* [PATCHv2] kcov: reject open when kernel not instrumented
@ 2016-06-15 17:04 Mark Rutland
2016-06-15 19:16 ` Dmitry Vyukov
2016-06-16 10:09 ` James Morse
0 siblings, 2 replies; 4+ messages in thread
From: Mark Rutland @ 2016-06-15 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Mark Rutland, Alexander Potapenko, Andrew Morton, Dmitry Vyukov,
James Morse, Kees Cook, Michal Marek
If the toolchain does not support -fsanitize-coverage=trace-pc, we blat
this option from CFLAGS_KCOV, and build the kernel without
instrumentation, even if CONFIG_KCOV was selected. However, we still
build the rest of the kcov infrastructure, and expose a kcov file under
debugfs. This can be confusing, as the kernel will appear to support
kcov, yet will never manage to sample any trace PC values. While we do
note this fact at build time, this may be missed, and a user may not
have access to build logs.
This patch ensures that CC_HAVE_SANCOV_TRACE_PC is defined when the
toolchain supports -fsanitize-coverage=trace-pc, and is not defined
otherwise. When CC_HAVE_SANCOV_TRACE_PC is not defined, the kernel will
return -ENOTSUPP if userspace attempts to open the kcov debugfs file,
indicating that kcov functionality is unavailable.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: James Morse <james.morse@arm.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Michal Marek <mmarek@suse.com>
Cc: linux-kernel@vger.kernel.org
---
Makefile | 2 +-
kernel/kcov.c | 9 +++++++++
2 files changed, 10 insertions(+), 1 deletion(-)
Since v1 [1]:
* Use CC_HAVE_SANCOV_TRACE_PC rather than CONFIG_KCOV_CC
[1] lkml.kernel.org/r/1466005756-15626-1-git-send-email-mark.rutland@arm.com
diff --git a/Makefile b/Makefile
index 0f70de6..3785a63 100644
--- a/Makefile
+++ b/Makefile
@@ -369,7 +369,7 @@ LDFLAGS_MODULE =
CFLAGS_KERNEL =
AFLAGS_KERNEL =
CFLAGS_GCOV = -fprofile-arcs -ftest-coverage -fno-tree-loop-im -Wno-maybe-uninitialized
-CFLAGS_KCOV = -fsanitize-coverage=trace-pc
+CFLAGS_KCOV = -fsanitize-coverage=trace-pc -DCC_HAVE_SANCOV_TRACE_PC
# Use USERINCLUDE when you must reference the UAPI directories only.
diff --git a/kernel/kcov.c b/kernel/kcov.c
index a02f2dd..0a0b164 100644
--- a/kernel/kcov.c
+++ b/kernel/kcov.c
@@ -3,6 +3,7 @@
#define DISABLE_BRANCH_PROFILING
#include <linux/compiler.h>
#include <linux/types.h>
+#include <linux/errno.h>
#include <linux/file.h>
#include <linux/fs.h>
#include <linux/mm.h>
@@ -160,6 +161,14 @@ static int kcov_open(struct inode *inode, struct file *filep)
{
struct kcov *kcov;
+#ifndef CC_HAVE_SANCOV_TRACE_PC
+ /*
+ * CONFIG_KCOV was selected, but the compiler does not support the
+ * options KCOV requires.
+ */
+ return -ENOTSUPP;
+#endif /* CC_HAVE_SANCOV_TRACE_PC */
+
kcov = kzalloc(sizeof(*kcov), GFP_KERNEL);
if (!kcov)
return -ENOMEM;
--
1.9.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCHv2] kcov: reject open when kernel not instrumented
2016-06-15 17:04 [PATCHv2] kcov: reject open when kernel not instrumented Mark Rutland
@ 2016-06-15 19:16 ` Dmitry Vyukov
2016-06-16 10:09 ` James Morse
1 sibling, 0 replies; 4+ messages in thread
From: Dmitry Vyukov @ 2016-06-15 19:16 UTC (permalink / raw)
To: Mark Rutland
Cc: LKML, Alexander Potapenko, Andrew Morton, James Morse, Kees Cook,
Michal Marek
On Wed, Jun 15, 2016 at 7:04 PM, Mark Rutland <mark.rutland@arm.com> wrote:
> If the toolchain does not support -fsanitize-coverage=trace-pc, we blat
> this option from CFLAGS_KCOV, and build the kernel without
> instrumentation, even if CONFIG_KCOV was selected. However, we still
> build the rest of the kcov infrastructure, and expose a kcov file under
> debugfs. This can be confusing, as the kernel will appear to support
> kcov, yet will never manage to sample any trace PC values. While we do
> note this fact at build time, this may be missed, and a user may not
> have access to build logs.
>
> This patch ensures that CC_HAVE_SANCOV_TRACE_PC is defined when the
> toolchain supports -fsanitize-coverage=trace-pc, and is not defined
> otherwise. When CC_HAVE_SANCOV_TRACE_PC is not defined, the kernel will
> return -ENOTSUPP if userspace attempts to open the kcov debugfs file,
> indicating that kcov functionality is unavailable.
>
> Signed-off-by: Mark Rutland <mark.rutland@arm.com>
> Cc: Alexander Potapenko <glider@google.com>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Dmitry Vyukov <dvyukov@google.com>
> Cc: James Morse <james.morse@arm.com>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Michal Marek <mmarek@suse.com>
> Cc: linux-kernel@vger.kernel.org
> ---
> Makefile | 2 +-
> kernel/kcov.c | 9 +++++++++
> 2 files changed, 10 insertions(+), 1 deletion(-)
>
> Since v1 [1]:
> * Use CC_HAVE_SANCOV_TRACE_PC rather than CONFIG_KCOV_CC
>
> [1] lkml.kernel.org/r/1466005756-15626-1-git-send-email-mark.rutland@arm.com
>
> diff --git a/Makefile b/Makefile
> index 0f70de6..3785a63 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -369,7 +369,7 @@ LDFLAGS_MODULE =
> CFLAGS_KERNEL =
> AFLAGS_KERNEL =
> CFLAGS_GCOV = -fprofile-arcs -ftest-coverage -fno-tree-loop-im -Wno-maybe-uninitialized
> -CFLAGS_KCOV = -fsanitize-coverage=trace-pc
> +CFLAGS_KCOV = -fsanitize-coverage=trace-pc -DCC_HAVE_SANCOV_TRACE_PC
>
>
> # Use USERINCLUDE when you must reference the UAPI directories only.
> diff --git a/kernel/kcov.c b/kernel/kcov.c
> index a02f2dd..0a0b164 100644
> --- a/kernel/kcov.c
> +++ b/kernel/kcov.c
> @@ -3,6 +3,7 @@
> #define DISABLE_BRANCH_PROFILING
> #include <linux/compiler.h>
> #include <linux/types.h>
> +#include <linux/errno.h>
> #include <linux/file.h>
> #include <linux/fs.h>
> #include <linux/mm.h>
> @@ -160,6 +161,14 @@ static int kcov_open(struct inode *inode, struct file *filep)
> {
> struct kcov *kcov;
>
> +#ifndef CC_HAVE_SANCOV_TRACE_PC
> + /*
> + * CONFIG_KCOV was selected, but the compiler does not support the
> + * options KCOV requires.
> + */
> + return -ENOTSUPP;
> +#endif /* CC_HAVE_SANCOV_TRACE_PC */
> +
> kcov = kzalloc(sizeof(*kcov), GFP_KERNEL);
> if (!kcov)
> return -ENOMEM;
Looks good to me.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCHv2] kcov: reject open when kernel not instrumented
2016-06-15 17:04 [PATCHv2] kcov: reject open when kernel not instrumented Mark Rutland
2016-06-15 19:16 ` Dmitry Vyukov
@ 2016-06-16 10:09 ` James Morse
2016-06-16 10:28 ` Mark Rutland
1 sibling, 1 reply; 4+ messages in thread
From: James Morse @ 2016-06-16 10:09 UTC (permalink / raw)
To: Mark Rutland
Cc: linux-kernel, Alexander Potapenko, Andrew Morton, Dmitry Vyukov,
Kees Cook, Michal Marek
Hi Mark,
On 15/06/16 18:04, Mark Rutland wrote:
> If the toolchain does not support -fsanitize-coverage=trace-pc, we blat
> this option from CFLAGS_KCOV, and build the kernel without
> instrumentation, even if CONFIG_KCOV was selected. However, we still
> build the rest of the kcov infrastructure, and expose a kcov file under
> debugfs. This can be confusing, as the kernel will appear to support
> kcov, yet will never manage to sample any trace PC values. While we do
> note this fact at build time, this may be missed, and a user may not
> have access to build logs.
>
> This patch ensures that CC_HAVE_SANCOV_TRACE_PC is defined when the
> toolchain supports -fsanitize-coverage=trace-pc, and is not defined
> otherwise. When CC_HAVE_SANCOV_TRACE_PC is not defined, the kernel will
> return -ENOTSUPP if userspace attempts to open the kcov debugfs file,
> indicating that kcov functionality is unavailable.
> diff --git a/Makefile b/Makefile
> index 0f70de6..3785a63 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -369,7 +369,7 @@ LDFLAGS_MODULE =
> CFLAGS_KERNEL =
> AFLAGS_KERNEL =
> CFLAGS_GCOV = -fprofile-arcs -ftest-coverage -fno-tree-loop-im -Wno-maybe-uninitialized
> -CFLAGS_KCOV = -fsanitize-coverage=trace-pc
> +CFLAGS_KCOV = -fsanitize-coverage=trace-pc -DCC_HAVE_SANCOV_TRACE_PC
>
>
> # Use USERINCLUDE when you must reference the UAPI directories only.
> diff --git a/kernel/kcov.c b/kernel/kcov.c
> index a02f2dd..0a0b164 100644
> --- a/kernel/kcov.c
> +++ b/kernel/kcov.c
> @@ -3,6 +3,7 @@
> #define DISABLE_BRANCH_PROFILING
> #include <linux/compiler.h>
> #include <linux/types.h>
> +#include <linux/errno.h>
> #include <linux/file.h>
> #include <linux/fs.h>
> #include <linux/mm.h>
> @@ -160,6 +161,14 @@ static int kcov_open(struct inode *inode, struct file *filep)
> {
> struct kcov *kcov;
>
> +#ifndef CC_HAVE_SANCOV_TRACE_PC
I don't think this will work as kernel/kcov.c is listed in the Makefile as:
> # Don't self-instrument.
> KCOV_INSTRUMENT_kcov.o := n
This will cause the build machinery in scripts/Makefile.lib to not give
kernel/kcov.c the CFLAGS_KCOV contents:
> ifeq ($(CONFIG_KCOV),y)
> _c_flags += $(if $(patsubst n%,, \
> $(KCOV_INSTRUMENT_$(basetarget).o)$(KCOV_INSTRUMENT)y), \
> $(CFLAGS_KCOV))
> endif
... so kernel/kcov.c will never see anything in CFLAGS_KCOV ...
An alternative would be to add the flag to the compiler test that generates the
'not supported' warning, but it needs to go in another CFLAGS variable.
Something like:
-------------------%<-------------------
diff --git a/Makefile b/Makefile
@@ -687,6 +687,8 @@ ifdef CONFIG_KCOV
$(warning Cannot use CONFIG_KCOV: \
-fsanitize-coverage=trace-pc is not supported by compiler)
CFLAGS_KCOV =
+ else
+ KBUILD_CFLAGS += -DCC_HAVE_SANCOV_TRACE_PC
endif
endif
-------------------%<-------------------
Thanks,
James
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCHv2] kcov: reject open when kernel not instrumented
2016-06-16 10:09 ` James Morse
@ 2016-06-16 10:28 ` Mark Rutland
0 siblings, 0 replies; 4+ messages in thread
From: Mark Rutland @ 2016-06-16 10:28 UTC (permalink / raw)
To: James Morse
Cc: linux-kernel, Alexander Potapenko, Andrew Morton, Dmitry Vyukov,
Kees Cook, Michal Marek
On Thu, Jun 16, 2016 at 11:09:37AM +0100, James Morse wrote:
> Hi Mark,
>
> On 15/06/16 18:04, Mark Rutland wrote:
> > If the toolchain does not support -fsanitize-coverage=trace-pc, we blat
> > this option from CFLAGS_KCOV, and build the kernel without
> > instrumentation, even if CONFIG_KCOV was selected. However, we still
> > build the rest of the kcov infrastructure, and expose a kcov file under
> > debugfs. This can be confusing, as the kernel will appear to support
> > kcov, yet will never manage to sample any trace PC values. While we do
> > note this fact at build time, this may be missed, and a user may not
> > have access to build logs.
> >
> > This patch ensures that CC_HAVE_SANCOV_TRACE_PC is defined when the
> > toolchain supports -fsanitize-coverage=trace-pc, and is not defined
> > otherwise. When CC_HAVE_SANCOV_TRACE_PC is not defined, the kernel will
> > return -ENOTSUPP if userspace attempts to open the kcov debugfs file,
> > indicating that kcov functionality is unavailable.
>
> > diff --git a/Makefile b/Makefile
> > index 0f70de6..3785a63 100644
> > --- a/Makefile
> > +++ b/Makefile
> > @@ -369,7 +369,7 @@ LDFLAGS_MODULE =
> > CFLAGS_KERNEL =
> > AFLAGS_KERNEL =
> > CFLAGS_GCOV = -fprofile-arcs -ftest-coverage -fno-tree-loop-im -Wno-maybe-uninitialized
> > -CFLAGS_KCOV = -fsanitize-coverage=trace-pc
> > +CFLAGS_KCOV = -fsanitize-coverage=trace-pc -DCC_HAVE_SANCOV_TRACE_PC
> >
> >
> > # Use USERINCLUDE when you must reference the UAPI directories only.
> > diff --git a/kernel/kcov.c b/kernel/kcov.c
> > index a02f2dd..0a0b164 100644
> > --- a/kernel/kcov.c
> > +++ b/kernel/kcov.c
> > @@ -3,6 +3,7 @@
> > #define DISABLE_BRANCH_PROFILING
> > #include <linux/compiler.h>
> > #include <linux/types.h>
> > +#include <linux/errno.h>
> > #include <linux/file.h>
> > #include <linux/fs.h>
> > #include <linux/mm.h>
> > @@ -160,6 +161,14 @@ static int kcov_open(struct inode *inode, struct file *filep)
> > {
> > struct kcov *kcov;
> >
> > +#ifndef CC_HAVE_SANCOV_TRACE_PC
>
> I don't think this will work as kernel/kcov.c is listed in the Makefile as:
> > # Don't self-instrument.
> > KCOV_INSTRUMENT_kcov.o := n
>
>
> This will cause the build machinery in scripts/Makefile.lib to not give
> kernel/kcov.c the CFLAGS_KCOV contents:
> > ifeq ($(CONFIG_KCOV),y)
> > _c_flags += $(if $(patsubst n%,, \
> > $(KCOV_INSTRUMENT_$(basetarget).o)$(KCOV_INSTRUMENT)y), \
> > $(CFLAGS_KCOV))
> > endif
>
> ... so kernel/kcov.c will never see anything in CFLAGS_KCOV ...
Good spot!
Evidently I was trying to be overly clever here; my bad.
> An alternative would be to add the flag to the compiler test that generates the
> 'not supported' warning, but it needs to go in another CFLAGS variable.
> Something like:
>
> -------------------%<-------------------
> diff --git a/Makefile b/Makefile
> @@ -687,6 +687,8 @@ ifdef CONFIG_KCOV
> $(warning Cannot use CONFIG_KCOV: \
> -fsanitize-coverage=trace-pc is not supported by compiler)
> CFLAGS_KCOV =
> + else
> + KBUILD_CFLAGS += -DCC_HAVE_SANCOV_TRACE_PC
> endif
> endif
> -------------------%<-------------------
I'll fold the above in for v3.
Thanks,
Mark.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-06-16 10:28 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-15 17:04 [PATCHv2] kcov: reject open when kernel not instrumented Mark Rutland
2016-06-15 19:16 ` Dmitry Vyukov
2016-06-16 10:09 ` James Morse
2016-06-16 10:28 ` Mark Rutland
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).