| Message ID | 20191122112621.204798-22-glider@google.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Add KernelMemorySanitizer infrastructure | expand |
On Fri, Nov 22, 2019 at 12:27 PM <glider@google.com> wrote: > > Instrumenting some files with KMSAN will result in kernel being unable > to link, boot or crashing at runtime for various reasons (e.g. infinite > recursion caused by instrumentation hooks calling instrumented code again). > > Disable KMSAN in the following places: > - arch/x86/boot and arch/x86/realmode/rm, as KMSAN doesn't work for i386; > - arch/x86/entry/vdso, which isn't linked with KMSAN runtime; > - three files in arch/x86/kernel - boot problems; > - arch/x86/mm/cpu_entry_area.c - recursion; > - EFI stub - build failures; > - kcov, stackdepot - recursion. It makes sense to unify comments explaining the reasons for KMSAN_SANITIZE := n with KCSAN patches: https://patchwork.kernel.org/patch/11244145/ https://patchwork.kernel.org/patch/11244161/ > > Signed-off-by: Alexander Potapenko <glider@google.com> > To: Alexander Potapenko <glider@google.com> > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > Cc: Thomas Gleixner <tglx@linutronix.de> > Cc: Vegard Nossum <vegard.nossum@oracle.com> > Cc: Dmitry Vyukov <dvyukov@google.com> > Cc: linux-mm@kvack.org > --- > > Change-Id: I90961eabf2dcb9ae992aed259088953bad5e4d6d > --- > arch/x86/boot/Makefile | 2 ++ > arch/x86/boot/compressed/Makefile | 2 ++ > arch/x86/entry/vdso/Makefile | 3 +++ > arch/x86/kernel/Makefile | 4 ++++ > arch/x86/kernel/cpu/Makefile | 1 + > arch/x86/mm/Makefile | 2 ++ > arch/x86/realmode/rm/Makefile | 2 ++ > drivers/firmware/efi/libstub/Makefile | 1 + > kernel/Makefile | 1 + > lib/Makefile | 1 + > 10 files changed, 19 insertions(+) > > diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile > index e2839b5c246c..c039abd4c81f 100644 > --- a/arch/x86/boot/Makefile > +++ b/arch/x86/boot/Makefile > @@ -10,6 +10,8 @@ > # > > KASAN_SANITIZE := n > +# KMSAN doesn't work for i386 > +KMSAN_SANITIZE := n > OBJECT_FILES_NON_STANDARD := y > > # Kernel does not boot with kcov instrumentation here. > diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile > index 6b84afdd7538..9efe2d9fca4c 100644 > --- a/arch/x86/boot/compressed/Makefile > +++ b/arch/x86/boot/compressed/Makefile > @@ -18,6 +18,8 @@ > # compressed vmlinux.bin.all + u32 size of vmlinux.bin.all > > KASAN_SANITIZE := n > +# KMSAN doesn't work for i386 > +KMSAN_SANITIZE := n > OBJECT_FILES_NON_STANDARD := y > > # Prevents link failures: __sanitizer_cov_trace_pc() is not linked in. > diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile > index 0f2154106d01..000467a1a4f2 100644 > --- a/arch/x86/entry/vdso/Makefile > +++ b/arch/x86/entry/vdso/Makefile > @@ -11,6 +11,9 @@ include $(srctree)/lib/vdso/Makefile > > KBUILD_CFLAGS += $(DISABLE_LTO) > KASAN_SANITIZE := n > +# Undefined references to KMSAN hooks. > +KMSAN_SANITIZE_vclock_gettime.o := n > +KMSAN_SANITIZE_vgetcpu.o := n > UBSAN_SANITIZE := n > OBJECT_FILES_NON_STANDARD := y > > diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile > index 3578ad248bc9..ce39972a7edf 100644 > --- a/arch/x86/kernel/Makefile > +++ b/arch/x86/kernel/Makefile > @@ -28,6 +28,10 @@ KASAN_SANITIZE_dumpstack_$(BITS).o := n > KASAN_SANITIZE_stacktrace.o := n > KASAN_SANITIZE_paravirt.o := n > > +# Work around reboot loop. > +KMSAN_SANITIZE_head$(BITS).o := n > +KMSAN_SANITIZE_nmi.o := n > + > OBJECT_FILES_NON_STANDARD_relocate_kernel_$(BITS).o := y > OBJECT_FILES_NON_STANDARD_test_nx.o := y > OBJECT_FILES_NON_STANDARD_paravirt_patch.o := y > diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile > index d7a1e5a9331c..41f4f8f2f2f0 100644 > --- a/arch/x86/kernel/cpu/Makefile > +++ b/arch/x86/kernel/cpu/Makefile > @@ -12,6 +12,7 @@ endif > # If these files are instrumented, boot hangs during the first second. > KCOV_INSTRUMENT_common.o := n > KCOV_INSTRUMENT_perf_event.o := n > +KMSAN_SANITIZE_common.o := n > > # Make sure load_percpu_segment has no stackprotector > nostackp := $(call cc-option, -fno-stack-protector) > diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile > index 84373dc9b341..42cb3a6409b0 100644 > --- a/arch/x86/mm/Makefile > +++ b/arch/x86/mm/Makefile > @@ -7,6 +7,8 @@ KCOV_INSTRUMENT_mem_encrypt_identity.o := n > KASAN_SANITIZE_mem_encrypt.o := n > KASAN_SANITIZE_mem_encrypt_identity.o := n > > +KMSAN_SANITIZE_cpu_entry_area.o := n > + > ifdef CONFIG_FUNCTION_TRACER > CFLAGS_REMOVE_mem_encrypt.o = -pg > CFLAGS_REMOVE_mem_encrypt_identity.o = -pg > diff --git a/arch/x86/realmode/rm/Makefile b/arch/x86/realmode/rm/Makefile > index f60501a384f9..27e7bc0bbdde 100644 > --- a/arch/x86/realmode/rm/Makefile > +++ b/arch/x86/realmode/rm/Makefile > @@ -7,6 +7,8 @@ > # > # > KASAN_SANITIZE := n > +# KMSAN doesn't work for i386 > +KMSAN_SANITIZE := n > OBJECT_FILES_NON_STANDARD := y > > # Prevents link failures: __sanitizer_cov_trace_pc() is not linked in. > diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile > index 0460c7581220..11869c17a64c 100644 > --- a/drivers/firmware/efi/libstub/Makefile > +++ b/drivers/firmware/efi/libstub/Makefile > @@ -32,6 +32,7 @@ KBUILD_CFLAGS := $(cflags-y) -DDISABLE_BRANCH_PROFILING \ > > GCOV_PROFILE := n > KASAN_SANITIZE := n > +KMSAN_SANITIZE := n > UBSAN_SANITIZE := n > OBJECT_FILES_NON_STANDARD := y > > diff --git a/kernel/Makefile b/kernel/Makefile > index daad787fb795..5fd6fbca2592 100644 > --- a/kernel/Makefile > +++ b/kernel/Makefile > @@ -30,6 +30,7 @@ KCOV_INSTRUMENT_extable.o := n > # Don't self-instrument. > KCOV_INSTRUMENT_kcov.o := n > KASAN_SANITIZE_kcov.o := n > +KMSAN_SANITIZE_kcov.o := n > CFLAGS_kcov.o := $(call cc-option, -fno-conserve-stack -fno-stack-protector) > > # cond_syscall is currently not LTO compatible > diff --git a/lib/Makefile b/lib/Makefile > index 08fcb37499a0..ae6e57d857b0 100644 > --- a/lib/Makefile > +++ b/lib/Makefile > @@ -222,6 +222,7 @@ obj-$(CONFIG_IRQ_POLL) += irq_poll.o > CFLAGS_stackdepot.o += -fno-builtin > obj-$(CONFIG_STACKDEPOT) += stackdepot.o > KASAN_SANITIZE_stackdepot.o := n > +KMSAN_SANITIZE_stackdepot.o := n > KCOV_INSTRUMENT_stackdepot.o := n > > libfdt_files = fdt.o fdt_ro.o fdt_wip.o fdt_rw.o fdt_sw.o fdt_strerror.o \ > -- > 2.24.0.432.g9d3f5f5b63-goog >
On Fri, Nov 29, 2019 at 4:07 PM Andrey Konovalov <andreyknvl@google.com> wrote: > > On Fri, Nov 22, 2019 at 12:27 PM <glider@google.com> wrote: > > > > Instrumenting some files with KMSAN will result in kernel being unable > > to link, boot or crashing at runtime for various reasons (e.g. infinite > > recursion caused by instrumentation hooks calling instrumented code again). > > > > Disable KMSAN in the following places: > > - arch/x86/boot and arch/x86/realmode/rm, as KMSAN doesn't work for i386; > > - arch/x86/entry/vdso, which isn't linked with KMSAN runtime; > > - three files in arch/x86/kernel - boot problems; > > - arch/x86/mm/cpu_entry_area.c - recursion; > > - EFI stub - build failures; > > - kcov, stackdepot - recursion. > > It makes sense to unify comments explaining the reasons for > KMSAN_SANITIZE := n with KCSAN patches: In principle, yes. But KCSAN hasn't reached upstream yet, and rebasing on top of it will increase the number of moving parts to take into account. > https://patchwork.kernel.org/patch/11244145/ > https://patchwork.kernel.org/patch/11244161/ > > > > > Signed-off-by: Alexander Potapenko <glider@google.com> > > To: Alexander Potapenko <glider@google.com> > > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > > Cc: Thomas Gleixner <tglx@linutronix.de> > > Cc: Vegard Nossum <vegard.nossum@oracle.com> > > Cc: Dmitry Vyukov <dvyukov@google.com> > > Cc: linux-mm@kvack.org > > --- > > > > Change-Id: I90961eabf2dcb9ae992aed259088953bad5e4d6d > > --- > > arch/x86/boot/Makefile | 2 ++ > > arch/x86/boot/compressed/Makefile | 2 ++ > > arch/x86/entry/vdso/Makefile | 3 +++ > > arch/x86/kernel/Makefile | 4 ++++ > > arch/x86/kernel/cpu/Makefile | 1 + > > arch/x86/mm/Makefile | 2 ++ > > arch/x86/realmode/rm/Makefile | 2 ++ > > drivers/firmware/efi/libstub/Makefile | 1 + > > kernel/Makefile | 1 + > > lib/Makefile | 1 + > > 10 files changed, 19 insertions(+) > > > > diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile > > index e2839b5c246c..c039abd4c81f 100644 > > --- a/arch/x86/boot/Makefile > > +++ b/arch/x86/boot/Makefile > > @@ -10,6 +10,8 @@ > > # > > > > KASAN_SANITIZE := n > > +# KMSAN doesn't work for i386 > > +KMSAN_SANITIZE := n > > OBJECT_FILES_NON_STANDARD := y > > > > # Kernel does not boot with kcov instrumentation here. > > diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile > > index 6b84afdd7538..9efe2d9fca4c 100644 > > --- a/arch/x86/boot/compressed/Makefile > > +++ b/arch/x86/boot/compressed/Makefile > > @@ -18,6 +18,8 @@ > > # compressed vmlinux.bin.all + u32 size of vmlinux.bin.all > > > > KASAN_SANITIZE := n > > +# KMSAN doesn't work for i386 > > +KMSAN_SANITIZE := n > > OBJECT_FILES_NON_STANDARD := y > > > > # Prevents link failures: __sanitizer_cov_trace_pc() is not linked in. > > diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile > > index 0f2154106d01..000467a1a4f2 100644 > > --- a/arch/x86/entry/vdso/Makefile > > +++ b/arch/x86/entry/vdso/Makefile > > @@ -11,6 +11,9 @@ include $(srctree)/lib/vdso/Makefile > > > > KBUILD_CFLAGS += $(DISABLE_LTO) > > KASAN_SANITIZE := n > > +# Undefined references to KMSAN hooks. > > +KMSAN_SANITIZE_vclock_gettime.o := n > > +KMSAN_SANITIZE_vgetcpu.o := n > > UBSAN_SANITIZE := n > > OBJECT_FILES_NON_STANDARD := y > > > > diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile > > index 3578ad248bc9..ce39972a7edf 100644 > > --- a/arch/x86/kernel/Makefile > > +++ b/arch/x86/kernel/Makefile > > @@ -28,6 +28,10 @@ KASAN_SANITIZE_dumpstack_$(BITS).o := n > > KASAN_SANITIZE_stacktrace.o := n > > KASAN_SANITIZE_paravirt.o := n > > > > +# Work around reboot loop. > > +KMSAN_SANITIZE_head$(BITS).o := n > > +KMSAN_SANITIZE_nmi.o := n > > + > > OBJECT_FILES_NON_STANDARD_relocate_kernel_$(BITS).o := y > > OBJECT_FILES_NON_STANDARD_test_nx.o := y > > OBJECT_FILES_NON_STANDARD_paravirt_patch.o := y > > diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile > > index d7a1e5a9331c..41f4f8f2f2f0 100644 > > --- a/arch/x86/kernel/cpu/Makefile > > +++ b/arch/x86/kernel/cpu/Makefile > > @@ -12,6 +12,7 @@ endif > > # If these files are instrumented, boot hangs during the first second. > > KCOV_INSTRUMENT_common.o := n > > KCOV_INSTRUMENT_perf_event.o := n > > +KMSAN_SANITIZE_common.o := n > > > > # Make sure load_percpu_segment has no stackprotector > > nostackp := $(call cc-option, -fno-stack-protector) > > diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile > > index 84373dc9b341..42cb3a6409b0 100644 > > --- a/arch/x86/mm/Makefile > > +++ b/arch/x86/mm/Makefile > > @@ -7,6 +7,8 @@ KCOV_INSTRUMENT_mem_encrypt_identity.o := n > > KASAN_SANITIZE_mem_encrypt.o := n > > KASAN_SANITIZE_mem_encrypt_identity.o := n > > > > +KMSAN_SANITIZE_cpu_entry_area.o := n > > + > > ifdef CONFIG_FUNCTION_TRACER > > CFLAGS_REMOVE_mem_encrypt.o = -pg > > CFLAGS_REMOVE_mem_encrypt_identity.o = -pg > > diff --git a/arch/x86/realmode/rm/Makefile b/arch/x86/realmode/rm/Makefile > > index f60501a384f9..27e7bc0bbdde 100644 > > --- a/arch/x86/realmode/rm/Makefile > > +++ b/arch/x86/realmode/rm/Makefile > > @@ -7,6 +7,8 @@ > > # > > # > > KASAN_SANITIZE := n > > +# KMSAN doesn't work for i386 > > +KMSAN_SANITIZE := n > > OBJECT_FILES_NON_STANDARD := y > > > > # Prevents link failures: __sanitizer_cov_trace_pc() is not linked in. > > diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile > > index 0460c7581220..11869c17a64c 100644 > > --- a/drivers/firmware/efi/libstub/Makefile > > +++ b/drivers/firmware/efi/libstub/Makefile > > @@ -32,6 +32,7 @@ KBUILD_CFLAGS := $(cflags-y) -DDISABLE_BRANCH_PROFILING \ > > > > GCOV_PROFILE := n > > KASAN_SANITIZE := n > > +KMSAN_SANITIZE := n > > UBSAN_SANITIZE := n > > OBJECT_FILES_NON_STANDARD := y > > > > diff --git a/kernel/Makefile b/kernel/Makefile > > index daad787fb795..5fd6fbca2592 100644 > > --- a/kernel/Makefile > > +++ b/kernel/Makefile > > @@ -30,6 +30,7 @@ KCOV_INSTRUMENT_extable.o := n > > # Don't self-instrument. > > KCOV_INSTRUMENT_kcov.o := n > > KASAN_SANITIZE_kcov.o := n > > +KMSAN_SANITIZE_kcov.o := n > > CFLAGS_kcov.o := $(call cc-option, -fno-conserve-stack -fno-stack-protector) > > > > # cond_syscall is currently not LTO compatible > > diff --git a/lib/Makefile b/lib/Makefile > > index 08fcb37499a0..ae6e57d857b0 100644 > > --- a/lib/Makefile > > +++ b/lib/Makefile > > @@ -222,6 +222,7 @@ obj-$(CONFIG_IRQ_POLL) += irq_poll.o > > CFLAGS_stackdepot.o += -fno-builtin > > obj-$(CONFIG_STACKDEPOT) += stackdepot.o > > KASAN_SANITIZE_stackdepot.o := n > > +KMSAN_SANITIZE_stackdepot.o := n > > KCOV_INSTRUMENT_stackdepot.o := n > > > > libfdt_files = fdt.o fdt_ro.o fdt_wip.o fdt_rw.o fdt_sw.o fdt_strerror.o \ > > -- > > 2.24.0.432.g9d3f5f5b63-goog > >
On Tue, Dec 10, 2019 at 11:35 AM Alexander Potapenko <glider@google.com> wrote: > > On Fri, Nov 29, 2019 at 4:07 PM Andrey Konovalov <andreyknvl@google.com> wrote: > > > > On Fri, Nov 22, 2019 at 12:27 PM <glider@google.com> wrote: > > > > > > Instrumenting some files with KMSAN will result in kernel being unable > > > to link, boot or crashing at runtime for various reasons (e.g. infinite > > > recursion caused by instrumentation hooks calling instrumented code again). > > > > > > Disable KMSAN in the following places: > > > - arch/x86/boot and arch/x86/realmode/rm, as KMSAN doesn't work for i386; > > > - arch/x86/entry/vdso, which isn't linked with KMSAN runtime; > > > - three files in arch/x86/kernel - boot problems; > > > - arch/x86/mm/cpu_entry_area.c - recursion; > > > - EFI stub - build failures; > > > - kcov, stackdepot - recursion. > > > > It makes sense to unify comments explaining the reasons for > > KMSAN_SANITIZE := n with KCSAN patches: > In principle, yes. > But KCSAN hasn't reached upstream yet, and rebasing on top of it will > increase the number of moving parts to take into account. Ah, I see. Yes, I'll add meaningful comments in v4. > > > https://patchwork.kernel.org/patch/11244145/ > > https://patchwork.kernel.org/patch/11244161/ > > > > > > > > Signed-off-by: Alexander Potapenko <glider@google.com> > > > To: Alexander Potapenko <glider@google.com> > > > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > > > Cc: Thomas Gleixner <tglx@linutronix.de> > > > Cc: Vegard Nossum <vegard.nossum@oracle.com> > > > Cc: Dmitry Vyukov <dvyukov@google.com> > > > Cc: linux-mm@kvack.org > > > --- > > > > > > Change-Id: I90961eabf2dcb9ae992aed259088953bad5e4d6d > > > --- > > > arch/x86/boot/Makefile | 2 ++ > > > arch/x86/boot/compressed/Makefile | 2 ++ > > > arch/x86/entry/vdso/Makefile | 3 +++ > > > arch/x86/kernel/Makefile | 4 ++++ > > > arch/x86/kernel/cpu/Makefile | 1 + > > > arch/x86/mm/Makefile | 2 ++ > > > arch/x86/realmode/rm/Makefile | 2 ++ > > > drivers/firmware/efi/libstub/Makefile | 1 + > > > kernel/Makefile | 1 + > > > lib/Makefile | 1 + > > > 10 files changed, 19 insertions(+) > > > > > > diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile > > > index e2839b5c246c..c039abd4c81f 100644 > > > --- a/arch/x86/boot/Makefile > > > +++ b/arch/x86/boot/Makefile > > > @@ -10,6 +10,8 @@ > > > # > > > > > > KASAN_SANITIZE := n > > > +# KMSAN doesn't work for i386 > > > +KMSAN_SANITIZE := n > > > OBJECT_FILES_NON_STANDARD := y > > > > > > # Kernel does not boot with kcov instrumentation here. > > > diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile > > > index 6b84afdd7538..9efe2d9fca4c 100644 > > > --- a/arch/x86/boot/compressed/Makefile > > > +++ b/arch/x86/boot/compressed/Makefile > > > @@ -18,6 +18,8 @@ > > > # compressed vmlinux.bin.all + u32 size of vmlinux.bin.all > > > > > > KASAN_SANITIZE := n > > > +# KMSAN doesn't work for i386 > > > +KMSAN_SANITIZE := n > > > OBJECT_FILES_NON_STANDARD := y > > > > > > # Prevents link failures: __sanitizer_cov_trace_pc() is not linked in. > > > diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile > > > index 0f2154106d01..000467a1a4f2 100644 > > > --- a/arch/x86/entry/vdso/Makefile > > > +++ b/arch/x86/entry/vdso/Makefile > > > @@ -11,6 +11,9 @@ include $(srctree)/lib/vdso/Makefile > > > > > > KBUILD_CFLAGS += $(DISABLE_LTO) > > > KASAN_SANITIZE := n > > > +# Undefined references to KMSAN hooks. > > > +KMSAN_SANITIZE_vclock_gettime.o := n > > > +KMSAN_SANITIZE_vgetcpu.o := n > > > UBSAN_SANITIZE := n > > > OBJECT_FILES_NON_STANDARD := y > > > > > > diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile > > > index 3578ad248bc9..ce39972a7edf 100644 > > > --- a/arch/x86/kernel/Makefile > > > +++ b/arch/x86/kernel/Makefile > > > @@ -28,6 +28,10 @@ KASAN_SANITIZE_dumpstack_$(BITS).o := n > > > KASAN_SANITIZE_stacktrace.o := n > > > KASAN_SANITIZE_paravirt.o := n > > > > > > +# Work around reboot loop. > > > +KMSAN_SANITIZE_head$(BITS).o := n > > > +KMSAN_SANITIZE_nmi.o := n > > > + > > > OBJECT_FILES_NON_STANDARD_relocate_kernel_$(BITS).o := y > > > OBJECT_FILES_NON_STANDARD_test_nx.o := y > > > OBJECT_FILES_NON_STANDARD_paravirt_patch.o := y > > > diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile > > > index d7a1e5a9331c..41f4f8f2f2f0 100644 > > > --- a/arch/x86/kernel/cpu/Makefile > > > +++ b/arch/x86/kernel/cpu/Makefile > > > @@ -12,6 +12,7 @@ endif > > > # If these files are instrumented, boot hangs during the first second. > > > KCOV_INSTRUMENT_common.o := n > > > KCOV_INSTRUMENT_perf_event.o := n > > > +KMSAN_SANITIZE_common.o := n > > > > > > # Make sure load_percpu_segment has no stackprotector > > > nostackp := $(call cc-option, -fno-stack-protector) > > > diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile > > > index 84373dc9b341..42cb3a6409b0 100644 > > > --- a/arch/x86/mm/Makefile > > > +++ b/arch/x86/mm/Makefile > > > @@ -7,6 +7,8 @@ KCOV_INSTRUMENT_mem_encrypt_identity.o := n > > > KASAN_SANITIZE_mem_encrypt.o := n > > > KASAN_SANITIZE_mem_encrypt_identity.o := n > > > > > > +KMSAN_SANITIZE_cpu_entry_area.o := n > > > + > > > ifdef CONFIG_FUNCTION_TRACER > > > CFLAGS_REMOVE_mem_encrypt.o = -pg > > > CFLAGS_REMOVE_mem_encrypt_identity.o = -pg > > > diff --git a/arch/x86/realmode/rm/Makefile b/arch/x86/realmode/rm/Makefile > > > index f60501a384f9..27e7bc0bbdde 100644 > > > --- a/arch/x86/realmode/rm/Makefile > > > +++ b/arch/x86/realmode/rm/Makefile > > > @@ -7,6 +7,8 @@ > > > # > > > # > > > KASAN_SANITIZE := n > > > +# KMSAN doesn't work for i386 > > > +KMSAN_SANITIZE := n > > > OBJECT_FILES_NON_STANDARD := y > > > > > > # Prevents link failures: __sanitizer_cov_trace_pc() is not linked in. > > > diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile > > > index 0460c7581220..11869c17a64c 100644 > > > --- a/drivers/firmware/efi/libstub/Makefile > > > +++ b/drivers/firmware/efi/libstub/Makefile > > > @@ -32,6 +32,7 @@ KBUILD_CFLAGS := $(cflags-y) -DDISABLE_BRANCH_PROFILING \ > > > > > > GCOV_PROFILE := n > > > KASAN_SANITIZE := n > > > +KMSAN_SANITIZE := n > > > UBSAN_SANITIZE := n > > > OBJECT_FILES_NON_STANDARD := y > > > > > > diff --git a/kernel/Makefile b/kernel/Makefile > > > index daad787fb795..5fd6fbca2592 100644 > > > --- a/kernel/Makefile > > > +++ b/kernel/Makefile > > > @@ -30,6 +30,7 @@ KCOV_INSTRUMENT_extable.o := n > > > # Don't self-instrument. > > > KCOV_INSTRUMENT_kcov.o := n > > > KASAN_SANITIZE_kcov.o := n > > > +KMSAN_SANITIZE_kcov.o := n > > > CFLAGS_kcov.o := $(call cc-option, -fno-conserve-stack -fno-stack-protector) > > > > > > # cond_syscall is currently not LTO compatible > > > diff --git a/lib/Makefile b/lib/Makefile > > > index 08fcb37499a0..ae6e57d857b0 100644 > > > --- a/lib/Makefile > > > +++ b/lib/Makefile > > > @@ -222,6 +222,7 @@ obj-$(CONFIG_IRQ_POLL) += irq_poll.o > > > CFLAGS_stackdepot.o += -fno-builtin > > > obj-$(CONFIG_STACKDEPOT) += stackdepot.o > > > KASAN_SANITIZE_stackdepot.o := n > > > +KMSAN_SANITIZE_stackdepot.o := n > > > KCOV_INSTRUMENT_stackdepot.o := n > > > > > > libfdt_files = fdt.o fdt_ro.o fdt_wip.o fdt_rw.o fdt_sw.o fdt_strerror.o \ > > > -- > > > 2.24.0.432.g9d3f5f5b63-goog > > > > > > > -- > Alexander Potapenko > Software Engineer > > Google Germany GmbH > Erika-Mann-Straße, 33 > 80636 München > > Geschäftsführer: Paul Manicle, Halimah DeLaine Prado > Registergericht und -nummer: Hamburg, HRB 86891 > Sitz der Gesellschaft: Hamburg
> On Dec 10, 2019, at 5:35 AM, Alexander Potapenko <glider@google.com> wrote: > > In principle, yes. > But KCSAN hasn't reached upstream yet, and rebasing on top of it will > increase the number of moving parts to take into account. KCSAN is now in linux-next, so it makes sense to sync with it.
diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile index e2839b5c246c..c039abd4c81f 100644 --- a/arch/x86/boot/Makefile +++ b/arch/x86/boot/Makefile @@ -10,6 +10,8 @@ # KASAN_SANITIZE := n +# KMSAN doesn't work for i386 +KMSAN_SANITIZE := n OBJECT_FILES_NON_STANDARD := y # Kernel does not boot with kcov instrumentation here. diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 6b84afdd7538..9efe2d9fca4c 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -18,6 +18,8 @@ # compressed vmlinux.bin.all + u32 size of vmlinux.bin.all KASAN_SANITIZE := n +# KMSAN doesn't work for i386 +KMSAN_SANITIZE := n OBJECT_FILES_NON_STANDARD := y # Prevents link failures: __sanitizer_cov_trace_pc() is not linked in. diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile index 0f2154106d01..000467a1a4f2 100644 --- a/arch/x86/entry/vdso/Makefile +++ b/arch/x86/entry/vdso/Makefile @@ -11,6 +11,9 @@ include $(srctree)/lib/vdso/Makefile KBUILD_CFLAGS += $(DISABLE_LTO) KASAN_SANITIZE := n +# Undefined references to KMSAN hooks. +KMSAN_SANITIZE_vclock_gettime.o := n +KMSAN_SANITIZE_vgetcpu.o := n UBSAN_SANITIZE := n OBJECT_FILES_NON_STANDARD := y diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile index 3578ad248bc9..ce39972a7edf 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -28,6 +28,10 @@ KASAN_SANITIZE_dumpstack_$(BITS).o := n KASAN_SANITIZE_stacktrace.o := n KASAN_SANITIZE_paravirt.o := n +# Work around reboot loop. +KMSAN_SANITIZE_head$(BITS).o := n +KMSAN_SANITIZE_nmi.o := n + OBJECT_FILES_NON_STANDARD_relocate_kernel_$(BITS).o := y OBJECT_FILES_NON_STANDARD_test_nx.o := y OBJECT_FILES_NON_STANDARD_paravirt_patch.o := y diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile index d7a1e5a9331c..41f4f8f2f2f0 100644 --- a/arch/x86/kernel/cpu/Makefile +++ b/arch/x86/kernel/cpu/Makefile @@ -12,6 +12,7 @@ endif # If these files are instrumented, boot hangs during the first second. KCOV_INSTRUMENT_common.o := n KCOV_INSTRUMENT_perf_event.o := n +KMSAN_SANITIZE_common.o := n # Make sure load_percpu_segment has no stackprotector nostackp := $(call cc-option, -fno-stack-protector) diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile index 84373dc9b341..42cb3a6409b0 100644 --- a/arch/x86/mm/Makefile +++ b/arch/x86/mm/Makefile @@ -7,6 +7,8 @@ KCOV_INSTRUMENT_mem_encrypt_identity.o := n KASAN_SANITIZE_mem_encrypt.o := n KASAN_SANITIZE_mem_encrypt_identity.o := n +KMSAN_SANITIZE_cpu_entry_area.o := n + ifdef CONFIG_FUNCTION_TRACER CFLAGS_REMOVE_mem_encrypt.o = -pg CFLAGS_REMOVE_mem_encrypt_identity.o = -pg diff --git a/arch/x86/realmode/rm/Makefile b/arch/x86/realmode/rm/Makefile index f60501a384f9..27e7bc0bbdde 100644 --- a/arch/x86/realmode/rm/Makefile +++ b/arch/x86/realmode/rm/Makefile @@ -7,6 +7,8 @@ # # KASAN_SANITIZE := n +# KMSAN doesn't work for i386 +KMSAN_SANITIZE := n OBJECT_FILES_NON_STANDARD := y # Prevents link failures: __sanitizer_cov_trace_pc() is not linked in. diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile index 0460c7581220..11869c17a64c 100644 --- a/drivers/firmware/efi/libstub/Makefile +++ b/drivers/firmware/efi/libstub/Makefile @@ -32,6 +32,7 @@ KBUILD_CFLAGS := $(cflags-y) -DDISABLE_BRANCH_PROFILING \ GCOV_PROFILE := n KASAN_SANITIZE := n +KMSAN_SANITIZE := n UBSAN_SANITIZE := n OBJECT_FILES_NON_STANDARD := y diff --git a/kernel/Makefile b/kernel/Makefile index daad787fb795..5fd6fbca2592 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -30,6 +30,7 @@ KCOV_INSTRUMENT_extable.o := n # Don't self-instrument. KCOV_INSTRUMENT_kcov.o := n KASAN_SANITIZE_kcov.o := n +KMSAN_SANITIZE_kcov.o := n CFLAGS_kcov.o := $(call cc-option, -fno-conserve-stack -fno-stack-protector) # cond_syscall is currently not LTO compatible diff --git a/lib/Makefile b/lib/Makefile index 08fcb37499a0..ae6e57d857b0 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -222,6 +222,7 @@ obj-$(CONFIG_IRQ_POLL) += irq_poll.o CFLAGS_stackdepot.o += -fno-builtin obj-$(CONFIG_STACKDEPOT) += stackdepot.o KASAN_SANITIZE_stackdepot.o := n +KMSAN_SANITIZE_stackdepot.o := n KCOV_INSTRUMENT_stackdepot.o := n libfdt_files = fdt.o fdt_ro.o fdt_wip.o fdt_rw.o fdt_sw.o fdt_strerror.o \
Instrumenting some files with KMSAN will result in kernel being unable to link, boot or crashing at runtime for various reasons (e.g. infinite recursion caused by instrumentation hooks calling instrumented code again). Disable KMSAN in the following places: - arch/x86/boot and arch/x86/realmode/rm, as KMSAN doesn't work for i386; - arch/x86/entry/vdso, which isn't linked with KMSAN runtime; - three files in arch/x86/kernel - boot problems; - arch/x86/mm/cpu_entry_area.c - recursion; - EFI stub - build failures; - kcov, stackdepot - recursion. Signed-off-by: Alexander Potapenko <glider@google.com> To: Alexander Potapenko <glider@google.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Vegard Nossum <vegard.nossum@oracle.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: linux-mm@kvack.org --- Change-Id: I90961eabf2dcb9ae992aed259088953bad5e4d6d --- arch/x86/boot/Makefile | 2 ++ arch/x86/boot/compressed/Makefile | 2 ++ arch/x86/entry/vdso/Makefile | 3 +++ arch/x86/kernel/Makefile | 4 ++++ arch/x86/kernel/cpu/Makefile | 1 + arch/x86/mm/Makefile | 2 ++ arch/x86/realmode/rm/Makefile | 2 ++ drivers/firmware/efi/libstub/Makefile | 1 + kernel/Makefile | 1 + lib/Makefile | 1 + 10 files changed, 19 insertions(+)