Commit 8b8ca9c2 authored by Alice Ryhl's avatar Alice Ryhl Committed by Miguel Ojeda
Browse files

cfi: fix conditions for HAVE_CFI_ICALL_NORMALIZE_INTEGERS 

The HAVE_CFI_ICALL_NORMALIZE_INTEGERS option has some tricky conditions
when KASAN or GCOV are turned on, as in that case we need some clang and
rustc fixes [1][2] to avoid boot failures. The intent with the current
setup is that you should be able to override the check and turn on the
option if your clang/rustc has the fix. However, this override does not
work in practice. Thus, use the new RUSTC_LLVM_VERSION to correctly
implement the check for whether the fix is available.

Additionally, remove KASAN_HW_TAGS from the list of incompatible
options. The CFI_ICALL_NORMALIZE_INTEGERS option is incompatible with
KASAN because LLVM will emit some constructors when using KASAN that are
assigned incorrect CFI tags. These constructors are emitted due to use
of -fsanitize=kernel-address or -fsanitize=kernel-hwaddress that are
respectively passed when KASAN_GENERIC or KASAN_SW_TAGS are enabled.
However, the KASAN_HW_TAGS option relies on hardware support for MTE
instead and does not pass either flag. (Note also that KASAN_HW_TAGS
does not `select CONSTRUCTORS`.)

Link: https://github.com/llvm/llvm-project/pull/104826 [1]
Link: https://github.com/rust-lang/rust/pull/129373

 [2]
Fixes: 4c66f830 ("cfi: encode cfi normalized integers + kasan/gcov bug in Kconfig")
Signed-off-by: default avatarAlice Ryhl <aliceryhl@google.com>
Reviewed-by: default avatarSami Tolvanen <samitolvanen@google.com>
Link: https://lore.kernel.org/r/20241010-icall-detect-vers-v1-2-8f114956aa88@google.com


Signed-off-by: default avatarMiguel Ojeda <ojeda@kernel.org>
parent af0121c2

arch/Kconfig

+12 −14
Original line number Diff line number Diff line
@@ -838,7 +838,7 @@ config CFI_CLANG 
config CFI_ICALL_NORMALIZE_INTEGERS

	bool "Normalize CFI tags for integers"

	depends on CFI_CLANG

	depends on HAVE_CFI_ICALL_NORMALIZE_INTEGERS

	depends on HAVE_CFI_ICALL_NORMALIZE_INTEGERS_CLANG

	help

	  This option normalizes the CFI tags for integer types so that all

	  integer types of the same size and signedness receive the same CFI
@@ -851,21 +851,19 @@ config CFI_ICALL_NORMALIZE_INTEGERS 


	  This option is necessary for using CFI with Rust. If unsure, say N.



config HAVE_CFI_ICALL_NORMALIZE_INTEGERS

	def_bool !GCOV_KERNEL && !KASAN

	depends on CFI_CLANG

config HAVE_CFI_ICALL_NORMALIZE_INTEGERS_CLANG

	def_bool y

	depends on $(cc-option,-fsanitize=kcfi -fsanitize-cfi-icall-experimental-normalize-integers)

	help

	  Is CFI_ICALL_NORMALIZE_INTEGERS supported with the set of compilers

	  currently in use?

	# With GCOV/KASAN we need this fix: https://github.com/llvm/llvm-project/pull/104826

	depends on CLANG_VERSION >= 190000 || (!GCOV_KERNEL && !KASAN_GENERIC && !KASAN_SW_TAGS)



	  This option defaults to false if GCOV or KASAN is enabled, as there is

	  an LLVM bug that makes normalized integers tags incompatible with

	  KASAN and GCOV. Kconfig currently does not have the infrastructure to

	  detect whether your rustc compiler contains the fix for this bug, so

	  it is assumed that it doesn't. If your compiler has the fix, you can

	  explicitly enable this option in your config file. The Kconfig logic

	  needed to detect this will be added in a future kernel release.

config HAVE_CFI_ICALL_NORMALIZE_INTEGERS_RUSTC

	def_bool y

	depends on HAVE_CFI_ICALL_NORMALIZE_INTEGERS_CLANG

	depends on RUSTC_VERSION >= 107900

	# With GCOV/KASAN we need this fix: https://github.com/rust-lang/rust/pull/129373

	depends on (RUSTC_LLVM_VERSION >= 190000 && RUSTC_VERSION >= 108200) || \

		(!GCOV_KERNEL && !KASAN_GENERIC && !KASAN_SW_TAGS)



config CFI_PERMISSIVE

	bool "Use CFI in permissive mode"

init/Kconfig

+1 −1
Original line number Diff line number Diff line
@@ -1950,7 +1950,7 @@ config RUST 
	depends on !GCC_PLUGIN_RANDSTRUCT

	depends on !RANDSTRUCT

	depends on !DEBUG_INFO_BTF || PAHOLE_HAS_LANG_EXCLUDE

	depends on !CFI_CLANG || RUSTC_VERSION >= 107900 && HAVE_CFI_ICALL_NORMALIZE_INTEGERS

	depends on !CFI_CLANG || HAVE_CFI_ICALL_NORMALIZE_INTEGERS_RUSTC

	select CFI_ICALL_NORMALIZE_INTEGERS if CFI_CLANG

	depends on !CALL_PADDING || RUSTC_VERSION >= 108100

	depends on !KASAN_SW_TAGS