On Fri, 1 Jul 2022 at 16:23, Alexander Potapenko <glider@xxxxxxxxxx> wrote: > > __no_sanitize_memory is a function attribute that instructs KMSAN to > skip a function during instrumentation. This is needed to e.g. implement > the noinstr functions. > > __no_kmsan_checks is a function attribute that makes KMSAN > ignore the uninitialized values coming from the function's > inputs, and initialize the function's outputs. > > Functions marked with this attribute can't be inlined into functions > not marked with it, and vice versa. This behavior is overridden by > __always_inline. > > __SANITIZE_MEMORY__ is a macro that's defined iff the file is > instrumented with KMSAN. This is not the same as CONFIG_KMSAN, which is > defined for every file. > > Signed-off-by: Alexander Potapenko <glider@xxxxxxxxxx> Reviewed-by: Marco Elver <elver@xxxxxxxxxx> > --- > Link: https://linux-review.googlesource.com/id/I004ff0360c918d3cd8b18767ddd1381c6d3281be > --- > include/linux/compiler-clang.h | 23 +++++++++++++++++++++++ > include/linux/compiler-gcc.h | 6 ++++++ > 2 files changed, 29 insertions(+) > > diff --git a/include/linux/compiler-clang.h b/include/linux/compiler-clang.h > index c84fec767445d..4fa0cc4cbd2c8 100644 > --- a/include/linux/compiler-clang.h > +++ b/include/linux/compiler-clang.h > @@ -51,6 +51,29 @@ > #define __no_sanitize_undefined > #endif > > +#if __has_feature(memory_sanitizer) > +#define __SANITIZE_MEMORY__ > +/* > + * Unlike other sanitizers, KMSAN still inserts code into functions marked with > + * no_sanitize("kernel-memory"). Using disable_sanitizer_instrumentation > + * provides the behavior consistent with other __no_sanitize_ attributes, > + * guaranteeing that __no_sanitize_memory functions remain uninstrumented. > + */ > +#define __no_sanitize_memory __disable_sanitizer_instrumentation > + > +/* > + * The __no_kmsan_checks attribute ensures that a function does not produce > + * false positive reports by: > + * - initializing all local variables and memory stores in this function; > + * - skipping all shadow checks; > + * - passing initialized arguments to this function's callees. > + */ > +#define __no_kmsan_checks __attribute__((no_sanitize("kernel-memory"))) > +#else > +#define __no_sanitize_memory > +#define __no_kmsan_checks > +#endif > + > /* > * Support for __has_feature(coverage_sanitizer) was added in Clang 13 together > * with no_sanitize("coverage"). Prior versions of Clang support coverage > diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h > index a0c55eeaeaf16..63eb90eddad77 100644 > --- a/include/linux/compiler-gcc.h > +++ b/include/linux/compiler-gcc.h > @@ -125,6 +125,12 @@ > #define __SANITIZE_ADDRESS__ > #endif > > +/* > + * GCC does not support KMSAN. > + */ > +#define __no_sanitize_memory > +#define __no_kmsan_checks > + > /* > * Turn individual warnings and errors on and off locally, depending > * on version. > -- > 2.37.0.rc0.161.g10f37bed90-goog >
