Add uwtable annotation to modules when required#156973
Merged
Merged
Conversation
Collaborator
|
r? @nnethercote rustbot has assigned @nnethercote. Use Why was this reviewer chosen?The reviewer was selected based on:
|
Member
Author
|
Verified that passing |
nnethercote
reviewed
May 27, 2026
| DllExport = 2, // Function to be accessible from DLL. | ||
| } | ||
|
|
||
| /// Must match the layout of `UWTableKind`. |
Contributor
There was a problem hiding this comment.
This struct is UWTableKind. Did you mean to name a different type here?
Member
Author
There was a problem hiding this comment.
I'm referring to the C++ enum of the same name on the LLVM side.
Contributor
There was a problem hiding this comment.
Can you add that information to the comment? It wasn't clear to me. In nearby cases the LLVM type has a different name to the Rust type.
Member
Author
There was a problem hiding this comment.
I checked a few other constants, and half of them just add an LLVM prefix even though it doesn't have that prefix in LLVM. The other half does have the prefix on the LLVM side. Anyways, I adjusted the comment.
nnethercote
approved these changes
May 27, 2026
Contributor
|
@bors r+ rollup |
Contributor
GuillaumeGomez
added a commit
to GuillaumeGomez/rust
that referenced
this pull request
May 27, 2026
…nethercote Add uwtable annotation to modules when required When unwind tables are enabled with `-Cforce-unwind-tables=y`, Rust will annotate all functions with the `uwtable` annotation. However, this annotation is missing on modules, which leads to incorrect unwind tables being generated by LLVM for constructors (such as `asan.module_ctor`). This was discovered because it leads to a crash in Linux when KASAN and dynamic shadow call stack are both enabled. In this scenario, the kernel uses the unwind tables to locate the `paciasp` and `autiasp` instructions in each function and patches the machine code at boot to use the shadow call stack instructions instead. However, LLVM's AArch64PointerAuth pass emits DWARF info for `paciasp` whenever `-g` is passed, but only emits DWARF info for `autiasp` when the `uwtable` attribute is present. Since the `uwtable` annotation is missing for modules, the relevant directives are generated for only the `autiasp` instruction in `asan.module_ctor`, and not for the `paciasp` instruction. This causes the kernel's dynamic SCS logic to patch the prolouge of `asan.module_ctor`, but not the epilogue. This leads to a crash as the shadow call stack becomes unbalanced. The fact that LLVM doesn't use the same condition for whether to emit DWARF information for both instructions may be a separate bug in LLVM. Relevant issue: llvm/llvm-project#188234 AI assistance was used to determine the root cause of this crash from the observed symptoms, and to write the tests. Also thanks to @samitolvanen and @maurer for debugging this issue. Similar to this previous PR of mine: rust-lang#130824
Member
|
If uwtable is emitted at the module level, is it still necessary to emit it at the function level too? |
Member
Author
|
Yes I believe the only effect of setting it on the module level is to inherit it for compiler-generated functions such as Furthermore, this matches clang. |
rust-bors Bot
pushed a commit
that referenced
this pull request
May 27, 2026
Rollup of 8 pull requests Successful merges: - #156970 (coverage: Use original HIR info for synthetic by-move coroutine bodies) - #156390 (Constify Iterator-related methods and functions) - #156401 (rustdoc: deterministic sorting for `doc_cfg` badges) - #156845 (Clarify "infinite size" in cyclic-type diagnostic refers to the type name) - #156973 (Add uwtable annotation to modules when required) - #156985 (Limit the additional DLL to Windows) - #156988 (interpret/validity: properly treat zero-variant enums so that we do not have to check layout.is_uninhabited) - #157002 (std: Fix thread::available_parallelism on Redox targets)
rust-bors Bot
pushed a commit
that referenced
this pull request
May 27, 2026
Rollup of 10 pull requests Successful merges: - #156970 (coverage: Use original HIR info for synthetic by-move coroutine bodies) - #157022 (MIR inlining: allow backends to opt-in to inlining intrinsics) - #157026 (miri subtree update) - #156390 (Constify Iterator-related methods and functions) - #156845 (Clarify "infinite size" in cyclic-type diagnostic refers to the type name) - #156955 (Fix const-eval of shared generic reborrows) - #156973 (Add uwtable annotation to modules when required) - #156985 (Limit the additional DLL to Windows) - #156988 (interpret/validity: properly treat zero-variant enums so that we do not have to check layout.is_uninhabited) - #157002 (std: Fix thread::available_parallelism on Redox targets)
75 tasks
Contributor
|
@rust-timer build c42badd |
This comment has been minimized.
This comment has been minimized.
pull Bot
pushed a commit
to xtqqczze/rust-lang-miri
that referenced
this pull request
May 28, 2026
Rollup of 10 pull requests Successful merges: - rust-lang/rust#156970 (coverage: Use original HIR info for synthetic by-move coroutine bodies) - rust-lang/rust#157022 (MIR inlining: allow backends to opt-in to inlining intrinsics) - rust-lang/rust#157026 (miri subtree update) - rust-lang/rust#156390 (Constify Iterator-related methods and functions) - rust-lang/rust#156845 (Clarify "infinite size" in cyclic-type diagnostic refers to the type name) - rust-lang/rust#156955 (Fix const-eval of shared generic reborrows) - rust-lang/rust#156973 (Add uwtable annotation to modules when required) - rust-lang/rust#156985 (Limit the additional DLL to Windows) - rust-lang/rust#156988 (interpret/validity: properly treat zero-variant enums so that we do not have to check layout.is_uninhabited) - rust-lang/rust#157002 (std: Fix thread::available_parallelism on Redox targets)
Collaborator
|
Finished benchmarking commit (c42badd): comparison URL. Overall result: no relevant changes - no action neededBenchmarking means the PR may be perf-sensitive. Consider adding rollup=never if this change is not fit for rolling up. @rustbot label: -S-waiting-on-perf -perf-regression Instruction countThis perf run didn't have relevant results for this metric. Max RSS (memory usage)Results (secondary 6.3%)A less reliable metric. May be of interest, but not used to determine the overall result above.
CyclesResults (secondary 3.1%)A less reliable metric. May be of interest, but not used to determine the overall result above.
Binary sizeThis perf run didn't have relevant results for this metric. Bootstrap: 511.088s -> 514.114s (0.59%) |
jhpratt
added a commit
to jhpratt/rust
that referenced
this pull request
May 29, 2026
…hercote Add frame pointer annotations to the module While working on rust-lang#156973 I found llvm/llvm-project#188234 which points out that the frame pointer annotation is also missing.
JonathanBrouwer
added a commit
to JonathanBrouwer/rust
that referenced
this pull request
May 29, 2026
…hercote Add frame pointer annotations to the module While working on rust-lang#156973 I found llvm/llvm-project#188234 which points out that the frame pointer annotation is also missing.
rust-timer
added a commit
that referenced
this pull request
May 29, 2026
Rollup merge of #156980 - Darksonn:frame-ptrs-module, r=nnethercote Add frame pointer annotations to the module While working on #156973 I found llvm/llvm-project#188234 which points out that the frame pointer annotation is also missing.
ojeda
pushed a commit
to Rust-for-Linux/linux
that referenced
this pull request
May 30, 2026
Due to a rustc bug [1] the -Cforce-unwind-tables=y flag only emits the uwtable annotation for functions, but not for the module. This means that compiler-generated functions such as 'asan.module_ctor' do not receive the uwtable annotation. When CONFIG_UNWIND_PATCH_PAC_INTO_SCS is enabled, this leads to boot failures because the dwarf information emitted for the kasan constructors is wrong, which causes the SCS boot patching code to patch the constructor in an illegal manner. Specifically, the paciasp instruction is patched, but the autiasp instruction is not. This mismatch leads to a crash when the constructor is called during boot. ================================================================== BUG: KASAN: global-out-of-bounds in do_basic_setup+0x4c/0x90 Read of size 8 at addr ffffffe3cc7eb488 by task swapper/0/1 Specifically the faulting instruction is the (*fn)() to invoke the constructor in do_ctors() of the init/main.c file. Once the fix lands in rustc, this flag can be made conditional on the rustc version. Note that passing the flag on a rustc with the fix present has no effect. [ The fix [1] has landed for Rust 1.98.0 (expected release on 2026-08-20). Thus add a version check as discussed. - Miguel ] Fixes: d077242 ("rust: support for shadow call stack sanitizer") Cc: stable@kernel.org Link: rust-lang/rust#156973 [1] Reported-by: Bo Ye <bo.ye@mediatek.com> Debugged-by: Isaac Manjarres <isaacmanjarres@google.com> Debugged-by: Sami Tolvanen <samitolvanen@google.com> Tested-by: Isaac Manjarres <isaacmanjarres@google.com> Signed-off-by: Alice Ryhl <aliceryhl@google.com> Link: https://patch.msgid.link/20260527-uwtable-module-flag-v1-1-caa41342be4b@google.com [ Adjusted link and comment. - Miguel ] Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
ojeda
pushed a commit
to Rust-for-Linux/linux
that referenced
this pull request
May 30, 2026
Due to a rustc bug [1] the -Cforce-unwind-tables=y flag only emits the
uwtable annotation for functions, but not for the module. This means
that compiler-generated functions such as 'asan.module_ctor' do not
receive the uwtable annotation.
When CONFIG_UNWIND_PATCH_PAC_INTO_SCS is enabled, this leads to boot
failures because the dwarf information emitted for the kasan
constructors is wrong, which causes the SCS boot patching code to
patch the constructor in an illegal manner. Specifically, the paciasp
instruction is patched, but the autiasp instruction is not. This
mismatch leads to a crash when the constructor is called during boot.
==================================================================
BUG: KASAN: global-out-of-bounds in do_basic_setup+0x4c/0x90
Read of size 8 at addr ffffffe3cc7eb488 by task swapper/0/1
Specifically the faulting instruction is the (*fn)() to invoke the
constructor in do_ctors() of the init/main.c file.
Once the fix lands in rustc, this flag can be made conditional on the
rustc version. Note that passing the flag on a rustc with the fix
present has no effect.
[ The fix [1] has landed for Rust 1.98.0 (expected release on
2026-08-20).
Thus add a version check as discussed.
- Miguel ]
Fixes: d077242 ("rust: support for shadow call stack sanitizer")
Cc: stable@kernel.org
Link: rust-lang/rust#156973 [1]
Reported-by: Bo Ye <bo.ye@mediatek.com>
Debugged-by: Isaac Manjarres <isaacmanjarres@google.com>
Debugged-by: Sami Tolvanen <samitolvanen@google.com>
Tested-by: Isaac Manjarres <isaacmanjarres@google.com>
Signed-off-by: Alice Ryhl <aliceryhl@google.com>
Link: https://patch.msgid.link/20260527-uwtable-module-flag-v1-1-caa41342be4b@google.com
[ Adjusted link and comment. - Miguel ]
Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
acegikmoo
pushed a commit
to acegikmoo/miri
that referenced
this pull request
May 30, 2026
Add frame pointer annotations to the module While working on rust-lang/rust#156973 I found llvm/llvm-project#188234 which points out that the frame pointer annotation is also missing.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When unwind tables are enabled with
-Cforce-unwind-tables=y, Rust will annotate all functions with theuwtableannotation. However, this annotation is missing on modules, which leads to incorrect unwind tables being generated by LLVM for constructors (such asasan.module_ctor).This was discovered because it leads to a crash in Linux when KASAN and dynamic shadow call stack are both enabled. In this scenario, the kernel uses the unwind tables to locate the
paciaspandautiaspinstructions in each function and patches the machine code at boot to use the shadow call stack instructions instead. However, LLVM's AArch64PointerAuth pass emits DWARF info forpaciaspwhenever-gis passed, but only emits DWARF info forautiaspwhen theuwtableattribute is present. Since theuwtableannotation is missing for modules, the relevant directives are generated for only theautiaspinstruction inasan.module_ctor, and not for thepaciaspinstruction. This causes the kernel's dynamic SCS logic to patch the prolouge ofasan.module_ctor, but not the epilogue. This leads to a crash as the shadow call stack becomes unbalanced.The fact that LLVM doesn't use the same condition for whether to emit DWARF information for both instructions may be a separate bug in LLVM.
Relevant issue: llvm/llvm-project#188234
AI assistance was used to determine the root cause of this crash from the observed symptoms, and to write the tests. Also thanks to @samitolvanen and @maurer for debugging this issue.
Similar to this previous PR of mine: #130824