Disable CFI for weakly linked syscalls #138002
Merged
+37
−0
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rustbot
added
O-unix
|
There are a couple other places where the |
That would be the best approach for now if we could do this only for functions (i.e., call sites) that indirectly call weakly linked functions. |
|
Is there a reason weak symbols don't get LLVM metadata? |
1c3t3a
force-pushed
the
fix-std-cfi-violation
branch
from
3ef2ae6 to
ddfa9d3
Compare
Yes! I updated the PR to all callsites.
There is no easy way of marking this as
But I am not very familiar with this, so I am happy to learn about a good alternative! |
I don't know. I think this is likely a bug and that the compiler should emit metadata for those. If there are no issues with it, I'll land this workaround (similarly to #115200) while we investigate and work on emitting metadata for those if possible. |
|
@bors r+ |
bors
added
S-waiting-on-bors
|
@bors r- please add a comment with an explanation to every use of |
bors
added
S-waiting-on-author
|
Maybe also point to #115199 for reference. |
|
☔ The latest upstream changes (presumably #138279) made this pull request unmergeable. Please resolve the merge conflicts. |
Currently, when enabling CFI via -Zsanitizer=cfi and executing e.g. std::sys::random::getrandom, we can observe a CFI violation. This is the case for all consumers of the std::sys::pal::weak::weak macro, as it is defining weak functions which don't show up in LLVM IR metadata. CFI fails for all these functions. Similar to other such cases in rust-lang#115199, this change stops emitting the CFI typecheck for consumers of the macro via the \#[no_sanitize(cfi)] attribute.
1c3t3a
force-pushed
the
fix-std-cfi-violation
branch
from
ddfa9d3 to
e5dc1e3
Compare
|
Fair point! I added a comment to every use of |
|
Thank you, Bastian! |
|
@bors r+ |
bors
added
S-waiting-on-bors
rcvalle
added
PG-exploit-mitigations
rcvalle
added
the
A-control-flow-integrity
jieyouxu
added a commit
to jieyouxu/rust
that referenced
this pull request
Mar 10, 2025
…valle Disable CFI for weakly linked syscalls Currently, when enabling CFI via -Zsanitizer=cfi and executing e.g. std::sys::random::getrandom, we can observe a CFI violation. This is the case for all consumers of the std::sys::pal::weak::syscall macro, as it is defining weak functions which don't show up in LLVM IR metadata. CFI fails for all these functions. Similar to other such cases in rust-lang#115199, this change stops emitting the CFI typecheck for consumers of the macro via the `#[no_sanitize(cfi)]` attribute. r? `@rcvalle`
jieyouxu
added a commit
to jieyouxu/rust
that referenced
this pull request
Mar 10, 2025
…valle Disable CFI for weakly linked syscalls Currently, when enabling CFI via -Zsanitizer=cfi and executing e.g. std::sys::random::getrandom, we can observe a CFI violation. This is the case for all consumers of the std::sys::pal::weak::syscall macro, as it is defining weak functions which don't show up in LLVM IR metadata. CFI fails for all these functions. Similar to other such cases in rust-lang#115199, this change stops emitting the CFI typecheck for consumers of the macro via the `#[no_sanitize(cfi)]` attribute. r? ``@rcvalle``
jieyouxu
added a commit
to jieyouxu/rust
that referenced
this pull request
Mar 11, 2025
…valle Disable CFI for weakly linked syscalls Currently, when enabling CFI via -Zsanitizer=cfi and executing e.g. std::sys::random::getrandom, we can observe a CFI violation. This is the case for all consumers of the std::sys::pal::weak::syscall macro, as it is defining weak functions which don't show up in LLVM IR metadata. CFI fails for all these functions. Similar to other such cases in rust-lang#115199, this change stops emitting the CFI typecheck for consumers of the macro via the `#[no_sanitize(cfi)]` attribute. r? ```@rcvalle```
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Mar 11, 2025
Rollup of 16 pull requests Successful merges: - rust-lang#126856 (remove deprecated tool `rls`) - rust-lang#136932 (Reduce formatting `width` and `precision` to 16 bits) - rust-lang#137314 (change definitely unproductive cycles to error) - rust-lang#137612 (Update bootstrap to edition 2024) - rust-lang#138002 (Disable CFI for weakly linked syscalls) - rust-lang#138052 (strip `-Wlinker-messages` wrappers from `rust-lld` rmake test) - rust-lang#138063 (Improve `-Zunpretty=hir` for parsed attrs) - rust-lang#138109 (make precise capturing args in rustdoc Json typed) - rust-lang#138147 (Add maintainers for powerpc64le-unknown-linux-gnu) - rust-lang#138245 (stabilize `ci_rustc_if_unchanged_logic` test for local environments) - rust-lang#138296 (Remove `AdtFlags::IS_ANONYMOUS` and `Copy`/`Clone` condition for anonymous ADT) - rust-lang#138300 (add tracking issue for unqualified_local_imports) - rust-lang#138307 (Allow specifying glob patterns for try jobs) - rust-lang#138313 (Update books) - rust-lang#138315 (use next_back() instead of last() on DoubleEndedIterator) - rust-lang#138318 (Rustdoc: remove a bunch of `@ts-expect-error` from main.js) r? `@ghost` `@rustbot` modify labels: rollup
jieyouxu
added a commit
to jieyouxu/rust
that referenced
this pull request
Mar 11, 2025
…valle Disable CFI for weakly linked syscalls Currently, when enabling CFI via -Zsanitizer=cfi and executing e.g. std::sys::random::getrandom, we can observe a CFI violation. This is the case for all consumers of the std::sys::pal::weak::syscall macro, as it is defining weak functions which don't show up in LLVM IR metadata. CFI fails for all these functions. Similar to other such cases in rust-lang#115199, this change stops emitting the CFI typecheck for consumers of the macro via the `#[no_sanitize(cfi)]` attribute. r? ````@rcvalle````
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Mar 11, 2025
Rollup of 18 pull requests Successful merges: - rust-lang#126856 (remove deprecated tool `rls`) - rust-lang#137314 (change definitely unproductive cycles to error) - rust-lang#137504 (Move methods from Map to TyCtxt, part 4.) - rust-lang#137701 (Convert `ShardedHashMap` to use `hashbrown::HashTable`) - rust-lang#137967 ([AIX] Fix hangs during testing) - rust-lang#138002 (Disable CFI for weakly linked syscalls) - rust-lang#138052 (strip `-Wlinker-messages` wrappers from `rust-lld` rmake test) - rust-lang#138063 (Improve `-Zunpretty=hir` for parsed attrs) - rust-lang#138109 (make precise capturing args in rustdoc Json typed) - rust-lang#138147 (Add maintainers for powerpc64le-unknown-linux-gnu) - rust-lang#138245 (stabilize `ci_rustc_if_unchanged_logic` test for local environments) - rust-lang#138296 (Remove `AdtFlags::IS_ANONYMOUS` and `Copy`/`Clone` condition for anonymous ADT) - rust-lang#138300 (add tracking issue for unqualified_local_imports) - rust-lang#138307 (Allow specifying glob patterns for try jobs) - rust-lang#138313 (Update books) - rust-lang#138315 (use next_back() instead of last() on DoubleEndedIterator) - rust-lang#138318 (Rustdoc: remove a bunch of `@ts-expect-error` from main.js) - rust-lang#138330 (Remove unnecessary `[lints.rust]` sections.) Failed merges: - rust-lang#137147 (Add exclude to config.toml) r? `@ghost` `@rustbot` modify labels: rollup
matthiaskrgr
added a commit
to matthiaskrgr/rust
that referenced
this pull request
Mar 11, 2025
…valle Disable CFI for weakly linked syscalls Currently, when enabling CFI via -Zsanitizer=cfi and executing e.g. std::sys::random::getrandom, we can observe a CFI violation. This is the case for all consumers of the std::sys::pal::weak::syscall macro, as it is defining weak functions which don't show up in LLVM IR metadata. CFI fails for all these functions. Similar to other such cases in rust-lang#115199, this change stops emitting the CFI typecheck for consumers of the macro via the `#[no_sanitize(cfi)]` attribute. r? `````@rcvalle`````
This was referenced Mar 11, 2025
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Mar 11, 2025
…iaskrgr Rollup of 10 pull requests Successful merges: - rust-lang#137715 (Allow int literals for pattern types with int base types) - rust-lang#138002 (Disable CFI for weakly linked syscalls) - rust-lang#138051 (Add support for downloading GCC from CI) - rust-lang#138231 (Prevent ICE in autodiff validation by emitting user-friendly errors) - rust-lang#138245 (stabilize `ci_rustc_if_unchanged_logic` test for local environments) - rust-lang#138256 (Do not feed anon const a type that references generics that it does not have) - rust-lang#138284 (Do not write user type annotation for const param value path) - rust-lang#138296 (Remove `AdtFlags::IS_ANONYMOUS` and `Copy`/`Clone` condition for anonymous ADT) - rust-lang#138352 (miri native_calls: ensure we actually expose *mutable* provenance to the memory FFI can access) - rust-lang#138354 (remove redundant `body` arguments) r? `@ghost` `@rustbot` modify labels: rollup
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently, when enabling CFI via -Zsanitizer=cfi and executing e.g. std::sys::random::getrandom, we can observe a CFI violation. This is the case for all consumers of the std::sys::pal::weak::syscall macro, as it is defining weak functions which don't show up in LLVM IR metadata. CFI fails for all these functions.
Similar to other such cases in
#115199, this change stops emitting the CFI typecheck for consumers of the macro via the
#[no_sanitize(cfi)]attribute.r? @rcvalle