kbuild: provide reasonable defaults for tool coverage
The objtool, sanitizers (KASAN, UBSAN, etc.), and profilers (GCOV, etc.) are intended only for kernel space objects. For instance, the following are not kernel objects, and therefore should opt out of coverage: - vDSO - purgatory - bootloader (arch/*/boot/) However, to exclude these from coverage, you need to explicitly set OBJECT_FILES_NON_STNDARD=y, KASAN_SANITIZE=n, etc. Kbuild can achieve this without relying on such variables because objects not directly linked to vmlinux or modules are considered "non-standard objects". Detecting standard objects is straightforward: - objects added to obj-y or lib-y are linked to vmlinux - objects added to obj-m are linked to modules There are some exceptional Makefiles (e.g., arch/s390/boot/Makefile, arch/xtensa/boot/lib/Makefile) that use obj-y or lib-y for non-kernel space objects, but they can be fixed later if necessary. Going forward, objects that are not listed in obj-y, lib-y, or obj-m will opt out of objtool, sanitizers, and profilers by default. You can still override the Kbuild decision by explicitly specifying OBJECT_FILES_NON_STANDARD, KASAN_SANITIZE, etc. but most of such Make variables can be removed. The next commit will clean up redundant variables. Note: This commit changes the coverage for some objects: - exclude .vmlinux.export.o from UBSAN, KCOV - exclude arch/csky/kernel/vdso/vgettimeofday.o from UBSAN - exclude arch/parisc/kernel/vdso32/vdso32.so from UBSAN - exclude arch/parisc/kernel/vdso64/vdso64.so from UBSAN - exclude arch/x86/um/vdso/um_vdso.o from UBSAN - exclude drivers/misc/lkdtm/rodata.o from UBSAN, KCOV - exclude init/version-timestamp.o from UBSAN, KCOV - exclude lib/test_fortify/*.o from all santizers and profilers I believe these are positive effects. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org> Tested-by: Roberto Sassu <roberto.sassu@huawei.com>
This commit is contained in:
parent
8fe51b45c5
commit
9c2d1328f8
@ -214,7 +214,7 @@ endif # CONFIG_FTRACE_MCOUNT_USE_RECORDMCOUNT
|
||||
# 'OBJECT_FILES_NON_STANDARD_foo.o := 'y': skip objtool checking for a file
|
||||
# 'OBJECT_FILES_NON_STANDARD_foo.o := 'n': override directory skip for a file
|
||||
|
||||
is-standard-object = $(if $(filter-out y%, $(OBJECT_FILES_NON_STANDARD_$(target-stem).o)$(OBJECT_FILES_NON_STANDARD)n),y)
|
||||
is-standard-object = $(if $(filter-out y%, $(OBJECT_FILES_NON_STANDARD_$(target-stem).o)$(OBJECT_FILES_NON_STANDARD)n),$(is-kernel-object))
|
||||
|
||||
$(obj)/%.o: private objtool-enabled = $(if $(is-standard-object),$(if $(delay-objtool),$(is-single-obj-m),y))
|
||||
|
||||
|
@ -154,7 +154,7 @@ _cpp_flags = $(KBUILD_CPPFLAGS) $(cppflags-y) $(CPPFLAGS_$(target-stem).lds)
|
||||
#
|
||||
ifeq ($(CONFIG_GCOV_KERNEL),y)
|
||||
_c_flags += $(if $(patsubst n%,, \
|
||||
$(GCOV_PROFILE_$(target-stem).o)$(GCOV_PROFILE)$(CONFIG_GCOV_PROFILE_ALL)), \
|
||||
$(GCOV_PROFILE_$(target-stem).o)$(GCOV_PROFILE)$(if $(is-kernel-object),$(CONFIG_GCOV_PROFILE_ALL))), \
|
||||
$(CFLAGS_GCOV))
|
||||
endif
|
||||
|
||||
@ -165,32 +165,32 @@ endif
|
||||
ifeq ($(CONFIG_KASAN),y)
|
||||
ifneq ($(CONFIG_KASAN_HW_TAGS),y)
|
||||
_c_flags += $(if $(patsubst n%,, \
|
||||
$(KASAN_SANITIZE_$(target-stem).o)$(KASAN_SANITIZE)y), \
|
||||
$(KASAN_SANITIZE_$(target-stem).o)$(KASAN_SANITIZE)$(is-kernel-object)), \
|
||||
$(CFLAGS_KASAN), $(CFLAGS_KASAN_NOSANITIZE))
|
||||
endif
|
||||
endif
|
||||
|
||||
ifeq ($(CONFIG_KMSAN),y)
|
||||
_c_flags += $(if $(patsubst n%,, \
|
||||
$(KMSAN_SANITIZE_$(target-stem).o)$(KMSAN_SANITIZE)y), \
|
||||
$(KMSAN_SANITIZE_$(target-stem).o)$(KMSAN_SANITIZE)$(is-kernel-object)), \
|
||||
$(CFLAGS_KMSAN))
|
||||
_c_flags += $(if $(patsubst n%,, \
|
||||
$(KMSAN_ENABLE_CHECKS_$(target-stem).o)$(KMSAN_ENABLE_CHECKS)y), \
|
||||
$(KMSAN_ENABLE_CHECKS_$(target-stem).o)$(KMSAN_ENABLE_CHECKS)$(is-kernel-object)), \
|
||||
, -mllvm -msan-disable-checks=1)
|
||||
endif
|
||||
|
||||
ifeq ($(CONFIG_UBSAN),y)
|
||||
_c_flags += $(if $(patsubst n%,, \
|
||||
$(UBSAN_SANITIZE_$(target-stem).o)$(UBSAN_SANITIZE)y), \
|
||||
$(UBSAN_SANITIZE_$(target-stem).o)$(UBSAN_SANITIZE)$(is-kernel-object)), \
|
||||
$(CFLAGS_UBSAN))
|
||||
_c_flags += $(if $(patsubst n%,, \
|
||||
$(UBSAN_SIGNED_WRAP_$(target-stem).o)$(UBSAN_SANITIZE_$(target-stem).o)$(UBSAN_SIGNED_WRAP)$(UBSAN_SANITIZE)y), \
|
||||
$(UBSAN_SIGNED_WRAP_$(target-stem).o)$(UBSAN_SANITIZE_$(target-stem).o)$(UBSAN_SIGNED_WRAP)$(UBSAN_SANITIZE)$(is-kernel-object)), \
|
||||
$(CFLAGS_UBSAN_SIGNED_WRAP))
|
||||
endif
|
||||
|
||||
ifeq ($(CONFIG_KCOV),y)
|
||||
_c_flags += $(if $(patsubst n%,, \
|
||||
$(KCOV_INSTRUMENT_$(target-stem).o)$(KCOV_INSTRUMENT)$(CONFIG_KCOV_INSTRUMENT_ALL)), \
|
||||
$(KCOV_INSTRUMENT_$(target-stem).o)$(KCOV_INSTRUMENT)$(if $(is-kernel-object),$(CONFIG_KCOV_INSTRUMENT_ALL))), \
|
||||
$(CFLAGS_KCOV))
|
||||
endif
|
||||
|
||||
@ -200,7 +200,7 @@ endif
|
||||
#
|
||||
ifeq ($(CONFIG_KCSAN),y)
|
||||
_c_flags += $(if $(patsubst n%,, \
|
||||
$(KCSAN_SANITIZE_$(target-stem).o)$(KCSAN_SANITIZE)y), \
|
||||
$(KCSAN_SANITIZE_$(target-stem).o)$(KCSAN_SANITIZE)$(is-kernel-object)), \
|
||||
$(CFLAGS_KCSAN))
|
||||
# Some uninstrumented files provide implied barriers required to avoid false
|
||||
# positives: set KCSAN_INSTRUMENT_BARRIERS for barrier instrumentation only.
|
||||
@ -219,6 +219,10 @@ _cpp_flags += $(addprefix -I, $(src) $(obj))
|
||||
endif
|
||||
endif
|
||||
|
||||
# If $(is-kernel-object) is 'y', this object will be linked to vmlinux or modules
|
||||
is-kernel-object = $(or $(part-of-builtin),$(part-of-module))
|
||||
|
||||
part-of-builtin = $(if $(filter $(basename $@).o, $(real-obj-y) $(lib-y)),y)
|
||||
part-of-module = $(if $(filter $(basename $@).o, $(real-obj-m)),y)
|
||||
quiet_modtag = $(if $(part-of-module),[M], )
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user