lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 1 Jun 2021 19:53:24 +0200
From:   Marco Elver <elver@...gle.com>
To:     Nick Desaulniers <ndesaulniers@...gle.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Nathan Chancellor <nathan@...nel.org>,
        Miguel Ojeda <ojeda@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Kees Cook <keescook@...omium.org>,
        Arvind Sankar <nivedita@...m.mit.edu>,
        Will Deacon <will@...nel.org>,
        Luc Van Oostenryck <luc.vanoostenryck@...il.com>,
        Masahiro Yamada <masahiroy@...nel.org>,
        Borislav Petkov <bp@...e.de>,
        Sami Tolvanen <samitolvanen@...gle.com>,
        Arnd Bergmann <arnd@...db.de>,
        clang-built-linux <clang-built-linux@...glegroups.com>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        Mark Rutland <mark.rutland@....com>,
        kasan-dev <kasan-dev@...glegroups.com>
Subject: Re: [PATCH v2] kcov: add __no_sanitize_coverage to fix noinstr for
 all architectures

On Tue, 1 Jun 2021 at 19:46, Marco Elver <elver@...gle.com> wrote:
>
> On Tue, 1 Jun 2021 at 19:42, Nick Desaulniers <ndesaulniers@...gle.com> wrote:
> > On Thu, May 27, 2021 at 9:27 AM Marco Elver <elver@...gle.com> wrote:
> > >
> > > Until now no compiler supported an attribute to disable coverage
> > > instrumentation as used by KCOV.
> > >
> > > To work around this limitation on x86, noinstr functions have their
> > > coverage instrumentation turned into nops by objtool. However, this
> > > solution doesn't scale automatically to other architectures, such as
> > > arm64, which are migrating to use the generic entry code.
> > >
> > > Clang [1] and GCC [2] have added support for the attribute recently.
> > > [1] https://github.com/llvm/llvm-project/commit/280333021e9550d80f5c1152a34e33e81df1e178
> > > [2] https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=cec4d4a6782c9bd8d071839c50a239c49caca689
> > > The changes will appear in Clang 13 and GCC 12.
> > >
> > > Add __no_sanitize_coverage for both compilers, and add it to noinstr.
> > >
> > > Note: In the Clang case, __has_feature(coverage_sanitizer) is only true
> > > if the feature is enabled, and therefore we do not require an additional
> > > defined(CONFIG_KCOV) (like in the GCC case where __has_attribute(..) is
> > > always true) to avoid adding redundant attributes to functions if KCOV
> > > is off. That being said, compilers that support the attribute will not
> > > generate errors/warnings if the attribute is redundantly used; however,
> > > where possible let's avoid it as it reduces preprocessed code size and
> > > associated compile-time overheads.
> > >
> > > Signed-off-by: Marco Elver <elver@...gle.com>
> > > Acked-by: Peter Zijlstra (Intel) <peterz@...radead.org>
> > > ---
> > > v2:
> > > * Implement __has_feature(coverage_sanitizer) in Clang
> > >   (https://reviews.llvm.org/D103159) and use instead of version check.
> > > * Add Peter's Ack.
> > > ---
> > >  include/linux/compiler-clang.h | 11 +++++++++++
> > >  include/linux/compiler-gcc.h   |  6 ++++++
> > >  include/linux/compiler_types.h |  2 +-
> > >  3 files changed, 18 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/include/linux/compiler-clang.h b/include/linux/compiler-clang.h
> > > index adbe76b203e2..e15eebfa8e5d 100644
> > > --- a/include/linux/compiler-clang.h
> > > +++ b/include/linux/compiler-clang.h
> > > @@ -45,6 +45,17 @@
> > >  #define __no_sanitize_undefined
> > >  #endif
> > >
> > > +/*
> > > + * Support for __has_feature(coverage_sanitizer) was added in Clang 13 together
> > > + * with no_sanitize("coverage"). Prior versions of Clang support coverage
> > > + * instrumentation, but cannot be queried for support by the preprocessor.
> >
> > I'm not against a version check for supporting older releases (in
> > addition to the cleaner feature check, since the feature check was
> > non-existent); we can clean it up someday when clang-13 is the
> > minimally supported version.  Would having an additional version check
> > help support existing/older releases here?
>
> The feature check will just return 0 on older releases, since the
> feature does not exist there. Therefore, no additional code is
> required to support older releases and a version check would be
> redundant.

And to avoid further confusion: -fsanitize-coverage exists, but the
feature "coverage_sanitizer" queryable by __has_feature() does not
exist. The confusion is the price we pay for this technical debt --
but I'd rather not write an essay about this in the comments. Most of
it is in the commit message, and if people are still confused I hope
they find this thread.

There was also a v3 explaining this more in the comments, too:
https://lkml.kernel.org/r/20210527194448.3470080-1-elver@google.com

Hopefully that is all enough.

> > > + */
> > > +#if __has_feature(coverage_sanitizer)
> > > +#define __no_sanitize_coverage __attribute__((no_sanitize("coverage")))
> > > +#else
> > > +#define __no_sanitize_coverage
> > > +#endif
> > > +
>
> Thanks,
> -- Marco

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ