tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

kbuild: provide reasonable defaults for tool coverage

The objtool, sanitizers (KASAN, UBSAN, etc.), and profilers (GCOV, etc.)
are intended only for kernel space objects.

For instance, the following are not kernel objects, and therefore should
opt out of coverage:

- vDSO
- purgatory
- bootloader (arch/*/boot/)

However, to exclude these from coverage, you need to explicitly set
OBJECT_FILES_NON_STNDARD=y, KASAN_SANITIZE=n, etc.

Kbuild can achieve this without relying on such variables because
objects not directly linked to vmlinux or modules are considered
"non-standard objects".

Detecting standard objects is straightforward:

- objects added to obj-y or lib-y are linked to vmlinux
- objects added to obj-m are linked to modules

There are some exceptional Makefiles (e.g., arch/s390/boot/Makefile,
arch/xtensa/boot/lib/Makefile) that use obj-y or lib-y for non-kernel
space objects, but they can be fixed later if necessary.

Going forward, objects that are not listed in obj-y, lib-y, or obj-m
will opt out of objtool, sanitizers, and profilers by default.

You can still override the Kbuild decision by explicitly specifying
OBJECT_FILES_NON_STANDARD, KASAN_SANITIZE, etc. but most of such Make
variables can be removed.

The next commit will clean up redundant variables.

Note:

This commit changes the coverage for some objects:

- exclude .vmlinux.export.o from UBSAN, KCOV
- exclude arch/csky/kernel/vdso/vgettimeofday.o from UBSAN
- exclude arch/parisc/kernel/vdso32/vdso32.so from UBSAN
- exclude arch/parisc/kernel/vdso64/vdso64.so from UBSAN
- exclude arch/x86/um/vdso/um_vdso.o from UBSAN
- exclude drivers/misc/lkdtm/rodata.o from UBSAN, KCOV
- exclude init/version-timestamp.o from UBSAN, KCOV
- exclude lib/test_fortify/*.o from all santizers and profilers

I believe these are positive effects.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Tested-by: Roberto Sassu <roberto.sassu@huawei.com>

Masahiro Yamada 9c2d1328 8fe51b45

+13 -9
+1 -1
scripts/Makefile.build
··· 214 214 # 'OBJECT_FILES_NON_STANDARD_foo.o := 'y': skip objtool checking for a file 215 215 # 'OBJECT_FILES_NON_STANDARD_foo.o := 'n': override directory skip for a file 216 216 217 - is-standard-object = $(if $(filter-out y%, $(OBJECT_FILES_NON_STANDARD_$(target-stem).o)$(OBJECT_FILES_NON_STANDARD)n),y) 217 + is-standard-object = $(if $(filter-out y%, $(OBJECT_FILES_NON_STANDARD_$(target-stem).o)$(OBJECT_FILES_NON_STANDARD)n),$(is-kernel-object)) 218 218 219 219 $(obj)/%.o: private objtool-enabled = $(if $(is-standard-object),$(if $(delay-objtool),$(is-single-obj-m),y)) 220 220
+12 -8
scripts/Makefile.lib
··· 154 154 # 155 155 ifeq ($(CONFIG_GCOV_KERNEL),y) 156 156 _c_flags += $(if $(patsubst n%,, \ 157 - $(GCOV_PROFILE_$(target-stem).o)$(GCOV_PROFILE)$(CONFIG_GCOV_PROFILE_ALL)), \ 157 + $(GCOV_PROFILE_$(target-stem).o)$(GCOV_PROFILE)$(if $(is-kernel-object),$(CONFIG_GCOV_PROFILE_ALL))), \ 158 158 $(CFLAGS_GCOV)) 159 159 endif 160 160 ··· 165 165 ifeq ($(CONFIG_KASAN),y) 166 166 ifneq ($(CONFIG_KASAN_HW_TAGS),y) 167 167 _c_flags += $(if $(patsubst n%,, \ 168 - $(KASAN_SANITIZE_$(target-stem).o)$(KASAN_SANITIZE)y), \ 168 + $(KASAN_SANITIZE_$(target-stem).o)$(KASAN_SANITIZE)$(is-kernel-object)), \ 169 169 $(CFLAGS_KASAN), $(CFLAGS_KASAN_NOSANITIZE)) 170 170 endif 171 171 endif 172 172 173 173 ifeq ($(CONFIG_KMSAN),y) 174 174 _c_flags += $(if $(patsubst n%,, \ 175 - $(KMSAN_SANITIZE_$(target-stem).o)$(KMSAN_SANITIZE)y), \ 175 + $(KMSAN_SANITIZE_$(target-stem).o)$(KMSAN_SANITIZE)$(is-kernel-object)), \ 176 176 $(CFLAGS_KMSAN)) 177 177 _c_flags += $(if $(patsubst n%,, \ 178 - $(KMSAN_ENABLE_CHECKS_$(target-stem).o)$(KMSAN_ENABLE_CHECKS)y), \ 178 + $(KMSAN_ENABLE_CHECKS_$(target-stem).o)$(KMSAN_ENABLE_CHECKS)$(is-kernel-object)), \ 179 179 , -mllvm -msan-disable-checks=1) 180 180 endif 181 181 182 182 ifeq ($(CONFIG_UBSAN),y) 183 183 _c_flags += $(if $(patsubst n%,, \ 184 - $(UBSAN_SANITIZE_$(target-stem).o)$(UBSAN_SANITIZE)y), \ 184 + $(UBSAN_SANITIZE_$(target-stem).o)$(UBSAN_SANITIZE)$(is-kernel-object)), \ 185 185 $(CFLAGS_UBSAN)) 186 186 _c_flags += $(if $(patsubst n%,, \ 187 - $(UBSAN_SIGNED_WRAP_$(target-stem).o)$(UBSAN_SANITIZE_$(target-stem).o)$(UBSAN_SIGNED_WRAP)$(UBSAN_SANITIZE)y), \ 187 + $(UBSAN_SIGNED_WRAP_$(target-stem).o)$(UBSAN_SANITIZE_$(target-stem).o)$(UBSAN_SIGNED_WRAP)$(UBSAN_SANITIZE)$(is-kernel-object)), \ 188 188 $(CFLAGS_UBSAN_SIGNED_WRAP)) 189 189 endif 190 190 191 191 ifeq ($(CONFIG_KCOV),y) 192 192 _c_flags += $(if $(patsubst n%,, \ 193 - $(KCOV_INSTRUMENT_$(target-stem).o)$(KCOV_INSTRUMENT)$(CONFIG_KCOV_INSTRUMENT_ALL)), \ 193 + $(KCOV_INSTRUMENT_$(target-stem).o)$(KCOV_INSTRUMENT)$(if $(is-kernel-object),$(CONFIG_KCOV_INSTRUMENT_ALL))), \ 194 194 $(CFLAGS_KCOV)) 195 195 endif 196 196 ··· 200 200 # 201 201 ifeq ($(CONFIG_KCSAN),y) 202 202 _c_flags += $(if $(patsubst n%,, \ 203 - $(KCSAN_SANITIZE_$(target-stem).o)$(KCSAN_SANITIZE)y), \ 203 + $(KCSAN_SANITIZE_$(target-stem).o)$(KCSAN_SANITIZE)$(is-kernel-object)), \ 204 204 $(CFLAGS_KCSAN)) 205 205 # Some uninstrumented files provide implied barriers required to avoid false 206 206 # positives: set KCSAN_INSTRUMENT_BARRIERS for barrier instrumentation only. ··· 219 219 endif 220 220 endif 221 221 222 + # If $(is-kernel-object) is 'y', this object will be linked to vmlinux or modules 223 + is-kernel-object = $(or $(part-of-builtin),$(part-of-module)) 224 + 225 + part-of-builtin = $(if $(filter $(basename $@).o, $(real-obj-y) $(lib-y)),y) 222 226 part-of-module = $(if $(filter $(basename $@).o, $(real-obj-m)),y) 223 227 quiet_modtag = $(if $(part-of-module),[M], ) 224 228