| Message ID | 20211214162050.660953-8-glider@google.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | Add KernelMemorySanitizer infrastructure | expand |
On Tue, Dec 14, 2021 at 05:20:14PM +0100, Alexander Potapenko wrote: > The new attribute maps to > __attribute__((disable_sanitizer_instrumentation)), which will be > supported by Clang >= 14.0. Future support in GCC is also possible. > > This attribute disables compiler instrumentation for kernel sanitizer > tools, making it easier to implement noinstr. It is different from the > existing __no_sanitize* attributes, which may still allow certain types > of instrumentation to prevent false positives. When you say the __no_sanitize* attributes allow some instrumentation, does that apply to any of the existing KASAN/KCSAN/KCOV support, or just for KMSAN? The documentation just says the same as the commit message: | This is not the same as __attribute__((no_sanitize(...))), which depending on | the tool may still insert instrumentation to prevent false positive reports. ... which implies the other instrumentation might not be suprressed. I ask because architectures which select ARCH_WANTS_NO_INSTR *need* to be able to suppress all instrumentation. It's fine if that means they need a new version of clang for KMSAN, but if there's latent instrumentation we have more bugs to fix first... Thanks, Mark. > Signed-off-by: Alexander Potapenko <glider@google.com> > --- > Link: https://linux-review.googlesource.com/id/Ic0123ce99b33ab7d5ed1ae90593425be8d3d774a > --- > include/linux/compiler_attributes.h | 18 ++++++++++++++++++ > 1 file changed, 18 insertions(+) > > diff --git a/include/linux/compiler_attributes.h b/include/linux/compiler_attributes.h > index b9121afd87331..37e2600202216 100644 > --- a/include/linux/compiler_attributes.h > +++ b/include/linux/compiler_attributes.h > @@ -308,6 +308,24 @@ > # define __compiletime_warning(msg) > #endif > > +/* > + * Optional: only supported since clang >= 14.0 > + * > + * clang: https://clang.llvm.org/docs/AttributeReference.html#disable-sanitizer-instrumentation > + * > + * disable_sanitizer_instrumentation is not always similar to > + * no_sanitize((<sanitizer-name>)): the latter may still let specific sanitizers > + * insert code into functions to prevent false positives. Unlike that, > + * disable_sanitizer_instrumentation prevents all kinds of instrumentation to > + * functions with the attribute. > + */ > +#if __has_attribute(disable_sanitizer_instrumentation) > +# define __disable_sanitizer_instrumentation \ > + __attribute__((disable_sanitizer_instrumentation)) > +#else > +# define __disable_sanitizer_instrumentation > +#endif > + > /* > * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-weak-function-attribute > * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-weak-variable-attribute > -- > 2.34.1.173.g76aa8bc2d0-goog >
A On Wed, 15 Dec 2021 at 14:24, Mark Rutland <mark.rutland@arm.com> wrote: > > On Tue, Dec 14, 2021 at 05:20:14PM +0100, Alexander Potapenko wrote: > > The new attribute maps to > > __attribute__((disable_sanitizer_instrumentation)), which will be > > supported by Clang >= 14.0. Future support in GCC is also possible. > > > > This attribute disables compiler instrumentation for kernel sanitizer > > tools, making it easier to implement noinstr. It is different from the > > existing __no_sanitize* attributes, which may still allow certain types > > of instrumentation to prevent false positives. > > When you say the __no_sanitize* attributes allow some instrumentation, does > that apply to any of the existing KASAN/KCSAN/KCOV support, or just for KMSAN? > > The documentation just says the same as the commit message: > > | This is not the same as __attribute__((no_sanitize(...))), which depending on > | the tool may still insert instrumentation to prevent false positive reports. > > ... which implies the other instrumentation might not be suprressed. > > I ask because architectures which select ARCH_WANTS_NO_INSTR *need* to be able > to suppress all instrumentation. It's fine if that means they need a new > version of clang for KMSAN, but if there's latent instrumentation we have more > bugs to fix first... Thus far, none of the existing K*SANs added other instrumentation. Apart from KMSAN here, this will change with KCSAN's barrier instrumentation, which is why this patch is also part of KCSAN's upcoming changes -- recall I said I fixed barrier instrumentation for arm64 as well, this is how :-) See https://lore.kernel.org/all/20211130114433.2580590-26-elver@google.com/ how I resolved it for KCSAN on architectures that don't have objtool. I expect this patch will be dropped from the KMSAN series once it reaches mainline through the KCSAN changes. Also note, this applies only for bug-detection tools, that may want to avoid false positives. So by definition, it is irrelevant for KCOV (which had its own attribute woes a while back though). Yeah, it's been a long road to get the compilers to play along ... :-/ Thanks, -- Marco
diff --git a/include/linux/compiler_attributes.h b/include/linux/compiler_attributes.h index b9121afd87331..37e2600202216 100644 --- a/include/linux/compiler_attributes.h +++ b/include/linux/compiler_attributes.h @@ -308,6 +308,24 @@ # define __compiletime_warning(msg) #endif +/* + * Optional: only supported since clang >= 14.0 + * + * clang: https://clang.llvm.org/docs/AttributeReference.html#disable-sanitizer-instrumentation + * + * disable_sanitizer_instrumentation is not always similar to + * no_sanitize((<sanitizer-name>)): the latter may still let specific sanitizers + * insert code into functions to prevent false positives. Unlike that, + * disable_sanitizer_instrumentation prevents all kinds of instrumentation to + * functions with the attribute. + */ +#if __has_attribute(disable_sanitizer_instrumentation) +# define __disable_sanitizer_instrumentation \ + __attribute__((disable_sanitizer_instrumentation)) +#else +# define __disable_sanitizer_instrumentation +#endif + /* * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-weak-function-attribute * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-weak-variable-attribute
The new attribute maps to __attribute__((disable_sanitizer_instrumentation)), which will be supported by Clang >= 14.0. Future support in GCC is also possible. This attribute disables compiler instrumentation for kernel sanitizer tools, making it easier to implement noinstr. It is different from the existing __no_sanitize* attributes, which may still allow certain types of instrumentation to prevent false positives. Signed-off-by: Alexander Potapenko <glider@google.com> --- Link: https://linux-review.googlesource.com/id/Ic0123ce99b33ab7d5ed1ae90593425be8d3d774a --- include/linux/compiler_attributes.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)