Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp474961rdg; Thu, 12 Oct 2023 10:51:59 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHK65MjZX0wEHQgaq3x7K8pTumg+32EWfbnjyHo+uLmtL65bjqim4Uu62svETvpYkR/engj X-Received: by 2002:a17:902:e890:b0:1bf:193a:70b6 with SMTP id w16-20020a170902e89000b001bf193a70b6mr35558646plg.5.1697133118870; Thu, 12 Oct 2023 10:51:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697133118; cv=none; d=google.com; s=arc-20160816; b=kZlge73C7aySImlYh8oy078RBvv9xpb5iRHYXR2qMPKJcUvDVcN4qXALLA0wcGtWXi MAyt8iBRepq9wqXQy5B7XwnxnbbI/12ltplM6yGyeIEzTTOIUlxh9VhK8h3ETgl8lB/O tNp5TrWyBYCi/9WHLICB+fgQm8E+23N4i22r/cO/oztEWkHoTz1RM/w8D/KkbTGxzg8W YlbugEDEXXTurdFWXAF9mnbBviyhEHYTaTN8lsiMwzrAaKlanDW3WPZqlnurDTseKqkQ 6SYzDjxe82ksyLTgbRQv1yYK9N88UlZKk3D77TAMeCEvudsfeOSDCW1UqEj5ucYVm8nD YGQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=R/kcvd3Ium4zd9I0dnayawEHaM8pcXlmWMrCCjUShbo=; fh=e872fpLdfL4/2rWMHgmceAB9JRiqvVSHAifj5dB0tqE=; b=bUEB25lOI93mkYveIWyzWrLZTL31N/QGnS2RmpOmUOHPILCxIfuD3VNsX7Ppb2Jgam YAPHrxQKQlNU9DyHESaKGSuUrUB7/e3QMQlPtBhJ9wdVKAOM681ZlXDuRYd9baHilyyb GhAskLt0/HM8pwaG1aBYeTKEgjgbj0j/gcQmpShJUyTQumQ9uqgNflmbyFTZm5hidrnJ MF7EwIhbMvG06m5faP5nAQWAlS3/vuzNjShwIIs0UHqR9sUrofzvr/sIJGYJ8E2ULEKL m94zCcl/VhXBj89KM5cyLuwezjiSZ4NhF6lcPxTfgSVmeXE74XuEKsoJORv/45mF2zem QxIA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=0mQKAuRI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id s15-20020a170902ea0f00b001c75540d9fesi2803836plg.587.2023.10.12.10.51.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Oct 2023 10:51:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=0mQKAuRI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 1C0AB808E3C5; Thu, 12 Oct 2023 10:51:20 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1379549AbjJLRvR (ORCPT + 99 others); Thu, 12 Oct 2023 13:51:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47808 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344076AbjJLRvQ (ORCPT ); Thu, 12 Oct 2023 13:51:16 -0400 Received: from mail-ua1-x933.google.com (mail-ua1-x933.google.com [IPv6:2607:f8b0:4864:20::933]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A2631C9 for ; Thu, 12 Oct 2023 10:51:13 -0700 (PDT) Received: by mail-ua1-x933.google.com with SMTP id a1e0cc1a2514c-7b636ee2b38so543738241.0 for ; Thu, 12 Oct 2023 10:51:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1697133072; x=1697737872; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=R/kcvd3Ium4zd9I0dnayawEHaM8pcXlmWMrCCjUShbo=; b=0mQKAuRIcSr6hy010fhBMrl9ZEM4Xe4pJWPbHpUN501+9tkheiocN6MI6qpWh8NUDG iJ+/Pqpk2pDL0RUz/SMCxrxP7NkpaF0zoP4d4mQfTc1I3HtVqzLEhqGlCuTpnoW4Vpo6 ME9+fZKMDe6WOTwNj4370TSrAouQj0Ys28swrZWHRD0zu70hqJF24WOMwyf1dkDCIn0P kM6SwW37gEqKD9cW6IZZZiMmnVP96rQWfsxnX8W5XPocVVS2c3zAkXPXtj2lUYnwqVXL sRCzgMVSltI1g1qAFR3U/Kr9E75BqCweR3g4DNxc/YFikS+gSIIIpMkrkqFHnHHVOrAm k1vQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697133072; x=1697737872; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=R/kcvd3Ium4zd9I0dnayawEHaM8pcXlmWMrCCjUShbo=; b=Utpptwh+EBVqpGq3iPFaiVBIGjxEBeApTOZ2Kp5c+uT34c2+mZqj+/Cx6qxPwGeJk1 7f4XA6rydZFsiXTLA3MGpPq7yO+JAaIpFEr3F6NI5BnRGlbD8WB0A2LprkSV4IpIEND2 1f0NkEsG2nI0g4dFCXRPMPY0Zry2Og2EyCohqI54CIFs+QJnLkLM4ZrfbdYld9dzk+vz YUSektrxxAJS9puBvo1u8eOZwHyHIkOppFbsiSVeiCvWPiLJne49yAXuu6aRNChE8dhD DRPeRHPQBgZk5ndV6CRfGdq2+UdYoWj4GeAs9990MPQ1EpE0g1FTu7omNVn6Kc0034Bl HbOg== X-Gm-Message-State: AOJu0YwebNYtUEGlhpbjRhpu10coJdHZaAgo58IYmKnQ8Q1GnA92gOiw Gdf40ZgKF8NHy/P9sT5EDx/tEcXOGcvAl1I88hwPSw== X-Received: by 2002:a05:6102:579b:b0:452:6d82:56e3 with SMTP id dh27-20020a056102579b00b004526d8256e3mr13976905vsb.6.1697133072474; Thu, 12 Oct 2023 10:51:12 -0700 (PDT) MIME-Version: 1.0 References: <20220927131518.30000-1-ojeda@kernel.org> <20220927131518.30000-26-ojeda@kernel.org> <20231012104741.GN6307@noisy.programming.kicks-ass.net> In-Reply-To: <20231012104741.GN6307@noisy.programming.kicks-ass.net> From: Sami Tolvanen Date: Thu, 12 Oct 2023 10:50:36 -0700 Message-ID: Subject: Re: [PATCH v10 25/27] x86: enable initial Rust support To: Peter Zijlstra Cc: Miguel Ojeda , Miguel Ojeda , Linus Torvalds , Greg Kroah-Hartman , rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, patches@lists.linux.dev, Jarkko Sakkinen , Kees Cook , Alex Gaynor , Wedson Almeida Filho , David Gow , Boqun Feng , Gary Guo , =?UTF-8?Q?Bj=C3=B6rn_Roy_Baron?= , Jonathan Corbet , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , linux-doc@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 12 Oct 2023 10:51:20 -0700 (PDT) On Thu, Oct 12, 2023 at 3:47=E2=80=AFAM Peter Zijlstra wrote: > > On Fri, Oct 14, 2022 at 11:34:30AM -0700, Sami Tolvanen wrote: > > On Fri, Oct 14, 2022 at 11:05 AM Miguel Ojeda > > wrote: > > > > > > On Tue, Oct 11, 2022 at 1:16 AM Sami Tolvanen wrote: > > > > > > > > Rust supports IBT with -Z cf-protection=3Dbranch, but I don't see t= his > > > > option being enabled in the kernel yet. Cross-language CFI is going= to > > > > require a lot more work though because the type systems are not qui= te > > > > compatible: > > > > > > > > https://github.com/rust-lang/rfcs/pull/3296 > > > > > > I have pinged Ramon de C Valle as he is the author of the RFC above > > > and implementation work too; since a month or so ago he also leads th= e > > > Exploit Mitigations Project Group in Rust. > > > > Thanks, Miguel. I also talked to Ramon about KCFI earlier this week > > and he expressed interest in helping with rustc support for it. In the > > meanwhile, I think we can just add a depends on !CFI_CLANG to avoid > > issues here. > > Having just read up on the thing it looks like the KCFI thing is > resolved. > > I'm not sure I understand most of the objections in that thread through > -- enabling CFI *will* break stuff, so what. > > Squashing the integer types seems a workable compromise I suppose. One > thing that's been floated in the past is adding a 'seed' attribute to > some functions in order to distinguish functions of otherwise identical > signature. > > The Rust thing would then also need to support this attribute. > > Are there any concrete plans for this? It would allow, for example, > to differentiate address_space_operations::swap_deactivate() from any > other random function that takes only a file argument, say: > locks_remove_file(). I haven't really had time to look into it, so no concrete plans yet. Adding an attribute shouldn't be terribly difficult, but Kees expressed interest in automatic salting as well, which might be a more involved project: https://github.com/ClangBuiltLinux/linux/issues/1736 Sami