lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 27 May 2021 12:55:00 -0700
From:   Nathan Chancellor <nathan@...nel.org>
To:     Marco Elver <elver@...gle.com>,
        Andrew Morton <akpm@...ux-foundation.org>
Cc:     linux-kernel@...r.kernel.org, ndesaulniers@...gle.com,
        ojeda@...nel.org, keescook@...omium.org, peterz@...radead.org,
        will@...nel.org, nivedita@...m.mit.edu,
        luc.vanoostenryck@...il.com, masahiroy@...nel.org,
        samitolvanen@...gle.com, arnd@...db.de,
        clang-built-linux@...glegroups.com,
        Dmitry Vyukov <dvyukov@...gle.com>,
        Mark Rutland <mark.rutland@....com>, kasan-dev@...glegroups.com
Subject: Re: [PATCH v3] kcov: add __no_sanitize_coverage to fix noinstr for
 all architectures

On 5/27/2021 12:44 PM, Marco Elver wrote:
> Until now no compiler supported an attribute to disable coverage
> instrumentation as used by KCOV.
> 
> To work around this limitation on x86, noinstr functions have their
> coverage instrumentation turned into nops by objtool. However, this
> solution doesn't scale automatically to other architectures, such as
> arm64, which are migrating to use the generic entry code.
> 
> Clang [1] and GCC [2] have added support for the attribute recently.
> [1] https://github.com/llvm/llvm-project/commit/280333021e9550d80f5c1152a34e33e81df1e178
> [2] https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=cec4d4a6782c9bd8d071839c50a239c49caca689
> The changes will appear in Clang 13 and GCC 12.
> 
> Add __no_sanitize_coverage for both compilers, and add it to noinstr.
> 
> Note: In the Clang case, __has_feature(coverage_sanitizer) is only true
> if the feature is enabled, and therefore we do not require an additional
> defined(CONFIG_KCOV) (like in the GCC case where __has_attribute(..) is
> always true) to avoid adding redundant attributes to functions if KCOV
> is off. That being said, compilers that support the attribute will not
> generate errors/warnings if the attribute is redundantly used; however,
> where possible let's avoid it as it reduces preprocessed code size and
> associated compile-time overheads.
> 
> Signed-off-by: Marco Elver <elver@...gle.com>
> Acked-by: Peter Zijlstra (Intel) <peterz@...radead.org>
> Reviewed-by: Miguel Ojeda <ojeda@...nel.org>

Reviewed-by: Nathan Chancellor <nathan@...nel.org>

> ---
> v3:
> * Add comment explaining __has_feature() in Clang.
> * Add Miguel's Reviewed-by.
> 
> v2:
> * Implement __has_feature(coverage_sanitizer) in Clang
>    (https://reviews.llvm.org/D103159) and use instead of version check.
> * Add Peter's Ack.
> ---
>   include/linux/compiler-clang.h | 17 +++++++++++++++++
>   include/linux/compiler-gcc.h   |  6 ++++++
>   include/linux/compiler_types.h |  2 +-
>   3 files changed, 24 insertions(+), 1 deletion(-)
> 
> diff --git a/include/linux/compiler-clang.h b/include/linux/compiler-clang.h
> index adbe76b203e2..49b0ac8b6fd3 100644
> --- a/include/linux/compiler-clang.h
> +++ b/include/linux/compiler-clang.h
> @@ -13,6 +13,12 @@
>   /* all clang versions usable with the kernel support KASAN ABI version 5 */
>   #define KASAN_ABI_VERSION 5
>   
> +/*
> + * Note: Checking __has_feature(*_sanitizer) is only true if the feature is
> + * enabled. Therefore it is not required to additionally check defined(CONFIG_*)
> + * to avoid adding redundant attributes in other configurations.
> + */
> +
>   #if __has_feature(address_sanitizer) || __has_feature(hwaddress_sanitizer)
>   /* Emulate GCC's __SANITIZE_ADDRESS__ flag */
>   #define __SANITIZE_ADDRESS__
> @@ -45,6 +51,17 @@
>   #define __no_sanitize_undefined
>   #endif
>   
> +/*
> + * Support for __has_feature(coverage_sanitizer) was added in Clang 13 together
> + * with no_sanitize("coverage"). Prior versions of Clang support coverage
> + * instrumentation, but cannot be queried for support by the preprocessor.
> + */
> +#if __has_feature(coverage_sanitizer)
> +#define __no_sanitize_coverage __attribute__((no_sanitize("coverage")))
> +#else
> +#define __no_sanitize_coverage
> +#endif
> +
>   /*
>    * Not all versions of clang implement the type-generic versions
>    * of the builtin overflow checkers. Fortunately, clang implements
> diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
> index 5d97ef738a57..cb9217fc60af 100644
> --- a/include/linux/compiler-gcc.h
> +++ b/include/linux/compiler-gcc.h
> @@ -122,6 +122,12 @@
>   #define __no_sanitize_undefined
>   #endif
>   
> +#if defined(CONFIG_KCOV) && __has_attribute(__no_sanitize_coverage__)
> +#define __no_sanitize_coverage __attribute__((no_sanitize_coverage))
> +#else
> +#define __no_sanitize_coverage
> +#endif
> +
>   #if GCC_VERSION >= 50100
>   #define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW 1
>   #endif
> diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h
> index d29bda7f6ebd..cc2bee7f0977 100644
> --- a/include/linux/compiler_types.h
> +++ b/include/linux/compiler_types.h
> @@ -210,7 +210,7 @@ struct ftrace_likely_data {
>   /* Section for code which can't be instrumented at all */
>   #define noinstr								\
>   	noinline notrace __attribute((__section__(".noinstr.text")))	\
> -	__no_kcsan __no_sanitize_address
> +	__no_kcsan __no_sanitize_address __no_sanitize_coverage
>   
>   #endif /* __KERNEL__ */
>   
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ