On Mon, Jul 14, 2025 at 06:30:09PM +0200, Miguel Ojeda wrote:
> On Mon, Jul 14, 2025 at 12:45 PM Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
> >
> > Apparently some Rust 'core' code violates this and explodes when ran
> > with FineIBT.
>
> I think this was fixed in Rust 1.88 (latest version), right? Or is
> there an issue still?
>
> 5595c31c3709 ("x86/Kconfig: make CFI_AUTO_DEFAULT depend on !RUST
> or Rust >= 1.88")
Oh yeah, it got fixed. Clearly I failed to update the Changelog.
> > - runtime EFI is especially henous because it also needs to disable
> > IBT. Basically calling unknown code without CFI protection at
> > runtime is a massice security issue.
>
> heinous
> massive
Typing hard; Thanks!
