| Message ID | 20200325161249.55095-18-glider@google.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Add KernelMemorySanitizer infrastructure | expand |
On Wed, Mar 25, 2020 at 5:13 PM <glider@google.com> wrote: > > Instrumenting some files with KMSAN will result in kernel being unable > to link, boot or crashing at runtime for various reasons (e.g. infinite > recursion caused by instrumentation hooks calling instrumented code again). > > Disable KMSAN in the following places: > - arch/x86/boot and arch/x86/realmode/rm, as KMSAN doesn't work for i386; > - arch/x86/entry/vdso, which isn't linked with KMSAN runtime; > - three files in arch/x86/kernel - boot problems; > - arch/x86/mm/cpu_entry_area.c - recursion; > - EFI stub - build failures; > - kcov, stackdepot, lockdep - recursion. > > Signed-off-by: Alexander Potapenko <glider@google.com> > To: Alexander Potapenko <glider@google.com> > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > Cc: Thomas Gleixner <tglx@linutronix.de> > Cc: Vegard Nossum <vegard.nossum@oracle.com> > Cc: Dmitry Vyukov <dvyukov@google.com> > Cc: Marco Elver <elver@google.com> > Cc: Andrey Konovalov <andreyknvl@google.com> > Cc: linux-mm@kvack.org Reviewed-by: Andrey Konovalov <andreyknvl@google.com> > > --- > > v4: > - fix lockdep support by not instrumenting lockdep.c > - unified comments with KCSAN > > Change-Id: I90961eabf2dcb9ae992aed259088953bad5e4d6d > --- > arch/x86/boot/Makefile | 1 + > arch/x86/boot/compressed/Makefile | 2 ++ > arch/x86/entry/vdso/Makefile | 3 +++ > arch/x86/kernel/Makefile | 4 ++++ > arch/x86/kernel/cpu/Makefile | 1 + > arch/x86/mm/Makefile | 3 +++ > arch/x86/realmode/rm/Makefile | 1 + > drivers/firmware/efi/libstub/Makefile | 1 + > kernel/Makefile | 1 + > kernel/locking/Makefile | 4 ++++ > lib/Makefile | 1 + > 11 files changed, 22 insertions(+) > > diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile > index d7aa1c3a6b25a..2ca8b9b478f3a 100644 > --- a/arch/x86/boot/Makefile > +++ b/arch/x86/boot/Makefile > @@ -12,6 +12,7 @@ > # Sanitizer runtimes are unavailable and cannot be linked for early boot code. > KASAN_SANITIZE := n > KCSAN_SANITIZE := n > +KMSAN_SANITIZE := n > OBJECT_FILES_NON_STANDARD := y > > # Kernel does not boot with kcov instrumentation here. > diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile > index 7619742f91c9a..2af62067a90ec 100644 > --- a/arch/x86/boot/compressed/Makefile > +++ b/arch/x86/boot/compressed/Makefile > @@ -20,6 +20,8 @@ > # Sanitizer runtimes are unavailable and cannot be linked for early boot code. > KASAN_SANITIZE := n > KCSAN_SANITIZE := n > +# KMSAN doesn't work for i386 > +KMSAN_SANITIZE := n > OBJECT_FILES_NON_STANDARD := y > > # Prevents link failures: __sanitizer_cov_trace_pc() is not linked in. > diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile > index ecf6128c95516..e2b1b9be89ab7 100644 > --- a/arch/x86/entry/vdso/Makefile > +++ b/arch/x86/entry/vdso/Makefile > @@ -13,6 +13,9 @@ KBUILD_CFLAGS += $(DISABLE_LTO) > > # Sanitizer runtimes are unavailable and cannot be linked here. > KASAN_SANITIZE := n > +KMSAN_SANITIZE_vclock_gettime.o := n > +KMSAN_SANITIZE_vgetcpu.o := n > + > UBSAN_SANITIZE := n > KCSAN_SANITIZE := n > OBJECT_FILES_NON_STANDARD := y > diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile > index 1ee83df407e3b..a3b7b0452c817 100644 > --- a/arch/x86/kernel/Makefile > +++ b/arch/x86/kernel/Makefile > @@ -32,6 +32,10 @@ KASAN_SANITIZE_paravirt.o := n > # by several compilation units. To be safe, disable all instrumentation. > KCSAN_SANITIZE := n > > +# Work around reboot loop. > +KMSAN_SANITIZE_head$(BITS).o := n > +KMSAN_SANITIZE_nmi.o := n > + > OBJECT_FILES_NON_STANDARD_relocate_kernel_$(BITS).o := y > OBJECT_FILES_NON_STANDARD_test_nx.o := y > OBJECT_FILES_NON_STANDARD_paravirt_patch.o := y > diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile > index dba6a83bc3493..0e299ba013868 100644 > --- a/arch/x86/kernel/cpu/Makefile > +++ b/arch/x86/kernel/cpu/Makefile > @@ -12,6 +12,7 @@ endif > # If these files are instrumented, boot hangs during the first second. > KCOV_INSTRUMENT_common.o := n > KCOV_INSTRUMENT_perf_event.o := n > +KMSAN_SANITIZE_common.o := n > > # As above, instrumenting secondary CPU boot code causes boot hangs. > KCSAN_SANITIZE_common.o := n > diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile > index f7fd0e868c9c8..f11848633cf5b 100644 > --- a/arch/x86/mm/Makefile > +++ b/arch/x86/mm/Makefile > @@ -11,6 +11,9 @@ KASAN_SANITIZE_mem_encrypt_identity.o := n > # reference __initdata sections. > KCSAN_SANITIZE := n > > +# Avoid recursion by not calling KMSAN hooks for CEA code. > +KMSAN_SANITIZE_cpu_entry_area.o := n > + > ifdef CONFIG_FUNCTION_TRACER > CFLAGS_REMOVE_mem_encrypt.o = -pg > CFLAGS_REMOVE_mem_encrypt_identity.o = -pg > diff --git a/arch/x86/realmode/rm/Makefile b/arch/x86/realmode/rm/Makefile > index 83f1b6a56449f..f614009d3e4e2 100644 > --- a/arch/x86/realmode/rm/Makefile > +++ b/arch/x86/realmode/rm/Makefile > @@ -10,6 +10,7 @@ > # Sanitizer runtimes are unavailable and cannot be linked here. > KASAN_SANITIZE := n > KCSAN_SANITIZE := n > +KMSAN_SANITIZE := n > OBJECT_FILES_NON_STANDARD := y > > # Prevents link failures: __sanitizer_cov_trace_pc() is not linked in. > diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile > index dd31237fba2e9..2cf047a0d2e06 100644 > --- a/drivers/firmware/efi/libstub/Makefile > +++ b/drivers/firmware/efi/libstub/Makefile > @@ -36,6 +36,7 @@ GCOV_PROFILE := n > # Sanitizer runtimes are unavailable and cannot be linked here. > KASAN_SANITIZE := n > KCSAN_SANITIZE := n > +KMSAN_SANITIZE := n > UBSAN_SANITIZE := n > OBJECT_FILES_NON_STANDARD := y > > diff --git a/kernel/Makefile b/kernel/Makefile > index 6ac453daf500e..e9093daf41056 100644 > --- a/kernel/Makefile > +++ b/kernel/Makefile > @@ -35,6 +35,7 @@ KCOV_INSTRUMENT_stacktrace.o := n > KCOV_INSTRUMENT_kcov.o := n > KASAN_SANITIZE_kcov.o := n > KCSAN_SANITIZE_kcov.o := n > +KMSAN_SANITIZE_kcov.o := n > CFLAGS_kcov.o := $(call cc-option, -fno-conserve-stack -fno-stack-protector) > > # cond_syscall is currently not LTO compatible > diff --git a/kernel/locking/Makefile b/kernel/locking/Makefile > index 6d11cfb9b41f2..1dd1f7d81e691 100644 > --- a/kernel/locking/Makefile > +++ b/kernel/locking/Makefile > @@ -3,6 +3,10 @@ > # and is generally not a function of system call inputs. > KCOV_INSTRUMENT := n > > +# Instrumenting lockdep.c with KMSAN may cause deadlocks because of > +# recursive KMSAN runtime calls. > +KMSAN_SANITIZE_lockdep.o := n > + > obj-y += mutex.o semaphore.o rwsem.o percpu-rwsem.o > > # Avoid recursion lockdep -> KCSAN -> ... -> lockdep. > diff --git a/lib/Makefile b/lib/Makefile > index d8058c5c05826..6ec959b62a55f 100644 > --- a/lib/Makefile > +++ b/lib/Makefile > @@ -234,6 +234,7 @@ obj-$(CONFIG_IRQ_POLL) += irq_poll.o > CFLAGS_stackdepot.o += -fno-builtin > obj-$(CONFIG_STACKDEPOT) += stackdepot.o > KASAN_SANITIZE_stackdepot.o := n > +KMSAN_SANITIZE_stackdepot.o := n > KCOV_INSTRUMENT_stackdepot.o := n > > libfdt_files = fdt.o fdt_ro.o fdt_wip.o fdt_rw.o fdt_sw.o fdt_strerror.o \ > -- > 2.25.1.696.g5e7596f4ac-goog >
diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile index d7aa1c3a6b25a..2ca8b9b478f3a 100644 --- a/arch/x86/boot/Makefile +++ b/arch/x86/boot/Makefile @@ -12,6 +12,7 @@ # Sanitizer runtimes are unavailable and cannot be linked for early boot code. KASAN_SANITIZE := n KCSAN_SANITIZE := n +KMSAN_SANITIZE := n OBJECT_FILES_NON_STANDARD := y # Kernel does not boot with kcov instrumentation here. diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 7619742f91c9a..2af62067a90ec 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -20,6 +20,8 @@ # Sanitizer runtimes are unavailable and cannot be linked for early boot code. KASAN_SANITIZE := n KCSAN_SANITIZE := n +# KMSAN doesn't work for i386 +KMSAN_SANITIZE := n OBJECT_FILES_NON_STANDARD := y # Prevents link failures: __sanitizer_cov_trace_pc() is not linked in. diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile index ecf6128c95516..e2b1b9be89ab7 100644 --- a/arch/x86/entry/vdso/Makefile +++ b/arch/x86/entry/vdso/Makefile @@ -13,6 +13,9 @@ KBUILD_CFLAGS += $(DISABLE_LTO) # Sanitizer runtimes are unavailable and cannot be linked here. KASAN_SANITIZE := n +KMSAN_SANITIZE_vclock_gettime.o := n +KMSAN_SANITIZE_vgetcpu.o := n + UBSAN_SANITIZE := n KCSAN_SANITIZE := n OBJECT_FILES_NON_STANDARD := y diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile index 1ee83df407e3b..a3b7b0452c817 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -32,6 +32,10 @@ KASAN_SANITIZE_paravirt.o := n # by several compilation units. To be safe, disable all instrumentation. KCSAN_SANITIZE := n +# Work around reboot loop. +KMSAN_SANITIZE_head$(BITS).o := n +KMSAN_SANITIZE_nmi.o := n + OBJECT_FILES_NON_STANDARD_relocate_kernel_$(BITS).o := y OBJECT_FILES_NON_STANDARD_test_nx.o := y OBJECT_FILES_NON_STANDARD_paravirt_patch.o := y diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile index dba6a83bc3493..0e299ba013868 100644 --- a/arch/x86/kernel/cpu/Makefile +++ b/arch/x86/kernel/cpu/Makefile @@ -12,6 +12,7 @@ endif # If these files are instrumented, boot hangs during the first second. KCOV_INSTRUMENT_common.o := n KCOV_INSTRUMENT_perf_event.o := n +KMSAN_SANITIZE_common.o := n # As above, instrumenting secondary CPU boot code causes boot hangs. KCSAN_SANITIZE_common.o := n diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile index f7fd0e868c9c8..f11848633cf5b 100644 --- a/arch/x86/mm/Makefile +++ b/arch/x86/mm/Makefile @@ -11,6 +11,9 @@ KASAN_SANITIZE_mem_encrypt_identity.o := n # reference __initdata sections. KCSAN_SANITIZE := n +# Avoid recursion by not calling KMSAN hooks for CEA code. +KMSAN_SANITIZE_cpu_entry_area.o := n + ifdef CONFIG_FUNCTION_TRACER CFLAGS_REMOVE_mem_encrypt.o = -pg CFLAGS_REMOVE_mem_encrypt_identity.o = -pg diff --git a/arch/x86/realmode/rm/Makefile b/arch/x86/realmode/rm/Makefile index 83f1b6a56449f..f614009d3e4e2 100644 --- a/arch/x86/realmode/rm/Makefile +++ b/arch/x86/realmode/rm/Makefile @@ -10,6 +10,7 @@ # Sanitizer runtimes are unavailable and cannot be linked here. KASAN_SANITIZE := n KCSAN_SANITIZE := n +KMSAN_SANITIZE := n OBJECT_FILES_NON_STANDARD := y # Prevents link failures: __sanitizer_cov_trace_pc() is not linked in. diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile index dd31237fba2e9..2cf047a0d2e06 100644 --- a/drivers/firmware/efi/libstub/Makefile +++ b/drivers/firmware/efi/libstub/Makefile @@ -36,6 +36,7 @@ GCOV_PROFILE := n # Sanitizer runtimes are unavailable and cannot be linked here. KASAN_SANITIZE := n KCSAN_SANITIZE := n +KMSAN_SANITIZE := n UBSAN_SANITIZE := n OBJECT_FILES_NON_STANDARD := y diff --git a/kernel/Makefile b/kernel/Makefile index 6ac453daf500e..e9093daf41056 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -35,6 +35,7 @@ KCOV_INSTRUMENT_stacktrace.o := n KCOV_INSTRUMENT_kcov.o := n KASAN_SANITIZE_kcov.o := n KCSAN_SANITIZE_kcov.o := n +KMSAN_SANITIZE_kcov.o := n CFLAGS_kcov.o := $(call cc-option, -fno-conserve-stack -fno-stack-protector) # cond_syscall is currently not LTO compatible diff --git a/kernel/locking/Makefile b/kernel/locking/Makefile index 6d11cfb9b41f2..1dd1f7d81e691 100644 --- a/kernel/locking/Makefile +++ b/kernel/locking/Makefile @@ -3,6 +3,10 @@ # and is generally not a function of system call inputs. KCOV_INSTRUMENT := n +# Instrumenting lockdep.c with KMSAN may cause deadlocks because of +# recursive KMSAN runtime calls. +KMSAN_SANITIZE_lockdep.o := n + obj-y += mutex.o semaphore.o rwsem.o percpu-rwsem.o # Avoid recursion lockdep -> KCSAN -> ... -> lockdep. diff --git a/lib/Makefile b/lib/Makefile index d8058c5c05826..6ec959b62a55f 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -234,6 +234,7 @@ obj-$(CONFIG_IRQ_POLL) += irq_poll.o CFLAGS_stackdepot.o += -fno-builtin obj-$(CONFIG_STACKDEPOT) += stackdepot.o KASAN_SANITIZE_stackdepot.o := n +KMSAN_SANITIZE_stackdepot.o := n KCOV_INSTRUMENT_stackdepot.o := n libfdt_files = fdt.o fdt_ro.o fdt_wip.o fdt_rw.o fdt_sw.o fdt_strerror.o \
Instrumenting some files with KMSAN will result in kernel being unable to link, boot or crashing at runtime for various reasons (e.g. infinite recursion caused by instrumentation hooks calling instrumented code again). Disable KMSAN in the following places: - arch/x86/boot and arch/x86/realmode/rm, as KMSAN doesn't work for i386; - arch/x86/entry/vdso, which isn't linked with KMSAN runtime; - three files in arch/x86/kernel - boot problems; - arch/x86/mm/cpu_entry_area.c - recursion; - EFI stub - build failures; - kcov, stackdepot, lockdep - recursion. Signed-off-by: Alexander Potapenko <glider@google.com> To: Alexander Potapenko <glider@google.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Vegard Nossum <vegard.nossum@oracle.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Marco Elver <elver@google.com> Cc: Andrey Konovalov <andreyknvl@google.com> Cc: linux-mm@kvack.org --- v4: - fix lockdep support by not instrumenting lockdep.c - unified comments with KCSAN Change-Id: I90961eabf2dcb9ae992aed259088953bad5e4d6d --- arch/x86/boot/Makefile | 1 + arch/x86/boot/compressed/Makefile | 2 ++ arch/x86/entry/vdso/Makefile | 3 +++ arch/x86/kernel/Makefile | 4 ++++ arch/x86/kernel/cpu/Makefile | 1 + arch/x86/mm/Makefile | 3 +++ arch/x86/realmode/rm/Makefile | 1 + drivers/firmware/efi/libstub/Makefile | 1 + kernel/Makefile | 1 + kernel/locking/Makefile | 4 ++++ lib/Makefile | 1 + 11 files changed, 22 insertions(+)