| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Dec 2017 10:25:46 +0100
From: Alexander Potapenko <glider@...gle.com>
To: Paul Lawrence <paullawrence@...gle.com>
Cc: Andrey Ryabinin <aryabinin@...tuozzo.com>,
Dmitry Vyukov <dvyukov@...gle.com>,
Masahiro Yamada <yamada.masahiro@...ionext.com>,
LKML <linux-kernel@...r.kernel.org>,
kasan-dev <kasan-dev@...glegroups.com>,
Linux Memory Management List <linux-mm@...ck.org>,
Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>,
Matthias Kaehlcke <mka@...omium.org>,
Michael Davidson <md@...gle.com>,
Greg Hackmann <ghackmann@...gle.com>
Subject: Re: [PATCH v4 2/5] kasan/Makefile: Support LLVM style asan parameters.
On Mon, Dec 4, 2017 at 8:17 PM, Paul Lawrence <paullawrence@...gle.com> wrote:
> From: Andrey Ryabinin <aryabinin@...tuozzo.com>
>
> LLVM doesn't understand GCC-style paramters ("--param asan-foo=bar"),
> thus we currently we don't use inline/globals/stack instrumentation
> when building the kernel with clang.
>
> Add support for LLVM-style parameters ("-mllvm -asan-foo=bar") to
> enable all KASAN features.
>
> Signed-off-by: Andrey Ryabinin <aryabinin@...tuozzo.com>
> Signed-off-by: Paul Lawrence <paullawrence@...gle.com>
> ---
> scripts/Makefile.kasan | 29 ++++++++++++++++++-----------
> 1 file changed, 18 insertions(+), 11 deletions(-)
>
> diff --git a/scripts/Makefile.kasan b/scripts/Makefile.kasan
> index 1ce7115aa499..d5a1a4b6d079 100644
> --- a/scripts/Makefile.kasan
> +++ b/scripts/Makefile.kasan
> @@ -10,10 +10,7 @@ KASAN_SHADOW_OFFSET ?= $(CONFIG_KASAN_SHADOW_OFFSET)
>
> CFLAGS_KASAN_MINIMAL := -fsanitize=kernel-address
>
> -CFLAGS_KASAN := $(call cc-option, -fsanitize=kernel-address \
> - -fasan-shadow-offset=$(KASAN_SHADOW_OFFSET) \
> - --param asan-stack=1 --param asan-globals=1 \
> - --param asan-instrumentation-with-call-threshold=$(call_threshold))
> +cc-param = $(call cc-option, -mllvm -$(1), $(call cc-option, --param $(1)))
>
> ifeq ($(call cc-option, $(CFLAGS_KASAN_MINIMAL) -Werror),)
> ifneq ($(CONFIG_COMPILE_TEST),y)
> @@ -21,13 +18,23 @@ ifeq ($(call cc-option, $(CFLAGS_KASAN_MINIMAL) -Werror),)
> -fsanitize=kernel-address is not supported by compiler)
> endif
> else
> - ifeq ($(CFLAGS_KASAN),)
> - ifneq ($(CONFIG_COMPILE_TEST),y)
> - $(warning CONFIG_KASAN: compiler does not support all options.\
> - Trying minimal configuration)
> - endif
> - CFLAGS_KASAN := $(CFLAGS_KASAN_MINIMAL)
> - endif
> + # -fasan-shadow-offset fails without -fsanitize
Would be nice to have a comment here explaining that
-fasan-shadow-offset is a GCC flag whereas -asan-mapping-offset is an
LLVM one.
> + CFLAGS_KASAN_SHADOW := $(call cc-option, -fsanitize=kernel-address \
> + -fasan-shadow-offset=$(KASAN_SHADOW_OFFSET), \
> + $(call cc-option, -fsanitize=kernel-address \
> + -mllvm -asan-mapping-offset=$(KASAN_SHADOW_OFFSET)))
> +
> + ifeq ($(strip $(CFLAGS_KASAN_SHADOW)),)
> + CFLAGS_KASAN := $(CFLAGS_KASAN_MINIMAL)
> + else
> + # Now add all the compiler specific options that are valid standalone
> + CFLAGS_KASAN := $(CFLAGS_KASAN_SHADOW) \
> + $(call cc-param,asan-globals=1) \
> + $(call cc-param,asan-instrumentation-with-call-threshold=$(call_threshold)) \
> + $(call cc-param,asan-stack=1) \
> + $(call cc-param,asan-use-after-scope=1)
> + endif
> +
> endif
>
> CFLAGS_KASAN += $(call cc-option, -fsanitize-address-use-after-scope)
> --
> 2.15.0.531.g2ccb3012c9-goog
>
Reviewed-by: Alexander Potapenko <glider@...gle.com>
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Powered by blists - more mailing lists