On Wed, Mar 25, 2020 at 5:13 PM <glider@xxxxxxxxxx> wrote: > > Instrumenting some files with KMSAN will result in kernel being unable > to link, boot or crashing at runtime for various reasons (e.g. infinite > recursion caused by instrumentation hooks calling instrumented code again). > > Disable KMSAN in the following places: > - arch/x86/boot and arch/x86/realmode/rm, as KMSAN doesn't work for i386; > - arch/x86/entry/vdso, which isn't linked with KMSAN runtime; > - three files in arch/x86/kernel - boot problems; > - arch/x86/mm/cpu_entry_area.c - recursion; > - EFI stub - build failures; > - kcov, stackdepot, lockdep - recursion. > > Signed-off-by: Alexander Potapenko <glider@xxxxxxxxxx> > To: Alexander Potapenko <glider@xxxxxxxxxx> > Cc: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> > Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx> > Cc: Vegard Nossum <vegard.nossum@xxxxxxxxxx> > Cc: Dmitry Vyukov <dvyukov@xxxxxxxxxx> > Cc: Marco Elver <elver@xxxxxxxxxx> > Cc: Andrey Konovalov <andreyknvl@xxxxxxxxxx> > Cc: linux-mm@xxxxxxxxx Reviewed-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx> > > --- > > v4: > - fix lockdep support by not instrumenting lockdep.c > - unified comments with KCSAN > > Change-Id: I90961eabf2dcb9ae992aed259088953bad5e4d6d > --- > arch/x86/boot/Makefile | 1 + > arch/x86/boot/compressed/Makefile | 2 ++ > arch/x86/entry/vdso/Makefile | 3 +++ > arch/x86/kernel/Makefile | 4 ++++ > arch/x86/kernel/cpu/Makefile | 1 + > arch/x86/mm/Makefile | 3 +++ > arch/x86/realmode/rm/Makefile | 1 + > drivers/firmware/efi/libstub/Makefile | 1 + > kernel/Makefile | 1 + > kernel/locking/Makefile | 4 ++++ > lib/Makefile | 1 + > 11 files changed, 22 insertions(+) > > diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile > index d7aa1c3a6b25a..2ca8b9b478f3a 100644 > --- a/arch/x86/boot/Makefile > +++ b/arch/x86/boot/Makefile > @@ -12,6 +12,7 @@ > # Sanitizer runtimes are unavailable and cannot be linked for early boot code. > KASAN_SANITIZE := n > KCSAN_SANITIZE := n > +KMSAN_SANITIZE := n > OBJECT_FILES_NON_STANDARD := y > > # Kernel does not boot with kcov instrumentation here. > diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile > index 7619742f91c9a..2af62067a90ec 100644 > --- a/arch/x86/boot/compressed/Makefile > +++ b/arch/x86/boot/compressed/Makefile > @@ -20,6 +20,8 @@ > # Sanitizer runtimes are unavailable and cannot be linked for early boot code. > KASAN_SANITIZE := n > KCSAN_SANITIZE := n > +# KMSAN doesn't work for i386 > +KMSAN_SANITIZE := n > OBJECT_FILES_NON_STANDARD := y > > # Prevents link failures: __sanitizer_cov_trace_pc() is not linked in. > diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile > index ecf6128c95516..e2b1b9be89ab7 100644 > --- a/arch/x86/entry/vdso/Makefile > +++ b/arch/x86/entry/vdso/Makefile > @@ -13,6 +13,9 @@ KBUILD_CFLAGS += $(DISABLE_LTO) > > # Sanitizer runtimes are unavailable and cannot be linked here. > KASAN_SANITIZE := n > +KMSAN_SANITIZE_vclock_gettime.o := n > +KMSAN_SANITIZE_vgetcpu.o := n > + > UBSAN_SANITIZE := n > KCSAN_SANITIZE := n > OBJECT_FILES_NON_STANDARD := y > diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile > index 1ee83df407e3b..a3b7b0452c817 100644 > --- a/arch/x86/kernel/Makefile > +++ b/arch/x86/kernel/Makefile > @@ -32,6 +32,10 @@ KASAN_SANITIZE_paravirt.o := n > # by several compilation units. To be safe, disable all instrumentation. > KCSAN_SANITIZE := n > > +# Work around reboot loop. > +KMSAN_SANITIZE_head$(BITS).o := n > +KMSAN_SANITIZE_nmi.o := n > + > OBJECT_FILES_NON_STANDARD_relocate_kernel_$(BITS).o := y > OBJECT_FILES_NON_STANDARD_test_nx.o := y > OBJECT_FILES_NON_STANDARD_paravirt_patch.o := y > diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile > index dba6a83bc3493..0e299ba013868 100644 > --- a/arch/x86/kernel/cpu/Makefile > +++ b/arch/x86/kernel/cpu/Makefile > @@ -12,6 +12,7 @@ endif > # If these files are instrumented, boot hangs during the first second. > KCOV_INSTRUMENT_common.o := n > KCOV_INSTRUMENT_perf_event.o := n > +KMSAN_SANITIZE_common.o := n > > # As above, instrumenting secondary CPU boot code causes boot hangs. > KCSAN_SANITIZE_common.o := n > diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile > index f7fd0e868c9c8..f11848633cf5b 100644 > --- a/arch/x86/mm/Makefile > +++ b/arch/x86/mm/Makefile > @@ -11,6 +11,9 @@ KASAN_SANITIZE_mem_encrypt_identity.o := n > # reference __initdata sections. > KCSAN_SANITIZE := n > > +# Avoid recursion by not calling KMSAN hooks for CEA code. > +KMSAN_SANITIZE_cpu_entry_area.o := n > + > ifdef CONFIG_FUNCTION_TRACER > CFLAGS_REMOVE_mem_encrypt.o = -pg > CFLAGS_REMOVE_mem_encrypt_identity.o = -pg > diff --git a/arch/x86/realmode/rm/Makefile b/arch/x86/realmode/rm/Makefile > index 83f1b6a56449f..f614009d3e4e2 100644 > --- a/arch/x86/realmode/rm/Makefile > +++ b/arch/x86/realmode/rm/Makefile > @@ -10,6 +10,7 @@ > # Sanitizer runtimes are unavailable and cannot be linked here. > KASAN_SANITIZE := n > KCSAN_SANITIZE := n > +KMSAN_SANITIZE := n > OBJECT_FILES_NON_STANDARD := y > > # Prevents link failures: __sanitizer_cov_trace_pc() is not linked in. > diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile > index dd31237fba2e9..2cf047a0d2e06 100644 > --- a/drivers/firmware/efi/libstub/Makefile > +++ b/drivers/firmware/efi/libstub/Makefile > @@ -36,6 +36,7 @@ GCOV_PROFILE := n > # Sanitizer runtimes are unavailable and cannot be linked here. > KASAN_SANITIZE := n > KCSAN_SANITIZE := n > +KMSAN_SANITIZE := n > UBSAN_SANITIZE := n > OBJECT_FILES_NON_STANDARD := y > > diff --git a/kernel/Makefile b/kernel/Makefile > index 6ac453daf500e..e9093daf41056 100644 > --- a/kernel/Makefile > +++ b/kernel/Makefile > @@ -35,6 +35,7 @@ KCOV_INSTRUMENT_stacktrace.o := n > KCOV_INSTRUMENT_kcov.o := n > KASAN_SANITIZE_kcov.o := n > KCSAN_SANITIZE_kcov.o := n > +KMSAN_SANITIZE_kcov.o := n > CFLAGS_kcov.o := $(call cc-option, -fno-conserve-stack -fno-stack-protector) > > # cond_syscall is currently not LTO compatible > diff --git a/kernel/locking/Makefile b/kernel/locking/Makefile > index 6d11cfb9b41f2..1dd1f7d81e691 100644 > --- a/kernel/locking/Makefile > +++ b/kernel/locking/Makefile > @@ -3,6 +3,10 @@ > # and is generally not a function of system call inputs. > KCOV_INSTRUMENT := n > > +# Instrumenting lockdep.c with KMSAN may cause deadlocks because of > +# recursive KMSAN runtime calls. > +KMSAN_SANITIZE_lockdep.o := n > + > obj-y += mutex.o semaphore.o rwsem.o percpu-rwsem.o > > # Avoid recursion lockdep -> KCSAN -> ... -> lockdep. > diff --git a/lib/Makefile b/lib/Makefile > index d8058c5c05826..6ec959b62a55f 100644 > --- a/lib/Makefile > +++ b/lib/Makefile > @@ -234,6 +234,7 @@ obj-$(CONFIG_IRQ_POLL) += irq_poll.o > CFLAGS_stackdepot.o += -fno-builtin > obj-$(CONFIG_STACKDEPOT) += stackdepot.o > KASAN_SANITIZE_stackdepot.o := n > +KMSAN_SANITIZE_stackdepot.o := n > KCOV_INSTRUMENT_stackdepot.o := n > > libfdt_files = fdt.o fdt_ro.o fdt_wip.o fdt_rw.o fdt_sw.o fdt_strerror.o \ > -- > 2.25.1.696.g5e7596f4ac-goog >
