Was there any dicussion about mitigations (specifically Control Flow Enforcement)?
I've been talking to product teams here and, because of the slow adoption, these teams would start with linking Rust components with C/C++ ones. The problem now is that Rust doesn't support CFE so any binary which includes Rust code will have weakened mitigations.
We explicitly decided to leave it out of our mission and instead focus on language-level safety, but I'm sure nobody would mind if you wanted to work on it!
Actually that's the idea, but I wanted to know if there were any discussions about it. Thanks.
You're thinking about LLVM's CFI specifically?
Actually I'm thinking in Windows CFI because that's my main interest and make it Visual C++ compatible. LLVM's CFI uses Intel's one which hasn't been realeased yet. Last time I checked, Clang didn't rely on LLVM's CFI neither.
Err, that's not correct; LLVM's CFI is entirely software based, and it's what clang's
-fsanitize=cfi uses. And Windows CFG requires you to compile with MSVC to have jumps in your code protected, so I don't think that's an option (you can just use a linker flag if all you need is for Rust functions to be valid CFG call targets)
Oops, you are right about LLVM, haven't touched it in years and only saw the recent HW implementation only.
However, what I'm talking about is modifying rustc and LLVM to emit information for MSVC's linker to generate fully protected binaries. I guess that mainstreaming changes like this will be challenging though.
It seems that there's two steps: a) just enabling CFG at the linker, which should just be a flag, b) actually doing the codegen for checking the valid jump targets. For (b) you probably want LLVM's CFI, not CFG (at least for fully statically linked binaries).