-Zharden-sls flag (target modifier) added to enable mitigation against straight line speculation (SLS)

azhogin · azhogin · commit 462fc0badc7b · 2026-05-05T21:22:17.000+07:00
diff --git a/compiler/rustc_codegen_gcc/src/gcc_util.rs b/compiler/rustc_codegen_gcc/src/gcc_util.rs
@@ -7,6 +7,7 @@ use rustc_target::spec::Arch;
 
 fn gcc_features_by_flags(sess: &Session, features: &mut Vec<String>) {
     target_features::retpoline_features_by_flags(sess, features);
+    target_features::sls_features_by_flags(sess, features);
     // FIXME: LLVM also sets +reserve-x18 here under some conditions.
 }
 
diff --git a/compiler/rustc_codegen_llvm/src/llvm_util.rs b/compiler/rustc_codegen_llvm/src/llvm_util.rs
@@ -638,6 +638,7 @@ fn llvm_features_by_flags(sess: &Session, features: &mut Vec<String>) {
 
     target_features::retpoline_features_by_flags(sess, features);
     target_features::sanitizer_features_by_flags(sess, features);
+    target_features::sls_features_by_flags(sess, features);
 
     // -Zfixed-x18
     if sess.opts.unstable_opts.fixed_x18 {
diff --git a/compiler/rustc_codegen_ssa/src/target_features.rs b/compiler/rustc_codegen_ssa/src/target_features.rs
@@ -8,6 +8,7 @@ use rustc_middle::query::Providers;
 use rustc_middle::ty::TyCtxt;
 use rustc_session::Session;
 use rustc_session::errors::feature_err;
+use rustc_session::config::HardenSls;
 use rustc_session::lint::builtin::AARCH64_SOFTFLOAT_NEON;
 use rustc_span::{Span, Symbol, edit_distance, sym};
 use rustc_target::spec::{Arch, SanitizerSet};
@@ -487,6 +488,18 @@ pub fn sanitizer_features_by_flags(sess: &Session, features: &mut Vec<String>) {
     }
 }
 
+pub fn sls_features_by_flags(sess: &Session, features: &mut Vec<String>) {
+    match &sess.opts.unstable_opts.harden_sls {
+        HardenSls::None => (),
+        HardenSls::All => {
+            features.push("+harden-sls-ijmp".into());
+            features.push("+harden-sls-ret".into());
+        }
+        HardenSls::Return => features.push("+harden-sls-ret".into()),
+        HardenSls::IndirectJmp => features.push("+harden-sls-ijmp".into()),
+    }
+}
+
 pub(crate) fn provide(providers: &mut Providers) {
     *providers = Providers {
         rust_target_features: |tcx, cnum| {
diff --git a/compiler/rustc_session/src/config.rs b/compiler/rustc_session/src/config.rs
@@ -3069,10 +3069,11 @@ pub(crate) mod dep_tracking {
     use super::{
         AnnotateMoves, AutoDiff, BranchProtection, CFGuard, CFProtection, CoverageOptions,
         CrateType, DebugInfo, DebugInfoCompression, ErrorOutputType, FmtDebug, FunctionReturn,
-        InliningThreshold, InstrumentCoverage, InstrumentXRay, LinkerPluginLto, LocationDetail,
-        LtoCli, MirStripDebugInfo, NextSolverConfig, Offload, OptLevel, OutFileName, OutputType,
-        OutputTypes, PatchableFunctionEntry, Polonius, ResolveDocLinks, SourceFileHashAlgorithm,
-        SplitDwarfKind, SwitchWithOptPath, SymbolManglingVersion, WasiExecModel,
+        HardenSls, InliningThreshold, InstrumentCoverage, InstrumentXRay, LinkerPluginLto,
+        LocationDetail, LtoCli, MirStripDebugInfo, NextSolverConfig, Offload, OptLevel,
+        OutFileName, OutputType, OutputTypes, PatchableFunctionEntry, Polonius, ResolveDocLinks,
+        SourceFileHashAlgorithm, SplitDwarfKind, SwitchWithOptPath, SymbolManglingVersion,
+        WasiExecModel,
     };
     use crate::lint;
     use crate::utils::NativeLib;
@@ -3175,6 +3176,7 @@ pub(crate) mod dep_tracking {
         Polonius,
         InliningThreshold,
         FunctionReturn,
+        HardenSls,
         Align,
     );
 
@@ -3389,6 +3391,16 @@ pub enum FunctionReturn {
     ThunkExtern,
 }
 
+/// The different settings that the `-Zharden-sls` flag can have.
+#[derive(Clone, Copy, PartialEq, Hash, Debug, Default)]
+pub enum HardenSls {
+    #[default]
+    None,
+    All,
+    Return,
+    IndirectJmp,
+}
+
 /// Whether extra span comments are included when dumping MIR, via the `-Z mir-include-spans` flag.
 /// By default, only enabled in the NLL MIR dumps, and disabled in all other passes.
 #[derive(Clone, Copy, Default, PartialEq, Debug)]
diff --git a/compiler/rustc_session/src/options.rs b/compiler/rustc_session/src/options.rs
@@ -834,6 +834,7 @@ mod desc {
         "either a boolean (`yes`, `no`, `on`, `off`, etc), or a non-negative number";
     pub(crate) const parse_llvm_module_flag: &str = "<key>:<type>:<value>:<behavior>. Type must currently be `u32`. Behavior should be one of (`error`, `warning`, `require`, `override`, `append`, `appendunique`, `max`, `min`)";
     pub(crate) const parse_function_return: &str = "`keep` or `thunk-extern`";
+    pub(crate) const parse_harden_sls: &str = "`none`, `all`, `return` or `indirect-jmp`";
     pub(crate) const parse_wasm_c_abi: &str = "`spec`";
     pub(crate) const parse_mir_include_spans: &str =
         "either a boolean (`yes`, `no`, `on`, `off`, etc), or `nll` (default: `nll`)";
@@ -1986,6 +1987,17 @@ pub mod parse {
         true
     }
 
+    pub(crate) fn parse_harden_sls(slot: &mut HardenSls, v: Option<&str>) -> bool {
+        match v {
+            Some("none") => *slot = HardenSls::None,
+            Some("all") => *slot = HardenSls::All,
+            Some("return") => *slot = HardenSls::Return,
+            Some("indirect-jmp") => *slot = HardenSls::IndirectJmp,
+            _ => return false,
+        }
+        true
+    }
+
     pub(crate) fn parse_wasm_c_abi(_slot: &mut (), v: Option<&str>) -> bool {
         v == Some("spec")
     }
@@ -2350,6 +2362,9 @@ options! {
     graphviz_font: String = ("Courier, monospace".to_string(), parse_string, [UNTRACKED],
         "use the given `fontname` in graphviz output; can be overridden by setting \
         environment variable `RUSTC_GRAPHVIZ_FONT` (default: `Courier, monospace`)"),
+    harden_sls: HardenSls = (HardenSls::None, parse_harden_sls, [TRACKED] { TARGET_MODIFIER: HardenSls },
+        "flag to mitigate against straight line speculation (SLS) [none|all|return|indirect-jmp] \
+        (default: none)"),
     has_thread_local: Option<bool> = (None, parse_opt_bool, [TRACKED],
         "explicitly enable the `cfg(target_thread_local)` directive"),
     help: bool = (false, parse_no_value, [UNTRACKED], "Print unstable compiler options"),
diff --git a/compiler/rustc_target/src/target_features.rs b/compiler/rustc_target/src/target_features.rs
@@ -2,7 +2,7 @@
 //! Note that these are similar to but not always identical to LLVM's feature names,
 //! and Rust adds some features that do not correspond to LLVM features at all.
 use rustc_data_structures::fx::{FxHashMap, FxHashSet};
-use rustc_macros::StableHash;
+use rustc_data_structures::stable_hasher::{StableHash, StableHasher, StableHashCtxt};
 use rustc_span::{Symbol, sym};
 
 use crate::spec::{Arch, FloatAbi, LlvmAbi, RustcAbi, Target};
@@ -12,7 +12,7 @@ use crate::spec::{Arch, FloatAbi, LlvmAbi, RustcAbi, Target};
 pub const RUSTC_SPECIFIC_FEATURES: &[&str] = &["crt-static"];
 
 /// Stability information for target features.
-#[derive(Debug, Copy, Clone, StableHash)]
+#[derive(Debug, Copy, Clone)]
 pub enum Stability {
     /// This target feature is stable, it can be used in `#[target_feature]` and
     /// `#[cfg(target_feature)]`.
@@ -37,18 +37,18 @@ pub enum Stability {
 }
 use Stability::*;
 
-impl<CTX> HashStable<CTX> for Stability {
+impl StableHash for Stability {
     #[inline]
-    fn hash_stable(&self, hcx: &mut CTX, hasher: &mut StableHasher) {
-        std::mem::discriminant(self).hash_stable(hcx, hasher);
+    fn stable_hash<Hcx: StableHashCtxt>(&self, hcx: &mut Hcx, hasher: &mut StableHasher) {
+        std::mem::discriminant(self).stable_hash(hcx, hasher);
         match self {
             Stability::Stable => {}
             Stability::Unstable(nightly_feature) => {
-                nightly_feature.hash_stable(hcx, hasher);
+                nightly_feature.stable_hash(hcx, hasher);
             }
             Stability::Forbidden { reason, hard_error } => {
-                reason.hash_stable(hcx, hasher);
-                hard_error.hash_stable(hcx, hasher);
+                reason.stable_hash(hcx, hasher);
+                hard_error.stable_hash(hcx, hasher);
             }
         }
     }
@@ -458,6 +458,16 @@ static X86_FEATURES: &[(&str, Stability, ImpliedFeatures)] = &[
     ("fma4", Unstable(sym::fma4_target_feature), &["avx", "sse4a"]),
     ("fxsr", Stable, &[]),
     ("gfni", Stable, &["sse2"]),
+    (
+        "harden-sls-ijmp",
+        Stability::Forbidden { reason: "use `harden-sls` compiler flag instead", hard_error: true },
+        &[],
+    ),
+    (
+        "harden-sls-ret",
+        Stability::Forbidden { reason: "use `harden-sls` compiler flag instead", hard_error: true },
+        &[],
+    ),
     ("kl", Stable, &["sse2"]),
     ("lahfsahf", Unstable(sym::lahfsahf_target_feature), &[]),
     ("lzcnt", Stable, &[]),
diff --git a/src/doc/rustc-dev-guide/src/tests/directives.md b/src/doc/rustc-dev-guide/src/tests/directives.md
@@ -244,12 +244,14 @@ See also [Debuginfo tests](compiletest.md#debuginfo-tests) for directives for ig
 
 | Directive           | Explanation                                                                                  | Supported test suites                      | Possible values                                                                            |
 |---------------------|----------------------------------------------------------------------------------------------|--------------------------------------------|--------------------------------------------------------------------------------------------|
-| `compile-flags`     | Flags passed to `rustc` when building the test or aux file                                   | All except for `run-make`/`run-make-cargo` | Any valid `rustc` flags, e.g. `-Awarnings -Dfoo`. Cannot be `-Cincremental` or `--edition` |
-| `edition`           | The edition used to build the test                                                           | All except for `run-make`/`run-make-cargo` | Any valid `--edition` value                                                                |
-| `rustc-env`         | Env var to set when running `rustc`                                                          | All except for `run-make`/`run-make-cargo` | `<KEY>=<VALUE>`                                                                            |
-| `unset-rustc-env`   | Env var to unset when running `rustc`                                                        | All except for `run-make`/`run-make-cargo` | Any env var name                                                                           |
-| `incremental`       | Proper incremental support for tests outside of incremental test suite                       | `ui`, `crashes`                            | N/A                                                                                        |
-| `no-prefer-dynamic` | Don't use `-C prefer-dynamic`, don't build as a dylib via a `--crate-type=dylib` preset flag | `ui`, `crashes`                            | N/A                                                                                        |
+| `compile-flags`          | Flags passed to `rustc` when building the test or aux file                           | All except for `run-make`/`run-make-cargo` | Any valid `rustc` flags, e.g. `-Awarnings -Dfoo`. Cannot be `-Cincremental` or `--edition` |
+| `minicore-compile-flags` | Additional flags passed to `rustc` when building minicore                            | All except for `run-make`/`run-make-cargo` | Any valid `rustc` flags, e.g. `-Awarnings -Dfoo`. Cannot be `-Cincremental` or `--edition` |
+| `non-aux-compile-flags`  | Additional flags passed to `rustc` when building the test (not for auxiliary builds) | All except for `run-make`/`run-make-cargo` | Any valid `rustc` flags, e.g. `-Awarnings -Dfoo`. Cannot be `-Cincremental` or `--edition` |
+| `edition`                | The edition used to build the test                                                   | All except for `run-make`/`run-make-cargo` | Any valid `--edition` value                                                                |
+| `rustc-env`              | Env var to set when running `rustc`                                                  | All except for `run-make`/`run-make-cargo` | `<KEY>=<VALUE>`                                                                            |
+| `unset-rustc-env`        | Env var to unset when running `rustc`                                                | All except for `run-make`/`run-make-cargo` | Any env var name                                                                           |
+| `incremental`            | Proper incremental support for tests outside of incremental test suite               | `ui`, `crashes`                            | N/A                                                                                        |
+| `no-prefer-dynamic`      | Don't use `-C prefer-dynamic`, don't build as a dylib via a `--crate-type=dylib` preset flag | `ui`, `crashes`                    | N/A                                                                                        |
 
 <div class="warning">
 
diff --git a/src/doc/rustc-dev-guide/src/tests/minicore.md b/src/doc/rustc-dev-guide/src/tests/minicore.md
@@ -44,6 +44,11 @@ The `minicore` items must be kept up to date with `core`.
 For consistent diagnostic output between using `core` and `minicore`, any `diagnostic`
 attributes (e.g. `on_unimplemented`) should be replicated exactly in `minicore`.
 
+## Specific compile flags
+`compile-flags` is used both for auxiliary builds (including minicore) and main test build.
+`minicore-compile-flags` directive may be used to provide compile flags for minicore build only.
+`non-aux-compile-flags` directive may be used to provide compile flags for main test only.
+
 ## Example codegen test that uses `minicore`
 
 ```rust,no_run
diff --git a/src/tools/compiletest/src/directives.rs b/src/tools/compiletest/src/directives.rs
@@ -207,6 +207,8 @@ pub(crate) struct TestProps {
     pub(crate) add_minicore: bool,
     /// Add these flags to the build of `minicore`.
     pub(crate) minicore_compile_flags: Vec<String>,
+    /// Add these flags to the non-auxiliary build.
+    pub(crate) non_aux_compile_flags: Vec<String>,
     /// Whether line annotations are required for the given error kind.
     pub(crate) dont_require_annotations: HashSet<ErrorKind>,
     /// Whether pretty printers should be disabled in gdb.
@@ -259,6 +261,7 @@ mod directives {
     pub(crate) const NO_AUTO_CHECK_CFG: &str = "no-auto-check-cfg";
     pub(crate) const ADD_MINICORE: &str = "add-minicore";
     pub(crate) const MINICORE_COMPILE_FLAGS: &str = "minicore-compile-flags";
+    pub(crate) const NON_AUX_COMPILE_FLAGS: &'static str = "non-aux-compile-flags";
     pub(crate) const DISABLE_GDB_PRETTY_PRINTERS: &str = "disable-gdb-pretty-printers";
     pub(crate) const COMPARE_OUTPUT_BY_LINES: &str = "compare-output-by-lines";
 }
@@ -316,6 +319,7 @@ impl TestProps {
             no_auto_check_cfg: false,
             add_minicore: false,
             minicore_compile_flags: vec![],
+            non_aux_compile_flags: vec![],
             dont_require_annotations: Default::default(),
             disable_gdb_pretty_printers: false,
             compare_output_by_lines: false,
diff --git a/src/tools/compiletest/src/directives/directive_names.rs b/src/tools/compiletest/src/directives/directive_names.rs
@@ -202,6 +202,7 @@ pub(crate) const KNOWN_DIRECTIVE_NAMES: &[&str] = &[
     "needs-xray",
     "no-auto-check-cfg",
     "no-prefer-dynamic",
+    "non-aux-compile-flags",
     "normalize-stderr",
     "normalize-stderr-32bit",
     "normalize-stderr-64bit",
diff --git a/src/tools/compiletest/src/directives/handlers.rs b/src/tools/compiletest/src/directives/handlers.rs
@@ -348,6 +348,19 @@ fn make_directive_handlers_map() -> HashMap<&'static str, Handler> {
                 props.minicore_compile_flags.extend(flags);
             }
         }),
+        handler(NON_AUX_COMPILE_FLAGS, |config, ln, props| {
+            if let Some(flags) = config.parse_name_value_directive(ln, NON_AUX_COMPILE_FLAGS) {
+                let flags = split_flags(&flags);
+                // FIXME(#147955): Extract and unify this with other handlers that
+                // check compiler flags, e.g. COMPILE_FLAGS.
+                for flag in &flags {
+                    if flag == "--edition" || flag.starts_with("--edition=") {
+                        panic!("you must use `//@ edition` to configure the edition");
+                    }
+                }
+                props.non_aux_compile_flags.extend(flags);
+            }
+        }),
         handler(DONT_REQUIRE_ANNOTATIONS, |config, ln, props| {
             if let Some(err_kind) = config.parse_name_value_directive(ln, DONT_REQUIRE_ANNOTATIONS)
             {
diff --git a/src/tools/compiletest/src/runtest.rs b/src/tools/compiletest/src/runtest.rs
@@ -965,6 +965,7 @@ impl<'test> TestCx<'test> {
             allow_unused,
             LinkToAux::Yes,
             passes,
+            false,
         );
 
         self.compose_and_run_compiler(rustc, None)
@@ -1325,6 +1326,7 @@ impl<'test> TestCx<'test> {
             AllowUnused::Yes,
             LinkToAux::No,
             vec![],
+            true,
         );
 
         rustc.args(&["--crate-type", "rlib"]);
@@ -1384,6 +1386,7 @@ impl<'test> TestCx<'test> {
             AllowUnused::No,
             LinkToAux::No,
             Vec::new(),
+            false,
         );
         aux_cx.build_all_auxiliary(&aux_dir, &mut aux_rustc);
 
@@ -1569,6 +1572,7 @@ impl<'test> TestCx<'test> {
         allow_unused: AllowUnused,
         link_to_aux: LinkToAux,
         passes: Vec<String>, // Vec of passes under mir-opt test to be dumped
+        for_minicore: bool,
     ) -> Command {
         // FIXME(Zalathar): We should have a cleaner distinction between
         // `rustc` flags, `rustdoc` flags, and flags shared by both.
@@ -1931,6 +1935,10 @@ impl<'test> TestCx<'test> {
         }
 
         compiler.args(&self.props.compile_flags);
+        let is_aux = input_file.components().map(|c| c.as_os_str()).any(|c| c == "auxiliary");
+        if !for_minicore && !is_aux {
+            compiler.args(&self.props.non_aux_compile_flags);
+        }
 
         compiler
     }
@@ -2152,6 +2160,7 @@ impl<'test> TestCx<'test> {
             AllowUnused::No,
             LinkToAux::Yes,
             Vec::new(),
+            false,
         );
 
         let proc_res = self.compose_and_run_compiler(rustc, None);
diff --git a/src/tools/compiletest/src/runtest/assembly.rs b/src/tools/compiletest/src/runtest/assembly.rs
@@ -44,6 +44,7 @@ impl TestCx<'_> {
             AllowUnused::No,
             LinkToAux::Yes,
             Vec::new(),
+            false,
         );
 
         let proc_res = self.compose_and_run_compiler(rustc, None);
diff --git a/src/tools/compiletest/src/runtest/ui.rs b/src/tools/compiletest/src/runtest/ui.rs
@@ -236,6 +236,7 @@ impl TestCx<'_> {
                 AllowUnused::No,
                 LinkToAux::Yes,
                 Vec::new(),
+                false,
             );
 
             // If a test is revisioned, it's fixed source file can be named "a.foo.fixed", which,
diff --git a/tests/assembly-llvm/x86_64-sls.rs b/tests/assembly-llvm/x86_64-sls.rs
diff --git a/tests/codegen-llvm/harden-sls.rs b/tests/codegen-llvm/harden-sls.rs
diff --git a/tests/ui/target-feature/harden-sls-target-feature-flag.by_feature.stderr b/tests/ui/target-feature/harden-sls-target-feature-flag.by_feature.stderr
diff --git a/tests/ui/target-feature/harden-sls-target-feature-flag.rs b/tests/ui/target-feature/harden-sls-target-feature-flag.rs

Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,7 @@ use rustc_target::spec::Arch;`
`7`	`7`
`8`	`8`	`fn gcc_features_by_flags(sess: &Session, features: &mut Vec<String>) {`
`9`	`9`	`target_features::retpoline_features_by_flags(sess, features);`
	`10`	`+ target_features::sls_features_by_flags(sess, features);`
`10`	`11`	`// FIXME: LLVM also sets +reserve-x18 here under some conditions.`
`11`	`12`	`}`
`12`	`13`