Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add fine-grained LLVM CFI support to the Rust compiler #95548

Merged
merged 2 commits into from
Jul 24, 2022

Conversation

rcvalle
Copy link
Member

@rcvalle rcvalle commented Apr 1, 2022

This PR improves the LLVM Control Flow Integrity (CFI) support in the Rust compiler by providing forward-edge control flow protection for Rust-compiled code only by aggregating function pointers in groups identified by their return and parameter types.

Forward-edge control flow protection for C or C++ and Rust -compiled code "mixed binaries" (i.e., for when C or C++ and Rust -compiled code share the same virtual address space) will be provided in later work as part of this project by identifying C char and integer type uses at the time types are encoded (see Type metadata in the design document in the tracking issue #89653).

LLVM CFI can be enabled with -Zsanitizer=cfi and requires LTO (i.e., -Clto).

Thank you again, @eddyb, @nagisa, @pcc, and @tmiasko for all the help!

@rust-highfive
Copy link
Collaborator

Some changes occured to rustc_codegen_gcc

cc @antoyo

@rustbot rustbot added the T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. label Apr 1, 2022
@rust-highfive
Copy link
Collaborator

r? @davidtwco

(rust-highfive has picked a reviewer for you, use r? to override)

@rust-highfive rust-highfive added the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Apr 1, 2022
@rcvalle
Copy link
Member Author

rcvalle commented Apr 1, 2022

r? @nagisa

@rust-highfive rust-highfive assigned nagisa and unassigned davidtwco Apr 1, 2022
@rust-log-analyzer

This comment has been minimized.

@rust-log-analyzer

This comment has been minimized.

Copy link
Member

@nagisa nagisa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a style pass. Too late for me to review the itanium thing but I imagine @tmiasko did a thorough pass through it already.

compiler/rustc_codegen_llvm/src/declare.rs Outdated Show resolved Hide resolved
compiler/rustc_codegen_ssa/src/mir/block.rs Outdated Show resolved Hide resolved
compiler/rustc_symbol_mangling/src/typeid.rs Outdated Show resolved Hide resolved
compiler/rustc_symbol_mangling/src/typeid.rs Outdated Show resolved Hide resolved
compiler/rustc_symbol_mangling/src/typeid.rs Outdated Show resolved Hide resolved
@nagisa
Copy link
Member

nagisa commented Jul 23, 2022

@bors r+ rollup=never

@bors
Copy link
Contributor

bors commented Jul 23, 2022

📌 Commit c8d90e270275f980ea42e76ccc3a52fe67d31cc4 has been approved by nagisa

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Jul 23, 2022
@bors
Copy link
Contributor

bors commented Jul 23, 2022

⌛ Testing commit c8d90e270275f980ea42e76ccc3a52fe67d31cc4 with merge 5c514af3814b732c3702d4f9069e3bf8ae71aa85...

@rust-log-analyzer

This comment has been minimized.

@bors
Copy link
Contributor

bors commented Jul 23, 2022

💔 Test failed - checks-actions

@bors bors added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. and removed S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. labels Jul 23, 2022
rcvalle added 2 commits July 23, 2022 10:51
This commit improves the LLVM Control Flow Integrity (CFI) support in
the Rust compiler by providing forward-edge control flow protection for
Rust-compiled code only by aggregating function pointers in groups
identified by their return and parameter types.

Forward-edge control flow protection for C or C++ and Rust -compiled
code "mixed binaries" (i.e., for when C or C++ and Rust -compiled code
share the same virtual address space) will be provided in later work as
part of this project by identifying C char and integer type uses at the
time types are encoded (see Type metadata in the design document in the
tracking issue rust-lang#89653).

LLVM CFI can be enabled with -Zsanitizer=cfi and requires LTO (i.e.,
-Clto).
This commit updates the documentation for the LLVM Control Flow
Integrity (CFI) support in the Rust compiler (see rust-lang#95548 and rust-lang#89653).
@nagisa
Copy link
Member

nagisa commented Jul 23, 2022

@bors r+

@bors
Copy link
Contributor

bors commented Jul 23, 2022

📌 Commit f792f26 has been approved by nagisa

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Jul 23, 2022
@bors
Copy link
Contributor

bors commented Jul 24, 2022

⌛ Testing commit f792f26 with merge db8086e...

@bors
Copy link
Contributor

bors commented Jul 24, 2022

☀️ Test successful - checks-actions
Approved by: nagisa
Pushing db8086e to master...

@bors bors added the merged-by-bors This PR was explicitly merged by bors. label Jul 24, 2022
@bors bors merged commit db8086e into rust-lang:master Jul 24, 2022
@rustbot rustbot added this to the 1.64.0 milestone Jul 24, 2022
@rust-timer
Copy link
Collaborator

Finished benchmarking commit (db8086e): comparison url.

Instruction count

This benchmark run did not return any relevant results for this metric.

Max RSS (memory usage)

Results
  • Primary benchmarks: no relevant changes found
  • Secondary benchmarks: 😿 relevant regressions found
mean1 max count2
Regressions 😿
(primary)
N/A N/A 0
Regressions 😿
(secondary)
3.6% 4.8% 2
Improvements 🎉
(primary)
N/A N/A 0
Improvements 🎉
(secondary)
N/A N/A 0
All 😿🎉 (primary) N/A N/A 0

Cycles

Results
  • Primary benchmarks: no relevant changes found
  • Secondary benchmarks: mixed results
mean1 max count2
Regressions 😿
(primary)
N/A N/A 0
Regressions 😿
(secondary)
3.4% 3.4% 1
Improvements 🎉
(primary)
N/A N/A 0
Improvements 🎉
(secondary)
-3.1% -3.1% 1
All 😿🎉 (primary) N/A N/A 0

If you disagree with this performance assessment, please file an issue in rust-lang/rustc-perf.

@rustbot label: -perf-regression

Footnotes

  1. the arithmetic mean of the percent change 2

  2. number of relevant changes 2

@rcvalle rcvalle deleted the rust-cfi-2 branch July 26, 2022 23:29
matthiaskrgr pushed a commit to matthiaskrgr/rust that referenced this pull request Mar 7, 2023
Add fine-grained LLVM CFI support to the Rust compiler

This PR improves the LLVM Control Flow Integrity (CFI) support in the Rust compiler by providing forward-edge control flow protection for Rust-compiled code only by aggregating function pointers in groups identified by their return and parameter types.

Forward-edge control flow protection for C or C++ and Rust -compiled code "mixed binaries" (i.e., for when C or C++ and Rust -compiled code share the same virtual address space) will be provided in later work as part of this project by identifying C char and integer type uses at the time types are encoded (see Type metadata in the design document in the tracking issue rust-lang#89653).

LLVM CFI can be enabled with -Zsanitizer=cfi and requires LTO (i.e., -Clto).

Thank you again, `@eddyb,` `@nagisa,` `@pcc,` and `@tmiasko` for all the help!
@rcvalle rcvalle added the PG-exploit-mitigations Project group: Exploit mitigations label Mar 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
merged-by-bors This PR was explicitly merged by bors. PG-exploit-mitigations Project group: Exploit mitigations S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.
Projects
None yet
Development

Successfully merging this pull request may close these issues.