KCFI: Add KCFI arity indicator support

rcvalle · rcvalle · commit 9df55b18cef7 · 2025-03-11T19:10:34.000Z
Adds KCFI KCFI arity indicator support to the Rust compiler (see llvm/llvm-project#117121 and https://lore.kernel.org/lkml/CANiq72=3ghFxy8E=AU9p+0imFxKr5iU3sd0hVUXed5BA+KjdNQ@mail.gmail.com/).
diff --git a/compiler/rustc_codegen_llvm/src/context.rs b/compiler/rustc_codegen_llvm/src/context.rs
@@ -328,6 +328,12 @@ pub(crate) unsafe fn create_module<'ll>(
         }
     }
 
+    // Add "kcfi-arity" module flag if KCFI arity indicator is enabled. (See
+    // https://github.com/llvm/llvm-project/pull/117121.)
+    if sess.is_sanitizer_kcfi_arity_enabled() && sess.is_sanitizer_kcfi_enabled() {
+        llvm::add_module_flag_u32(llmod, llvm::ModuleFlagMergeBehavior::Override, "kcfi-arity", 1);
+    }
+
     // Control Flow Guard is currently only supported by MSVC and LLVM on Windows.
     if sess.target.is_like_msvc
         || (sess.target.options.os == "windows"
diff --git a/compiler/rustc_interface/src/tests.rs b/compiler/rustc_interface/src/tests.rs
@@ -852,6 +852,7 @@ fn test_unstable_options_tracking_hash() {
     tracked!(sanitizer_cfi_generalize_pointers, Some(true));
     tracked!(sanitizer_cfi_normalize_integers, Some(true));
     tracked!(sanitizer_dataflow_abilist, vec![String::from("/rustc/abc")]);
+    tracked!(sanitizer_kcfi_arity, None);
     tracked!(sanitizer_memory_track_origins, 2);
     tracked!(sanitizer_recover, SanitizerSet::ADDRESS);
     tracked!(saturating_float_casts, Some(true));
diff --git a/compiler/rustc_session/messages.ftl b/compiler/rustc_session/messages.ftl
@@ -94,6 +94,8 @@ session_sanitizer_cfi_requires_lto = `-Zsanitizer=cfi` requires `-Clto` or `-Cli
 
 session_sanitizer_cfi_requires_single_codegen_unit = `-Zsanitizer=cfi` with `-Clto` requires `-Ccodegen-units=1`
 
+session_sanitizer_kcfi_arity_requires_kcfi = `-Zsanitizer-kcfi-arity` requires `-Zsanitizer=kcfi`
+
 session_sanitizer_kcfi_requires_panic_abort = `-Z sanitizer=kcfi` requires `-C panic=abort`
 
 session_sanitizer_not_supported = {$us} sanitizer is not supported for this target
diff --git a/compiler/rustc_session/src/errors.rs b/compiler/rustc_session/src/errors.rs
@@ -147,6 +147,10 @@ pub(crate) struct SanitizerCfiGeneralizePointersRequiresCfi;
 #[diag(session_sanitizer_cfi_normalize_integers_requires_cfi)]
 pub(crate) struct SanitizerCfiNormalizeIntegersRequiresCfi;
 
+#[derive(Diagnostic)]
+#[diag(session_sanitizer_kcfi_arity_requires_kcfi)]
+pub(crate) struct SanitizerKcfiArityRequiresKcfi;
+
 #[derive(Diagnostic)]
 #[diag(session_sanitizer_kcfi_requires_panic_abort)]
 pub(crate) struct SanitizerKcfiRequiresPanicAbort;
diff --git a/compiler/rustc_session/src/options.rs b/compiler/rustc_session/src/options.rs
@@ -2433,6 +2433,8 @@ written to standard error output)"),
         "enable normalizing integer types (default: no)"),
     sanitizer_dataflow_abilist: Vec<String> = (Vec::new(), parse_comma_list, [TRACKED],
         "additional ABI list files that control how shadow parameters are passed (comma separated)"),
+    sanitizer_kcfi_arity: Option<bool> = (None, parse_opt_bool, [TRACKED],
+        "enable KCFI arity indicator (default: no)"),
     sanitizer_memory_track_origins: usize = (0, parse_sanitizer_memory_track_origins, [TRACKED],
         "enable origins tracking in MemorySanitizer"),
     sanitizer_recover: SanitizerSet = (SanitizerSet::empty(), parse_sanitizers, [TRACKED],
diff --git a/compiler/rustc_session/src/session.rs b/compiler/rustc_session/src/session.rs
@@ -382,6 +382,10 @@ impl Session {
         self.opts.unstable_opts.sanitizer_cfi_normalize_integers == Some(true)
     }
 
+    pub fn is_sanitizer_kcfi_arity_enabled(&self) -> bool {
+        self.opts.unstable_opts.sanitizer_kcfi_arity == Some(true)
+    }
+
     pub fn is_sanitizer_kcfi_enabled(&self) -> bool {
         self.opts.unstable_opts.sanitizer.contains(SanitizerSet::KCFI)
     }
@@ -1204,6 +1208,11 @@ fn validate_commandline_args_with_session_available(sess: &Session) {
         }
     }
 
+    // KCFI arity indicator requires KCFI.
+    if sess.is_sanitizer_kcfi_arity_enabled() && !sess.is_sanitizer_kcfi_enabled() {
+        sess.dcx().emit_err(errors::SanitizerKcfiArityRequiresKcfi);
+    }
+
     // LLVM CFI pointer generalization requires CFI or KCFI.
     if sess.is_sanitizer_cfi_generalize_pointers_enabled() {
         if !(sess.is_sanitizer_cfi_enabled() || sess.is_sanitizer_kcfi_enabled()) {
diff --git a/tests/codegen/sanitizer/kcfi/add-kcfi-arity-flag.rs b/tests/codegen/sanitizer/kcfi/add-kcfi-arity-flag.rs
@@ -0,0 +1,18 @@
+// Verifies that "kcfi-arity" module flag is added.
+//
+//@ add-core-stubs
+//@ revisions: x86_64
+//@ [x86_64] compile-flags: --target x86_64-unknown-none
+//@ [x86_64] needs-llvm-components: x86
+//@ compile-flags: -Ctarget-feature=-crt-static -Zsanitizer=kcfi -Zsanitizer-kcfi-arity
+
+#![feature(no_core, lang_items)]
+#![crate_type = "lib"]
+#![no_core]
+
+extern crate minicore;
+use minicore::*;
+
+pub fn foo() {}
+
+// CHECK: !{{[0-9]+}} = !{i32 4, !"kcfi-arity", i32 1}
diff --git a/tests/ui/sanitizer/kcfi-arity-requires-kcfi.rs b/tests/ui/sanitizer/kcfi-arity-requires-kcfi.rs
@@ -0,0 +1,8 @@
+// Verifies that `-Zsanitizer-kcfi-arity` requires `-Zsanitizer=kcfi`.
+//
+//@ needs-sanitizer-kcfi
+//@ compile-flags: -Cno-prepopulate-passes -Ctarget-feature=-crt-static -Zsanitizer-kcfi-arity
+
+#![feature(no_core)]
+#![no_core]
+#![no_main]
diff --git a/tests/ui/sanitizer/kcfi-arity-requires-kcfi.stderr b/tests/ui/sanitizer/kcfi-arity-requires-kcfi.stderr
@@ -0,0 +1,4 @@
+error: `-Zsanitizer-kcfi-arity` requires `-Zsanitizer=kcfi`
+
+error: aborting due to 1 previous error
+

Original file line number	Diff line number	Diff line change
`@@ -328,6 +328,12 @@ pub(crate) unsafe fn create_module<'ll>(`
`328`	`328`	`}`
`329`	`329`	`}`
`330`	`330`
	`331`	`+ // Add "kcfi-arity" module flag if KCFI arity indicator is enabled. (See`
	`332`	`+ // https://github.com/llvm/llvm-project/pull/117121.)`
	`333`	`+ if sess.is_sanitizer_kcfi_arity_enabled() && sess.is_sanitizer_kcfi_enabled() {`
	`334`	`+ llvm::add_module_flag_u32(llmod, llvm::ModuleFlagMergeBehavior::Override, "kcfi-arity", 1);`
	`335`	`+ }`
	`336`	`+`
`331`	`337`	`// Control Flow Guard is currently only supported by MSVC and LLVM on Windows.`
`332`	`338`	`if sess.target.is_like_msvc`
`333`	`339`	`\|\| (sess.target.options.os == "windows"`
Original file line number	Diff line number	Diff line change
`@@ -382,6 +382,10 @@ impl Session {`
`382`	`382`	`self.opts.unstable_opts.sanitizer_cfi_normalize_integers == Some(true)`
`383`	`383`	`}`
`384`	`384`
	`385`	`+ pub fn is_sanitizer_kcfi_arity_enabled(&self) -> bool {`
	`386`	`+ self.opts.unstable_opts.sanitizer_kcfi_arity == Some(true)`
	`387`	`+ }`
	`388`	`+`
`385`	`389`	`pub fn is_sanitizer_kcfi_enabled(&self) -> bool {`
`386`	`390`	`self.opts.unstable_opts.sanitizer.contains(SanitizerSet::KCFI)`
`387`	`391`	`}`
`@@ -1204,6 +1208,11 @@ fn validate_commandline_args_with_session_available(sess: &Session) {`
`1204`	`1208`	`}`
`1205`	`1209`	`}`
`1206`	`1210`
	`1211`	`+ // KCFI arity indicator requires KCFI.`
	`1212`	`+ if sess.is_sanitizer_kcfi_arity_enabled() && !sess.is_sanitizer_kcfi_enabled() {`
	`1213`	`+ sess.dcx().emit_err(errors::SanitizerKcfiArityRequiresKcfi);`
	`1214`	`+ }`
	`1215`	`+`
`1207`	`1216`	`// LLVM CFI pointer generalization requires CFI or KCFI.`
`1208`	`1217`	`if sess.is_sanitizer_cfi_generalize_pointers_enabled() {`
`1209`	`1218`	`if !(sess.is_sanitizer_cfi_enabled() \|\| sess.is_sanitizer_kcfi_enabled()) {`