Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stabilize control-flow-guard codegen option #73893

Merged
merged 1 commit into from
Jul 22, 2020

Conversation

ajpaverd
Copy link
Contributor

@ajpaverd ajpaverd commented Jun 30, 2020

This is the stabilization PR discussed in #68793. It converts the -Z control-flow-guard debugging option into a codegen option (-C control-flow-guard), and changes the associated tests.

@rust-highfive
Copy link
Collaborator

r? @GuillaumeGomez

(rust_highfive has picked a reviewer for you, use r? to override)

@rust-highfive rust-highfive added the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Jun 30, 2020
@jonas-schievink jonas-schievink added relnotes Marks issues that should be documented in the release notes of the next release. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. labels Jun 30, 2020
@jonas-schievink jonas-schievink added this to the 1.46 milestone Jun 30, 2020
@jonas-schievink
Copy link
Contributor

r? @nikomatsakis

@nikomatsakis
Copy link
Contributor

@rfcbot fcp merge

Dear @rust-lang/compiler -- I move that we stabilize the control-flow-guard codegen option. You can find write-ups with the details in this comment from the tracking issue.

@rfcbot
Copy link

rfcbot commented Jun 30, 2020

Team member @nikomatsakis has proposed to merge this. The next step is review by the rest of the tagged team members:

No concerns currently listed.

Once a majority of reviewers approve (and at most 2 approvals are outstanding), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up!

See this document for info about what commands tagged team members can give me.

@rfcbot rfcbot added proposed-final-comment-period Proposed to merge/close by relevant subteam, see T-<team> label. Will enter FCP once signed off. disposition-merge This issue / PR is in PFCP or FCP with a disposition to merge it. labels Jun 30, 2020
@ollie27
Copy link
Member

ollie27 commented Jul 6, 2020

I tried compiling a simple hello world binary for none MSVC targets with -Zcontrol-flow-guard=y and it doesn't seem to be ignored. On x86_64-pc-windows-gnu along with the warning: Windows Control Flow Guard is not supported by this linker. message I'm getting an undefined reference to `__guard_dispatch_icall_fptr' error. On x86_64-unknown-linux-gnu rustc just segfaults. I can investigate further if needed but I assume we just need to make sure the cfguard module flag is only emitted when actually targeting windows-msvc.

@ajpaverd
Copy link
Contributor Author

ajpaverd commented Jul 6, 2020

I tried compiling a simple hello world binary for none MSVC targets with -Zcontrol-flow-guard=y and it doesn't seem to be ignored. On x86_64-pc-windows-gnu along with the warning: Windows Control Flow Guard is not supported by this linker. message I'm getting an undefined reference to `__guard_dispatch_icall_fptr' error. On x86_64-unknown-linux-gnu rustc just segfaults. I can investigate further if needed but I assume we just need to make sure the cfguard module flag is only emitted when actually targeting windows-msvc.

Thanks for reporting this bug @ollie27! The windows-gnu target was indeed a missed cased. As far as I can see, LLVM should still be ignoring this module flag for any non-Windows target (see e.g. X86TargetMachine.cpp), so the segfault on x86_64-unknown-linux-gnu is surprising, but there could of course be an LLVM bug as well - I'll investigate further. In any case, I agree that only emitting the module flag in rustc if targeting windows-msvc would solve both of these issues, and would also be more robust. I'll submit a separate PR for this.

@nikomatsakis
Copy link
Contributor

ping @petrochenkov @estebank and @eddyb

@rfcbot rfcbot added final-comment-period In the final comment period and will be merged soon unless new substantive objections are raised. and removed proposed-final-comment-period Proposed to merge/close by relevant subteam, see T-<team> label. Will enter FCP once signed off. labels Jul 8, 2020
@rfcbot
Copy link

rfcbot commented Jul 8, 2020

🔔 This is now entering its final comment period, as per the review above. 🔔

Manishearth added a commit to Manishearth/rust that referenced this pull request Jul 10, 2020
…atsakis

Only add CFGuard on `windows-msvc` targets

As @ollie27 pointed out in rust-lang#73893, the `cfguard` module flag causes incorrect behavior on `windows-gnu` targets. This patch restricts rustc to only add this flag for `windows-msvc` targets (this may need to be changed if other linkers gain support for CFGuard).
Manishearth added a commit to Manishearth/rust that referenced this pull request Jul 11, 2020
…atsakis

Only add CFGuard on `windows-msvc` targets

As @ollie27 pointed out in rust-lang#73893, the `cfguard` module flag causes incorrect behavior on `windows-gnu` targets. This patch restricts rustc to only add this flag for `windows-msvc` targets (this may need to be changed if other linkers gain support for CFGuard).
Manishearth added a commit to Manishearth/rust that referenced this pull request Jul 11, 2020
…atsakis

Only add CFGuard on `windows-msvc` targets

As @ollie27 pointed out in rust-lang#73893, the `cfguard` module flag causes incorrect behavior on `windows-gnu` targets. This patch restricts rustc to only add this flag for `windows-msvc` targets (this may need to be changed if other linkers gain support for CFGuard).
Manishearth added a commit to Manishearth/rust that referenced this pull request Jul 11, 2020
…atsakis

Only add CFGuard on `windows-msvc` targets

As @ollie27 pointed out in rust-lang#73893, the `cfguard` module flag causes incorrect behavior on `windows-gnu` targets. This patch restricts rustc to only add this flag for `windows-msvc` targets (this may need to be changed if other linkers gain support for CFGuard).
@bors
Copy link
Contributor

bors commented Jul 11, 2020

☔ The latest upstream changes (presumably #74235) made this pull request unmergeable. Please resolve the merge conflicts.

@ajpaverd ajpaverd force-pushed the cfguard-stabilize branch from 23d8b24 to 31c7aae Compare July 14, 2020 17:03
@rfcbot rfcbot added the finished-final-comment-period The final comment period is finished for this PR / Issue. label Jul 18, 2020
@rfcbot
Copy link

rfcbot commented Jul 18, 2020

The final comment period, with a disposition to merge, as per the review above, is now complete.

As the automated representative of the governance process, I would like to thank the author for their work and everyone else who contributed.

The RFC will be merged soon.

@rfcbot rfcbot removed the final-comment-period In the final comment period and will be merged soon unless new substantive objections are raised. label Jul 18, 2020
@Dylan-DPC-zz Dylan-DPC-zz modified the milestones: 1.46, 1.47 Jul 18, 2020
@nikomatsakis
Copy link
Contributor

@ajpaverd I believe this is ready to merge -- any final changes you had in mind?

@ajpaverd
Copy link
Contributor Author

Thanks @nikomatsakis and all the reviewers! I think this is ready to merge. I guess the question of enabling this mitigation in libstd should be a separate discussion/PR.

@nikomatsakis
Copy link
Contributor

@bors r+

@bors
Copy link
Contributor

bors commented Jul 21, 2020

📌 Commit 31c7aae has been approved by nikomatsakis

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Jul 21, 2020
Manishearth added a commit to Manishearth/rust that referenced this pull request Jul 22, 2020
…atsakis

Stabilize control-flow-guard codegen option

This is the stabilization PR discussed in rust-lang#68793. It converts the `-Z control-flow-guard` debugging option into a codegen option (`-C control-flow-guard`), and changes the associated tests.
Manishearth added a commit to Manishearth/rust that referenced this pull request Jul 22, 2020
…atsakis

Stabilize control-flow-guard codegen option

This is the stabilization PR discussed in rust-lang#68793. It converts the `-Z control-flow-guard` debugging option into a codegen option (`-C control-flow-guard`), and changes the associated tests.
bors added a commit to rust-lang-ci/rust that referenced this pull request Jul 22, 2020
…arth

Rollup of 9 pull requests

Successful merges:

 - rust-lang#73655 (va_args implementation for AAPCS.)
 - rust-lang#73893 (Stabilize control-flow-guard codegen option)
 - rust-lang#74237 (compiletest: Rewrite extract_*_version functions)
 - rust-lang#74454 (small coherence cleanup)
 - rust-lang#74528 (refactor and reword intra-doc link errors)
 - rust-lang#74568 (Apply rust-lang#66379 to `*mut T` `as_ref`)
 - rust-lang#74570 (Use forge links for prioritization procedure)
 - rust-lang#74589 (Update books)
 - rust-lang#74635 (Fix tooltip position if the documentation starts with a code block)

Failed merges:

r? @ghost
@bors bors merged commit 8afb305 into rust-lang:master Jul 22, 2020
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Nov 13, 2020
Pkgsrc changes:
 * Remove patches now integrated upstream, many related to SunOS / Illumos.
 * The LLVM fix for powerpc is also now integrated upstream.
 * Adapt those patches where the source has moved or parts are integrated.
 * The randomness patches no longer applies, and I could not find
   where those files went...
 * Provide a separate bootstrap for NetBSD/powerpc 9.0, since apparently
   the C++ ABI is different from 8.0.  Yes, this appears to be specific to
   the NetBSD powerpc ports.

Upstream changes:

Version 1.47.0 (2020-10-08)
==========================

Language
--------
- [Closures will now warn when not used.][74869]

Compiler
--------
- [Stabilized the `-C control-flow-guard` codegen option][73893], which enables
  [Control Flow Guard][1.47.0-cfg] for Windows platforms, and is ignored on
  other platforms.
- [Upgraded to LLVM 11.][73526]
- [Added tier 3\* support for the `thumbv4t-none-eabi` target.][74419]
- [Upgrade the FreeBSD toolchain to version 11.4][75204]
- [`RUST_BACKTRACE`'s output is now more compact.][75048]

\* Refer to Rust's [platform support page][forge-platform-support] for more
information on Rust's tiered platform support.

Libraries
---------
- [`CStr` now implements `Index<RangeFrom<usize>>`.][74021]
- [Traits in `std`/`core` are now implemented for arrays of any length, not just
  those of length less than 33.][74060]
- [`ops::RangeFull` and `ops::Range` now implement Default.][73197]
- [`panic::Location` now implements `Copy`, `Clone`, `Eq`, `Hash`, `Ord`,
  `PartialEq`, and `PartialOrd`.][73583]

Stabilized APIs
---------------
- [`Ident::new_raw`]
- [`Range::is_empty`]
- [`RangeInclusive::is_empty`]
- [`Result::as_deref`]
- [`Result::as_deref_mut`]
- [`Vec::leak`]
- [`pointer::offset_from`]
- [`f32::TAU`]
- [`f64::TAU`]

The following previously stable APIs have now been made const.

- [The `new` method for all `NonZero` integers.][73858]
- [The `checked_add`,`checked_sub`,`checked_mul`,`checked_neg`, `checked_shl`,
  `checked_shr`, `saturating_add`, `saturating_sub`, and `saturating_mul`
  methods for all integers.][73858]
- [The `checked_abs`, `saturating_abs`, `saturating_neg`, and `signum`  for all
  signed integers.][73858]
- [The `is_ascii_alphabetic`, `is_ascii_uppercase`, `is_ascii_lowercase`,
  `is_ascii_alphanumeric`, `is_ascii_digit`, `is_ascii_hexdigit`,
  `is_ascii_punctuation`, `is_ascii_graphic`, `is_ascii_whitespace`, and
  `is_ascii_control` methods for `char` and `u8`.][73858]

Cargo
-----
- [`build-dependencies` are now built with opt-level 0 by default.][cargo/8500]
  You can override this by setting the following in your `Cargo.toml`.
  ```toml
  [profile.release.build-override]
  opt-level = 3
  ```
- [`cargo-help` will now display man pages for commands rather just the
  `--help` text.][cargo/8456]
- [`cargo-metadata` now emits a `test` field indicating if a target has
  tests enabled.][cargo/8478]
- [`workspace.default-members` now respects `workspace.exclude`.][cargo/8485]
- [`cargo-publish` will now use an alternative registry by default if it's the
  only registry specified in `package.publish`.][cargo/8571]

Misc
----
- [Added a help button beside Rustdoc's searchbar that explains rustdoc's
  type based search.][75366]
- [Added the Ayu theme to rustdoc.][71237]

Compatibility Notes
-------------------
- [Bumped the minimum supported Emscripten version to 1.39.20.][75716]
- [Fixed a regression parsing `{} && false` in tail expressions.][74650]
- [Added changes to how proc-macros are expanded in `macro_rules!` that should
  help to preserve more span information.][73084] These changes may cause
  compiliation errors if your macro was unhygenic or didn't correctly handle
  `Delimiter::None`.
- [Moved support for the CloudABI target to tier 3.][75568]
- [`linux-gnu` targets now require minimum kernel 2.6.32 and glibc 2.11.][74163]

Internal Only
--------
- [Improved default settings for bootstrapping in `x.py`.][73964]
  You can read details about this change in the ["Changes to `x.py`
  defaults"](https://blog.rust-lang.org/inside-rust/2020/08/30/changes-to-x-py-defaults.html)
  post on the Inside Rust blog.

- [Added the `rustc-docs` component.][75560] This allows you to install
  and read the documentation for the compiler internal APIs. (Currently only
  available for `x86_64-unknown-linux-gnu`.)

[1.47.0-cfg]: https://docs.microsoft.com/en-us/windows/win32/secbp/control-flow-guard
[76980]: rust-lang/rust#76980
[75048]: rust-lang/rust#75048
[74163]: rust-lang/rust#74163
[71237]: rust-lang/rust#71237
[74869]: rust-lang/rust#74869
[73858]: rust-lang/rust#73858
[75716]: rust-lang/rust#75716
[75908]: rust-lang/rust#75908
[75516]: rust-lang/rust#75516
[75560]: rust-lang/rust#75560
[75568]: rust-lang/rust#75568
[75366]: rust-lang/rust#75366
[75204]: rust-lang/rust#75204
[74650]: rust-lang/rust#74650
[74419]: rust-lang/rust#74419
[73964]: rust-lang/rust#73964
[74021]: rust-lang/rust#74021
[74060]: rust-lang/rust#74060
[73893]: rust-lang/rust#73893
[73526]: rust-lang/rust#73526
[73583]: rust-lang/rust#73583
[73084]: rust-lang/rust#73084
[73197]: rust-lang/rust#73197
[72488]: rust-lang/rust#72488
[cargo/8456]: rust-lang/cargo#8456
[cargo/8478]: rust-lang/cargo#8478
[cargo/8485]: rust-lang/cargo#8485
[cargo/8500]: rust-lang/cargo#8500
[cargo/8571]: rust-lang/cargo#8571
[`Ident::new_raw`]:  https://doc.rust-lang.org/nightly/proc_macro/struct.Ident.html#method.new_raw
[`Range::is_empty`]: https://doc.rust-lang.org/nightly/std/ops/struct.Range.html#method.is_empty
[`RangeInclusive::is_empty`]: https://doc.rust-lang.org/nightly/std/ops/struct.RangeInclusive.html#method.is_empty
[`Result::as_deref_mut`]: https://doc.rust-lang.org/nightly/std/result/enum.Result.html#method.as_deref_mut
[`Result::as_deref`]: https://doc.rust-lang.org/nightly/std/result/enum.Result.html#method.as_deref
[`TypeId::of`]: https://doc.rust-lang.org/nightly/std/any/struct.TypeId.html#method.of
[`Vec::leak`]: https://doc.rust-lang.org/nightly/std/vec/struct.Vec.html#method.leak
[`f32::TAU`]: https://doc.rust-lang.org/nightly/std/f32/consts/constant.TAU.html
[`f64::TAU`]: https://doc.rust-lang.org/nightly/std/f64/consts/constant.TAU.html
[`pointer::offset_from`]: https://doc.rust-lang.org/nightly/std/primitive.pointer.html#method.offset_from
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
disposition-merge This issue / PR is in PFCP or FCP with a disposition to merge it. finished-final-comment-period The final comment period is finished for this PR / Issue. relnotes Marks issues that should be documented in the release notes of the next release. S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants