-
Notifications
You must be signed in to change notification settings - Fork 12.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rollup of 5 pull requests #88889
Rollup of 5 pull requests #88889
Commits on Sep 7, 2021
-
Configuration menu - View commit details
-
Copy full SHA for efeb461 - Browse repository at this point
Copy the full SHA efeb461View commit details -
Configuration menu - View commit details
-
Copy full SHA for e2d01ed - Browse repository at this point
Copy the full SHA e2d01edView commit details
Commits on Sep 9, 2021
-
Configuration menu - View commit details
-
Copy full SHA for c86c634 - Browse repository at this point
Copy the full SHA c86c634View commit details -
Revert "Allow formatting
Anonymous{Struct, Union}
declarations"This reverts commit 64acb7d.
Configuration menu - View commit details
-
Copy full SHA for 2691a39 - Browse repository at this point
Copy the full SHA 2691a39View commit details -
Revert "Add test for pretty printing anonymous types"
This reverts commit d59b1f1.
Configuration menu - View commit details
-
Copy full SHA for 2041fb1 - Browse repository at this point
Copy the full SHA 2041fb1View commit details -
Revert "Fix ast expanded printing for anonymous types"
This reverts commit 5b4bc05.
Configuration menu - View commit details
-
Copy full SHA for 5560f6d - Browse repository at this point
Copy the full SHA 5560f6dView commit details -
Revert "Add test for restriction of anonymous types on validation"
This reverts commit 8a1dd69.
Configuration menu - View commit details
-
Copy full SHA for f38ec9c - Browse repository at this point
Copy the full SHA f38ec9cView commit details -
Configuration menu - View commit details
-
Copy full SHA for b6aa7e3 - Browse repository at this point
Copy the full SHA b6aa7e3View commit details -
Configuration menu - View commit details
-
Copy full SHA for 91feb76 - Browse repository at this point
Copy the full SHA 91feb76View commit details -
Configuration menu - View commit details
-
Copy full SHA for f26f1ed - Browse repository at this point
Copy the full SHA f26f1edView commit details -
Configuration menu - View commit details
-
Copy full SHA for 35370a7 - Browse repository at this point
Copy the full SHA 35370a7View commit details -
add rustc option for using LLVM stack smash protection
LLVM has built-in heuristics for adding stack canaries to functions. These heuristics can be selected with LLVM function attributes. This patch adds a rustc option `-Z stack-protector={none,basic,strong,all}` which controls the use of these attributes. This gives rustc the same stack smash protection support as clang offers through options `-fno-stack-protector`, `-fstack-protector`, `-fstack-protector-strong`, and `-fstack-protector-all`. The protection this can offer is demonstrated in test/ui/abi/stack-protector.rs. This fills a gap in the current list of rustc exploit mitigations (https://doc.rust-lang.org/rustc/exploit-mitigations.html), originally discussed in rust-lang#15179. Stack smash protection adds runtime overhead and is therefore still off by default, but now users have the option to trade performance for security as they see fit. An example use case is adding Rust code in an existing C/C++ code base compiled with stack smash protection. Without the ability to add stack smash protection to the Rust code, the code base artifacts could be exploitable in ways not possible if the code base remained pure C/C++. Stack smash protection support is present in LLVM for almost all the current tier 1/tier 2 targets: see test/assembly/stack-protector/stack-protector-target-support.rs. The one exception is nvptx64-nvidia-cuda. This patch follows clang's example, and adds a warning message printed if stack smash protection is used with this target (see test/ui/stack-protector/warn-stack-protector-unsupported.rs). Support for tier 3 targets has not been checked. Since the heuristics are applied at the LLVM level, the heuristics are expected to add stack smash protection to a fraction of functions comparable to C/C++. Some experiments demonstrating how Rust code is affected by the different heuristics can be found in test/assembly/stack-protector/stack-protector-heuristics-effect.rs. There is potential for better heuristics using Rust-specific safety information. For example it might be reasonable to skip stack smash protection in functions which transitively only use safe Rust code, or which uses only a subset of functions the user declares safe (such as anything under `std.*`). Such alternative heuristics could be added at a later point. LLVM also offers a "safestack" sanitizer as an alternative way to guard against stack smashing (see rust-lang#26612). This could possibly also be included as a stack-protection heuristic. An alternative is to add it as a sanitizer (rust-lang#39699). This is what clang does: safestack is exposed with option `-fsanitize=safe-stack`. The options are only supported by the LLVM backend, but as with other codegen options it is visible in the main codegen option help menu. The heuristic names "basic", "strong", and "all" are hopefully sufficiently generic to be usable in other backends as well. Reviewed-by: Nikita Popov <nikic@php.net> Extra commits during review: - [address-review] make the stack-protector option unstable - [address-review] reduce detail level of stack-protector option help text - [address-review] correct grammar in comment - [address-review] use compiler flag to avoid merging functions in test - [address-review] specify min LLVM version in fortanix stack-protector test Only for Fortanix test, since this target specifically requests the `--x86-experimental-lvi-inline-asm-hardening` flag. - [address-review] specify required LLVM components in stack-protector tests - move stack protector option enum closer to other similar option enums - rustc_interface/tests: sort debug option list in tracking hash test - add an explicit `none` stack-protector option Revert "set LLVM requirements for all stack protector support test revisions" This reverts commit a49b74f92a4e7d701d6f6cf63d207a8aff2e0f68.
Configuration menu - View commit details
-
Copy full SHA for eaa6461 - Browse repository at this point
Copy the full SHA eaa6461View commit details
Commits on Sep 10, 2021
-
Configuration menu - View commit details
-
Copy full SHA for 64354a9 - Browse repository at this point
Copy the full SHA 64354a9View commit details -
Configuration menu - View commit details
-
Copy full SHA for 2c30162 - Browse repository at this point
Copy the full SHA 2c30162View commit details
Commits on Sep 11, 2021
-
Configuration menu - View commit details
-
Copy full SHA for b98ba6f - Browse repository at this point
Copy the full SHA b98ba6fView commit details
Commits on Sep 12, 2021
-
Rollup merge of rust-lang#84197 - bbjornse:stack-protector, r=nikic
add codegen option for using LLVM stack smash protection LLVM has built-in heuristics for adding stack canaries to functions. These heuristics can be selected with LLVM function attributes. This PR adds a codegen option `-C stack-protector={basic,strong,all}` which controls the use of these attributes. This gives rustc the same stack smash protection support as clang offers through options `-fstack-protector`, `-fstack-protector-strong`, and `-fstack-protector-all`. The protection this can offer is demonstrated in test/ui/abi/stack-protector.rs. This fills a gap in the current list of rustc exploit mitigations (https://doc.rust-lang.org/rustc/exploit-mitigations.html), originally discussed in rust-lang#15179. Stack smash protection adds runtime overhead and is therefore still off by default, but now users have the option to trade performance for security as they see fit. An example use case is adding Rust code in an existing C/C++ code base compiled with stack smash protection. Without the ability to add stack smash protection to the Rust code, the code base artifacts could be exploitable in ways not possible if the code base remained pure C/C++. Stack smash protection support is present in LLVM for almost all the current tier 1/tier 2 targets: see test/assembly/stack-protector/stack-protector-target-support.rs. The one exception is nvptx64-nvidia-cuda. This PR follows clang's example, and adds a warning message printed if stack smash protection is used with this target (see test/ui/stack-protector/warn-stack-protector-unsupported.rs). Support for tier 3 targets has not been checked. Since the heuristics are applied at the LLVM level, the heuristics are expected to add stack smash protection to a fraction of functions comparable to C/C++. Some experiments demonstrating how Rust code is affected by the different heuristics can be found in test/assembly/stack-protector/stack-protector-heuristics-effect.rs. There is potential for better heuristics using Rust-specific safety information. For example it might be reasonable to skip stack smash protection in functions which transitively only use safe Rust code, or which uses only a subset of functions the user declares safe (such as anything under `std.*`). Such alternative heuristics could be added at a later point. LLVM also offers a "safestack" sanitizer as an alternative way to guard against stack smashing (see rust-lang#26612). This could possibly also be included as a stack-protection heuristic. An alternative is to add it as a sanitizer (rust-lang#39699). This is what clang does: safestack is exposed with option `-fsanitize=safe-stack`. The options are only supported by the LLVM backend, but as with other codegen options it is visible in the main codegen option help menu. The heuristic names "basic", "strong", and "all" are hopefully sufficiently generic to be usable in other backends as well.
Configuration menu - View commit details
-
Copy full SHA for a402621 - Browse repository at this point
Copy the full SHA a402621View commit details -
Rollup merge of rust-lang#88619 - GuillaumeGomez:simplify-std-os-reex…
…ports, r=Amanieu Remove `cfg(doc)` from std::os module reexports to fix rustdoc linking issues Fixes rust-lang#88304. I tested it based on rust-lang#88292. Not sure if it's the best approach, but at least it makes thing a bit simpler. cc `@jyn514`
Configuration menu - View commit details
-
Copy full SHA for 9116186 - Browse repository at this point
Copy the full SHA 9116186View commit details -
Rollup merge of rust-lang#88722 - WaffleLapkin:unsafe_cell_const_get_…
…mut, r=dtolnay Make `UnsafeCell::get_mut` const
Configuration menu - View commit details
-
Copy full SHA for 3dc37c6 - Browse repository at this point
Copy the full SHA 3dc37c6View commit details -
Rollup merge of rust-lang#88745 - hnj2:allow-trait-impl-missing-code,…
… r=GuillaumeGomez Allow missing code examples in trait impls. Excludes Trait implementations from the items that need to have doc code examples when using the `rustdoc::missing_doc_code_examples` lint. For details see rust-lang#88741 fixes rust-lang#88741 r? ```@jyn514```
Configuration menu - View commit details
-
Copy full SHA for c31152d - Browse repository at this point
Copy the full SHA c31152dView commit details -
Rollup merge of rust-lang#88775 - pnkfelix:revert-anon-union-parsing,…
… r=davidtwco Revert anon union parsing Revert PR rust-lang#84571 and rust-lang#85515, which implemented anonymous union parsing in a manner that broke the context-sensitivity for the `union` keyword and thus broke stable Rust code. Fix rust-lang#88583.
Configuration menu - View commit details
-
Copy full SHA for a5f470b - Browse repository at this point
Copy the full SHA a5f470bView commit details