rust: Enable KCFI support when available

On newer clang, a flag is available which makes KCFI compatibility with rustc possible without significant contortions. Signed-off-by: Matthew Maurer <mmaurer@google.com>
Rust-for-Linux · Sep 15, 2023 · f705f8c · f705f8c
1 parent 0b1e56f
commit f705f8c
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 2 deletions.
diff --git a/Makefile b/Makefile
@@ -976,8 +976,19 @@ export CC_FLAGS_LTO
 endif
 
 ifdef CONFIG_CFI_CLANG
-CC_FLAGS_CFI	:= -fsanitize=kcfi
-KBUILD_CFLAGS	+= $(CC_FLAGS_CFI)
+CC_FLAGS_CFI   := -fsanitize=kcfi
+ifdef CONFIG_RUST
+# If Rust is enabled, this flag is required to support cross-language
+# integer types.
+# This addresses the problem that on e.g. i686, int != long, and Rust
+# maps both to i32.
+# See https://rcvalle.com/docs/rust-cfi-design-doc.pdf for details.
+CC_FLAGS_CFI   += -fsanitize-cfi-icall-experimental-normalize-integers
+RS_FLAGS_CFI   := -Zsanitizer=kcfi -Zsanitizer-cfi-normalize-integers
+KBUILD_RSFLAGS += RS_FLAGS_CFI
+export RS_FLAGS_CFI
+endif
+KBUILD_CFLAGS  += $(CC_FLAGS_CFI)
 export CC_FLAGS_CFI
 endif
 

diff --git a/arch/x86/Makefile b/arch/x86/Makefile
@@ -81,6 +81,7 @@ ifeq ($(CONFIG_X86_KERNEL_IBT),y)
 #   https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104816
 #
 KBUILD_CFLAGS += $(call cc-option,-fcf-protection=branch -fno-jump-tables)
+KBUILD_RUSTFLAGS += -Zcf-protection=branch -Zno-jump-tables
 else
 KBUILD_CFLAGS += $(call cc-option,-fcf-protection=none)
 endif

diff --git a/init/Kconfig b/init/Kconfig
@@ -1889,6 +1889,7 @@ config RUST
 	depends on !GCC_PLUGINS
 	depends on !RANDSTRUCT
 	depends on !DEBUG_INFO_BTF || PAHOLE_HAS_LANG_EXCLUDE
+	depends on !CFI_CLANG || $(cc-option,-fsanitize=kcfi,-fsanitize-cfi-icall-experimental-normalize-integers)
 	select CONSTRUCTORS
 	help
 	  Enables Rust support in the kernel.

diff --git a/rust/Makefile b/rust/Makefile
@@ -365,6 +365,7 @@ quiet_cmd_exports = EXPORTS $@
       cmd_exports = \
 	$(NM) -p --defined-only $< \
 		| grep -E ' (T|R|D) ' | cut -d ' ' -f 3 \
+		| grep -v ^__cfi \
 		| xargs -Isymbol \
 		echo 'EXPORT_SYMBOL_RUST_GPL(symbol);' > $@
 

diff --git a/scripts/generate_rust_target.rs b/scripts/generate_rust_target.rs
@@ -179,6 +179,7 @@ fn main() {
         }
         ts.push("features", features);
         ts.push("llvm-target", "x86_64-linux-gnu");
+        ts.push("supported-sanitizers", ["kcfi"]);
         ts.push("target-pointer-width", "64");
     } else {
         panic!("Unsupported architecture");