From nobody Thu Dec 18 00:45:23 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B8CB4158DA7; Wed, 24 Jul 2024 16:15:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721837722; cv=none; b=GjDkTj/GR+D6UKKmzCvxwIBoPTsLekkENTIUw73ktjnGDTwzAE+sGPYOv7j1YlY3HXQUiSXdw8aK6VvA+qpqfURei93fNG21VuqY9PfI9RhoZy6IcSfw/8a4OTGvxulDgi2Cvs6ZpFnEH4JT42hB9PJqpTQUd8GvPTYRKKFwSE4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721837722; c=relaxed/simple; bh=XWZEvVncWNQU08txXncXxWG+iRfEAo91RZkkjZxh1zI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=j9J9OoC9GSCseTw8xLdF5RKEX1nj7KznV3qAXfEVCW2ecPET8AU432Y1ib4dNvQ3xpBaAQSvkpPDX4IWGAy442UZYMcqDXC/y5O7MfajDyupvH1cmSkxU0TMMCwFtDRJ05VH6WlCAQeOK283LmLs/yv4C1v2Qo3FG3j/BVEN+zk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=HFSyptWK; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="HFSyptWK" Received: by smtp.kernel.org (Postfix) with ESMTPSA id D1E89C4AF0B; Wed, 24 Jul 2024 16:15:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1721837722; bh=XWZEvVncWNQU08txXncXxWG+iRfEAo91RZkkjZxh1zI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=HFSyptWK4b57Lmyk1a2bXr/2Orsb7SSZLahbADTChWKxZYKi7xI6dinh6rCuw+NY2 dCzP/mgDxXCq6dwGQbpCW1Ul5pkkcqKas0VqarXD2Clc+z8TBeUKsPPNwTjU+Bk4Hx nqToGf05CxswLyuHn5QQKnsARKvt2b3cHScyrAKKxD8gRhLiopzZhW/b63bi6329L+ PgGZcLrsV2hVMyE8uUkSIlqFl8Dxww7k09YpGqmKAXDk+C9XVeTQ/71YSGzl+pvck5 uUVJQfb0IbUlFgWl3mTl9D0P/2FblRIc3ntKxR8eC3d2k2yPqdiSKpxW3xhAeF6x/n VbnSdrdSZhEJA== From: Miguel Ojeda To: Josh Poimboeuf , Peter Zijlstra , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Masahiro Yamada Cc: x86@kernel.org, "H. Peter Anvin" , Nathan Chancellor , Nicolas Schier , Miguel Ojeda , Wedson Almeida Filho , Alex Gaynor , Boqun Feng , Gary Guo , =?UTF-8?q?Bj=C3=B6rn=20Roy=20Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, patches@lists.linux.dev Subject: [PATCH v2 1/6] rust: module: add static pointer to `{init,cleanup}_module()` Date: Wed, 24 Jul 2024 18:14:54 +0200 Message-ID: <20240724161501.1319115-2-ojeda@kernel.org> In-Reply-To: <20240724161501.1319115-1-ojeda@kernel.org> References: <20240724161501.1319115-1-ojeda@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add the equivalent of the `___ADDRESSABLE()` annotation in the `module_{init,exit}` macros to the Rust `module!` macro. Without this, `objtool` would complain if enabled for Rust, e.g.: samples/rust/rust_print.o: warning: objtool: cleanup_module(): not an i= ndirect call target samples/rust/rust_print.o: warning: objtool: init_module(): not an indi= rect call target Signed-off-by: Miguel Ojeda Reviewed-by: Gary Guo Tested-by: Alice Ryhl Tested-by: Benno Lossin Tested-by: Miguel Ojeda --- rust/macros/module.rs | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/rust/macros/module.rs b/rust/macros/module.rs index 411dc103d82e..571ffa2e189c 100644 --- a/rust/macros/module.rs +++ b/rust/macros/module.rs @@ -256,6 +256,12 @@ mod __module_init {{ unsafe {{ __init() }} }} =20 + #[cfg(MODULE)] + #[doc(hidden)] + #[used] + #[link_section =3D \".init.data\"] + static __UNIQUE_ID___addressable_init_module: unsafe e= xtern \"C\" fn() -> i32 =3D init_module; + #[cfg(MODULE)] #[doc(hidden)] #[no_mangle] @@ -269,6 +275,12 @@ mod __module_init {{ unsafe {{ __exit() }} }} =20 + #[cfg(MODULE)] + #[doc(hidden)] + #[used] + #[link_section =3D \".exit.data\"] + static __UNIQUE_ID___addressable_cleanup_module: exter= n \"C\" fn() =3D cleanup_module; + // Built-in modules are initialized through an initcal= l pointer // and the identifiers need to be unique. #[cfg(not(MODULE))] --=20 2.45.2 From nobody Thu Dec 18 00:45:23 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3539A15EFC1; Wed, 24 Jul 2024 16:15:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721837729; cv=none; b=AUz491ky7WK+jYHjQAQoOE7eY76Z6uabBIC2+tK/VU4Qta+nUkPDLuQRz6XVXHiBxb4WHaT6F4HSkhd2n5MNBq/926FR7dcMhdRA2D1i5R2T6Kt2rNBL/QNPyaACShHVt2ff3ZSzCSV82Yo//vRb5wk2T9c+dlwKBEPAEJIaBP4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721837729; c=relaxed/simple; bh=sDKbew3IsQNjST81obR6SPncq+a1HWISE2Uo/Fh6iUk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Bd1BE9jXFysYMeaI1TTQIR/rqqHkz2jnlVTucLlXZW4J+0gfraJ5TQTM/R0Tr84sgaltv2lWC+KEiFFKzIWBbcu168tEJERUbH1gRjDJywfEGkbdzWbMCDc/t0oNJytcrlnARg9hsXl/LTj73FOFPCwZXkoNU2icOU8/4w+MDqs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=oXcTe+nD; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="oXcTe+nD" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0E02AC32781; Wed, 24 Jul 2024 16:15:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1721837728; bh=sDKbew3IsQNjST81obR6SPncq+a1HWISE2Uo/Fh6iUk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=oXcTe+nD5ieOmdhKhnHGhAeHOUA7ETE7Y/tN7k1DUru5yaqnGdxCk80p6+5ObC4uf jjkcEvFEYTHHG+0k/cy+y4tKyJfsOeAS0I1YZMdBaRDlDvwNjsJK9yZU+jK7md9rz8 NRsv3/BY+KYrh5C+M5fVeM2KTI2Boyp0kOKZzqHD9805UegVVqcDzvpm3sX74lMLvB CFMqQ272deKdQA7lmuxrwFAwC4EuuE5thYKIIigtLxS9QE0fDzL/7w0RPbp8yJtLme A39xwIGu6AXEOCQOr1YZDcr084FMcsjaRe0uAA92OMKlAJob2D9GQyegzKwHKu6+wA vlP8VHLYy73wg== From: Miguel Ojeda To: Josh Poimboeuf , Peter Zijlstra , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Masahiro Yamada Cc: x86@kernel.org, "H. Peter Anvin" , Nathan Chancellor , Nicolas Schier , Miguel Ojeda , Wedson Almeida Filho , Alex Gaynor , Boqun Feng , Gary Guo , =?UTF-8?q?Bj=C3=B6rn=20Roy=20Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, patches@lists.linux.dev, Daniel Borkmann Subject: [PATCH v2 2/6] x86/rust: support MITIGATION_RETPOLINE Date: Wed, 24 Jul 2024 18:14:55 +0200 Message-ID: <20240724161501.1319115-3-ojeda@kernel.org> In-Reply-To: <20240724161501.1319115-1-ojeda@kernel.org> References: <20240724161501.1319115-1-ojeda@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Support `MITIGATION_RETPOLINE` by enabling the target features that Clang does. The existing target feature being enabled was a leftover from our old `rust` branch, and it is not enough: the target feature `retpoline-external-thunk` only implies `retpoline-indirect-calls`, but not `retpoline-indirect-branches` (see LLVM's `X86.td`), unlike Clang's flag of the same name `-mretpoline-external-thunk` which does imply both (see Clang's `lib/Driver/ToolChains/Arch/X86.cpp`). Without this, `objtool` would complain if enabled for Rust, e.g.: rust/core.o: warning: objtool: _R...escape_default+0x13: indirect jump found in RETPOLINE build In addition, change the comment to note that LLVM is the one disabling jump tables when retpoline is enabled, thus we do not need to use `-Zno-jump-tables` for Rust here -- see commit c58f2166ab39 ("Introduce the "retpoline" x86 mitigation technique ...") [1]: The goal is simple: avoid generating code which contains an indirect branch that could have its prediction poisoned by an attacker. In many cases, the compiler can simply use directed conditional branches and a small search tree. LLVM already has support for lowering switches in this way and the first step of this patch is to disable jump-table lowering of switches and introduce a pass to rewrite explicit indirectbr sequences into a switch over integers. As well as a live example at [2]. These should be eventually enabled via `-Ctarget-feature` when `rustc` starts recognizing them (or via a new dedicated flag) [3]. Cc: Daniel Borkmann Link: https://github.com/llvm/llvm-project/commit/c58f2166ab3987f37cb0d7815= b561bff5a20a69a [1] Link: https://godbolt.org/z/G4YPr58qG [2] Link: https://github.com/rust-lang/rust/issues/116852 [3] Signed-off-by: Miguel Ojeda Reviewed-by: Gary Guo Tested-by: Alice Ryhl Tested-by: Benno Lossin --- arch/x86/Makefile | 2 +- scripts/generate_rust_target.rs | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/arch/x86/Makefile b/arch/x86/Makefile index 801fd85c3ef6..e8214bff1aeb 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -220,7 +220,7 @@ ifdef CONFIG_MITIGATION_RETPOLINE KBUILD_CFLAGS +=3D $(RETPOLINE_CFLAGS) # Additionally, avoid generating expensive indirect jumps which # are subject to retpolines for small number of switch cases. - # clang turns off jump table generation by default when under + # LLVM turns off jump table generation by default when under # retpoline builds, however, gcc does not for x86. This has # only been fixed starting from gcc stable version 8.4.0 and # onwards, but not for older ones. See gcc bug #86952. diff --git a/scripts/generate_rust_target.rs b/scripts/generate_rust_target= .rs index 641b713a033a..44952f0a3aac 100644 --- a/scripts/generate_rust_target.rs +++ b/scripts/generate_rust_target.rs @@ -164,7 +164,14 @@ fn main() { ); let mut features =3D "-3dnow,-3dnowa,-mmx,+soft-float".to_string(); if cfg.has("MITIGATION_RETPOLINE") { + // The kernel uses `-mretpoline-external-thunk` (for Clang), w= hich Clang maps to the + // target feature of the same name plus the other two target f= eatures in + // `clang/lib/Driver/ToolChains/Arch/X86.cpp`. These should be= eventually enabled via + // `-Ctarget-feature` when `rustc` starts recognizing them (or= via a new dedicated + // flag); see https://github.com/rust-lang/rust/issues/116852. features +=3D ",+retpoline-external-thunk"; + features +=3D ",+retpoline-indirect-branches"; + features +=3D ",+retpoline-indirect-calls"; } ts.push("features", features); ts.push("llvm-target", "x86_64-linux-gnu"); -- 2.45.2 From nobody Thu Dec 18 00:45:23 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 53F9015B134; Wed, 24 Jul 2024 16:15:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721837735; cv=none; b=afb9nZ7V7aS/z1ndJ2T8jTR5xXF83/1vrhn+mgBvnC1YRGbHBCVh5DbxSuS1N58BXps7YMt/xfAIsAiKJpTaKERoOPW6vC9XaXoAY1JfeL7lUxERpa8HQ139tW1XZEVUEkz2xM1d4h1JBDr9ddwFn5hUqgUJWBQndXm0WU0xfVc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721837735; c=relaxed/simple; bh=62HOawHTIw3KVJYCgacE1sz8810PmzPRoDT7e9avsRo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=fFI5uC/9O9ss4dNc0XIUgIsF3xgvUGxNLHbdbPwXX/y3F+9wODd00PIU3favMq7HAvtX9O3a+Ex0WniASzEZQgO3XBTZU9AiWf6U7FkDCoXfn7A1YiOrCN5n6KlglPgA75NhMyQRt8RngyHzbvCgd4nv+uMdccFBm0TYoEaWI3s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=iAanHT0v; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="iAanHT0v" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7109BC32781; Wed, 24 Jul 2024 16:15:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1721837735; bh=62HOawHTIw3KVJYCgacE1sz8810PmzPRoDT7e9avsRo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=iAanHT0vv/S/66XOcrpIaFVo24vR6XHyfD/sNV9aZcLCGfa3uIDJ66nObaW4vPfpg l2mFR5niCvHnexbJ8TMDNQBrTgUb5JHN+0Zp+7eOj5XtCGez2nTZ2DkpOEu9oXlJP4 6dgAbnE8xME/w/UE2iu+/dDkUVuF6+6RT162DP8yZR+OgqpG7rM0C+u4rmpsCESlfl E61wgwSM3XWnLo6GaKHqioleudaBPAGvLTdMWWvixVXOeqqq7IqIUH9yCbpfKZrtln hCqBAzXErinuqvePpfFghKeA9qe0wClltjlgrdVGUrPrAzNq84fPYGw7bCtKZ0euGM FgTscqe1nJHWQ== From: Miguel Ojeda To: Josh Poimboeuf , Peter Zijlstra , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Masahiro Yamada Cc: x86@kernel.org, "H. Peter Anvin" , Nathan Chancellor , Nicolas Schier , Miguel Ojeda , Wedson Almeida Filho , Alex Gaynor , Boqun Feng , Gary Guo , =?UTF-8?q?Bj=C3=B6rn=20Roy=20Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, patches@lists.linux.dev Subject: [PATCH v2 3/6] x86/rust: support MITIGATION_RETHUNK Date: Wed, 24 Jul 2024 18:14:56 +0200 Message-ID: <20240724161501.1319115-4-ojeda@kernel.org> In-Reply-To: <20240724161501.1319115-1-ojeda@kernel.org> References: <20240724161501.1319115-1-ojeda@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The Rust compiler added support for `-Zfunction-return=3Dthunk-extern` [1] in 1.76.0 [2], i.e. the equivalent of `-mfunction-return=3Dthunk-extern`. Thus add support for `MITIGATION_RETHUNK`. Without this, `objtool` would warn if enabled for Rust and already warns under IBT builds, e.g.: samples/rust/rust_print.o: warning: objtool: _R...init+0xa5c: 'naked' return found in RETHUNK build Link: https://github.com/rust-lang/rust/issues/116853 [1] Link: https://github.com/rust-lang/rust/pull/116892 [2] Signed-off-by: Miguel Ojeda Reviewed-by: Gary Guo Tested-by: Alice Ryhl Tested-by: Benno Lossin --- arch/x86/Makefile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/x86/Makefile b/arch/x86/Makefile index e8214bff1aeb..a1883a30a5d8 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -24,11 +24,15 @@ RETPOLINE_CFLAGS +=3D $(call cc-option,-mindirect-branc= h-cs-prefix) =20 ifdef CONFIG_MITIGATION_RETHUNK RETHUNK_CFLAGS :=3D -mfunction-return=3Dthunk-extern +RETHUNK_RUSTFLAGS :=3D -Zfunction-return=3Dthunk-extern RETPOLINE_CFLAGS +=3D $(RETHUNK_CFLAGS) +RETPOLINE_RUSTFLAGS +=3D $(RETHUNK_RUSTFLAGS) endif =20 export RETHUNK_CFLAGS +export RETHUNK_RUSTFLAGS export RETPOLINE_CFLAGS +export RETPOLINE_RUSTFLAGS export RETPOLINE_VDSO_CFLAGS =20 # For gcc stack alignment is specified with -mpreferred-stack-boundary, @@ -218,6 +222,7 @@ KBUILD_CFLAGS +=3D -fno-asynchronous-unwind-tables # Avoid indirect branches in kernel to deal with Spectre ifdef CONFIG_MITIGATION_RETPOLINE KBUILD_CFLAGS +=3D $(RETPOLINE_CFLAGS) + KBUILD_RUSTFLAGS +=3D $(RETPOLINE_RUSTFLAGS) # Additionally, avoid generating expensive indirect jumps which # are subject to retpolines for small number of switch cases. # LLVM turns off jump table generation by default when under --=20 2.45.2 From nobody Thu Dec 18 00:45:23 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 862DB15E5DC; Wed, 24 Jul 2024 16:15:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721837741; cv=none; b=qM+GyMwtg2PaeWchs7hS2XVtkkIkzUl+NVe8EH1g2902Q61EXS7HojhAAKRrKaRhTTuxDAU3SoEawb9xuYzCFtrc5x50UQkPjy2Oz9Qr9yEbGUIwZVQhGFqEGdEiWYTc7IH2c6O/j2OPhSCQ+d2sSMH30bdNGDbbkaD8c/Xj/wA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721837741; c=relaxed/simple; bh=JjJsN/FzkXwzpwKYvwcVO1h/1p2V89dpbFM+/qYYWcU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=GH6Tp5EMnw8wxXbPVfkqAwmJt8js5JCA2T/E0LPUX4M9P7Yyny6JKCOuKsMNmnPEAZwTD2YhefTdSZRPz+PJXBuHoiIZHhQoSyCDv6z3JoJ0G9WE930CAfZHCFYqk0Ug6HpSnShOeWDy+7LSQdhWGgTUKVswvy8BkS6oVFp+b2c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Hv85D+bL; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Hv85D+bL" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9894BC32781; Wed, 24 Jul 2024 16:15:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1721837741; bh=JjJsN/FzkXwzpwKYvwcVO1h/1p2V89dpbFM+/qYYWcU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Hv85D+bLQllw7E5DXLnMY4obG06zABtO7uJ8l3IHxK4SBLsDJ75+nCGlbopXXVMnQ lq6sQDJZ01jomOese3bNGUEJGOUH/Ui0z4xjSUbb5Asfp/et0MFmCjYvreEOtMlGYa 7aIk0jWTEuVQCaIkDY+wqr+Y2/Eg8DveNNQhHfyGxnilcqsqOawq4x2yQAUWF6E/4l Axi6TI6s0BdOCX+1FPMGI0rdGfkvzQpAnmIcqroIGlAhBsU59loPD1jfoiuOp7h3XO g7XFaDfn6ei8Efzvtn8APvfUiozB0L/4DfKMlezM6Dl2B/ioJFnP5NHlv+dHV7h+0J Tl5WrqHiYQ1rg== From: Miguel Ojeda To: Josh Poimboeuf , Peter Zijlstra , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Masahiro Yamada Cc: x86@kernel.org, "H. Peter Anvin" , Nathan Chancellor , Nicolas Schier , Miguel Ojeda , Wedson Almeida Filho , Alex Gaynor , Boqun Feng , Gary Guo , =?UTF-8?q?Bj=C3=B6rn=20Roy=20Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, patches@lists.linux.dev Subject: [PATCH v2 4/6] x86/rust: support MITIGATION_SLS Date: Wed, 24 Jul 2024 18:14:57 +0200 Message-ID: <20240724161501.1319115-5-ojeda@kernel.org> In-Reply-To: <20240724161501.1319115-1-ojeda@kernel.org> References: <20240724161501.1319115-1-ojeda@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Support `MITIGATION_SLS` by enabling the target features that Clang does. Without this, `objtool` would complain if enabled for Rust, e.g.: rust/core.o: warning: objtool: _R...next_up+0x44: missing int3 after ret These should be eventually enabled via `-Ctarget-feature` when `rustc` starts recognizing them (or via a new dedicated flag) [1]. Link: https://github.com/rust-lang/rust/issues/116851 [1] Signed-off-by: Miguel Ojeda Reviewed-by: Gary Guo Tested-by: Alice Ryhl Tested-by: Benno Lossin --- scripts/generate_rust_target.rs | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/scripts/generate_rust_target.rs b/scripts/generate_rust_target= .rs index 44952f0a3aac..ba1bd455e160 100644 --- a/scripts/generate_rust_target.rs +++ b/scripts/generate_rust_target.rs @@ -173,6 +173,14 @@ fn main() { features +=3D ",+retpoline-indirect-branches"; features +=3D ",+retpoline-indirect-calls"; } + if cfg.has("MITIGATION_SLS") { + // The kernel uses `-mharden-sls=3Dall`, which Clang maps to b= oth these target features in + // `clang/lib/Driver/ToolChains/Arch/X86.cpp`. These should be= eventually enabled via + // `-Ctarget-feature` when `rustc` starts recognizing them (or= via a new dedicated + // flag); see https://github.com/rust-lang/rust/issues/116851. + features +=3D ",+harden-sls-ijmp"; + features +=3D ",+harden-sls-ret"; + } ts.push("features", features); ts.push("llvm-target", "x86_64-linux-gnu"); ts.push("target-pointer-width", "64"); -- 2.45.2 From nobody Thu Dec 18 00:45:23 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C4B05171BB; Wed, 24 Jul 2024 16:15:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721837747; cv=none; b=TMdMs1xagI3hyrRpuxFy5XRijJHn0+Y/Ai73eV87J1Rd+8FkG55rMHW4QpPjkjfPAdiU9DBcvlC+uL98xTXS/PA+MTpNqK7w2cBJCQ856HXfp588keTfKIBlGVlgGb7QmXXxZf4mNYeDLjAU/ezuuG4VE3D/nR/P8JM3kMiqQ5c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721837747; c=relaxed/simple; bh=M1N+bP3TKgNJUJQcJY99MqXZl55fVzueDXJIefZrph0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=P0JXGI1gOv7pl5XSVGgVqqkC5VGKB9/UJkPjFomhSpqQm7yYBttyY+XmxHnY3UPRbWMqDGmFixuZM9/Q9IiWJBfZxtJux9OqkDvXu/lKtcd041OWo3tWGwPQVl8aVqSPu+z0N8kG8+TCP/9Kwi1bOcgs0uIhAlhZsUF9zhCuoqA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=IvCkB9+E; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="IvCkB9+E" Received: by smtp.kernel.org (Postfix) with ESMTPSA id C4A42C32781; Wed, 24 Jul 2024 16:15:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1721837747; bh=M1N+bP3TKgNJUJQcJY99MqXZl55fVzueDXJIefZrph0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=IvCkB9+Eck5uobL+XFawEywRWKStGU5NIgPkIH8fyikKgJwVRgtdYoXyW3KEYDly2 HzLYLSpIsGNrBYOKf1DisrYGUdTOcIVbrlYgGtUuwm2tHOoKud15C0cUq1bXmPDF/G h5Tte860PeIiUqoWlFJYw+1iqKrYHT5PLPb6RFb3Z8M9xG9sOn8bw9sfW/IieRfU8X b5GNA2xrvfiQ9Z7W8LFt6H/94sFElt0kcp4QYW6j8+pjOJIyzUel83yfFYZWViJrVv ZXROAoI9kTv94Zb3zMIvW+gAJDwdE0FI34ao5UWIECZ++Wug9pNtyr1Fb8ItRlJ3QA RQ/EnZtJgvquw== From: Miguel Ojeda To: Josh Poimboeuf , Peter Zijlstra , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Masahiro Yamada Cc: x86@kernel.org, "H. Peter Anvin" , Nathan Chancellor , Nicolas Schier , Miguel Ojeda , Wedson Almeida Filho , Alex Gaynor , Boqun Feng , Gary Guo , =?UTF-8?q?Bj=C3=B6rn=20Roy=20Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, patches@lists.linux.dev Subject: [PATCH v2 5/6] objtool: list `noreturn` Rust functions Date: Wed, 24 Jul 2024 18:14:58 +0200 Message-ID: <20240724161501.1319115-6-ojeda@kernel.org> In-Reply-To: <20240724161501.1319115-1-ojeda@kernel.org> References: <20240724161501.1319115-1-ojeda@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Rust functions may be `noreturn` (i.e. diverging) by returning the "never" type, `!`, e.g. fn f() -> ! { loop {} } Thus list the known `noreturn` functions to avoid such warnings. Without this, `objtool` would complain if enabled for Rust, e.g.: rust/core.o: warning: objtool: _R...9panic_fmt() falls through to next function _R...18panic_nounwind_= fmt() rust/alloc.o: warning: objtool: .text: unexpected end of section In order to do so, we cannot match symbols' names exactly, for two reasons: - Rust mangling scheme [1] contains disambiguators [2] which we cannot predict (e.g. they may vary depending on the compiler version). One possibility to solve this would be to parse v0 and ignore/zero those before comparison. - Some of the diverging functions come from `core` and `alloc`, i.e. the Rust standard library, which may change with each compiler version since they are implementation details (e.g. `panic_internals`). Thus, to workaround both issues, only part of the symbols are matched, instead of using the `NORETURN` macro in `noreturns.h`. Ideally, just like for the C side, we should have a better solution. For instance, the compiler could give us the list via something like: $ rustc --print noreturns ... Link: https://rust-lang.github.io/rfcs/2603-rust-symbol-name-mangling-v0.ht= ml [1] Link: https://doc.rust-lang.org/rustc/symbol-mangling/v0.html#disambiguator= [2] Signed-off-by: Miguel Ojeda Tested-by: Alice Ryhl Tested-by: Benno Lossin --- Please let me know if there is a better solution -- what kind of solution w= as being thought about for C as mentioned in `noreturns.h`? Would it help for = Rust? tools/objtool/check.c | 36 +++++++++++++++++++++++++++++++++++- tools/objtool/noreturns.h | 2 ++ 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/tools/objtool/check.c b/tools/objtool/check.c index 0a33d9195b7a..0afdcee038fd 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -177,6 +177,20 @@ static bool is_sibling_call(struct instruction *insn) return (is_static_jump(insn) && insn_call_dest(insn)); } +/* + * Checks if a string ends with another. + */ +static bool str_ends_with(const char *s, const char *sub) +{ + const int slen =3D strlen(s); + const int sublen =3D strlen(sub); + + if (sublen > slen) + return 0; + + return !memcmp(s + slen - sublen, sub, sublen); +} + /* * This checks to see if the given function is a "noreturn" function. * @@ -202,10 +216,30 @@ static bool __dead_end_function(struct objtool_file *= file, struct symbol *func, if (!func) return false; - if (func->bind =3D=3D STB_GLOBAL || func->bind =3D=3D STB_WEAK) + if (func->bind =3D=3D STB_GLOBAL || func->bind =3D=3D STB_WEAK) { + /* + * Rust standard library functions. + * + * These are just heuristics -- we do not control the precise symbol + * name, due to the crate disambiguators (which depend on the compiler) + * as well as changes to the source code itself between versions. + */ + if (!strncmp(func->name, "_R", 2) && + (str_ends_with(func->name, "_4core6option13unwrap_failed") || + str_ends_with(func->name, "_4core6result13unwrap_failed") || + str_ends_with(func->name, "_4core9panicking5panic") || + str_ends_with(func->name, "_4core9panicking9panic_fmt") || + str_ends_with(func->name, "_4core9panicking14panic_explicit") || + str_ends_with(func->name, "_4core9panicking18panic_bounds_check") = || + strstr(func->name, "_4core9panicking11panic_const24panic_const_") = || + (strstr(func->name, "_4core5slice5index24slice_") && + str_ends_with(func->name, "_fail")))) + return true; + for (i =3D 0; i < ARRAY_SIZE(global_noreturns); i++) if (!strcmp(func->name, global_noreturns[i])) return true; + } if (func->bind =3D=3D STB_WEAK) return false; diff --git a/tools/objtool/noreturns.h b/tools/objtool/noreturns.h index 7ebf29c91184..82a001ac433b 100644 --- a/tools/objtool/noreturns.h +++ b/tools/objtool/noreturns.h @@ -35,6 +35,8 @@ NORETURN(panic) NORETURN(panic_smp_self_stop) NORETURN(rest_init) NORETURN(rewind_stack_and_make_dead) +NORETURN(rust_begin_unwind) +NORETURN(rust_helper_BUG) NORETURN(sev_es_terminate) NORETURN(snp_abort) NORETURN(start_kernel) -- 2.45.2 From nobody Thu Dec 18 00:45:23 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 495B0171BB; Wed, 24 Jul 2024 16:15:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721837754; cv=none; b=VdzOfs9YBGH+LY0VgbcwnPQcH5PgVeB/dLWsfzO5lTij2TXrQCHDx/DmFKk+QVeXqZCZDjRcOhgkKxjFLh2fKC9kicUIk+nkJ9XuZtMglNJ4FecTSnMW3+UJLXRmGGOPvta2eQHs6lJFji0Ut68FGe9FHGArG6hTQ1jANAZwh2k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721837754; c=relaxed/simple; bh=0/hiCSUjGonwjymNGnxXjWCGKGZIBkbETFeLBJg2AN8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=iw80zdnRyEr42JVPJypXS/3+Pf5TIQ4IeywzKzGx4z8ECFQ3Ju106WPEhluYGYhhpGu60JAJ5wa6A7y++wsBei86LRotVL2dGCNP26KTxwHeHN2Jt7J0Rn/DXUPn+oB93wpJFL5Ydh8dHC9StT6xpXuSUIFY1aE7uUWOzS9Zou0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=iIWbnI13; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="iIWbnI13" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1CD69C32781; Wed, 24 Jul 2024 16:15:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1721837753; bh=0/hiCSUjGonwjymNGnxXjWCGKGZIBkbETFeLBJg2AN8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=iIWbnI13o1EbyQjHmgIKaEm6OVbaYGHQybD2hbT9SGXPbrUlYXjRKib2SOre07brC 7FrP0/HqIXgkAVIePValSU28CTaHDG2thvXooKBFllGJzNqqz/Cuu3SszdRubRsLQK BxJK6LLjASoJmsdeuBC0lkJbpz6RJ8REESmzSjdMr1WFuWmzbCTrIGrpMIGBMxmVVe 2oK/F7AwbtMZ0x62QWB4tSGFn8/62xvhn3rHut44Csdy8JAawBJJvKYxHylWq8C/Gj 91TCEDg6mVCCBvyzHtR3rhQkxAQdWHbR/At5euryV4eIML4QJeaTSEs1OaITZ2QcZV dAE1n2Mb18T1Q== From: Miguel Ojeda To: Josh Poimboeuf , Peter Zijlstra , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Masahiro Yamada Cc: x86@kernel.org, "H. Peter Anvin" , Nathan Chancellor , Nicolas Schier , Miguel Ojeda , Wedson Almeida Filho , Alex Gaynor , Boqun Feng , Gary Guo , =?UTF-8?q?Bj=C3=B6rn=20Roy=20Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, patches@lists.linux.dev, linux-kbuild@vger.kernel.org Subject: [PATCH v2 6/6] objtool/kbuild/rust: enable objtool for Rust Date: Wed, 24 Jul 2024 18:14:59 +0200 Message-ID: <20240724161501.1319115-7-ojeda@kernel.org> In-Reply-To: <20240724161501.1319115-1-ojeda@kernel.org> References: <20240724161501.1319115-1-ojeda@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Now that we should be `objtool`-warning free, enable `objtool` for Rust too. Before this patch series, we were already getting warnings under e.g. IBT builds, since those would see Rust code via `vmlinux`. Signed-off-by: Miguel Ojeda Tested-by: Alice Ryhl Tested-by: Benno Lossin --- rust/Makefile | 22 ++++++++++++++-------- scripts/Makefile.build | 9 +++++++-- 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/rust/Makefile b/rust/Makefile index bf05e65365da..1756238b641d 100644 --- a/rust/Makefile +++ b/rust/Makefile @@ -344,7 +344,8 @@ quiet_cmd_rustc_library =3D $(if $(skip_clippy),RUSTC,$= (RUSTC_OR_CLIPPY_QUIET)) L --crate-type rlib -L$(objtree)/$(obj) \ --crate-name $(patsubst %.o,%,$(notdir $@)) $< \ --sysroot=3D/dev/null \ - $(if $(rustc_objcopy),;$(OBJCOPY) $(rustc_objcopy) $@) + $(if $(rustc_objcopy),;$(OBJCOPY) $(rustc_objcopy) $@) \ + $(cmd_objtool) =20 rust-analyzer: $(Q)$(srctree)/scripts/generate_rust_analyzer.py \ @@ -366,44 +367,49 @@ ifneq ($(or $(CONFIG_ARM64),$(and $(CONFIG_RISCV),$(C= ONFIG_64BIT))),) __ashlti3 __lshrti3 endif =20 +define rule_rustc_library + $(call cmd_and_fixdep,rustc_library) + $(call cmd,gen_objtooldep) +endef + $(obj)/core.o: private skip_clippy =3D 1 $(obj)/core.o: private skip_flags =3D -Wunreachable_pub $(obj)/core.o: private rustc_objcopy =3D $(foreach sym,$(redirect-intrinsi= cs),--redefine-sym $(sym)=3D__rust$(sym)) $(obj)/core.o: private rustc_target_flags =3D $(core-cfgs) $(obj)/core.o: $(RUST_LIB_SRC)/core/src/lib.rs FORCE - +$(call if_changed_dep,rustc_library) + +$(call if_changed_rule,rustc_library) ifdef CONFIG_X86_64 $(obj)/core.o: scripts/target.json endif =20 $(obj)/compiler_builtins.o: private rustc_objcopy =3D -w -W '__*' $(obj)/compiler_builtins.o: $(src)/compiler_builtins.rs $(obj)/core.o FORCE - +$(call if_changed_dep,rustc_library) + +$(call if_changed_rule,rustc_library) =20 $(obj)/alloc.o: private skip_clippy =3D 1 $(obj)/alloc.o: private skip_flags =3D -Wunreachable_pub $(obj)/alloc.o: private rustc_target_flags =3D $(alloc-cfgs) $(obj)/alloc.o: $(RUST_LIB_SRC)/alloc/src/lib.rs $(obj)/compiler_builtins.= o FORCE - +$(call if_changed_dep,rustc_library) + +$(call if_changed_rule,rustc_library) =20 $(obj)/build_error.o: $(src)/build_error.rs $(obj)/compiler_builtins.o FOR= CE - +$(call if_changed_dep,rustc_library) + +$(call if_changed_rule,rustc_library) =20 $(obj)/bindings.o: $(src)/bindings/lib.rs \ $(obj)/compiler_builtins.o \ $(obj)/bindings/bindings_generated.rs \ $(obj)/bindings/bindings_helpers_generated.rs FORCE - +$(call if_changed_dep,rustc_library) + +$(call if_changed_rule,rustc_library) =20 $(obj)/uapi.o: $(src)/uapi/lib.rs \ $(obj)/compiler_builtins.o \ $(obj)/uapi/uapi_generated.rs FORCE - +$(call if_changed_dep,rustc_library) + +$(call if_changed_rule,rustc_library) =20 $(obj)/kernel.o: private rustc_target_flags =3D --extern alloc \ --extern build_error --extern macros --extern bindings --extern uapi $(obj)/kernel.o: $(src)/kernel/lib.rs $(obj)/alloc.o $(obj)/build_error.o \ $(obj)/libmacros.so $(obj)/bindings.o $(obj)/uapi.o FORCE - +$(call if_changed_dep,rustc_library) + +$(call if_changed_rule,rustc_library) =20 endif # CONFIG_RUST diff --git a/scripts/Makefile.build b/scripts/Makefile.build index efacca63c897..72b1232b1f7d 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -288,10 +288,15 @@ rust_common_cmd =3D \ # would not match each other. =20 quiet_cmd_rustc_o_rs =3D $(RUSTC_OR_CLIPPY_QUIET) $(quiet_modtag) $@ - cmd_rustc_o_rs =3D $(rust_common_cmd) --emit=3Dobj=3D$@ $< + cmd_rustc_o_rs =3D $(rust_common_cmd) --emit=3Dobj=3D$@ $< $(cmd_obj= tool) + +define rule_rustc_o_rs + $(call cmd_and_fixdep,rustc_o_rs) + $(call cmd,gen_objtooldep) +endef =20 $(obj)/%.o: $(obj)/%.rs FORCE - +$(call if_changed_dep,rustc_o_rs) + +$(call if_changed_rule,rustc_o_rs) =20 quiet_cmd_rustc_rsi_rs =3D $(RUSTC_OR_CLIPPY_QUIET) $(quiet_modtag) $@ cmd_rustc_rsi_rs =3D \ --=20 2.45.2