| Message ID | 20220701142310.2188015-34-glider@google.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | Add KernelMemorySanitizer infrastructure | expand |
On Fri, 1 Jul 2022 at 16:24, 'Alexander Potapenko' via kasan-dev <kasan-dev@googlegroups.com> wrote: [...] > --- > arch/x86/boot/Makefile | 1 + > arch/x86/boot/compressed/Makefile | 1 + > arch/x86/entry/vdso/Makefile | 3 +++ > arch/x86/kernel/Makefile | 2 ++ > arch/x86/kernel/cpu/Makefile | 1 + > arch/x86/mm/Makefile | 2 ++ > arch/x86/realmode/rm/Makefile | 1 + > lib/Makefile | 2 ++ [...] > --- a/lib/Makefile > +++ b/lib/Makefile > @@ -272,6 +272,8 @@ obj-$(CONFIG_POLYNOMIAL) += polynomial.o > CFLAGS_stackdepot.o += -fno-builtin > obj-$(CONFIG_STACKDEPOT) += stackdepot.o > KASAN_SANITIZE_stackdepot.o := n > +# In particular, instrumenting stackdepot.c with KMSAN will result in infinite > +# recursion. > KMSAN_SANITIZE_stackdepot.o := n > KCOV_INSTRUMENT_stackdepot.o := n This is generic code and not x86, should it have been in the earlier patch?
On Tue, Jul 12, 2022 at 3:44 PM Marco Elver <elver@google.com> wrote: > > On Fri, 1 Jul 2022 at 16:24, 'Alexander Potapenko' via kasan-dev > <kasan-dev@googlegroups.com> wrote: > [...] > > --- > > arch/x86/boot/Makefile | 1 + > > arch/x86/boot/compressed/Makefile | 1 + > > arch/x86/entry/vdso/Makefile | 3 +++ > > arch/x86/kernel/Makefile | 2 ++ > > arch/x86/kernel/cpu/Makefile | 1 + > > arch/x86/mm/Makefile | 2 ++ > > arch/x86/realmode/rm/Makefile | 1 + > > lib/Makefile | 2 ++ > [...] > > --- a/lib/Makefile > > +++ b/lib/Makefile > > @@ -272,6 +272,8 @@ obj-$(CONFIG_POLYNOMIAL) += polynomial.o > > CFLAGS_stackdepot.o += -fno-builtin > > obj-$(CONFIG_STACKDEPOT) += stackdepot.o > > KASAN_SANITIZE_stackdepot.o := n > > +# In particular, instrumenting stackdepot.c with KMSAN will result in infinite > > +# recursion. > > KMSAN_SANITIZE_stackdepot.o := n > > KCOV_INSTRUMENT_stackdepot.o := n > > This is generic code and not x86, should it have been in the earlier patch? Ack.
diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile index b5aecb524a8aa..d5623232b763f 100644 --- a/arch/x86/boot/Makefile +++ b/arch/x86/boot/Makefile @@ -12,6 +12,7 @@ # Sanitizer runtimes are unavailable and cannot be linked for early boot code. KASAN_SANITIZE := n KCSAN_SANITIZE := n +KMSAN_SANITIZE := n OBJECT_FILES_NON_STANDARD := y # Kernel does not boot with kcov instrumentation here. diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 19e1905dcbf6f..8d0d4d89a00ae 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -20,6 +20,7 @@ # Sanitizer runtimes are unavailable and cannot be linked for early boot code. KASAN_SANITIZE := n KCSAN_SANITIZE := n +KMSAN_SANITIZE := n OBJECT_FILES_NON_STANDARD := y # Prevents link failures: __sanitizer_cov_trace_pc() is not linked in. diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile index c2a8b76ae0bce..645bd919f9845 100644 --- a/arch/x86/entry/vdso/Makefile +++ b/arch/x86/entry/vdso/Makefile @@ -11,6 +11,9 @@ include $(srctree)/lib/vdso/Makefile # Sanitizer runtimes are unavailable and cannot be linked here. KASAN_SANITIZE := n +KMSAN_SANITIZE_vclock_gettime.o := n +KMSAN_SANITIZE_vgetcpu.o := n + UBSAN_SANITIZE := n KCSAN_SANITIZE := n OBJECT_FILES_NON_STANDARD := y diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile index 4c8b6ae802ac3..4f2617721d3dc 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -33,6 +33,8 @@ KASAN_SANITIZE_sev.o := n # With some compiler versions the generated code results in boot hangs, caused # by several compilation units. To be safe, disable all instrumentation. KCSAN_SANITIZE := n +KMSAN_SANITIZE_head$(BITS).o := n +KMSAN_SANITIZE_nmi.o := n OBJECT_FILES_NON_STANDARD_test_nx.o := y diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile index 9661e3e802be5..f10a921ee7565 100644 --- a/arch/x86/kernel/cpu/Makefile +++ b/arch/x86/kernel/cpu/Makefile @@ -12,6 +12,7 @@ endif # If these files are instrumented, boot hangs during the first second. KCOV_INSTRUMENT_common.o := n KCOV_INSTRUMENT_perf_event.o := n +KMSAN_SANITIZE_common.o := n # As above, instrumenting secondary CPU boot code causes boot hangs. KCSAN_SANITIZE_common.o := n diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile index f8220fd2c169a..39c0700c9955c 100644 --- a/arch/x86/mm/Makefile +++ b/arch/x86/mm/Makefile @@ -12,6 +12,8 @@ KASAN_SANITIZE_mem_encrypt_identity.o := n # Disable KCSAN entirely, because otherwise we get warnings that some functions # reference __initdata sections. KCSAN_SANITIZE := n +# Avoid recursion by not calling KMSAN hooks for CEA code. +KMSAN_SANITIZE_cpu_entry_area.o := n ifdef CONFIG_FUNCTION_TRACER CFLAGS_REMOVE_mem_encrypt.o = -pg diff --git a/arch/x86/realmode/rm/Makefile b/arch/x86/realmode/rm/Makefile index 83f1b6a56449f..f614009d3e4e2 100644 --- a/arch/x86/realmode/rm/Makefile +++ b/arch/x86/realmode/rm/Makefile @@ -10,6 +10,7 @@ # Sanitizer runtimes are unavailable and cannot be linked here. KASAN_SANITIZE := n KCSAN_SANITIZE := n +KMSAN_SANITIZE := n OBJECT_FILES_NON_STANDARD := y # Prevents link failures: __sanitizer_cov_trace_pc() is not linked in. diff --git a/lib/Makefile b/lib/Makefile index 5056769d00bb6..73fea85b76365 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -272,6 +272,8 @@ obj-$(CONFIG_POLYNOMIAL) += polynomial.o CFLAGS_stackdepot.o += -fno-builtin obj-$(CONFIG_STACKDEPOT) += stackdepot.o KASAN_SANITIZE_stackdepot.o := n +# In particular, instrumenting stackdepot.c with KMSAN will result in infinite +# recursion. KMSAN_SANITIZE_stackdepot.o := n KCOV_INSTRUMENT_stackdepot.o := n
Instrumenting some files with KMSAN will result in kernel being unable to link, boot or crashing at runtime for various reasons (e.g. infinite recursion caused by instrumentation hooks calling instrumented code again). Completely omit KMSAN instrumentation in the following places: - arch/x86/boot and arch/x86/realmode/rm, as KMSAN doesn't work for i386; - arch/x86/entry/vdso, which isn't linked with KMSAN runtime; - three files in arch/x86/kernel - boot problems; - arch/x86/mm/cpu_entry_area.c - recursion. Signed-off-by: Alexander Potapenko <glider@google.com> --- v2: -- moved the patch earlier in the series so that KMSAN can compile -- split off the non-x86 part into a separate patch v3: -- added a comment to lib/Makefile Link: https://linux-review.googlesource.com/id/Id5e5c4a9f9d53c24a35ebb633b814c414628d81b --- arch/x86/boot/Makefile | 1 + arch/x86/boot/compressed/Makefile | 1 + arch/x86/entry/vdso/Makefile | 3 +++ arch/x86/kernel/Makefile | 2 ++ arch/x86/kernel/cpu/Makefile | 1 + arch/x86/mm/Makefile | 2 ++ arch/x86/realmode/rm/Makefile | 1 + lib/Makefile | 2 ++ 8 files changed, 13 insertions(+)