Loading...
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 | # SPDX-License-Identifier: GPL-2.0 ifdef CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX # Safe for compiler to generate meminstrinsic calls in uninstrumented files. CFLAGS_KASAN_NOSANITIZE := else # Don't let compiler generate memintrinsic calls in uninstrumented files # because they are instrumented. CFLAGS_KASAN_NOSANITIZE := -fno-builtin endif KASAN_SHADOW_OFFSET ?= $(CONFIG_KASAN_SHADOW_OFFSET) cc-param = $(call cc-option, -mllvm -$(1), $(call cc-option, --param $(1))) rustc-param = $(call rustc-option, -Cllvm-args=-$(1),) check-args = $(foreach arg,$(2),$(call $(1),$(arg))) kasan_params := ifdef CONFIG_KASAN_STACK stack_enable := 1 else stack_enable := 0 endif ifdef CONFIG_KASAN_GENERIC ifdef CONFIG_KASAN_INLINE # When the number of memory accesses in a function is less than this # call threshold number, the compiler will use inline instrumentation. # 10000 is chosen offhand as a sufficiently large number to make all # kernel functions to be instrumented inline. call_threshold := 10000 else call_threshold := 0 endif # First, enable -fsanitize=kernel-address together with providing the shadow # mapping offset, as for GCC, -fasan-shadow-offset fails without -fsanitize # (GCC accepts the shadow mapping offset via -fasan-shadow-offset instead of # a --param like the other KASAN parameters). # Instead of ifdef-checking the compiler, rely on cc-option. CFLAGS_KASAN := $(call cc-option, -fsanitize=kernel-address \ -fasan-shadow-offset=$(KASAN_SHADOW_OFFSET), \ $(call cc-option, -fsanitize=kernel-address \ -mllvm -asan-mapping-offset=$(KASAN_SHADOW_OFFSET))) # The minimum supported `rustc` version has a minimum supported LLVM # version late enough that we can assume support for -asan-mapping-offset. RUSTFLAGS_KASAN := -Zsanitizer=kernel-address \ -Zsanitizer-recover=kernel-address \ -Cllvm-args=-asan-mapping-offset=$(KASAN_SHADOW_OFFSET) # Now, add other parameters enabled similarly in GCC, Clang, and rustc. # As some of them are not supported by older compilers, these will be filtered # through `cc-param` or `rust-param` as applicable. kasan_params += asan-instrumentation-with-call-threshold=$(call_threshold) \ asan-stack=$(stack_enable) \ asan-instrument-allocas=1 \ asan-globals=1 # Instrument memcpy/memset/memmove calls by using instrumented __asan_mem*() # instead. With compilers that don't support this option, compiler-inserted # memintrinsics won't be checked by KASAN on GENERIC_ENTRY architectures. kasan_params += asan-kernel-mem-intrinsic-prefix=1 endif # CONFIG_KASAN_GENERIC ifdef CONFIG_KASAN_SW_TAGS CFLAGS_KASAN := -fsanitize=kernel-hwaddress # This sets flags that will enable SW_TAGS KASAN once enabled in Rust. These # will not work today, and is guarded against in dependencies for CONFIG_RUST. RUSTFLAGS_KASAN := -Zsanitizer=kernel-hwaddress \ -Zsanitizer-recover=kernel-hwaddress ifdef CONFIG_KASAN_INLINE kasan_params += hwasan-mapping-offset=$(KASAN_SHADOW_OFFSET) else kasan_params += hwasan-instrument-with-calls=1 endif kasan_params += hwasan-instrument-stack=$(stack_enable) \ hwasan-use-short-granules=0 \ hwasan-inline-all-checks=0 # Instrument memcpy/memset/memmove calls by using instrumented __hwasan_mem*(). ifeq ($(call clang-min-version, 150000)$(call gcc-min-version, 130000),y) kasan_params += hwasan-kernel-mem-intrinsic-prefix=1 endif endif # CONFIG_KASAN_SW_TAGS # Add all as-supported KASAN LLVM parameters requested by the configuration. CFLAGS_KASAN += $(call check-args, cc-param, $(kasan_params)) ifdef CONFIG_RUST # Avoid calling `rustc-param` unless Rust is enabled. RUSTFLAGS_KASAN += $(call check-args, rustc-param, $(kasan_params)) endif # CONFIG_RUST export CFLAGS_KASAN CFLAGS_KASAN_NOSANITIZE RUSTFLAGS_KASAN |