lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAG_fn=Xgx+bL85nENTL5K9z=5NBmERub=YEYwkpTYFVphLhPFg@mail.gmail.com>
Date:   Fri, 8 Dec 2017 10:25:46 +0100
From:   Alexander Potapenko <glider@...gle.com>
To:     Paul Lawrence <paullawrence@...gle.com>
Cc:     Andrey Ryabinin <aryabinin@...tuozzo.com>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        Masahiro Yamada <yamada.masahiro@...ionext.com>,
        LKML <linux-kernel@...r.kernel.org>,
        kasan-dev <kasan-dev@...glegroups.com>,
        Linux Memory Management List <linux-mm@...ck.org>,
        Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>,
        Matthias Kaehlcke <mka@...omium.org>,
        Michael Davidson <md@...gle.com>,
        Greg Hackmann <ghackmann@...gle.com>
Subject: Re: [PATCH v4 2/5] kasan/Makefile: Support LLVM style asan parameters.

On Mon, Dec 4, 2017 at 8:17 PM, Paul Lawrence <paullawrence@...gle.com> wrote:
> From: Andrey Ryabinin <aryabinin@...tuozzo.com>
>
> LLVM doesn't understand GCC-style paramters ("--param asan-foo=bar"),
> thus we currently we don't use inline/globals/stack instrumentation
> when building the kernel with clang.
>
> Add support for LLVM-style parameters ("-mllvm -asan-foo=bar") to
> enable all KASAN features.
>
> Signed-off-by: Andrey Ryabinin <aryabinin@...tuozzo.com>
> Signed-off-by: Paul Lawrence <paullawrence@...gle.com>
> ---
>  scripts/Makefile.kasan | 29 ++++++++++++++++++-----------
>  1 file changed, 18 insertions(+), 11 deletions(-)
>
> diff --git a/scripts/Makefile.kasan b/scripts/Makefile.kasan
> index 1ce7115aa499..d5a1a4b6d079 100644
> --- a/scripts/Makefile.kasan
> +++ b/scripts/Makefile.kasan
> @@ -10,10 +10,7 @@ KASAN_SHADOW_OFFSET ?= $(CONFIG_KASAN_SHADOW_OFFSET)
>
>  CFLAGS_KASAN_MINIMAL := -fsanitize=kernel-address
>
> -CFLAGS_KASAN := $(call cc-option, -fsanitize=kernel-address \
> -               -fasan-shadow-offset=$(KASAN_SHADOW_OFFSET) \
> -               --param asan-stack=1 --param asan-globals=1 \
> -               --param asan-instrumentation-with-call-threshold=$(call_threshold))
> +cc-param = $(call cc-option, -mllvm -$(1), $(call cc-option, --param $(1)))
>
>  ifeq ($(call cc-option, $(CFLAGS_KASAN_MINIMAL) -Werror),)
>     ifneq ($(CONFIG_COMPILE_TEST),y)
> @@ -21,13 +18,23 @@ ifeq ($(call cc-option, $(CFLAGS_KASAN_MINIMAL) -Werror),)
>              -fsanitize=kernel-address is not supported by compiler)
>     endif
>  else
> -    ifeq ($(CFLAGS_KASAN),)
> -        ifneq ($(CONFIG_COMPILE_TEST),y)
> -            $(warning CONFIG_KASAN: compiler does not support all options.\
> -                Trying minimal configuration)
> -        endif
> -        CFLAGS_KASAN := $(CFLAGS_KASAN_MINIMAL)
> -    endif
> +   # -fasan-shadow-offset fails without -fsanitize
Would be nice to have a comment here explaining that
-fasan-shadow-offset is a GCC flag whereas -asan-mapping-offset is an
LLVM one.
> +   CFLAGS_KASAN_SHADOW := $(call cc-option, -fsanitize=kernel-address \
> +                       -fasan-shadow-offset=$(KASAN_SHADOW_OFFSET), \
> +                       $(call cc-option, -fsanitize=kernel-address \
> +                       -mllvm -asan-mapping-offset=$(KASAN_SHADOW_OFFSET)))
> +
> +   ifeq ($(strip $(CFLAGS_KASAN_SHADOW)),)
> +      CFLAGS_KASAN := $(CFLAGS_KASAN_MINIMAL)
> +   else
> +      # Now add all the compiler specific options that are valid standalone
> +      CFLAGS_KASAN := $(CFLAGS_KASAN_SHADOW) \
> +       $(call cc-param,asan-globals=1) \
> +       $(call cc-param,asan-instrumentation-with-call-threshold=$(call_threshold)) \
> +       $(call cc-param,asan-stack=1) \
> +       $(call cc-param,asan-use-after-scope=1)
> +   endif
> +
>  endif
>
>  CFLAGS_KASAN += $(call cc-option, -fsanitize-address-use-after-scope)
> --
> 2.15.0.531.g2ccb3012c9-goog
>
Reviewed-by: Alexander Potapenko <glider@...gle.com>


-- 
Alexander Potapenko
Software Engineer

Google Germany GmbH
Erika-Mann-Straße, 33
80636 München

Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ