From: Kees Cook <kees@kernel.org>
To: Arnd Bergmann <arnd@arndb.de>
Cc: "Kirill A. Shutemov" <kas@kernel.org>,
x86@kernel.org, "Gavin Shan" <gshan@redhat.com>,
"Jan Beulich" <jbeulich@suse.com>,
kvm@vger.kernel.org, "Rafael J. Wysocki" <rafael@kernel.org>,
"Kees Cook" <kees@kernel.org>,
"Catalin Marinas" <catalin.marinas@arm.com>,
"Dave Hansen" <dave.hansen@linux.intel.com>,
llvm@lists.linux.dev, "Thomas Huth" <thuth@redhat.com>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
"Usama Arif" <usama.arif@bytedance.com>,
"Andrey Ryabinin" <ryabinin.a.a@gmail.com>,
"Viresh Kumar" <viresh.kumar@linaro.org>,
linux-hardening@vger.kernel.org,
"Henrique de Moraes Holschuh" <hmh@hmh.eng.br>,
"Oza Pawandeep" <quic_poza@quicinc.com>,
"Will Deacon" <will@kernel.org>,
"Ard Biesheuvel" <ardb@kernel.org>,
linux-trace-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, linux-efi@vger.kernel.org,
"H. Peter Anvin" <hpa@zytor.com>,
"Michal Wilczynski" <michal.wilczynski@intel.com>,
"Baoquan He" <bhe@redhat.com>,
linux-acpi@vger.kernel.org,
"Masahiro Yamada" <masahiroy@kernel.org>,
linux-kbuild@vger.kernel.org, "James Morris" <jmorris@namei.org>,
kasan-dev@googlegroups.com,
"Peter Zijlstra (Intel)" <peterz@infradead.org>,
"Ingo Molnar" <mingo@redhat.com>,
"Sami Tolvanen" <samitolvanen@google.com>,
"Changyuan Lyu" <changyuanl@google.com>,
"Ilpo Järvinen" <ilpo.jarvinen@linux.intel.com>,
"Hou Wenlong" <houwenlong.hwl@antgroup.com>,
"Nick Desaulniers" <nick.desaulniers+lkml@gmail.com>,
"Len Brown" <lenb@kernel.org>,
platform-driver-x86@vger.kernel.org,
"Marco Elver" <elver@google.com>,
"Alexander Graf" <graf@amazon.com>,
"Paul E. McKenney" <paulmck@kernel.org>,
"Anshuman Khandual" <anshuman.khandual@arm.com>,
"Brian Gerst" <brgerst@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Masami Hiramatsu" <mhiramat@kernel.org>,
"Bibo Mao" <maobibo@loongson.cn>,
"Nathan Chancellor" <nathan@kernel.org>,
"Paul Moore" <paul@paul-moore.com>,
"Russell King (Oracle)" <rmk+kernel@armlinux.org.uk>,
"Borislav Petkov" <bp@alien8.de>,
"Andy Lutomirski" <luto@kernel.org>,
"Jonathan Cameron" <Jonathan.Cameron@huawei.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Andy Shevchenko" <andriy.shevchenko@linux.intel.com>,
"Andrew Morton" <akpm@linux-foundation.org>,
linux-arm-kernel@lists.infradead.org,
"Andrey Konovalov" <andreyknvl@gmail.com>,
"Juergen Gross" <jgross@suse.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
"Nicolas Schier" <nicolas.schier@linux.dev>,
ibm-acpi-devel@lists.sourceforge.net, kexec@lists.infradead.org,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
"Luis Chamberlain" <mcgrof@kernel.org>,
"James Morse" <james.morse@arm.com>,
"Hans de Goede" <hansg@kernel.org>,
"Justin Stitt" <justinstitt@google.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Vitaly Kuznetsov" <vkuznets@redhat.com>,
"Christophe Leroy" <christophe.leroy@csgroup.eu>,
"Bill Wendling" <morbo@google.com>,
"David Woodhouse" <dwmw@amazon.co.uk>,
"Mike Rapoport" <rppt@kernel.org>,
"Roger Pau Monne" <roger.pau@citrix.com>
Subject: [PATCH v4 4/4] kstack_erase: Support Clang stack depth tracking
Date: Wed, 23 Jul 2025 22:50:28 -0700 [thread overview]
Message-ID: <20250724055029.3623499-4-kees@kernel.org> (raw)
In-Reply-To: <20250724054419.it.405-kees@kernel.org>
Wire up CONFIG_KSTACK_ERASE to Clang 21's new stack depth tracking
callback[1] option.
Link: https://clang.llvm.org/docs/SanitizerCoverage.html#tracing-stack-depth [1]
Signed-off-by: Kees Cook <kees@kernel.org>
---
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Nicolas Schier <nicolas.schier@linux.dev>
Cc: Marco Elver <elver@google.com>
Cc: Andrey Konovalov <andreyknvl@gmail.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Cc: <linux-kbuild@vger.kernel.org>
Cc: <kasan-dev@googlegroups.com>
Cc: <linux-hardening@vger.kernel.org>
---
security/Kconfig.hardening | 5 ++++-
scripts/Makefile.kstack_erase | 6 ++++++
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening
index f7aa2024ab25..b9a5bc3430aa 100644
--- a/security/Kconfig.hardening
+++ b/security/Kconfig.hardening
@@ -82,10 +82,13 @@ choice
endchoice
+config CC_HAS_SANCOV_STACK_DEPTH_CALLBACK
+ def_bool $(cc-option,-fsanitize-coverage-stack-depth-callback-min=1)
+
config KSTACK_ERASE
bool "Poison kernel stack before returning from syscalls"
depends on HAVE_ARCH_KSTACK_ERASE
- depends on GCC_PLUGINS
+ depends on GCC_PLUGINS || CC_HAS_SANCOV_STACK_DEPTH_CALLBACK
help
This option makes the kernel erase the kernel stack before
returning from system calls. This has the effect of leaving
diff --git a/scripts/Makefile.kstack_erase b/scripts/Makefile.kstack_erase
index 5223d3a35817..c7bc2379e113 100644
--- a/scripts/Makefile.kstack_erase
+++ b/scripts/Makefile.kstack_erase
@@ -8,6 +8,12 @@ kstack-erase-cflags-$(CONFIG_GCC_PLUGIN_STACKLEAK_VERBOSE) += -fplugin-arg-stack
DISABLE_KSTACK_ERASE := -fplugin-arg-stackleak_plugin-disable
endif
+ifdef CONFIG_CC_IS_CLANG
+kstack-erase-cflags-y += -fsanitize-coverage=stack-depth
+kstack-erase-cflags-y += -fsanitize-coverage-stack-depth-callback-min=$(CONFIG_KSTACK_ERASE_TRACK_MIN_SIZE)
+DISABLE_KSTACK_ERASE := -fno-sanitize-coverage=stack-depth
+endif
+
KSTACK_ERASE_CFLAGS := $(kstack-erase-cflags-y)
export STACKLEAK_CFLAGS DISABLE_KSTACK_ERASE
--
2.34.1
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <kees@kernel.org>
To: Arnd Bergmann <arnd@arndb.de>
Cc: "Kees Cook" <kees@kernel.org>,
"Masahiro Yamada" <masahiroy@kernel.org>,
"Nathan Chancellor" <nathan@kernel.org>,
"Nicolas Schier" <nicolas.schier@linux.dev>,
"Marco Elver" <elver@google.com>,
"Andrey Konovalov" <andreyknvl@gmail.com>,
"Andrey Ryabinin" <ryabinin.a.a@gmail.com>,
"Ard Biesheuvel" <ardb@kernel.org>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
linux-kbuild@vger.kernel.org, kasan-dev@googlegroups.com,
linux-hardening@vger.kernel.org, "Will Deacon" <will@kernel.org>,
"Catalin Marinas" <catalin.marinas@arm.com>,
"Jonathan Cameron" <Jonathan.Cameron@huawei.com>,
"Gavin Shan" <gshan@redhat.com>,
"Russell King (Oracle)" <rmk+kernel@armlinux.org.uk>,
"James Morse" <james.morse@arm.com>,
"Oza Pawandeep" <quic_poza@quicinc.com>,
"Anshuman Khandual" <anshuman.khandual@arm.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Ingo Molnar" <mingo@redhat.com>,
"Borislav Petkov" <bp@alien8.de>,
"Dave Hansen" <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Mike Rapoport" <rppt@kernel.org>,
"Vitaly Kuznetsov" <vkuznets@redhat.com>,
"Henrique de Moraes Holschuh" <hmh@hmh.eng.br>,
"Hans de Goede" <hansg@kernel.org>,
"Ilpo Järvinen" <ilpo.jarvinen@linux.intel.com>,
"Rafael J. Wysocki" <rafael@kernel.org>,
"Len Brown" <lenb@kernel.org>,
"Masami Hiramatsu" <mhiramat@kernel.org>,
"Michal Wilczynski" <michal.wilczynski@intel.com>,
"Juergen Gross" <jgross@suse.com>,
"Andy Shevchenko" <andriy.shevchenko@linux.intel.com>,
"Kirill A. Shutemov" <kas@kernel.org>,
"Roger Pau Monne" <roger.pau@citrix.com>,
"David Woodhouse" <dwmw@amazon.co.uk>,
"Usama Arif" <usama.arif@bytedance.com>,
"Guilherme G. Piccoli" <gpiccoli@igalia.com>,
"Thomas Huth" <thuth@redhat.com>,
"Brian Gerst" <brgerst@gmail.com>,
"Hou Wenlong" <houwenlong.hwl@antgroup.com>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Peter Zijlstra (Intel)" <peterz@infradead.org>,
"Luis Chamberlain" <mcgrof@kernel.org>,
"Sami Tolvanen" <samitolvanen@google.com>,
"Christophe Leroy" <christophe.leroy@csgroup.eu>,
"Andy Lutomirski" <luto@kernel.org>,
"Baoquan He" <bhe@redhat.com>, "Alexander Graf" <graf@amazon.com>,
"Changyuan Lyu" <changyuanl@google.com>,
"Paul Moore" <paul@paul-moore.com>,
"James Morris" <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
"Nick Desaulniers" <nick.desaulniers+lkml@gmail.com>,
"Bill Wendling" <morbo@google.com>,
"Justin Stitt" <justinstitt@google.com>,
"Jan Beulich" <jbeulich@suse.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Viresh Kumar" <viresh.kumar@linaro.org>,
"Paul E. McKenney" <paulmck@kernel.org>,
"Bibo Mao" <maobibo@loongson.cn>,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, x86@kernel.org,
kvm@vger.kernel.org, ibm-acpi-devel@lists.sourceforge.net,
platform-driver-x86@vger.kernel.org, linux-acpi@vger.kernel.org,
linux-trace-kernel@vger.kernel.org, linux-efi@vger.kernel.org,
linux-mm@kvack.org, kexec@lists.infradead.org,
linux-security-module@vger.kernel.org, llvm@lists.linux.dev
Subject: [PATCH v4 4/4] kstack_erase: Support Clang stack depth tracking
Date: Wed, 23 Jul 2025 22:50:28 -0700 [thread overview]
Message-ID: <20250724055029.3623499-4-kees@kernel.org> (raw)
In-Reply-To: <20250724054419.it.405-kees@kernel.org>
Wire up CONFIG_KSTACK_ERASE to Clang 21's new stack depth tracking
callback[1] option.
Link: https://clang.llvm.org/docs/SanitizerCoverage.html#tracing-stack-depth [1]
Signed-off-by: Kees Cook <kees@kernel.org>
---
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Nicolas Schier <nicolas.schier@linux.dev>
Cc: Marco Elver <elver@google.com>
Cc: Andrey Konovalov <andreyknvl@gmail.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Cc: <linux-kbuild@vger.kernel.org>
Cc: <kasan-dev@googlegroups.com>
Cc: <linux-hardening@vger.kernel.org>
---
security/Kconfig.hardening | 5 ++++-
scripts/Makefile.kstack_erase | 6 ++++++
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening
index f7aa2024ab25..b9a5bc3430aa 100644
--- a/security/Kconfig.hardening
+++ b/security/Kconfig.hardening
@@ -82,10 +82,13 @@ choice
endchoice
+config CC_HAS_SANCOV_STACK_DEPTH_CALLBACK
+ def_bool $(cc-option,-fsanitize-coverage-stack-depth-callback-min=1)
+
config KSTACK_ERASE
bool "Poison kernel stack before returning from syscalls"
depends on HAVE_ARCH_KSTACK_ERASE
- depends on GCC_PLUGINS
+ depends on GCC_PLUGINS || CC_HAS_SANCOV_STACK_DEPTH_CALLBACK
help
This option makes the kernel erase the kernel stack before
returning from system calls. This has the effect of leaving
diff --git a/scripts/Makefile.kstack_erase b/scripts/Makefile.kstack_erase
index 5223d3a35817..c7bc2379e113 100644
--- a/scripts/Makefile.kstack_erase
+++ b/scripts/Makefile.kstack_erase
@@ -8,6 +8,12 @@ kstack-erase-cflags-$(CONFIG_GCC_PLUGIN_STACKLEAK_VERBOSE) += -fplugin-arg-stack
DISABLE_KSTACK_ERASE := -fplugin-arg-stackleak_plugin-disable
endif
+ifdef CONFIG_CC_IS_CLANG
+kstack-erase-cflags-y += -fsanitize-coverage=stack-depth
+kstack-erase-cflags-y += -fsanitize-coverage-stack-depth-callback-min=$(CONFIG_KSTACK_ERASE_TRACK_MIN_SIZE)
+DISABLE_KSTACK_ERASE := -fno-sanitize-coverage=stack-depth
+endif
+
KSTACK_ERASE_CFLAGS := $(kstack-erase-cflags-y)
export STACKLEAK_CFLAGS DISABLE_KSTACK_ERASE
--
2.34.1
next prev parent reply other threads:[~2025-07-24 9:02 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-24 5:50 [PATCH v4 0/4] stackleak: Support Clang stack depth tracking Kees Cook
2025-07-24 5:50 ` Kees Cook
2025-07-24 5:50 ` [PATCH v4 1/4] arm64: Handle KCOV __init vs inline mismatches Kees Cook
2025-07-24 5:50 ` Kees Cook
2025-07-29 8:10 ` Will Deacon
2025-07-29 8:10 ` Will Deacon
2025-07-24 5:50 ` [PATCH v4 2/4] x86: " Kees Cook
2025-07-24 5:50 ` Kees Cook
2025-07-29 8:28 ` Mike Rapoport
2025-07-29 8:28 ` Mike Rapoport
2025-07-29 9:34 ` Arnd Bergmann
2025-07-29 9:34 ` Arnd Bergmann
2025-07-24 5:50 ` [PATCH v4 3/4] init.h: Disable sanitizer coverage for __init and __head Kees Cook
2025-07-24 5:50 ` Kees Cook
2025-07-25 0:44 ` kernel test robot
2025-07-24 5:50 ` Kees Cook [this message]
2025-07-24 5:50 ` [PATCH v4 4/4] kstack_erase: Support Clang stack depth tracking Kees Cook
2025-07-24 13:08 ` Nicolas Schier
2025-07-24 13:08 ` Nicolas Schier
2025-07-26 0:43 ` [PATCH v4 0/4] stackleak: " Nathan Chancellor
2025-07-26 0:43 ` Nathan Chancellor
2025-07-26 6:27 ` Kees Cook
2025-07-26 6:27 ` Kees Cook
2025-07-26 21:47 ` Kees Cook
2025-07-26 21:47 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250724055029.3623499-4-kees@kernel.org \
--to=kees@kernel.org \
--cc=Jonathan.Cameron@huawei.com \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@gmail.com \
--cc=andriy.shevchenko@linux.intel.com \
--cc=anshuman.khandual@arm.com \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=bhe@redhat.com \
--cc=boqun.feng@gmail.com \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=catalin.marinas@arm.com \
--cc=changyuanl@google.com \
--cc=christophe.leroy@csgroup.eu \
--cc=dave.hansen@linux.intel.com \
--cc=dwmw@amazon.co.uk \
--cc=elver@google.com \
--cc=graf@amazon.com \
--cc=gshan@redhat.com \
--cc=gustavoars@kernel.org \
--cc=hansg@kernel.org \
--cc=hmh@hmh.eng.br \
--cc=houwenlong.hwl@antgroup.com \
--cc=hpa@zytor.com \
--cc=ibm-acpi-devel@lists.sourceforge.net \
--cc=ilpo.jarvinen@linux.intel.com \
--cc=james.morse@arm.com \
--cc=jbeulich@suse.com \
--cc=jgross@suse.com \
--cc=jmorris@namei.org \
--cc=justinstitt@google.com \
--cc=kas@kernel.org \
--cc=kasan-dev@googlegroups.com \
--cc=kexec@lists.infradead.org \
--cc=kvm@vger.kernel.org \
--cc=lenb@kernel.org \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=llvm@lists.linux.dev \
--cc=luto@kernel.org \
--cc=maobibo@loongson.cn \
--cc=masahiroy@kernel.org \
--cc=mcgrof@kernel.org \
--cc=mhiramat@kernel.org \
--cc=michal.wilczynski@intel.com \
--cc=mingo@redhat.com \
--cc=morbo@google.com \
--cc=nathan@kernel.org \
--cc=nick.desaulniers+lkml@gmail.com \
--cc=nicolas.schier@linux.dev \
--cc=paul@paul-moore.com \
--cc=paulmck@kernel.org \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=platform-driver-x86@vger.kernel.org \
--cc=quic_poza@quicinc.com \
--cc=rafael@kernel.org \
--cc=rmk+kernel@armlinux.org.uk \
--cc=roger.pau@citrix.com \
--cc=rppt@kernel.org \
--cc=ryabinin.a.a@gmail.com \
--cc=samitolvanen@google.com \
--cc=serge@hallyn.com \
--cc=tglx@linutronix.de \
--cc=thuth@redhat.com \
--cc=usama.arif@bytedance.com \
--cc=viresh.kumar@linaro.org \
--cc=vkuznets@redhat.com \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.