Re: [PATCH v3 16/16] objtool: Validate kCFI calls

From: Miguel Ojeda
Date: Mon Jul 14 2025 - 12:30:43 EST

Next message: Laurent Pinchart: "Re: [PATCH v2 12/12] media: uvcvideo: Do not create MC entities for virtual entities"
Previous message: Shiju Jose: "RE: [PATCH v3 8/8] cxl: Convert to ACQUIRE() for conditional rwsem locking"
In reply to: Peter Zijlstra: "Re: [PATCH v3 16/16] objtool: Validate kCFI calls"
Next in thread: Peter Zijlstra: "Re: [PATCH v3 16/16] objtool: Validate kCFI calls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jul 14, 2025 at 12:45 PM Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
>
> Apparently some Rust 'core' code violates this and explodes when ran
> with FineIBT.

I think this was fixed in Rust 1.88 (latest version), right? Or is
there an issue still?

5595c31c3709 ("x86/Kconfig: make CFI_AUTO_DEFAULT depend on !RUST
or Rust >= 1.88")

> - runtime EFI is especially henous because it also needs to disable
> IBT. Basically calling unknown code without CFI protection at
> runtime is a massice security issue.

heinous
massive

Cheers,
Miguel

Next message: Laurent Pinchart: "Re: [PATCH v2 12/12] media: uvcvideo: Do not create MC entities for virtual entities"
Previous message: Shiju Jose: "RE: [PATCH v3 8/8] cxl: Convert to ACQUIRE() for conditional rwsem locking"
In reply to: Peter Zijlstra: "Re: [PATCH v3 16/16] objtool: Validate kCFI calls"
Next in thread: Peter Zijlstra: "Re: [PATCH v3 16/16] objtool: Validate kCFI calls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]