fix `-Zsanitizer=kcfi` on `#[naked]` functions by folkertdev · Pull Request #143293 · rust-lang/rust
Area: `#[naked]`, prologue and epilogue-free, functions, https://git.io/vAzzS
label
Jul 1, 2025
rustbot
added
A-attributes
labels
Jul 2, 2025fmease added a commit to fmease/rust that referenced this pull request
Jul 17, 2025
…compiler-errors fix `-Zsanitizer=kcfi` on `#[naked]` functions fixes rust-lang#143266 With `-Zsanitizer=kcfi`, indirect calls happen via generated intermediate shim that forwards the call. The generated shim preserves the attributes of the original, including `#[unsafe(naked)]`. The shim is not a naked function though, and violates its invariants (like having a body that consists of a single `naked_asm!` call). My fix here is to match on the `InstanceKind`, and only use `codegen_naked_asm` when the instance is not a `ReifyShim`. That does beg the question whether there are other `InstanceKind`s that could come up. As far as I can tell the answer is no: calling via `dyn` seems to work find, and `#[track_caller]` is disallowed in combination with `#[naked]`. r? codegen `@rustbot` label +A-naked cc `@maurer` `@rcvalle`
fmease added a commit to fmease/rust that referenced this pull request
Jul 17, 2025
…compiler-errors fix `-Zsanitizer=kcfi` on `#[naked]` functions fixes rust-lang#143266 With `-Zsanitizer=kcfi`, indirect calls happen via generated intermediate shim that forwards the call. The generated shim preserves the attributes of the original, including `#[unsafe(naked)]`. The shim is not a naked function though, and violates its invariants (like having a body that consists of a single `naked_asm!` call). My fix here is to match on the `InstanceKind`, and only use `codegen_naked_asm` when the instance is not a `ReifyShim`. That does beg the question whether there are other `InstanceKind`s that could come up. As far as I can tell the answer is no: calling via `dyn` seems to work find, and `#[track_caller]` is disallowed in combination with `#[naked]`. r? codegen ``@rustbot`` label +A-naked cc ``@maurer`` ``@rcvalle``
bors added a commit that referenced this pull request
Jul 17, 2025
Rollup of 15 pull requests Successful merges: - #142300 (Disable `tests/run-make/mte-ffi` because no CI runners have MTE extensions enabled) - #143271 (Store the type of each GVN value) - #143293 (fix `-Zsanitizer=kcfi` on `#[naked]` functions) - #143719 (Emit warning when there is no space between `-o` and arg) - #143833 (Ban projecting into SIMD types [MCP838]) - #143846 (pass --gc-sections if -Zexport-executable-symbols is enabled and improve tests) - #143879 (parse `const trait Trait`) - #143891 (Port `#[coverage]` to the new attribute system) - #143967 (constify `Option` methods) - #143985 (rustc_public: de-StableMIR-ize) - #144008 (Fix false positive double negations with macro invocation) - #144010 (Boostrap: add warning on `optimize = false`) - #144034 (tests: Test line number in debuginfo for diverging function calls) - #144049 (rustc-dev-guide subtree update) - #144056 (Copy GCC sources into the build directory even outside CI) r? `@ghost` `@rustbot` modify labels: rollup
matthiaskrgr added a commit to matthiaskrgr/rust that referenced this pull request
Jul 17, 2025
…compiler-errors fix `-Zsanitizer=kcfi` on `#[naked]` functions fixes rust-lang#143266 With `-Zsanitizer=kcfi`, indirect calls happen via generated intermediate shim that forwards the call. The generated shim preserves the attributes of the original, including `#[unsafe(naked)]`. The shim is not a naked function though, and violates its invariants (like having a body that consists of a single `naked_asm!` call). My fix here is to match on the `InstanceKind`, and only use `codegen_naked_asm` when the instance is not a `ReifyShim`. That does beg the question whether there are other `InstanceKind`s that could come up. As far as I can tell the answer is no: calling via `dyn` seems to work find, and `#[track_caller]` is disallowed in combination with `#[naked]`. r? codegen ```@rustbot``` label +A-naked cc ```@maurer``` ```@rcvalle```
bors added a commit that referenced this pull request
Jul 17, 2025
Rollup of 12 pull requests Successful merges: - #142300 (Disable `tests/run-make/mte-ffi` because no CI runners have MTE extensions enabled) - #143271 (Store the type of each GVN value) - #143293 (fix `-Zsanitizer=kcfi` on `#[naked]` functions) - #143719 (Emit warning when there is no space between `-o` and arg) - #143846 (pass --gc-sections if -Zexport-executable-symbols is enabled and improve tests) - #143891 (Port `#[coverage]` to the new attribute system) - #143967 (constify `Option` methods) - #144008 (Fix false positive double negations with macro invocation) - #144010 (Boostrap: add warning on `optimize = false`) - #144034 (tests: Test line number in debuginfo for diverging function calls) - #144049 (rustc-dev-guide subtree update) - #144056 (Copy GCC sources into the build directory even outside CI) r? `@ghost` `@rustbot` modify labels: rollup
bors added a commit that referenced this pull request
Jul 17, 2025
Rollup of 12 pull requests Successful merges: - #142300 (Disable `tests/run-make/mte-ffi` because no CI runners have MTE extensions enabled) - #143271 (Store the type of each GVN value) - #143293 (fix `-Zsanitizer=kcfi` on `#[naked]` functions) - #143719 (Emit warning when there is no space between `-o` and arg) - #143846 (pass --gc-sections if -Zexport-executable-symbols is enabled and improve tests) - #143891 (Port `#[coverage]` to the new attribute system) - #143967 (constify `Option` methods) - #144008 (Fix false positive double negations with macro invocation) - #144010 (Boostrap: add warning on `optimize = false`) - #144034 (tests: Test line number in debuginfo for diverging function calls) - #144049 (rustc-dev-guide subtree update) - #144056 (Copy GCC sources into the build directory even outside CI) r? `@ghost` `@rustbot` modify labels: rollup
bors added a commit that referenced this pull request
Jul 18, 2025
Rollup of 11 pull requests Successful merges: - #142300 (Disable `tests/run-make/mte-ffi` because no CI runners have MTE extensions enabled) - #143271 (Store the type of each GVN value) - #143293 (fix `-Zsanitizer=kcfi` on `#[naked]` functions) - #143719 (Emit warning when there is no space between `-o` and arg) - #143846 (pass --gc-sections if -Zexport-executable-symbols is enabled and improve tests) - #143891 (Port `#[coverage]` to the new attribute system) - #143967 (constify `Option` methods) - #144008 (Fix false positive double negations with macro invocation) - #144010 (Boostrap: add warning on `optimize = false`) - #144049 (rustc-dev-guide subtree update) - #144056 (Copy GCC sources into the build directory even outside CI) r? `@ghost` `@rustbot` modify labels: rollup
rust-timer added a commit that referenced this pull request
Jul 18, 2025
Rollup merge of #143293 - folkertdev:naked-function-kcfi, r=compiler-errors fix `-Zsanitizer=kcfi` on `#[naked]` functions fixes #143266 With `-Zsanitizer=kcfi`, indirect calls happen via generated intermediate shim that forwards the call. The generated shim preserves the attributes of the original, including `#[unsafe(naked)]`. The shim is not a naked function though, and violates its invariants (like having a body that consists of a single `naked_asm!` call). My fix here is to match on the `InstanceKind`, and only use `codegen_naked_asm` when the instance is not a `ReifyShim`. That does beg the question whether there are other `InstanceKind`s that could come up. As far as I can tell the answer is no: calling via `dyn` seems to work find, and `#[track_caller]` is disallowed in combination with `#[naked]`. r? codegen ````@rustbot```` label +A-naked cc ````@maurer```` ````@rcvalle````
github-actions bot pushed a commit to rust-lang/rustc-dev-guide that referenced this pull request
Jul 21, 2025
Muscraft pushed a commit to Muscraft/rust that referenced this pull request
Jul 21, 2025
…compiler-errors fix `-Zsanitizer=kcfi` on `#[naked]` functions fixes rust-lang#143266 With `-Zsanitizer=kcfi`, indirect calls happen via generated intermediate shim that forwards the call. The generated shim preserves the attributes of the original, including `#[unsafe(naked)]`. The shim is not a naked function though, and violates its invariants (like having a body that consists of a single `naked_asm!` call). My fix here is to match on the `InstanceKind`, and only use `codegen_naked_asm` when the instance is not a `ReifyShim`. That does beg the question whether there are other `InstanceKind`s that could come up. As far as I can tell the answer is no: calling via `dyn` seems to work find, and `#[track_caller]` is disallowed in combination with `#[naked]`. r? codegen ````@rustbot```` label +A-naked cc ````@maurer```` ````@rcvalle````
Muscraft pushed a commit to Muscraft/rust that referenced this pull request
Jul 21, 2025
…iaskrgr Rollup of 11 pull requests Successful merges: - rust-lang#142300 (Disable `tests/run-make/mte-ffi` because no CI runners have MTE extensions enabled) - rust-lang#143271 (Store the type of each GVN value) - rust-lang#143293 (fix `-Zsanitizer=kcfi` on `#[naked]` functions) - rust-lang#143719 (Emit warning when there is no space between `-o` and arg) - rust-lang#143846 (pass --gc-sections if -Zexport-executable-symbols is enabled and improve tests) - rust-lang#143891 (Port `#[coverage]` to the new attribute system) - rust-lang#143967 (constify `Option` methods) - rust-lang#144008 (Fix false positive double negations with macro invocation) - rust-lang#144010 (Boostrap: add warning on `optimize = false`) - rust-lang#144049 (rustc-dev-guide subtree update) - rust-lang#144056 (Copy GCC sources into the build directory even outside CI) r? `@ghost` `@rustbot` modify labels: rollup
GuillaumeGomez pushed a commit to GuillaumeGomez/rust that referenced this pull request
Aug 4, 2025
…compiler-errors fix `-Zsanitizer=kcfi` on `#[naked]` functions fixes rust-lang#143266 With `-Zsanitizer=kcfi`, indirect calls happen via generated intermediate shim that forwards the call. The generated shim preserves the attributes of the original, including `#[unsafe(naked)]`. The shim is not a naked function though, and violates its invariants (like having a body that consists of a single `naked_asm!` call). My fix here is to match on the `InstanceKind`, and only use `codegen_naked_asm` when the instance is not a `ReifyShim`. That does beg the question whether there are other `InstanceKind`s that could come up. As far as I can tell the answer is no: calling via `dyn` seems to work find, and `#[track_caller]` is disallowed in combination with `#[naked]`. r? codegen ````@rustbot```` label +A-naked cc ````@maurer```` ````@rcvalle````
matthiaskrgr added a commit to matthiaskrgr/rust that referenced this pull request
Oct 18, 2025
…ngle, r=fee1-dead the `#[track_caller]` shim should not inherit `#[no_mangle]` fixes rust-lang#143162 builds on rust-lang#143293 which introduced a mechanism to strip attributes from shims. cc `@Jules-Bertholet` `@workingjubilee` `@bjorn3` --- Summary: This PR fixes an interaction between `#[track_caller]`, `#[no_mangle]`, and casting to a function pointer. A function annotated with `#[track_caller]` internally has a hidden extra argument for the panic location. The `#[track_caller]` attribute is only allowed on `extern "Rust"` functions. When a function is annotated with both `#[no_mangle]` and `#[track_caller]`, the exported symbol has the signature that includes the extra panic location argument. This works on stable rust today: ```rust extern "Rust" { #[track_caller] fn rust_track_caller_ffi_test_tracked() -> &'static Location<'static>; } mod provides { use std::panic::Location; #[track_caller] // UB if we did not have this! #[no_mangle] fn rust_track_caller_ffi_test_tracked() -> &'static Location<'static> { Location::caller() } } ``` When a `#[track_caller]` function is converted to a function pointer, a shim is added to drop the additional argument. So this is a valid program: ```rust #[track_caller] fn foo() {} fn main() { let f = foo as fn(); f(); } ``` The issue arises when `foo` is additionally annotated with `#[no_mangle]`, the generated shim currently inherits this attribute, also exporting a symbol named `foo`, but one without the hidden panic location argument. The linker rightfully complains about a duplicate symbol. The solution of this PR is to have the generated shim drop the `#[no_mangle]` attribute.
rust-timer added a commit that referenced this pull request
Oct 18, 2025
Rollup merge of #145724 - folkertdev:track-caller-drop-no-mangle, r=fee1-dead the `#[track_caller]` shim should not inherit `#[no_mangle]` fixes #143162 builds on #143293 which introduced a mechanism to strip attributes from shims. cc `@Jules-Bertholet` `@workingjubilee` `@bjorn3` --- Summary: This PR fixes an interaction between `#[track_caller]`, `#[no_mangle]`, and casting to a function pointer. A function annotated with `#[track_caller]` internally has a hidden extra argument for the panic location. The `#[track_caller]` attribute is only allowed on `extern "Rust"` functions. When a function is annotated with both `#[no_mangle]` and `#[track_caller]`, the exported symbol has the signature that includes the extra panic location argument. This works on stable rust today: ```rust extern "Rust" { #[track_caller] fn rust_track_caller_ffi_test_tracked() -> &'static Location<'static>; } mod provides { use std::panic::Location; #[track_caller] // UB if we did not have this! #[no_mangle] fn rust_track_caller_ffi_test_tracked() -> &'static Location<'static> { Location::caller() } } ``` When a `#[track_caller]` function is converted to a function pointer, a shim is added to drop the additional argument. So this is a valid program: ```rust #[track_caller] fn foo() {} fn main() { let f = foo as fn(); f(); } ``` The issue arises when `foo` is additionally annotated with `#[no_mangle]`, the generated shim currently inherits this attribute, also exporting a symbol named `foo`, but one without the hidden panic location argument. The linker rightfully complains about a duplicate symbol. The solution of this PR is to have the generated shim drop the `#[no_mangle]` attribute.
bjorn3 pushed a commit to rust-lang/rustc_codegen_cranelift that referenced this pull request
Oct 23, 2025
…ee1-dead the `#[track_caller]` shim should not inherit `#[no_mangle]` fixes rust-lang/rust#143162 builds on rust-lang/rust#143293 which introduced a mechanism to strip attributes from shims. cc `@Jules-Bertholet` `@workingjubilee` `@bjorn3` --- Summary: This PR fixes an interaction between `#[track_caller]`, `#[no_mangle]`, and casting to a function pointer. A function annotated with `#[track_caller]` internally has a hidden extra argument for the panic location. The `#[track_caller]` attribute is only allowed on `extern "Rust"` functions. When a function is annotated with both `#[no_mangle]` and `#[track_caller]`, the exported symbol has the signature that includes the extra panic location argument. This works on stable rust today: ```rust extern "Rust" { #[track_caller] fn rust_track_caller_ffi_test_tracked() -> &'static Location<'static>; } mod provides { use std::panic::Location; #[track_caller] // UB if we did not have this! #[no_mangle] fn rust_track_caller_ffi_test_tracked() -> &'static Location<'static> { Location::caller() } } ``` When a `#[track_caller]` function is converted to a function pointer, a shim is added to drop the additional argument. So this is a valid program: ```rust #[track_caller] fn foo() {} fn main() { let f = foo as fn(); f(); } ``` The issue arises when `foo` is additionally annotated with `#[no_mangle]`, the generated shim currently inherits this attribute, also exporting a symbol named `foo`, but one without the hidden panic location argument. The linker rightfully complains about a duplicate symbol. The solution of this PR is to have the generated shim drop the `#[no_mangle]` attribute.
Kobzol pushed a commit to Kobzol/rustc_codegen_cranelift that referenced this pull request
Dec 29, 2025
Kobzol pushed a commit to Kobzol/rustc_codegen_cranelift that referenced this pull request
Dec 29, 2025
…ee1-dead the `#[track_caller]` shim should not inherit `#[no_mangle]` fixes rust-lang/rust#143162 builds on rust-lang/rust#143293 which introduced a mechanism to strip attributes from shims. cc `@Jules-Bertholet` `@workingjubilee` `@bjorn3` --- Summary: This PR fixes an interaction between `#[track_caller]`, `#[no_mangle]`, and casting to a function pointer. A function annotated with `#[track_caller]` internally has a hidden extra argument for the panic location. The `#[track_caller]` attribute is only allowed on `extern "Rust"` functions. When a function is annotated with both `#[no_mangle]` and `#[track_caller]`, the exported symbol has the signature that includes the extra panic location argument. This works on stable rust today: ```rust extern "Rust" { #[track_caller] fn rust_track_caller_ffi_test_tracked() -> &'static Location<'static>; } mod provides { use std::panic::Location; #[track_caller] // UB if we did not have this! #[no_mangle] fn rust_track_caller_ffi_test_tracked() -> &'static Location<'static> { Location::caller() } } ``` When a `#[track_caller]` function is converted to a function pointer, a shim is added to drop the additional argument. So this is a valid program: ```rust #[track_caller] fn foo() {} fn main() { let f = foo as fn(); f(); } ``` The issue arises when `foo` is additionally annotated with `#[no_mangle]`, the generated shim currently inherits this attribute, also exporting a symbol named `foo`, but one without the hidden panic location argument. The linker rightfully complains about a duplicate symbol. The solution of this PR is to have the generated shim drop the `#[no_mangle]` attribute.
christian-schilling pushed a commit to christian-schilling/rustc_codegen_cranelift that referenced this pull request
Jan 27, 2026
christian-schilling pushed a commit to christian-schilling/rustc_codegen_cranelift that referenced this pull request
Jan 27, 2026
…ee1-dead the `#[track_caller]` shim should not inherit `#[no_mangle]` fixes rust-lang/rust#143162 builds on rust-lang/rust#143293 which introduced a mechanism to strip attributes from shims. cc `@Jules-Bertholet` `@workingjubilee` `@bjorn3` --- Summary: This PR fixes an interaction between `#[track_caller]`, `#[no_mangle]`, and casting to a function pointer. A function annotated with `#[track_caller]` internally has a hidden extra argument for the panic location. The `#[track_caller]` attribute is only allowed on `extern "Rust"` functions. When a function is annotated with both `#[no_mangle]` and `#[track_caller]`, the exported symbol has the signature that includes the extra panic location argument. This works on stable rust today: ```rust extern "Rust" { #[track_caller] fn rust_track_caller_ffi_test_tracked() -> &'static Location<'static>; } mod provides { use std::panic::Location; #[track_caller] // UB if we did not have this! #[no_mangle] fn rust_track_caller_ffi_test_tracked() -> &'static Location<'static> { Location::caller() } } ``` When a `#[track_caller]` function is converted to a function pointer, a shim is added to drop the additional argument. So this is a valid program: ```rust #[track_caller] fn foo() {} fn main() { let f = foo as fn(); f(); } ``` The issue arises when `foo` is additionally annotated with `#[no_mangle]`, the generated shim currently inherits this attribute, also exporting a symbol named `foo`, but one without the hidden panic location argument. The linker rightfully complains about a duplicate symbol. The solution of this PR is to have the generated shim drop the `#[no_mangle]` attribute.
christian-schilling pushed a commit to christian-schilling/rustc_codegen_cranelift that referenced this pull request
Jan 27, 2026
christian-schilling pushed a commit to christian-schilling/rustc_codegen_cranelift that referenced this pull request
Jan 27, 2026
…ee1-dead the `#[track_caller]` shim should not inherit `#[no_mangle]` fixes rust-lang/rust#143162 builds on rust-lang/rust#143293 which introduced a mechanism to strip attributes from shims. cc `@Jules-Bertholet` `@workingjubilee` `@bjorn3` --- Summary: This PR fixes an interaction between `#[track_caller]`, `#[no_mangle]`, and casting to a function pointer. A function annotated with `#[track_caller]` internally has a hidden extra argument for the panic location. The `#[track_caller]` attribute is only allowed on `extern "Rust"` functions. When a function is annotated with both `#[no_mangle]` and `#[track_caller]`, the exported symbol has the signature that includes the extra panic location argument. This works on stable rust today: ```rust extern "Rust" { #[track_caller] fn rust_track_caller_ffi_test_tracked() -> &'static Location<'static>; } mod provides { use std::panic::Location; #[track_caller] // UB if we did not have this! #[no_mangle] fn rust_track_caller_ffi_test_tracked() -> &'static Location<'static> { Location::caller() } } ``` When a `#[track_caller]` function is converted to a function pointer, a shim is added to drop the additional argument. So this is a valid program: ```rust #[track_caller] fn foo() {} fn main() { let f = foo as fn(); f(); } ``` The issue arises when `foo` is additionally annotated with `#[no_mangle]`, the generated shim currently inherits this attribute, also exporting a symbol named `foo`, but one without the hidden panic location argument. The linker rightfully complains about a duplicate symbol. The solution of this PR is to have the generated shim drop the `#[no_mangle]` attribute.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters