1

cfi: fix conditions for HAVE_CFI_ICALL_NORMALIZE_INTEGERS

The HAVE_CFI_ICALL_NORMALIZE_INTEGERS option has some tricky conditions
when KASAN or GCOV are turned on, as in that case we need some clang and
rustc fixes [1][2] to avoid boot failures. The intent with the current
setup is that you should be able to override the check and turn on the
option if your clang/rustc has the fix. However, this override does not
work in practice. Thus, use the new RUSTC_LLVM_VERSION to correctly
implement the check for whether the fix is available.

Additionally, remove KASAN_HW_TAGS from the list of incompatible
options. The CFI_ICALL_NORMALIZE_INTEGERS option is incompatible with
KASAN because LLVM will emit some constructors when using KASAN that are
assigned incorrect CFI tags. These constructors are emitted due to use
of -fsanitize=kernel-address or -fsanitize=kernel-hwaddress that are
respectively passed when KASAN_GENERIC or KASAN_SW_TAGS are enabled.
However, the KASAN_HW_TAGS option relies on hardware support for MTE
instead and does not pass either flag. (Note also that KASAN_HW_TAGS
does not `select CONSTRUCTORS`.)

Link: https://github.com/llvm/llvm-project/pull/104826 [1]
Link: https://github.com/rust-lang/rust/pull/129373 [2]
Fixes: 4c66f8307a ("cfi: encode cfi normalized integers + kasan/gcov bug in Kconfig")
Signed-off-by: Alice Ryhl <aliceryhl@google.com>
Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
Link: https://lore.kernel.org/r/20241010-icall-detect-vers-v1-2-8f114956aa88@google.com
Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
This commit is contained in:
Alice Ryhl 2024-10-10 09:38:27 +00:00 committed by Miguel Ojeda
parent af0121c2d3
commit 8b8ca9c25f
2 changed files with 13 additions and 15 deletions

View File

@ -838,7 +838,7 @@ config CFI_CLANG
config CFI_ICALL_NORMALIZE_INTEGERS config CFI_ICALL_NORMALIZE_INTEGERS
bool "Normalize CFI tags for integers" bool "Normalize CFI tags for integers"
depends on CFI_CLANG depends on CFI_CLANG
depends on HAVE_CFI_ICALL_NORMALIZE_INTEGERS depends on HAVE_CFI_ICALL_NORMALIZE_INTEGERS_CLANG
help help
This option normalizes the CFI tags for integer types so that all This option normalizes the CFI tags for integer types so that all
integer types of the same size and signedness receive the same CFI integer types of the same size and signedness receive the same CFI
@ -851,21 +851,19 @@ config CFI_ICALL_NORMALIZE_INTEGERS
This option is necessary for using CFI with Rust. If unsure, say N. This option is necessary for using CFI with Rust. If unsure, say N.
config HAVE_CFI_ICALL_NORMALIZE_INTEGERS config HAVE_CFI_ICALL_NORMALIZE_INTEGERS_CLANG
def_bool !GCOV_KERNEL && !KASAN def_bool y
depends on CFI_CLANG
depends on $(cc-option,-fsanitize=kcfi -fsanitize-cfi-icall-experimental-normalize-integers) depends on $(cc-option,-fsanitize=kcfi -fsanitize-cfi-icall-experimental-normalize-integers)
help # With GCOV/KASAN we need this fix: https://github.com/llvm/llvm-project/pull/104826
Is CFI_ICALL_NORMALIZE_INTEGERS supported with the set of compilers depends on CLANG_VERSION >= 190000 || (!GCOV_KERNEL && !KASAN_GENERIC && !KASAN_SW_TAGS)
currently in use?
This option defaults to false if GCOV or KASAN is enabled, as there is config HAVE_CFI_ICALL_NORMALIZE_INTEGERS_RUSTC
an LLVM bug that makes normalized integers tags incompatible with def_bool y
KASAN and GCOV. Kconfig currently does not have the infrastructure to depends on HAVE_CFI_ICALL_NORMALIZE_INTEGERS_CLANG
detect whether your rustc compiler contains the fix for this bug, so depends on RUSTC_VERSION >= 107900
it is assumed that it doesn't. If your compiler has the fix, you can # With GCOV/KASAN we need this fix: https://github.com/rust-lang/rust/pull/129373
explicitly enable this option in your config file. The Kconfig logic depends on (RUSTC_LLVM_VERSION >= 190000 && RUSTC_VERSION >= 108200) || \
needed to detect this will be added in a future kernel release. (!GCOV_KERNEL && !KASAN_GENERIC && !KASAN_SW_TAGS)
config CFI_PERMISSIVE config CFI_PERMISSIVE
bool "Use CFI in permissive mode" bool "Use CFI in permissive mode"

View File

@ -1950,7 +1950,7 @@ config RUST
depends on !GCC_PLUGIN_RANDSTRUCT depends on !GCC_PLUGIN_RANDSTRUCT
depends on !RANDSTRUCT depends on !RANDSTRUCT
depends on !DEBUG_INFO_BTF || PAHOLE_HAS_LANG_EXCLUDE depends on !DEBUG_INFO_BTF || PAHOLE_HAS_LANG_EXCLUDE
depends on !CFI_CLANG || RUSTC_VERSION >= 107900 && HAVE_CFI_ICALL_NORMALIZE_INTEGERS depends on !CFI_CLANG || HAVE_CFI_ICALL_NORMALIZE_INTEGERS_RUSTC
select CFI_ICALL_NORMALIZE_INTEGERS if CFI_CLANG select CFI_ICALL_NORMALIZE_INTEGERS if CFI_CLANG
depends on !CALL_PADDING || RUSTC_VERSION >= 108100 depends on !CALL_PADDING || RUSTC_VERSION >= 108100
depends on !KASAN_SW_TAGS depends on !KASAN_SW_TAGS