From: Andrey Konovalov <andreyknvl@gmail.com>
To: Matthew Maurer <mmaurer@google.com>
Cc: dvyukov@google.com, ojeda@kernel.org,
"Andrey Ryabinin" <ryabinin.a.a@gmail.com>,
"Masahiro Yamada" <masahiroy@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Wedson Almeida Filho" <wedsonaf@gmail.com>,
"Nathan Chancellor" <nathan@kernel.org>,
aliceryhl@google.com, samitolvanen@google.com,
kasan-dev@googlegroups.com, linux-mm@kvack.org,
glider@google.com, "Nicolas Schier" <nicolas@fjasle.eu>,
"Vincenzo Frascino" <vincenzo.frascino@arm.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <benno.lossin@proton.me>,
"Andreas Hindborg" <a.hindborg@samsung.com>,
"Nick Desaulniers" <ndesaulniers@google.com>,
"Bill Wendling" <morbo@google.com>,
"Justin Stitt" <justinstitt@google.com>,
linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org,
rust-for-linux@vger.kernel.org, llvm@lists.linux.dev
Subject: Re: [PATCH v3 2/4] kbuild: rust: Enable KASAN support
Date: Tue, 20 Aug 2024 19:30:41 +0200 [thread overview]
Message-ID: <CA+fCnZeA_GOdqidEhP81TvwiSSgJNEoXa85ooqVpfPOk3v4S0w@mail.gmail.com> (raw)
In-Reply-To: <20240819213534.4080408-3-mmaurer@google.com>
On Mon, Aug 19, 2024 at 11:35 PM Matthew Maurer <mmaurer@google.com> wrote:
>
> Rust supports KASAN via LLVM, but prior to this patch, the flags aren't
> set properly.
>
> Rust hasn't yet enabled software-tagged KWHASAN (only regular HWASAN),
> so explicitly prevent Rust from being selected when it is enabled.
This is done in the next patch, not in this one.
> Suggested-by: Miguel Ojeda <ojeda@kernel.org>
> Signed-off-by: Matthew Maurer <mmaurer@google.com>
> ---
> scripts/Makefile.kasan | 54 +++++++++++++++++++++++----------
> scripts/Makefile.lib | 3 ++
> scripts/generate_rust_target.rs | 1 +
> 3 files changed, 42 insertions(+), 16 deletions(-)
>
> diff --git a/scripts/Makefile.kasan b/scripts/Makefile.kasan
> index aab4154af00a..163640fdefa0 100644
> --- a/scripts/Makefile.kasan
> +++ b/scripts/Makefile.kasan
> @@ -12,6 +12,11 @@ endif
> KASAN_SHADOW_OFFSET ?= $(CONFIG_KASAN_SHADOW_OFFSET)
>
> cc-param = $(call cc-option, -mllvm -$(1), $(call cc-option, --param $(1)))
> +rustc-param = $(call rustc-option, -Cllvm-args=-$(1),)
> +
> +check-args = $(foreach arg,$(2),$(call $(1),$(arg)))
> +
> +kasan_params :=
>
> ifdef CONFIG_KASAN_STACK
> stack_enable := 1
> @@ -41,39 +46,56 @@ CFLAGS_KASAN := $(call cc-option, -fsanitize=kernel-address \
> $(call cc-option, -fsanitize=kernel-address \
> -mllvm -asan-mapping-offset=$(KASAN_SHADOW_OFFSET)))
>
> -# Now, add other parameters enabled similarly in both GCC and Clang.
> -# As some of them are not supported by older compilers, use cc-param.
> -CFLAGS_KASAN += $(call cc-param,asan-instrumentation-with-call-threshold=$(call_threshold)) \
> - $(call cc-param,asan-stack=$(stack_enable)) \
> - $(call cc-param,asan-instrument-allocas=1) \
> - $(call cc-param,asan-globals=1)
> +# The minimum supported `rustc` version has a minimum supported LLVM
> +# version late enough that we can assume support for -asan-mapping-offset
Nit: dot at the end.
> +RUSTFLAGS_KASAN := -Zsanitizer=kernel-address \
> + -Zsanitizer-recover=kernel-address \
> + -Cllvm-args=-asan-mapping-offset=$(KASAN_SHADOW_OFFSET)
> +
> +# Now, add other parameters enabled similarly in GCC, Clang, and rustc.
> +# As some of them are not supported by older compilers, these will be filtered
> +# through `cc-param` or `rust-param` as applicable.
> +kasan_params += asan-instrumentation-with-call-threshold=$(call_threshold) \
> + asan-stack=$(stack_enable) \
> + asan-instrument-allocas=1 \
> + asan-globals=1
>
> # Instrument memcpy/memset/memmove calls by using instrumented __asan_mem*()
> # instead. With compilers that don't support this option, compiler-inserted
> # memintrinsics won't be checked by KASAN on GENERIC_ENTRY architectures.
> -CFLAGS_KASAN += $(call cc-param,asan-kernel-mem-intrinsic-prefix=1)
> +kasan_params += asan-kernel-mem-intrinsic-prefix=1
>
> endif # CONFIG_KASAN_GENERIC
>
> ifdef CONFIG_KASAN_SW_TAGS
>
> ifdef CONFIG_KASAN_INLINE
> - instrumentation_flags := $(call cc-param,hwasan-mapping-offset=$(KASAN_SHADOW_OFFSET))
> + kasan_params += hwasan-mapping-offset=$(KASAN_SHADOW_OFFSET)
> else
> - instrumentation_flags := $(call cc-param,hwasan-instrument-with-calls=1)
> + kasan_params += hwasan-instrument-with-calls=1
> endif
>
> -CFLAGS_KASAN := -fsanitize=kernel-hwaddress \
> - $(call cc-param,hwasan-instrument-stack=$(stack_enable)) \
> - $(call cc-param,hwasan-use-short-granules=0) \
> - $(call cc-param,hwasan-inline-all-checks=0) \
> - $(instrumentation_flags)
> +kasan_params += hwasan-instrument-stack=$(stack_enable) \
> + hwasan-use-short-granules=0 \
> + hwasan-inline-all-checks=0
Let's put these kasan_params parts after CFLAGS_KASAN.
> +
> +CFLAGS_KASAN := -fsanitize=kernel-hwaddress
> +RUSTFLAGS_KASAN := -Zsanitizer=kernel-hwaddress \
> + -Zsanitizer-recover=kernel-hwaddress
What's the intention of defining RUSTFLAGS_KASAN for SW_TAGS if it's
not supported by Rust? Should this be removed?
If this is just a foundation for potential future support of
Rust+SW_TAGS, please add a comment explaining this. And also please
put the patch that disallows Rust+SW_TAGS before this one, if you keep
RUSTFLAGS_KASAN.
> # Instrument memcpy/memset/memmove calls by using instrumented __hwasan_mem*().
> ifeq ($(call clang-min-version, 150000)$(call gcc-min-version, 130000),y)
> - CFLAGS_KASAN += $(call cc-param,hwasan-kernel-mem-intrinsic-prefix=1)
> + kasan_params += hwasan-kernel-mem-intrinsic-prefix=1
> endif
>
> endif # CONFIG_KASAN_SW_TAGS
>
> -export CFLAGS_KASAN CFLAGS_KASAN_NOSANITIZE
> +# Add all as-supported KASAN LLVM parameters requested by the configuration
Nit: dot at the end.
> +CFLAGS_KASAN += $(call check-args, cc-param, $(kasan_params))
> +
> +ifdef CONFIG_RUST
> + # Avoid calling `rustc-param` unless Rust is enabled.
> + RUSTFLAGS_KASAN += $(call check-args, rustc-param, $(kasan_params))
> +endif # CONFIG_RUST
> +
> +export CFLAGS_KASAN CFLAGS_KASAN_NOSANITIZE RUSTFLAGS_KASAN
> diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
> index 9f06f6aaf7fc..4a58636705e0 100644
> --- a/scripts/Makefile.lib
> +++ b/scripts/Makefile.lib
> @@ -167,6 +167,9 @@ ifneq ($(CONFIG_KASAN_HW_TAGS),y)
> _c_flags += $(if $(patsubst n%,, \
> $(KASAN_SANITIZE_$(target-stem).o)$(KASAN_SANITIZE)$(is-kernel-object)), \
> $(CFLAGS_KASAN), $(CFLAGS_KASAN_NOSANITIZE))
> +_rust_flags += $(if $(patsubst n%,, \
> + $(KASAN_SANITIZE_$(target-stem).o)$(KASAN_SANITIZE)$(is-kernel-object)), \
> + $(RUSTFLAGS_KASAN))
> endif
> endif
>
> diff --git a/scripts/generate_rust_target.rs b/scripts/generate_rust_target.rs
> index ced405d35c5d..c24c2abd67db 100644
> --- a/scripts/generate_rust_target.rs
> +++ b/scripts/generate_rust_target.rs
> @@ -192,6 +192,7 @@ fn main() {
> }
> ts.push("features", features);
> ts.push("llvm-target", "x86_64-linux-gnu");
> + ts.push("supported-sanitizers", ["kernel-address"]);
> ts.push("target-pointer-width", "64");
> } else if cfg.has("LOONGARCH") {
> panic!("loongarch uses the builtin rustc loongarch64-unknown-none-softfloat target");
> --
> 2.46.0.184.g6999bdac58-goog
>
next prev parent reply other threads:[~2024-08-20 17:30 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-19 21:35 [PATCH v3 0/4] Rust KASAN Support Matthew Maurer
2024-08-19 21:35 ` [PATCH v3 1/4] kbuild: rust: Define probing macros for rustc Matthew Maurer
2024-08-20 14:20 ` Miguel Ojeda
2024-08-20 17:22 ` Matthew Maurer
2024-08-20 20:49 ` Miguel Ojeda
2024-08-19 21:35 ` [PATCH v3 2/4] kbuild: rust: Enable KASAN support Matthew Maurer
2024-08-20 17:30 ` Andrey Konovalov [this message]
2024-08-19 21:35 ` [PATCH v3 3/4] rust: kasan: Rust does not support KHWASAN Matthew Maurer
2024-08-20 17:30 ` Andrey Konovalov
2024-08-19 21:35 ` [PATCH v3 4/4] kasan: rust: Add KASAN smoke test via UAF Matthew Maurer
2024-08-20 17:37 ` Andrey Konovalov
2024-08-20 14:19 ` [PATCH v3 0/4] Rust KASAN Support Miguel Ojeda
2024-08-20 17:28 ` Andrey Konovalov
2024-08-20 17:55 ` Alice Ryhl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CA+fCnZeA_GOdqidEhP81TvwiSSgJNEoXa85ooqVpfPOk3v4S0w@mail.gmail.com \
--to=andreyknvl@gmail.com \
--cc=a.hindborg@samsung.com \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dvyukov@google.com \
--cc=gary@garyguo.net \
--cc=glider@google.com \
--cc=justinstitt@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=llvm@lists.linux.dev \
--cc=masahiroy@kernel.org \
--cc=mmaurer@google.com \
--cc=morbo@google.com \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=nicolas@fjasle.eu \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=ryabinin.a.a@gmail.com \
--cc=samitolvanen@google.com \
--cc=vincenzo.frascino@arm.com \
--cc=wedsonaf@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox