632858pzg.50.1696952363330; Tue, 10 Oct 2023 08:39:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696952363; cv=none; d=google.com; s=arc-20160816; b=O7EBxie6tWeEbXjSYyBZBmob0ps8S0+EOcESkOq4KuH1bJcqSXiu/GzeaGLvcTfX/n HIuiCd8rC9ogHz5y0Xg1cU14mGauXcB0LRpsoEWHod6S2LKM421gET7QaSLCeQ2PMTe8 +kpiKVargDGrregpd+vfv9FYZQP5IxoFnL34qzvhBLaiUee5vFYP/4a/SfDjIInnqT9K byMnVGhodQQjYrDd1R2P19ZzY//BBzgG/iuQXQRJyJ2c48jcnQduIAujvz5op/BUyIot rFMQ80K6cbZOhXL0qyqEDsGyqZEbX4hkoEBeFM/EcDuwghsxD9dqw3ECc0Za/yR+Bfh5 xzIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=q85Z+29P0POqGNSysfbjieXJTAmPSCNOKhS6TwE+BLQ=; fh=dZqhyjXx8Q7+lyJcdGm1EyBxJxhq8xpMI1pC/24k6yk=; b=aDnAFCSuQVBwfhoFcYmKHEyIdLh2Ee9vJecxCgFr9hCyZX0tSgExO6p3ZP1+1EGhPA R+N+qSD4l9Eb0LJl3HwVBJX+SfKClgQoMAp6th+X3QK2mekAt/kj2mMcghhl85eaYH/G GpVDtHQmeIwekZ29rKShHOrxopyxDr1FLsecTECQ1gM1K6i6oJSmLjbB54itT9OhC18d HOm2gWQ98ItOg+KMrSL4ZLEaC2b6/IHx5YxikWwa3K4C2udhtKLBJbJ0ESmP54hYG50t bgddfEBYdSZJRLimd0f+FLq3ZOs2GYiM0epXun5KeXM8iZ+r70c+nK24/Y2ktvcsZq1i yrRw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b="J7EzO7R/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from morse.vger.email (morse.vger.email. [2620:137:e000::3:1]) by mx.google.com with ESMTPS id x34-20020a634a22000000b005694492c259si11848046pga.282.2023.10.10.08.39.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Oct 2023 08:39:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) client-ip=2620:137:e000::3:1; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b="J7EzO7R/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id ECA9A82339BE; Tue, 10 Oct 2023 08:39:20 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233454AbjJJPjO (ORCPT + 99 others); Tue, 10 Oct 2023 11:39:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54600 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233484AbjJJPjN (ORCPT ); Tue, 10 Oct 2023 11:39:13 -0400 Received: from mail-wm1-x334.google.com (mail-wm1-x334.google.com [IPv6:2a00:1450:4864:20::334]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 70158AC for ; Tue, 10 Oct 2023 08:39:11 -0700 (PDT) Received: by mail-wm1-x334.google.com with SMTP id 5b1f17b1804b1-405497850dbso53889555e9.0 for ; Tue, 10 Oct 2023 08:39:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1696952350; x=1697557150; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=q85Z+29P0POqGNSysfbjieXJTAmPSCNOKhS6TwE+BLQ=; b=J7EzO7R/zAL/s8+fDz9SkEjHwONd2UIf285diDBSlzfEg+xbx1AdNYRNheiPRp5+a6 7kc27KO8aRTmtQlnVcuNzlLOihXjXrmRQR5YDytE9BTrDVTUUPlvMOu+vU5p7pVTCbTt pKOcjGSBjIRaLicrZVYJa1muT0pUCSRtsJvlD9nI6WNd91e607Mn5xiBmRFL1neXFOxQ vvgOmKIF25dFn/4UzAtyuy/7VHNKyWpqzDTpBmB7dZ18gGmZyhUXYWth+Mn7JvFE+cuF bjX0TLC8o6e9NZjV1aW+bsQc34BFn+1uj8zAie8OQ2gFl/xotW32Df6/IvmtWYDnMZRa +Spg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696952350; x=1697557150; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=q85Z+29P0POqGNSysfbjieXJTAmPSCNOKhS6TwE+BLQ=; b=IEY1P3l5toZ3oRnolAK+1xAcugheV+i5qqhUjJ2ZlNRQzuUK6R4IFIfmEdjeYdFyIU I+QmCrj11KEJbjclnk15oRCxUtRZhR5XZ3r06Rtokb7gKzPivBllh39XLcQ9FdSQrXGJ wJJAXSHKz8iNQueqUhQJiRZPSbi3l1se70ZqjEeM6bGEhWAFu06TK+YRs1VxW0Py3aZ0 8Q84yXsSjpZbVrYl5BCWsqqT6VyoGFWCmW+VJ8xDlqyjZjioV33qEfvT/GdfsRIMKsfb peq7tNbYYT3NZRvgFryBv6cdS1DaAUGwVRIHr1NdKBY49xrjQREoLY3H2K/xGhI2pqvm suDQ== X-Gm-Message-State: AOJu0YyVY7r1otB0BGYj1WpWxNU7sZqhC+23QIPJqoKhuzmPJDdOwoDx sogKWVaXB7PkBn/ltxGB7tIrDBxK85yGRPCA3KLOMw== X-Received: by 2002:a7b:ce89:0:b0:402:f07c:4b48 with SMTP id q9-20020a7bce89000000b00402f07c4b48mr15737826wmj.28.1696952349723; Tue, 10 Oct 2023 08:39:09 -0700 (PDT) MIME-Version: 1.0 References: <20231009224347.2076221-1-mmaurer@google.com> <20231010081220.GD377@noisy.programming.kicks-ass.net> In-Reply-To: <20231010081220.GD377@noisy.programming.kicks-ass.net> From: Nick Desaulniers Date: Tue, 10 Oct 2023 08:38:58 -0700 Message-ID: Subject: Re: [PATCH] x86: Enable IBT in Rust if enabled in C To: Peter Zijlstra , Matthew Maurer Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , "H. Peter Anvin" , Boqun Feng , Gary Guo , =?UTF-8?Q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-4.8 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Tue, 10 Oct 2023 08:39:21 -0700 (PDT) On Tue, Oct 10, 2023 at 1:13=E2=80=AFAM Peter Zijlstra wrote: > > On Mon, Oct 09, 2023 at 10:42:54PM +0000, Matthew Maurer wrote: > > These flags are not made conditional on compiler support because at the > > moment exactly one version of rustc supported, and that one supports > > these flags. > > > > Building without these additional flags will manifest as objtool > > printing a large number of errors about missing ENDBR and if CFI is > > enabled (not currently possible) will result in incorrectly structured > > function prefixes. > > Well, I would also imagine running it on actual IBT enabled hardware > will get you a non-booting kernel. Do you know what machine type in QEMU first supports IBT? > > > Signed-off-by: Matthew Maurer Reviewed-by: Nick Desaulniers > > https://godbolt.org/z/bc4n6sq5q Intel asm syntax...my eyes!!! > > --- > > > > Split out the IBT additions as per > > https://lkml.kernel.org/linux-fsdevel/CANiq72kK6ppBE7j=3Dz7uua1cJMKaLoR= 5U3NUAZXT5MrNEs9ZhfQ@mail.gmail.com/ > > > > arch/x86/Makefile | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/arch/x86/Makefile b/arch/x86/Makefile > > index 5bfe5caaa444..941f7abf6dbf 100644 > > --- a/arch/x86/Makefile > > +++ b/arch/x86/Makefile > > @@ -81,6 +81,7 @@ ifeq ($(CONFIG_X86_KERNEL_IBT),y) > > # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D104816 > > # > > KBUILD_CFLAGS +=3D $(call cc-option,-fcf-protection=3Dbranch -fno-jump= -tables) > > +KBUILD_RUSTFLAGS +=3D -Zcf-protection=3Dbranch -Zno-jump-tables > > One question, -Zcf-protection=3Dbranch, will that ever emit NOTRACK > prefix? The kernel very explicitly does not support (enable) NOTRACK. > > > else > > KBUILD_CFLAGS +=3D $(call cc-option,-fcf-protection=3Dnone) > > endif > > -- > > 2.42.0.609.gbb76f46606-goog > > > --=20 Thanks, ~Nick Desaulniers