Re: [PATCH 1/3] kbuild: provide reasonable defaults for tool coverage

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Kees Cook <kees@kernel.org>
To: Masahiro Yamada <masahiroy@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>,
	linux-kbuild@vger.kernel.org,
	Linux-Arch <linux-arch@vger.kernel.org>,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/3] kbuild: provide reasonable defaults for tool coverage
Date: Fri, 31 May 2024 09:09:19 -0700	[thread overview]
Message-ID: <202405310908.A5733DF@keescook> (raw)
In-Reply-To: <CAK7LNAR4kzwJdf1HtnwK86VuMqpL2CBtpSsVcFH-EGizqLqAFA@mail.gmail.com>

On Fri, May 31, 2024 at 07:16:30PM +0900, Masahiro Yamada wrote:
> On Fri, May 31, 2024 at 6:06 PM Arnd Bergmann <arnd@arndb.de> wrote:
> >
> > On Fri, May 31, 2024, at 10:52, Masahiro Yamada wrote:
> > > On Tue, May 28, 2024 at 8:36 PM Arnd Bergmann <arnd@arndb.de> wrote:
> >
> > >> I don't understand the nature of this warning, but I see
> > >> that your patch ended up dropping -fsanitize=kernel-address
> > >> from the compiler flags because the lib/test_fortify/*.c files
> > >> don't match the $(is-kernel-object) rule. Adding back
> > >> -fsanitize=kernel-address shuts up these warnings.
> > >
> > >
> > > In my understanding, fortify-string is independent of KASAN.
> > >
> > > I do not understand why -fsanitize=kernel-address matters.
> >
> > Right, this is something I've failed to understand as well
> > so far.
> >
> > >> I've applied a local workaround in my randconfig tree
> > >>
> > >> diff --git a/lib/Makefile b/lib/Makefile
> > >> index ddcb76b294b5..d7b8fab64068 100644
> > >> --- a/lib/Makefile
> > >> +++ b/lib/Makefile
> > >> @@ -425,5 +425,7 @@ $(obj)/$(TEST_FORTIFY_LOG): $(addprefix $(obj)/, $(TEST_FORTIFY_LOGS)) FORCE
> > >>
> > >>  # Fake dependency to trigger the fortify tests.
> > >>  ifeq ($(CONFIG_FORTIFY_SOURCE),y)
> > >> +ifndef CONFIG_KASAN
> > >>  $(obj)/string.o: $(obj)/$(TEST_FORTIFY_LOG)
> > >> +endif
> > >>  endif
> > >>
> > >>
> > >> which I don't think we want upstream. Can you and Kees come
> > >> up with a proper fix instead?
> > >
> > > I set CONFIG_FORTIFY_SOURCE=y and CONFIG_KASAN=y,
> > > but I did not observe such warnings.
> > > Is this arch or compiler-specific?
> > >
> > >
> > > Could you provide me with the steps to reproduce it?
> >
> > This is a randconfig .config file that shows it, but
> > I've seen it in a lot of others:
> > https://pastebin.com/raw/ESVzUeth
> >
> > If this doesn't reproduce it for you, I can try to narrow
> > it down further.
> >
> >      Arnd
> 
> 
> Thanks, I was able to reproduce it.
> 
> The issue happens with CONFIG_KASAN_SW_TAGS.
> 
> I do not see the issue with CONFIG_KASAN_GENERIC.

I'll try to figure this out. I suspect some kind of symbol name changes
are happening? The fortify tests expect to find specifically-named
symbols, so perhaps something is disrupting that?

-- 
Kees Cook

next prev parent reply	other threads:[~2024-05-31 16:09 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-05-06 13:35 [PATCH 0/3] kbuild: remove many tool coverage variables Masahiro Yamada
2024-05-06 13:35 ` [PATCH 1/3] kbuild: provide reasonable defaults for tool coverage Masahiro Yamada
2024-05-28 11:35   ` Arnd Bergmann
2024-05-31  8:52     ` Masahiro Yamada
2024-05-31  9:05       ` Arnd Bergmann
2024-05-31 10:16         ` Masahiro Yamada
2024-05-31 16:09           ` Kees Cook [this message]
2024-05-06 13:35 ` [PATCH 2/3] Makefile: remove redundant tool coverage variables Masahiro Yamada
2024-05-06 13:35 ` [PATCH 3/3] kbuild: use GCOV_PROFILE and KCSAN_SANITIZE in scripts/Makefile.modfinal Masahiro Yamada
2024-05-13 18:48 ` [PATCH 0/3] kbuild: remove many tool coverage variables Kees Cook
2024-05-13 19:54   ` Marco Elver
2024-05-13 22:50     ` Masahiro Yamada
2024-05-13 22:39   ` Masahiro Yamada
2024-05-13 23:28     ` Kees Cook
2024-05-14  7:31   ` Roberto Sassu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202405310908.A5733DF@keescook \
    --to=kees@kernel.org \
    --cc=arnd@arndb.de \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-kbuild@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=masahiroy@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.