Add LLVM KCFI support to the Rust compiler

This commit adds LLVM Kernel Control Flow Integrity (KCFI) support to the Rust compiler. It initially provides forward-edge control flow protection for operating systems kernels for Rust-compiled code only by aggregating function pointers in groups identified by their return and parameter types. (See llvm/llvm-project@cff5bef.) Forward-edge control flow protection for C or C++ and Rust -compiled code "mixed binaries" (i.e., for when C or C++ and Rust -compiled code share the same virtual address space) will be provided in later work as part of this project by identifying C char and integer type uses at the time types are encoded (see Type metadata in the design document in the tracking issue #89653). LLVM KCFI can be enabled with -Zsanitizer=kcfi. Co-authored-by: bjorn3 <17426603+bjorn3@users.noreply.github.com>
2022-11-21 21:29:00 -08:00 · 2022-11-21 21:29:00 -08:00 · 65698ae9f3
commit 65698ae9f3
parent b7bc90fea3
26 changed files with 231 additions and 28 deletions
--- a/compiler/rustc_target/src/spec/mod.rs
+++ b/compiler/rustc_target/src/spec/mod.rs
@ -803,7 +803,7 @@ impl ToJson for StackProbeType {

 bitflags::bitflags! {
    #[derive(Default, Encodable, Decodable)]
-    pub struct SanitizerSet: u8 {
+    pub struct SanitizerSet: u16 {
        const ADDRESS = 1 << 0;
        const LEAK    = 1 << 1;
        const MEMORY  = 1 << 2;
@ -812,6 +812,7 @@ bitflags::bitflags! {
        const CFI     = 1 << 5;
        const MEMTAG  = 1 << 6;
        const SHADOWCALLSTACK = 1 << 7;
+        const KCFI    = 1 << 8;
    }
 }

@ -823,6 +824,7 @@ impl SanitizerSet {
        Some(match self {
            SanitizerSet::ADDRESS => "address",
            SanitizerSet::CFI => "cfi",
+            SanitizerSet::KCFI => "kcfi",
            SanitizerSet::LEAK => "leak",
            SanitizerSet::MEMORY => "memory",
            SanitizerSet::MEMTAG => "memtag",
@ -858,6 +860,7 @@ impl IntoIterator for SanitizerSet {
        [
            SanitizerSet::ADDRESS,
            SanitizerSet::CFI,
+            SanitizerSet::KCFI,
            SanitizerSet::LEAK,
            SanitizerSet::MEMORY,
            SanitizerSet::MEMTAG,
@ -2292,6 +2295,7 @@ impl Target {
                            base.$key_name |= match s.as_str() {
                                Some("address") => SanitizerSet::ADDRESS,
                                Some("cfi") => SanitizerSet::CFI,
+                                Some("kcfi") => SanitizerSet::KCFI,
                                Some("leak") => SanitizerSet::LEAK,
                                Some("memory") => SanitizerSet::MEMORY,
                                Some("memtag") => SanitizerSet::MEMTAG,