Message ID | 20240819213534.4080408-3-mmaurer@google.com (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | Rust KASAN Support | expand |
On Mon, Aug 19, 2024 at 11:35 PM Matthew Maurer <mmaurer@google.com> wrote: > > Rust supports KASAN via LLVM, but prior to this patch, the flags aren't > set properly. > > Rust hasn't yet enabled software-tagged KWHASAN (only regular HWASAN), > so explicitly prevent Rust from being selected when it is enabled. This is done in the next patch, not in this one. > Suggested-by: Miguel Ojeda <ojeda@kernel.org> > Signed-off-by: Matthew Maurer <mmaurer@google.com> > --- > scripts/Makefile.kasan | 54 +++++++++++++++++++++++---------- > scripts/Makefile.lib | 3 ++ > scripts/generate_rust_target.rs | 1 + > 3 files changed, 42 insertions(+), 16 deletions(-) > > diff --git a/scripts/Makefile.kasan b/scripts/Makefile.kasan > index aab4154af00a..163640fdefa0 100644 > --- a/scripts/Makefile.kasan > +++ b/scripts/Makefile.kasan > @@ -12,6 +12,11 @@ endif > KASAN_SHADOW_OFFSET ?= $(CONFIG_KASAN_SHADOW_OFFSET) > > cc-param = $(call cc-option, -mllvm -$(1), $(call cc-option, --param $(1))) > +rustc-param = $(call rustc-option, -Cllvm-args=-$(1),) > + > +check-args = $(foreach arg,$(2),$(call $(1),$(arg))) > + > +kasan_params := > > ifdef CONFIG_KASAN_STACK > stack_enable := 1 > @@ -41,39 +46,56 @@ CFLAGS_KASAN := $(call cc-option, -fsanitize=kernel-address \ > $(call cc-option, -fsanitize=kernel-address \ > -mllvm -asan-mapping-offset=$(KASAN_SHADOW_OFFSET))) > > -# Now, add other parameters enabled similarly in both GCC and Clang. > -# As some of them are not supported by older compilers, use cc-param. > -CFLAGS_KASAN += $(call cc-param,asan-instrumentation-with-call-threshold=$(call_threshold)) \ > - $(call cc-param,asan-stack=$(stack_enable)) \ > - $(call cc-param,asan-instrument-allocas=1) \ > - $(call cc-param,asan-globals=1) > +# The minimum supported `rustc` version has a minimum supported LLVM > +# version late enough that we can assume support for -asan-mapping-offset Nit: dot at the end. > +RUSTFLAGS_KASAN := -Zsanitizer=kernel-address \ > + -Zsanitizer-recover=kernel-address \ > + -Cllvm-args=-asan-mapping-offset=$(KASAN_SHADOW_OFFSET) > + > +# Now, add other parameters enabled similarly in GCC, Clang, and rustc. > +# As some of them are not supported by older compilers, these will be filtered > +# through `cc-param` or `rust-param` as applicable. > +kasan_params += asan-instrumentation-with-call-threshold=$(call_threshold) \ > + asan-stack=$(stack_enable) \ > + asan-instrument-allocas=1 \ > + asan-globals=1 > > # Instrument memcpy/memset/memmove calls by using instrumented __asan_mem*() > # instead. With compilers that don't support this option, compiler-inserted > # memintrinsics won't be checked by KASAN on GENERIC_ENTRY architectures. > -CFLAGS_KASAN += $(call cc-param,asan-kernel-mem-intrinsic-prefix=1) > +kasan_params += asan-kernel-mem-intrinsic-prefix=1 > > endif # CONFIG_KASAN_GENERIC > > ifdef CONFIG_KASAN_SW_TAGS > > ifdef CONFIG_KASAN_INLINE > - instrumentation_flags := $(call cc-param,hwasan-mapping-offset=$(KASAN_SHADOW_OFFSET)) > + kasan_params += hwasan-mapping-offset=$(KASAN_SHADOW_OFFSET) > else > - instrumentation_flags := $(call cc-param,hwasan-instrument-with-calls=1) > + kasan_params += hwasan-instrument-with-calls=1 > endif > > -CFLAGS_KASAN := -fsanitize=kernel-hwaddress \ > - $(call cc-param,hwasan-instrument-stack=$(stack_enable)) \ > - $(call cc-param,hwasan-use-short-granules=0) \ > - $(call cc-param,hwasan-inline-all-checks=0) \ > - $(instrumentation_flags) > +kasan_params += hwasan-instrument-stack=$(stack_enable) \ > + hwasan-use-short-granules=0 \ > + hwasan-inline-all-checks=0 Let's put these kasan_params parts after CFLAGS_KASAN. > + > +CFLAGS_KASAN := -fsanitize=kernel-hwaddress > +RUSTFLAGS_KASAN := -Zsanitizer=kernel-hwaddress \ > + -Zsanitizer-recover=kernel-hwaddress What's the intention of defining RUSTFLAGS_KASAN for SW_TAGS if it's not supported by Rust? Should this be removed? If this is just a foundation for potential future support of Rust+SW_TAGS, please add a comment explaining this. And also please put the patch that disallows Rust+SW_TAGS before this one, if you keep RUSTFLAGS_KASAN. > # Instrument memcpy/memset/memmove calls by using instrumented __hwasan_mem*(). > ifeq ($(call clang-min-version, 150000)$(call gcc-min-version, 130000),y) > - CFLAGS_KASAN += $(call cc-param,hwasan-kernel-mem-intrinsic-prefix=1) > + kasan_params += hwasan-kernel-mem-intrinsic-prefix=1 > endif > > endif # CONFIG_KASAN_SW_TAGS > > -export CFLAGS_KASAN CFLAGS_KASAN_NOSANITIZE > +# Add all as-supported KASAN LLVM parameters requested by the configuration Nit: dot at the end. > +CFLAGS_KASAN += $(call check-args, cc-param, $(kasan_params)) > + > +ifdef CONFIG_RUST > + # Avoid calling `rustc-param` unless Rust is enabled. > + RUSTFLAGS_KASAN += $(call check-args, rustc-param, $(kasan_params)) > +endif # CONFIG_RUST > + > +export CFLAGS_KASAN CFLAGS_KASAN_NOSANITIZE RUSTFLAGS_KASAN > diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib > index 9f06f6aaf7fc..4a58636705e0 100644 > --- a/scripts/Makefile.lib > +++ b/scripts/Makefile.lib > @@ -167,6 +167,9 @@ ifneq ($(CONFIG_KASAN_HW_TAGS),y) > _c_flags += $(if $(patsubst n%,, \ > $(KASAN_SANITIZE_$(target-stem).o)$(KASAN_SANITIZE)$(is-kernel-object)), \ > $(CFLAGS_KASAN), $(CFLAGS_KASAN_NOSANITIZE)) > +_rust_flags += $(if $(patsubst n%,, \ > + $(KASAN_SANITIZE_$(target-stem).o)$(KASAN_SANITIZE)$(is-kernel-object)), \ > + $(RUSTFLAGS_KASAN)) > endif > endif > > diff --git a/scripts/generate_rust_target.rs b/scripts/generate_rust_target.rs > index ced405d35c5d..c24c2abd67db 100644 > --- a/scripts/generate_rust_target.rs > +++ b/scripts/generate_rust_target.rs > @@ -192,6 +192,7 @@ fn main() { > } > ts.push("features", features); > ts.push("llvm-target", "x86_64-linux-gnu"); > + ts.push("supported-sanitizers", ["kernel-address"]); > ts.push("target-pointer-width", "64"); > } else if cfg.has("LOONGARCH") { > panic!("loongarch uses the builtin rustc loongarch64-unknown-none-softfloat target"); > -- > 2.46.0.184.g6999bdac58-goog >
diff --git a/scripts/Makefile.kasan b/scripts/Makefile.kasan index aab4154af00a..163640fdefa0 100644 --- a/scripts/Makefile.kasan +++ b/scripts/Makefile.kasan @@ -12,6 +12,11 @@ endif KASAN_SHADOW_OFFSET ?= $(CONFIG_KASAN_SHADOW_OFFSET) cc-param = $(call cc-option, -mllvm -$(1), $(call cc-option, --param $(1))) +rustc-param = $(call rustc-option, -Cllvm-args=-$(1),) + +check-args = $(foreach arg,$(2),$(call $(1),$(arg))) + +kasan_params := ifdef CONFIG_KASAN_STACK stack_enable := 1 @@ -41,39 +46,56 @@ CFLAGS_KASAN := $(call cc-option, -fsanitize=kernel-address \ $(call cc-option, -fsanitize=kernel-address \ -mllvm -asan-mapping-offset=$(KASAN_SHADOW_OFFSET))) -# Now, add other parameters enabled similarly in both GCC and Clang. -# As some of them are not supported by older compilers, use cc-param. -CFLAGS_KASAN += $(call cc-param,asan-instrumentation-with-call-threshold=$(call_threshold)) \ - $(call cc-param,asan-stack=$(stack_enable)) \ - $(call cc-param,asan-instrument-allocas=1) \ - $(call cc-param,asan-globals=1) +# The minimum supported `rustc` version has a minimum supported LLVM +# version late enough that we can assume support for -asan-mapping-offset +RUSTFLAGS_KASAN := -Zsanitizer=kernel-address \ + -Zsanitizer-recover=kernel-address \ + -Cllvm-args=-asan-mapping-offset=$(KASAN_SHADOW_OFFSET) + +# Now, add other parameters enabled similarly in GCC, Clang, and rustc. +# As some of them are not supported by older compilers, these will be filtered +# through `cc-param` or `rust-param` as applicable. +kasan_params += asan-instrumentation-with-call-threshold=$(call_threshold) \ + asan-stack=$(stack_enable) \ + asan-instrument-allocas=1 \ + asan-globals=1 # Instrument memcpy/memset/memmove calls by using instrumented __asan_mem*() # instead. With compilers that don't support this option, compiler-inserted # memintrinsics won't be checked by KASAN on GENERIC_ENTRY architectures. -CFLAGS_KASAN += $(call cc-param,asan-kernel-mem-intrinsic-prefix=1) +kasan_params += asan-kernel-mem-intrinsic-prefix=1 endif # CONFIG_KASAN_GENERIC ifdef CONFIG_KASAN_SW_TAGS ifdef CONFIG_KASAN_INLINE - instrumentation_flags := $(call cc-param,hwasan-mapping-offset=$(KASAN_SHADOW_OFFSET)) + kasan_params += hwasan-mapping-offset=$(KASAN_SHADOW_OFFSET) else - instrumentation_flags := $(call cc-param,hwasan-instrument-with-calls=1) + kasan_params += hwasan-instrument-with-calls=1 endif -CFLAGS_KASAN := -fsanitize=kernel-hwaddress \ - $(call cc-param,hwasan-instrument-stack=$(stack_enable)) \ - $(call cc-param,hwasan-use-short-granules=0) \ - $(call cc-param,hwasan-inline-all-checks=0) \ - $(instrumentation_flags) +kasan_params += hwasan-instrument-stack=$(stack_enable) \ + hwasan-use-short-granules=0 \ + hwasan-inline-all-checks=0 + +CFLAGS_KASAN := -fsanitize=kernel-hwaddress +RUSTFLAGS_KASAN := -Zsanitizer=kernel-hwaddress \ + -Zsanitizer-recover=kernel-hwaddress # Instrument memcpy/memset/memmove calls by using instrumented __hwasan_mem*(). ifeq ($(call clang-min-version, 150000)$(call gcc-min-version, 130000),y) - CFLAGS_KASAN += $(call cc-param,hwasan-kernel-mem-intrinsic-prefix=1) + kasan_params += hwasan-kernel-mem-intrinsic-prefix=1 endif endif # CONFIG_KASAN_SW_TAGS -export CFLAGS_KASAN CFLAGS_KASAN_NOSANITIZE +# Add all as-supported KASAN LLVM parameters requested by the configuration +CFLAGS_KASAN += $(call check-args, cc-param, $(kasan_params)) + +ifdef CONFIG_RUST + # Avoid calling `rustc-param` unless Rust is enabled. + RUSTFLAGS_KASAN += $(call check-args, rustc-param, $(kasan_params)) +endif # CONFIG_RUST + +export CFLAGS_KASAN CFLAGS_KASAN_NOSANITIZE RUSTFLAGS_KASAN diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index 9f06f6aaf7fc..4a58636705e0 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -167,6 +167,9 @@ ifneq ($(CONFIG_KASAN_HW_TAGS),y) _c_flags += $(if $(patsubst n%,, \ $(KASAN_SANITIZE_$(target-stem).o)$(KASAN_SANITIZE)$(is-kernel-object)), \ $(CFLAGS_KASAN), $(CFLAGS_KASAN_NOSANITIZE)) +_rust_flags += $(if $(patsubst n%,, \ + $(KASAN_SANITIZE_$(target-stem).o)$(KASAN_SANITIZE)$(is-kernel-object)), \ + $(RUSTFLAGS_KASAN)) endif endif diff --git a/scripts/generate_rust_target.rs b/scripts/generate_rust_target.rs index ced405d35c5d..c24c2abd67db 100644 --- a/scripts/generate_rust_target.rs +++ b/scripts/generate_rust_target.rs @@ -192,6 +192,7 @@ fn main() { } ts.push("features", features); ts.push("llvm-target", "x86_64-linux-gnu"); + ts.push("supported-sanitizers", ["kernel-address"]); ts.push("target-pointer-width", "64"); } else if cfg.has("LOONGARCH") { panic!("loongarch uses the builtin rustc loongarch64-unknown-none-softfloat target");
Rust supports KASAN via LLVM, but prior to this patch, the flags aren't set properly. Rust hasn't yet enabled software-tagged KWHASAN (only regular HWASAN), so explicitly prevent Rust from being selected when it is enabled. Suggested-by: Miguel Ojeda <ojeda@kernel.org> Signed-off-by: Matthew Maurer <mmaurer@google.com> --- scripts/Makefile.kasan | 54 +++++++++++++++++++++++---------- scripts/Makefile.lib | 3 ++ scripts/generate_rust_target.rs | 1 + 3 files changed, 42 insertions(+), 16 deletions(-)