| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Nov 2021 11:39:49 +0100
From: Marco Elver <elver@...gle.com>
To: Kefeng Wang <wangkefeng.wang@...wei.com>,
Mark Rutland <mark.rutland@....com>
Cc: Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will@...nel.org>,
linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] arm64: Enable KCSAN
On Fri, Nov 26, 2021 at 04:00PM +0800, Kefeng Wang wrote:
> This patch enables KCSAN for arm64, with updates to build rules
> to not use KCSAN for several incompatible compilation units.
>
> Tested selftest and kcsan_test, and all passed.
>
> Signed-off-by: Kefeng Wang <wangkefeng.wang@...wei.com>
Nice! Although I think Mark (Cc'd) also had been working on this and
probably knows what, if anything, is still missing.
For one, have you tested gcc 11? To make it work with gcc 11, my
preferred solution is that you simply squash this:
---
diff --git a/kernel/kcsan/Makefile b/kernel/kcsan/Makefile
index c2bb07f5bcc7..d7d0b51b79f5 100644
--- a/kernel/kcsan/Makefile
+++ b/kernel/kcsan/Makefile
@@ -8,6 +8,7 @@ CFLAGS_REMOVE_debugfs.o = $(CC_FLAGS_FTRACE)
CFLAGS_REMOVE_report.o = $(CC_FLAGS_FTRACE)
CFLAGS_core.o := $(call cc-option,-fno-conserve-stack) \
+ $(call cc-option,-mno-outline-atomics) \
-fno-stack-protector -DDISABLE_BRANCH_PROFILING
obj-y := core.o debugfs.o report.o
---
[ I have changes to kernel/kcsan/Makefile that I expect to land in -next
soon'ish, the above is small enough that git can auto-merge. ]
gcc somehow made outline-atomics the default (unlike clang), which will
cause linker errors for kernel/kcsan/core.o. While the support for
builtin atomics shouldn't be required on arm64, I want it to be
(compile-)testable on all architectures. Although there's an exception
that certain compiler instrumentation actually require working builtin
atomics support, specifically GCOV_KERNEL.
Thanks,
-- Marco
> ---
> Tested on Qemu with clang 13, based on 5.16-rc2.
>
> [ 0.221518] kcsan: enabled early
> [ 0.222422] kcsan: strict mode configured
> ...
> [ 5.839223] kcsan: selftest: 3/3 tests passed
> ...
> [ 517.895102] # kcsan: pass:24 fail:0 skip:0 total:24
> [ 517.896393] # Totals: pass:168 fail:0 skip:0 total:168
> [ 517.897502] ok 1 - kcsan
>
> arch/arm64/Kconfig | 1 +
> arch/arm64/kernel/vdso/Makefile | 1 +
> arch/arm64/kvm/hyp/nvhe/Makefile | 1 +
> 3 files changed, 3 insertions(+)
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index 4ff73299f8a9..0ac90875f71d 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -150,6 +150,7 @@ config ARM64
> select HAVE_ARCH_KASAN_VMALLOC if HAVE_ARCH_KASAN
> select HAVE_ARCH_KASAN_SW_TAGS if HAVE_ARCH_KASAN
> select HAVE_ARCH_KASAN_HW_TAGS if (HAVE_ARCH_KASAN && ARM64_MTE)
> + select HAVE_ARCH_KCSAN
> select HAVE_ARCH_KFENCE
> select HAVE_ARCH_KGDB
> select HAVE_ARCH_MMAP_RND_BITS
> diff --git a/arch/arm64/kernel/vdso/Makefile b/arch/arm64/kernel/vdso/Makefile
> index 700767dfd221..60813497a381 100644
> --- a/arch/arm64/kernel/vdso/Makefile
> +++ b/arch/arm64/kernel/vdso/Makefile
> @@ -32,6 +32,7 @@ ccflags-y += -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO
> CFLAGS_REMOVE_vgettimeofday.o = $(CC_FLAGS_FTRACE) -Os $(CC_FLAGS_SCS) $(GCC_PLUGINS_CFLAGS) \
> $(CC_FLAGS_LTO)
> KASAN_SANITIZE := n
> +KCSAN_SANITIZE := n
> UBSAN_SANITIZE := n
> OBJECT_FILES_NON_STANDARD := y
> KCOV_INSTRUMENT := n
> diff --git a/arch/arm64/kvm/hyp/nvhe/Makefile b/arch/arm64/kvm/hyp/nvhe/Makefile
> index c3c11974fa3b..24b2c2425b38 100644
> --- a/arch/arm64/kvm/hyp/nvhe/Makefile
> +++ b/arch/arm64/kvm/hyp/nvhe/Makefile
> @@ -89,6 +89,7 @@ KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_FTRACE) $(CC_FLAGS_SCS) $(CC_FLAGS_CFI)
> # cause crashes. Just disable it.
> GCOV_PROFILE := n
> KASAN_SANITIZE := n
> +KCSAN_SANITIZE := n
> UBSAN_SANITIZE := n
> KCOV_INSTRUMENT := n
>
> --
> 2.26.2
>
Powered by blists - more mailing lists