Re: [PATCH 0/3] kbuild: remove many tool coverage variables

From: Masahiro Yamada <masahiroy@kernel.org>
To: Marco Elver <elver@google.com>
Cc: Kees Cook <keescook@chromium.org>,
	linux-kbuild@vger.kernel.org,  linux-arch@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	 Andrey Ryabinin <ryabinin.a.a@gmail.com>,
	Alexander Potapenko <glider@google.com>,
	 Andrey Konovalov <andreyknvl@gmail.com>,
	Dmitry Vyukov <dvyukov@google.com>,
	 Vincenzo Frascino <vincenzo.frascino@arm.com>,
	Josh Poimboeuf <jpoimboe@kernel.org>,
	 Peter Zijlstra <peterz@infradead.org>,
	Peter Oberparleiter <oberpar@linux.ibm.com>,
	 Roberto Sassu <roberto.sassu@huaweicloud.com>,
	Johannes Berg <johannes@sipsolutions.net>,
	 kasan-dev@googlegroups.com, linux-hardening@vger.kernel.org
Subject: Re: [PATCH 0/3] kbuild: remove many tool coverage variables
Date: Tue, 14 May 2024 07:50:59 +0900	[thread overview]
Message-ID: <CAK7LNATvr9-K2Hwv=Qx9stSTyFTC8Bc7EAHemVnCSo-geZUL+A@mail.gmail.com> (raw)
In-Reply-To: <CANpmjNO=v=CV2Z_PGFu6ChfALiWJo3CJBDnWqUdqobO5X_62cA@mail.gmail.com>

On Tue, May 14, 2024 at 4:55 AM Marco Elver <elver@google.com> wrote:
>
> On Mon, 13 May 2024 at 20:48, Kees Cook <keescook@chromium.org> wrote:
> >
> > In the future can you CC the various maintainers of the affected
> > tooling? :)
> >
> > On Mon, May 06, 2024 at 10:35:41PM +0900, Masahiro Yamada wrote:
> > >
> > > This patch set removes many instances of the following variables:
> > >
> > >   - OBJECT_FILES_NON_STANDARD
> > >   - KASAN_SANITIZE
> > >   - UBSAN_SANITIZE
> > >   - KCSAN_SANITIZE
> > >   - KMSAN_SANITIZE
> > >   - GCOV_PROFILE
> > >   - KCOV_INSTRUMENT
> > >
> > > Such tools are intended only for kernel space objects, most of which
> > > are listed in obj-y, lib-y, or obj-m.
>
> I welcome the simplification, but see below.
>
> > This is a reasonable assertion, and the changes really simplify things
> > now and into the future. Thanks for finding such a clean solution! I
> > note that it also immediately fixes the issue noticed and fixed here:
> > https://lore.kernel.org/all/20240513122754.1282833-1-roberto.sassu@huaweicloud.com/
> >
> > > The best guess is, objects in $(obj-y), $(lib-y), $(obj-m) can opt in
> > > such tools. Otherwise, not.
> > >
> > > This works in most places.
> >
> > I am worried about the use of "guess" and "most", though. :) Before, we
> > had some clear opt-out situations, and now it's more of a side-effect. I
> > think this is okay, but I'd really like to know more about your testing.
> >
> > It seems like you did build testing comparing build flags, since you
> > call out some of the explicit changes in patch 2, quoting:
> >
> > >  - include arch/mips/vdso/vdso-image.o into UBSAN, GCOV, KCOV
> > >  - include arch/sparc/vdso/vdso-image-*.o into UBSAN
> > >  - include arch/sparc/vdso/vma.o into UBSAN
> > >  - include arch/x86/entry/vdso/extable.o into KASAN, KCSAN, UBSAN, GCOV, KCOV
> > >  - include arch/x86/entry/vdso/vdso-image-*.o into KASAN, KCSAN, UBSAN, GCOV, KCOV
> > >  - include arch/x86/entry/vdso/vdso32-setup.o into KASAN, KCSAN, UBSAN, GCOV, KCOV
> > >  - include arch/x86/entry/vdso/vma.o into GCOV, KCOV
> > >  - include arch/x86/um/vdso/vma.o into KASAN, GCOV, KCOV
> >
> > I would agree that these cases are all likely desirable.
> >
> > Did you find any cases where you found that instrumentation was _removed_
> > where not expected?
>
> In addition, did you boot test these kernels?

No. I didn't.

> While I currently don't
> recall if the vdso code caused us problems (besides the linking
> problem for non-kernel objects), anything that is opted out from
> instrumentation in arch/ code needs to be carefully tested if it
> should be opted back into instrumentation. We had many fun hours
> debugging boot hangs or other recursion issues due to instrumented
> arch code.

As I replied to Kees, I checked the diff of .*.cmd files.

I believe checking the compiler flags for every object
is comprehensive testing.

If the same set of compiler flags is passed,
the same build artifact is generated.

-- 
Best Regards
Masahiro Yamada