mirror of
https://github.com/torvalds/linux.git
synced 2024-11-12 23:23:03 +00:00
284a3ac4a9
Support `MITIGATION_RETPOLINE` by enabling the target features that
Clang does.
The existing target feature being enabled was a leftover from
our old `rust` branch, and it is not enough: the target feature
`retpoline-external-thunk` only implies `retpoline-indirect-calls`, but
not `retpoline-indirect-branches` (see LLVM's `X86.td`), unlike Clang's
flag of the same name `-mretpoline-external-thunk` which does imply both
(see Clang's `lib/Driver/ToolChains/Arch/X86.cpp`).
Without this, `objtool` would complain if enabled for Rust, e.g.:
rust/core.o: warning: objtool:
_R...escape_default+0x13: indirect jump found in RETPOLINE build
In addition, change the comment to note that LLVM is the one disabling
jump tables when retpoline is enabled, thus we do not need to use
`-Zno-jump-tables` for Rust here -- see commit c58f2166ab39 ("Introduce
the "retpoline" x86 mitigation technique ...") [1]:
The goal is simple: avoid generating code which contains an indirect
branch that could have its prediction poisoned by an attacker. In
many cases, the compiler can simply use directed conditional
branches and a small search tree. LLVM already has support for
lowering switches in this way and the first step of this patch is
to disable jump-table lowering of switches and introduce a pass to
rewrite explicit indirectbr sequences into a switch over integers.
As well as a live example at [2].
These should be eventually enabled via `-Ctarget-feature` when `rustc`
starts recognizing them (or via a new dedicated flag) [3].
Cc: Daniel Borkmann <daniel@iogearbox.net>
Link: c58f2166ab [1]
Link: https://godbolt.org/z/G4YPr58qG [2]
Link: https://github.com/rust-lang/rust/issues/116852 [3]
Reviewed-by: Gary Guo <gary@garyguo.net>
Tested-by: Alice Ryhl <aliceryhl@google.com>
Tested-by: Benno Lossin <benno.lossin@proton.me>
Link: https://github.com/Rust-for-Linux/linux/issues/945
Link: https://lore.kernel.org/r/20240725183325.122827-3-ojeda@kernel.org
Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
217 lines
7.0 KiB
Rust
217 lines
7.0 KiB
Rust
// SPDX-License-Identifier: GPL-2.0
|
|
|
|
//! The custom target specification file generator for `rustc`.
|
|
//!
|
|
//! To configure a target from scratch, a JSON-encoded file has to be passed
|
|
//! to `rustc` (introduced in [RFC 131]). These options and the file itself are
|
|
//! unstable. Eventually, `rustc` should provide a way to do this in a stable
|
|
//! manner. For instance, via command-line arguments. Therefore, this file
|
|
//! should avoid using keys which can be set via `-C` or `-Z` options.
|
|
//!
|
|
//! [RFC 131]: https://rust-lang.github.io/rfcs/0131-target-specification.html
|
|
|
|
use std::{
|
|
collections::HashMap,
|
|
fmt::{Display, Formatter, Result},
|
|
io::BufRead,
|
|
};
|
|
|
|
enum Value {
|
|
Boolean(bool),
|
|
Number(i32),
|
|
String(String),
|
|
Object(Object),
|
|
}
|
|
|
|
type Object = Vec<(String, Value)>;
|
|
|
|
/// Minimal "almost JSON" generator (e.g. no `null`s, no arrays, no escaping),
|
|
/// enough for this purpose.
|
|
impl Display for Value {
|
|
fn fmt(&self, formatter: &mut Formatter<'_>) -> Result {
|
|
match self {
|
|
Value::Boolean(boolean) => write!(formatter, "{}", boolean),
|
|
Value::Number(number) => write!(formatter, "{}", number),
|
|
Value::String(string) => write!(formatter, "\"{}\"", string),
|
|
Value::Object(object) => {
|
|
formatter.write_str("{")?;
|
|
if let [ref rest @ .., ref last] = object[..] {
|
|
for (key, value) in rest {
|
|
write!(formatter, "\"{}\": {},", key, value)?;
|
|
}
|
|
write!(formatter, "\"{}\": {}", last.0, last.1)?;
|
|
}
|
|
formatter.write_str("}")
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
struct TargetSpec(Object);
|
|
|
|
impl TargetSpec {
|
|
fn new() -> TargetSpec {
|
|
TargetSpec(Vec::new())
|
|
}
|
|
}
|
|
|
|
trait Push<T> {
|
|
fn push(&mut self, key: &str, value: T);
|
|
}
|
|
|
|
impl Push<bool> for TargetSpec {
|
|
fn push(&mut self, key: &str, value: bool) {
|
|
self.0.push((key.to_string(), Value::Boolean(value)));
|
|
}
|
|
}
|
|
|
|
impl Push<i32> for TargetSpec {
|
|
fn push(&mut self, key: &str, value: i32) {
|
|
self.0.push((key.to_string(), Value::Number(value)));
|
|
}
|
|
}
|
|
|
|
impl Push<String> for TargetSpec {
|
|
fn push(&mut self, key: &str, value: String) {
|
|
self.0.push((key.to_string(), Value::String(value)));
|
|
}
|
|
}
|
|
|
|
impl Push<&str> for TargetSpec {
|
|
fn push(&mut self, key: &str, value: &str) {
|
|
self.push(key, value.to_string());
|
|
}
|
|
}
|
|
|
|
impl Push<Object> for TargetSpec {
|
|
fn push(&mut self, key: &str, value: Object) {
|
|
self.0.push((key.to_string(), Value::Object(value)));
|
|
}
|
|
}
|
|
|
|
impl Display for TargetSpec {
|
|
fn fmt(&self, formatter: &mut Formatter<'_>) -> Result {
|
|
// We add some newlines for clarity.
|
|
formatter.write_str("{\n")?;
|
|
if let [ref rest @ .., ref last] = self.0[..] {
|
|
for (key, value) in rest {
|
|
write!(formatter, " \"{}\": {},\n", key, value)?;
|
|
}
|
|
write!(formatter, " \"{}\": {}\n", last.0, last.1)?;
|
|
}
|
|
formatter.write_str("}")
|
|
}
|
|
}
|
|
|
|
struct KernelConfig(HashMap<String, String>);
|
|
|
|
impl KernelConfig {
|
|
/// Parses `include/config/auto.conf` from `stdin`.
|
|
fn from_stdin() -> KernelConfig {
|
|
let mut result = HashMap::new();
|
|
|
|
let stdin = std::io::stdin();
|
|
let mut handle = stdin.lock();
|
|
let mut line = String::new();
|
|
|
|
loop {
|
|
line.clear();
|
|
|
|
if handle.read_line(&mut line).unwrap() == 0 {
|
|
break;
|
|
}
|
|
|
|
if line.starts_with('#') {
|
|
continue;
|
|
}
|
|
|
|
let (key, value) = line.split_once('=').expect("Missing `=` in line.");
|
|
result.insert(key.to_string(), value.trim_end_matches('\n').to_string());
|
|
}
|
|
|
|
KernelConfig(result)
|
|
}
|
|
|
|
/// Does the option exist in the configuration (any value)?
|
|
///
|
|
/// The argument must be passed without the `CONFIG_` prefix.
|
|
/// This avoids repetition and it also avoids `fixdep` making us
|
|
/// depend on it.
|
|
fn has(&self, option: &str) -> bool {
|
|
let option = "CONFIG_".to_owned() + option;
|
|
self.0.contains_key(&option)
|
|
}
|
|
}
|
|
|
|
fn main() {
|
|
let cfg = KernelConfig::from_stdin();
|
|
let mut ts = TargetSpec::new();
|
|
|
|
// `llvm-target`s are taken from `scripts/Makefile.clang`.
|
|
if cfg.has("ARM64") {
|
|
panic!("arm64 uses the builtin rustc aarch64-unknown-none target");
|
|
} else if cfg.has("RISCV") {
|
|
if cfg.has("64BIT") {
|
|
panic!("64-bit RISC-V uses the builtin rustc riscv64-unknown-none-elf target");
|
|
} else {
|
|
panic!("32-bit RISC-V is an unsupported architecture");
|
|
}
|
|
} else if cfg.has("X86_64") {
|
|
ts.push("arch", "x86_64");
|
|
ts.push(
|
|
"data-layout",
|
|
"e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-i128:128-f80:128-n8:16:32:64-S128",
|
|
);
|
|
let mut features = "-mmx,+soft-float".to_string();
|
|
if cfg.has("MITIGATION_RETPOLINE") {
|
|
// The kernel uses `-mretpoline-external-thunk` (for Clang), which Clang maps to the
|
|
// target feature of the same name plus the other two target features in
|
|
// `clang/lib/Driver/ToolChains/Arch/X86.cpp`. These should be eventually enabled via
|
|
// `-Ctarget-feature` when `rustc` starts recognizing them (or via a new dedicated
|
|
// flag); see https://github.com/rust-lang/rust/issues/116852.
|
|
features += ",+retpoline-external-thunk";
|
|
features += ",+retpoline-indirect-branches";
|
|
features += ",+retpoline-indirect-calls";
|
|
}
|
|
ts.push("features", features);
|
|
ts.push("llvm-target", "x86_64-linux-gnu");
|
|
ts.push("target-pointer-width", "64");
|
|
} else if cfg.has("X86_32") {
|
|
// This only works on UML, as i386 otherwise needs regparm support in rustc
|
|
if !cfg.has("UML") {
|
|
panic!("32-bit x86 only works under UML");
|
|
}
|
|
ts.push("arch", "x86");
|
|
ts.push(
|
|
"data-layout",
|
|
"e-m:e-p:32:32-p270:32:32-p271:32:32-p272:64:64-i128:128-f64:32:64-f80:32-n8:16:32-S128",
|
|
);
|
|
let mut features = "-mmx,+soft-float".to_string();
|
|
if cfg.has("MITIGATION_RETPOLINE") {
|
|
features += ",+retpoline-external-thunk";
|
|
}
|
|
ts.push("features", features);
|
|
ts.push("llvm-target", "i386-unknown-linux-gnu");
|
|
ts.push("target-pointer-width", "32");
|
|
} else if cfg.has("LOONGARCH") {
|
|
panic!("loongarch uses the builtin rustc loongarch64-unknown-none-softfloat target");
|
|
} else {
|
|
panic!("Unsupported architecture");
|
|
}
|
|
|
|
ts.push("emit-debug-gdb-scripts", false);
|
|
ts.push("frame-pointer", "may-omit");
|
|
ts.push(
|
|
"stack-probes",
|
|
vec![("kind".to_string(), Value::String("none".to_string()))],
|
|
);
|
|
|
|
// Everything else is LE, whether `CPU_LITTLE_ENDIAN` is declared or not
|
|
// (e.g. x86). It is also `rustc`'s default.
|
|
if cfg.has("CPU_BIG_ENDIAN") {
|
|
ts.push("target-endian", "big");
|
|
}
|
|
|
|
println!("{}", ts);
|
|
}
|