diff options
| author | Ramon de C Valle <rcvalle@users.noreply.github.com> | 2022-11-30 16:41:35 -0800 |
|---|---|---|
| committer | Ramon de C Valle <rcvalle@users.noreply.github.com> | 2022-12-08 17:24:43 -0800 |
| commit | e1741baeede88f0341c7fac9c9d0e452521a01b7 (patch) | |
| tree | e38cf904f4ae975d0c85f0ed241cdf29a1ef9b48 | |
| parent | 65698ae9f30f5ad72224edd1884fb4ddd1279366 (diff) | |
| download | rust-e1741baeede88f0341c7fac9c9d0e452521a01b7.tar.gz rust-e1741baeede88f0341c7fac9c9d0e452521a01b7.zip | |
Add documentation for LLVM KCFI support
This commit adds initial documentation for LLVM Kernel Control Flow Integrity (KCFI) support to the Rust compiler (see #105109 and #89653). Co-authored-by: Miguel Ojeda <ojeda@users.noreply.github.com>
| -rw-r--r-- | src/doc/unstable-book/src/compiler-flags/sanitizer.md | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/src/doc/unstable-book/src/compiler-flags/sanitizer.md b/src/doc/unstable-book/src/compiler-flags/sanitizer.md index b33405f18e9..9bbf9e28fff 100644 --- a/src/doc/unstable-book/src/compiler-flags/sanitizer.md +++ b/src/doc/unstable-book/src/compiler-flags/sanitizer.md @@ -14,6 +14,9 @@ This feature allows for use of one of following sanitizers: forward-edge control flow protection. * [HWAddressSanitizer](#hwaddresssanitizer) a memory error detector similar to AddressSanitizer, but based on partial hardware assistance. +* [KernelControlFlowIntegrity](#kernelcontrolflowintegrity) LLVM Kernel Control + Flow Integrity (KCFI) provides forward-edge control flow protection for + operating systems kernels. * [LeakSanitizer](#leaksanitizer) a run-time memory leak detector. * [MemorySanitizer](#memorysanitizer) a detector of uninitialized reads. * [MemTagSanitizer](#memtagsanitizer) fast memory error detector based on @@ -502,6 +505,32 @@ Registers where the failure occurred (pc 0xaaaae0ae4a98): SUMMARY: HWAddressSanitizer: tag-mismatch (/.../main+0x54a94) ``` +# KernelControlFlowIntegrity + +The LLVM Kernel Control Flow Integrity (CFI) support to the Rust compiler +initially provides forward-edge control flow protection for operating systems +kernels for Rust-compiled code only by aggregating function pointers in groups +identified by their return and parameter types. (See [LLVM commit cff5bef "KCFI +sanitizer"](https://github.com/llvm/llvm-project/commit/cff5bef948c91e4919de8a5fb9765e0edc13f3de).) + +Forward-edge control flow protection for C or C++ and Rust -compiled code "mixed +binaries" (i.e., for when C or C++ and Rust -compiled code share the same +virtual address space) will be provided in later work by defining and using +compatible type identifiers (see Type metadata in the design document in the +tracking issue [#89653](https://github.com/rust-lang/rust/issues/89653)). + +LLVM KCFI can be enabled with `-Zsanitizer=kcfi`. + +LLVM KCFI is supported on the following targets: + +* `aarch64-linux-android` +* `aarch64-unknown-linux-gnu` +* `x86_64-linux-android` +* `x86_64-unknown-linux-gnu` + +See the [Clang KernelControlFlowIntegrity documentation][clang-kcfi] for more +details. + # LeakSanitizer LeakSanitizer is run-time memory leak detector. @@ -693,6 +722,7 @@ Sanitizers produce symbolized stacktraces when llvm-symbolizer binary is in `PAT [clang-asan]: https://clang.llvm.org/docs/AddressSanitizer.html [clang-cfi]: https://clang.llvm.org/docs/ControlFlowIntegrity.html [clang-hwasan]: https://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html +[clang-kcfi]: https://clang.llvm.org/docs/ControlFlowIntegrity.html#fsanitize-kcfi [clang-lsan]: https://clang.llvm.org/docs/LeakSanitizer.html [clang-msan]: https://clang.llvm.org/docs/MemorySanitizer.html [clang-scs]: https://clang.llvm.org/docs/ShadowCallStack.html |