From 9e5946de3a3876113098dc272873802baff022cc Mon Sep 17 00:00:00 2001 From: Alice Ryhl Date: Mon, 6 Apr 2026 01:53:07 +0200 Subject: rust: declare cfi_encoding for lru_status By default bindgen will convert 'enum lru_status' into a typedef for an integer. For the most part, an integer of the same size as the enum results in the correct ABI, but in the specific case of CFI, that is not the case. The CFI encoding is supposed to be the same as a struct called 'lru_status' rather than the name of the underlying native integer type. To fix this, tell bindgen to generate a newtype and set the CFI type explicitly. Note that we need to set the CFI attribute explicitly as bindgen is using repr(transparent), which is otherwise identical to the inner type for ABI purposes. This allows us to remove the page range helper C function in Binder without risking a CFI failure when list_lru_walk calls the provided function pointer. The --with-attribute-custom-enum argument requires bindgen v0.71 or greater. [ In particular, the feature was added in 0.71.0 [1][2]. In addition, `feature(cfi_encoding)` has been available since Rust 1.71.0 [3]. Link: https://github.com/rust-lang/rust-bindgen/issues/2520 [1] Link: https://github.com/rust-lang/rust-bindgen/pull/2866 [2] Link: https://github.com/rust-lang/rust/pull/105452 [3] - Miguel ] My testing procedure was to add this to the android17-6.18 branch and verify that rust_shrink_free_page is successfully called without crash, and verify that it does in fact crash when the cfi_encoding is set to other values. Note that I couldn't test this on android16-6.12 as that branch uses a bindgen version that is too old. Signed-off-by: Alice Ryhl Link: https://patch.msgid.link/20260223-cfi-lru-status-v2-1-89c6448a63a4@google.com [ Rebased on top of the minimum Rust version bump series which provide the required `bindgen` version. - Miguel ] Reviewed-by: Gary Guo Link: https://patch.msgid.link/20260405235309.418950-32-ojeda@kernel.org Signed-off-by: Miguel Ojeda --- rust/bindgen_parameters | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'rust/bindgen_parameters') diff --git a/rust/bindgen_parameters b/rust/bindgen_parameters index 112ec197ef0a..6f02d9720ad2 100644 --- a/rust/bindgen_parameters +++ b/rust/bindgen_parameters @@ -19,6 +19,10 @@ # warning. We don't need to peek into it anyway. --opaque-type spinlock +# enums that appear in indirect function calls should specify a cfi type +--newtype-enum lru_status +--with-attribute-custom-enum=lru_status='#[cfi_encoding="10lru_status"]' + # `seccomp`'s comment gets understood as a doctest --no-doc-comments -- cgit v1.2.3