From: Alice Ryhl <aliceryhl@google.com>
To: Masahiro Yamada <masahiroy@kernel.org>,
Miguel Ojeda <ojeda@kernel.org>,
Sami Tolvanen <samitolvanen@google.com>,
Kees Cook <kees@kernel.org>,
Nathan Chancellor <nathan@kernel.org>
Cc: "Alex Gaynor" <alex.gaynor@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <benno.lossin@proton.me>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Trevor Gross" <tmgross@umich.edu>,
linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org,
rust-for-linux@vger.kernel.org, llvm@lists.linux.dev,
"Alice Ryhl" <aliceryhl@google.com>
Subject: [PATCH 2/2] cfi: fix conditions for HAVE_CFI_ICALL_NORMALIZE_INTEGERS
Date: Thu, 10 Oct 2024 09:38:27 +0000 [thread overview]
Message-ID: <20241010-icall-detect-vers-v1-2-8f114956aa88@google.com> (raw)
In-Reply-To: <20241010-icall-detect-vers-v1-0-8f114956aa88@google.com>
The HAVE_CFI_ICALL_NORMALIZE_INTEGERS option has some tricky conditions
when KASAN or GCOV are turned on, as in that case we need some clang and
rustc fixes [1][2] to avoid boot failures. The intent with the current
setup is that you should be able to override the check and turn on the
option if your clang/rustc has the fix. However, this override does not
work in practice. Thus, use the new RUSTC_LLVM_VERSION to correctly
implement the check for whether the fix is available.
Additionally, remove KASAN_HW_TAGS from the list of incompatible
options. The CFI_ICALL_NORMALIZE_INTEGERS option is incompatible with
KASAN because LLVM will emit some constructors when using KASAN that are
assigned incorrect CFI tags. These constructors are emitted due to use
of -fsanitize=kernel-address or -fsanitize=kernel-hwaddress that are
respectively passed when KASAN_GENERIC or KASAN_SW_TAGS are enabled.
However, the KASAN_HW_TAGS option relies on hardware support for MTE
instead and does not pass either flag. (Note also that KASAN_HW_TAGS
does not `select CONSTRUCTORS`.)
Link: https://github.com/llvm/llvm-project/pull/104826 [1]
Link: https://github.com/rust-lang/rust/pull/129373 [2]
Fixes: 4c66f8307ac0 ("cfi: encode cfi normalized integers + kasan/gcov bug in Kconfig")
Signed-off-by: Alice Ryhl <aliceryhl@google.com>
---
arch/Kconfig | 26 ++++++++++++--------------
init/Kconfig | 2 +-
2 files changed, 13 insertions(+), 15 deletions(-)
diff --git a/arch/Kconfig b/arch/Kconfig
index 8af374ea1adc..00163e4a237c 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -838,7 +838,7 @@ config CFI_CLANG
config CFI_ICALL_NORMALIZE_INTEGERS
bool "Normalize CFI tags for integers"
depends on CFI_CLANG
- depends on HAVE_CFI_ICALL_NORMALIZE_INTEGERS
+ depends on HAVE_CFI_ICALL_NORMALIZE_INTEGERS_CLANG
help
This option normalizes the CFI tags for integer types so that all
integer types of the same size and signedness receive the same CFI
@@ -851,21 +851,19 @@ config CFI_ICALL_NORMALIZE_INTEGERS
This option is necessary for using CFI with Rust. If unsure, say N.
-config HAVE_CFI_ICALL_NORMALIZE_INTEGERS
- def_bool !GCOV_KERNEL && !KASAN
- depends on CFI_CLANG
+config HAVE_CFI_ICALL_NORMALIZE_INTEGERS_CLANG
+ def_bool y
depends on $(cc-option,-fsanitize=kcfi -fsanitize-cfi-icall-experimental-normalize-integers)
- help
- Is CFI_ICALL_NORMALIZE_INTEGERS supported with the set of compilers
- currently in use?
+ # With GCOV/KASAN we need this fix: https://github.com/llvm/llvm-project/pull/104826
+ depends on CLANG_VERSION >= 190000 || (!GCOV_KERNEL && !KASAN_GENERIC && !KASAN_SW_TAGS)
- This option defaults to false if GCOV or KASAN is enabled, as there is
- an LLVM bug that makes normalized integers tags incompatible with
- KASAN and GCOV. Kconfig currently does not have the infrastructure to
- detect whether your rustc compiler contains the fix for this bug, so
- it is assumed that it doesn't. If your compiler has the fix, you can
- explicitly enable this option in your config file. The Kconfig logic
- needed to detect this will be added in a future kernel release.
+config HAVE_CFI_ICALL_NORMALIZE_INTEGERS_RUSTC
+ def_bool y
+ depends on HAVE_CFI_ICALL_NORMALIZE_INTEGERS_CLANG
+ depends on RUSTC_VERSION >= 107900
+ # With GCOV/KASAN we need this fix: https://github.com/rust-lang/rust/pull/129373
+ depends on (RUSTC_LLVM_VERSION >= 190000 && RUSTC_VERSION >= 108200) || \
+ (!GCOV_KERNEL && !KASAN_GENERIC && !KASAN_SW_TAGS)
config CFI_PERMISSIVE
bool "Use CFI in permissive mode"
diff --git a/init/Kconfig b/init/Kconfig
index 98cf859d58c2..c521e1421ad4 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1950,7 +1950,7 @@ config RUST
depends on !GCC_PLUGIN_RANDSTRUCT
depends on !RANDSTRUCT
depends on !DEBUG_INFO_BTF || PAHOLE_HAS_LANG_EXCLUDE
- depends on !CFI_CLANG || RUSTC_VERSION >= 107900 && HAVE_CFI_ICALL_NORMALIZE_INTEGERS
+ depends on !CFI_CLANG || HAVE_CFI_ICALL_NORMALIZE_INTEGERS_RUSTC
select CFI_ICALL_NORMALIZE_INTEGERS if CFI_CLANG
depends on !CALL_PADDING || RUSTC_VERSION >= 108100
depends on !KASAN_SW_TAGS
--
2.47.0.rc0.187.ge670bccf7e-goog
next prev parent reply other threads:[~2024-10-10 9:38 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-10 9:38 [PATCH 0/2] Normalized CFI integer tags Kconfig fixes Alice Ryhl
2024-10-10 9:38 ` [PATCH 1/2] kbuild: rust: add `CONFIG_RUSTC_LLVM_VERSION` Alice Ryhl
2024-10-10 10:55 ` Miguel Ojeda
2024-10-10 10:58 ` Alice Ryhl
2024-10-10 11:02 ` Alice Ryhl
2024-10-10 20:58 ` Sami Tolvanen
2024-10-11 2:03 ` Masahiro Yamada
2024-10-11 6:58 ` Miguel Ojeda
2024-10-11 11:40 ` [PATCH] " Gary Guo
2024-10-11 11:53 ` Miguel Ojeda
2024-10-11 12:06 ` Gary Guo
2024-10-14 16:27 ` Masahiro Yamada
2024-10-14 22:00 ` Miguel Ojeda
2024-10-14 22:00 ` Miguel Ojeda
2024-10-10 9:38 ` Alice Ryhl [this message]
2024-10-10 20:20 ` [PATCH 2/2] cfi: fix conditions for HAVE_CFI_ICALL_NORMALIZE_INTEGERS Sami Tolvanen
2024-10-14 22:01 ` [PATCH 0/2] Normalized CFI integer tags Kconfig fixes Miguel Ojeda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241010-icall-detect-vers-v1-2-8f114956aa88@google.com \
--to=aliceryhl@google.com \
--cc=a.hindborg@kernel.org \
--cc=alex.gaynor@gmail.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=gary@garyguo.net \
--cc=kees@kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=llvm@lists.linux.dev \
--cc=masahiroy@kernel.org \
--cc=nathan@kernel.org \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=samitolvanen@google.com \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.