rust: support for shadow call stack sanitizer

Darksonn · Darksonn · commit acfded31d485 · 2024-07-18T18:50:47.000+02:00
To use the shadow call stack sanitizer, you must pass special flags: * On arm64, you must pass -ffixed-x18 to your C compiler. * On riscv, you must pass --no-relax-gp to your linker. These requirements also apply to Rust code. When using Rust on arm64, you must pass the -Zfixed-x18 flag to rustc, which has the same effect as the -ffixed-x18 flag does for C code. The -Zfixed-x18 flag requires rustc version 1.80.0 or greater. There is no need to pass any flags to rustc on riscv as only the linker requires additional flags on this platform. On older versions of Rust, it is still possible to use shadow call stack by passing -Ctarget-feature=+reserve-x18 instead of -Zfixed-x18. However, this flag emits a warning during the build, so this patch does not add support for using it. Currently, the compiler thinks that the aarch64-unknown-none target doesn't support -Zsanitizer=shadow-call-stack, so the build will fail if you enable shadow call stack in non-dynamic mode. See [1] for the feature request for this. To avoid this compilation failure, Kconfig is set up to reject such configurations. The `depends on` clause is placed on `config RUST` to avoid a situation where enabling Rust silently turns off the sanitizer. Instead, turning on the sanitizer results in Rust being disabled. We generally do not want changes to CONFIG_RUST to result in any mitigations being changed or turned off. To avoid a cyclic dependency between RUST and RUSTC_VERSION, the RUSTC_VERSION symbol is changed to depend on HAVE_RUST instead of RUST. Link: rust-lang/rust#121972 [1] Signed-off-by: Alice Ryhl <aliceryhl@google.com>
diff --git a/Makefile b/Makefile
@@ -945,6 +945,7 @@ ifdef CONFIG_SHADOW_CALL_STACK
 ifndef CONFIG_DYNAMIC_SCS
 CC_FLAGS_SCS	:= -fsanitize=shadow-call-stack
 KBUILD_CFLAGS	+= $(CC_FLAGS_SCS)
+KBUILD_RUSTFLAGS += -Zsanitizer=shadow-call-stack
 endif
 export CC_FLAGS_SCS
 endif
diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
@@ -57,9 +57,11 @@ KBUILD_AFLAGS	+= $(call cc-option,-mabi=lp64)
 ifneq ($(CONFIG_UNWIND_TABLES),y)
 KBUILD_CFLAGS	+= -fno-asynchronous-unwind-tables -fno-unwind-tables
 KBUILD_AFLAGS	+= -fno-asynchronous-unwind-tables -fno-unwind-tables
+KBUILD_RUSTFLAGS += -Cforce-unwind-tables=n
 else
 KBUILD_CFLAGS	+= -fasynchronous-unwind-tables
 KBUILD_AFLAGS	+= -fasynchronous-unwind-tables
+KBUILD_RUSTFLAGS += -Cforce-unwind-tables=y -Zuse-sync-unwind=n
 endif
 
 ifeq ($(CONFIG_STACKPROTECTOR_PER_TASK),y)
@@ -114,6 +116,7 @@ endif
 
 ifeq ($(CONFIG_SHADOW_CALL_STACK), y)
 KBUILD_CFLAGS	+= -ffixed-x18
+KBUILD_RUSTFLAGS += -Zfixed-x18
 endif
 
 ifeq ($(CONFIG_CPU_BIG_ENDIAN), y)
diff --git a/init/Kconfig b/init/Kconfig
@@ -1906,7 +1906,7 @@ config RUST
 	depends on !MODVERSIONS
 	depends on !GCC_PLUGINS
 	depends on !RANDSTRUCT
-	depends on !SHADOW_CALL_STACK
+	depends on !SHADOW_CALL_STACK || RUSTC_VERSION >= 108000 && DYNAMIC_SCS
 	depends on !DEBUG_INFO_BTF || PAHOLE_HAS_LANG_EXCLUDE
 	help
 	  Enables Rust support in the kernel.
@@ -1923,7 +1923,7 @@ config RUST
 
 config RUSTC_VERSION
 	int
-	depends on RUST
+	depends on HAVE_RUST
 	default $(rustc-version)
 	default 0
 
