kbuild: rust: Enable KASAN support

Rust supports KASAN via LLVM, but prior to this patch, the flags aren't
set properly.

Suggested-by: Miguel Ojeda <ojeda@kernel.org>
Signed-off-by: Matthew Maurer <mmaurer@google.com>
Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
Link: https://lore.kernel.org/r/20240820194910.187826-4-mmaurer@google.com
[ Applied "SW_TAGS KASAN" nit. - Miguel ]
Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
This commit is contained in:
Matthew Maurer 2024-08-20 19:48:58 +00:00 committed by Miguel Ojeda
parent f64e2f3a66
commit e3117404b4
3 changed files with 45 additions and 17 deletions

View File

@ -12,6 +12,11 @@ endif
KASAN_SHADOW_OFFSET ?= $(CONFIG_KASAN_SHADOW_OFFSET) KASAN_SHADOW_OFFSET ?= $(CONFIG_KASAN_SHADOW_OFFSET)
cc-param = $(call cc-option, -mllvm -$(1), $(call cc-option, --param $(1))) cc-param = $(call cc-option, -mllvm -$(1), $(call cc-option, --param $(1)))
rustc-param = $(call rustc-option, -Cllvm-args=-$(1),)
check-args = $(foreach arg,$(2),$(call $(1),$(arg)))
kasan_params :=
ifdef CONFIG_KASAN_STACK ifdef CONFIG_KASAN_STACK
stack_enable := 1 stack_enable := 1
@ -41,39 +46,59 @@ CFLAGS_KASAN := $(call cc-option, -fsanitize=kernel-address \
$(call cc-option, -fsanitize=kernel-address \ $(call cc-option, -fsanitize=kernel-address \
-mllvm -asan-mapping-offset=$(KASAN_SHADOW_OFFSET))) -mllvm -asan-mapping-offset=$(KASAN_SHADOW_OFFSET)))
# Now, add other parameters enabled similarly in both GCC and Clang. # The minimum supported `rustc` version has a minimum supported LLVM
# As some of them are not supported by older compilers, use cc-param. # version late enough that we can assume support for -asan-mapping-offset.
CFLAGS_KASAN += $(call cc-param,asan-instrumentation-with-call-threshold=$(call_threshold)) \ RUSTFLAGS_KASAN := -Zsanitizer=kernel-address \
$(call cc-param,asan-stack=$(stack_enable)) \ -Zsanitizer-recover=kernel-address \
$(call cc-param,asan-instrument-allocas=1) \ -Cllvm-args=-asan-mapping-offset=$(KASAN_SHADOW_OFFSET)
$(call cc-param,asan-globals=1)
# Now, add other parameters enabled similarly in GCC, Clang, and rustc.
# As some of them are not supported by older compilers, these will be filtered
# through `cc-param` or `rust-param` as applicable.
kasan_params += asan-instrumentation-with-call-threshold=$(call_threshold) \
asan-stack=$(stack_enable) \
asan-instrument-allocas=1 \
asan-globals=1
# Instrument memcpy/memset/memmove calls by using instrumented __asan_mem*() # Instrument memcpy/memset/memmove calls by using instrumented __asan_mem*()
# instead. With compilers that don't support this option, compiler-inserted # instead. With compilers that don't support this option, compiler-inserted
# memintrinsics won't be checked by KASAN on GENERIC_ENTRY architectures. # memintrinsics won't be checked by KASAN on GENERIC_ENTRY architectures.
CFLAGS_KASAN += $(call cc-param,asan-kernel-mem-intrinsic-prefix=1) kasan_params += asan-kernel-mem-intrinsic-prefix=1
endif # CONFIG_KASAN_GENERIC endif # CONFIG_KASAN_GENERIC
ifdef CONFIG_KASAN_SW_TAGS ifdef CONFIG_KASAN_SW_TAGS
CFLAGS_KASAN := -fsanitize=kernel-hwaddress
# This sets flags that will enable SW_TAGS KASAN once enabled in Rust. These
# will not work today, and is guarded against in dependencies for CONFIG_RUST.
RUSTFLAGS_KASAN := -Zsanitizer=kernel-hwaddress \
-Zsanitizer-recover=kernel-hwaddress
ifdef CONFIG_KASAN_INLINE ifdef CONFIG_KASAN_INLINE
instrumentation_flags := $(call cc-param,hwasan-mapping-offset=$(KASAN_SHADOW_OFFSET)) kasan_params += hwasan-mapping-offset=$(KASAN_SHADOW_OFFSET)
else else
instrumentation_flags := $(call cc-param,hwasan-instrument-with-calls=1) kasan_params += hwasan-instrument-with-calls=1
endif endif
CFLAGS_KASAN := -fsanitize=kernel-hwaddress \ kasan_params += hwasan-instrument-stack=$(stack_enable) \
$(call cc-param,hwasan-instrument-stack=$(stack_enable)) \ hwasan-use-short-granules=0 \
$(call cc-param,hwasan-use-short-granules=0) \ hwasan-inline-all-checks=0
$(call cc-param,hwasan-inline-all-checks=0) \
$(instrumentation_flags)
# Instrument memcpy/memset/memmove calls by using instrumented __hwasan_mem*(). # Instrument memcpy/memset/memmove calls by using instrumented __hwasan_mem*().
ifeq ($(call clang-min-version, 150000)$(call gcc-min-version, 130000),y) ifeq ($(call clang-min-version, 150000)$(call gcc-min-version, 130000),y)
CFLAGS_KASAN += $(call cc-param,hwasan-kernel-mem-intrinsic-prefix=1) kasan_params += hwasan-kernel-mem-intrinsic-prefix=1
endif endif
endif # CONFIG_KASAN_SW_TAGS endif # CONFIG_KASAN_SW_TAGS
export CFLAGS_KASAN CFLAGS_KASAN_NOSANITIZE # Add all as-supported KASAN LLVM parameters requested by the configuration.
CFLAGS_KASAN += $(call check-args, cc-param, $(kasan_params))
ifdef CONFIG_RUST
# Avoid calling `rustc-param` unless Rust is enabled.
RUSTFLAGS_KASAN += $(call check-args, rustc-param, $(kasan_params))
endif # CONFIG_RUST
export CFLAGS_KASAN CFLAGS_KASAN_NOSANITIZE RUSTFLAGS_KASAN

View File

@ -167,6 +167,9 @@ ifneq ($(CONFIG_KASAN_HW_TAGS),y)
_c_flags += $(if $(patsubst n%,, \ _c_flags += $(if $(patsubst n%,, \
$(KASAN_SANITIZE_$(target-stem).o)$(KASAN_SANITIZE)$(is-kernel-object)), \ $(KASAN_SANITIZE_$(target-stem).o)$(KASAN_SANITIZE)$(is-kernel-object)), \
$(CFLAGS_KASAN), $(CFLAGS_KASAN_NOSANITIZE)) $(CFLAGS_KASAN), $(CFLAGS_KASAN_NOSANITIZE))
_rust_flags += $(if $(patsubst n%,, \
$(KASAN_SANITIZE_$(target-stem).o)$(KASAN_SANITIZE)$(is-kernel-object)), \
$(RUSTFLAGS_KASAN))
endif endif
endif endif

View File

@ -207,7 +207,7 @@ fn main() {
} }
ts.push("features", features); ts.push("features", features);
ts.push("llvm-target", "x86_64-linux-gnu"); ts.push("llvm-target", "x86_64-linux-gnu");
ts.push("supported-sanitizers", ["kcfi"]); ts.push("supported-sanitizers", ["kcfi", "kernel-address"]);
ts.push("target-pointer-width", "64"); ts.push("target-pointer-width", "64");
} else if cfg.has("X86_32") { } else if cfg.has("X86_32") {
// This only works on UML, as i386 otherwise needs regparm support in rustc // This only works on UML, as i386 otherwise needs regparm support in rustc