sys/conf: Introduce NOSAN_CFLAGS and NOSAN_C

To simplify disabling the kernel sanitizers in some files add
NOSAN_CFLAGS and NOSAN_C variables. These are CFLAGS and NORMAL_C with
the sanitizer flags removed.

While here add MSAN_CFLAGS to simplify keeping KMSAN in kern_kcov.c

Reviewed by:	khng, brooks, imp, markj
Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D45498
This commit is contained in:
Andrew Turner
2024-08-19 13:53:27 +01:00
parent 4132c4be4c
commit 12a6257a96
8 changed files with 29 additions and 26 deletions
+5 -5
View File
@@ -3811,7 +3811,7 @@ kern/kern_idle.c standard
kern/kern_intr.c standard
kern/kern_jail.c standard
kern/kern_kcov.c optional kcov \
compile-with "${NORMAL_C:N-fsanitize*} ${NORMAL_C:M-fsanitize=kernel-memory}"
compile-with "${NOSAN_C} ${MSAN_CFLAGS}"
kern/kern_khelp.c standard
kern/kern_kthread.c standard
kern/kern_ktr.c optional ktr
@@ -3879,7 +3879,7 @@ kern/stack_protector.c standard \
kern/subr_acl_nfs4.c optional ufs_acl | zfs
kern/subr_acl_posix1e.c optional ufs_acl
kern/subr_asan.c optional kasan \
compile-with "${NORMAL_C:N-fsanitize*:N-fstack-protector*}"
compile-with "${NOSAN_C:N-fstack-protector*}"
kern/subr_autoconf.c standard
kern/subr_blist.c standard
kern/subr_boot.c standard
@@ -3891,10 +3891,10 @@ kern/subr_clock.c standard
kern/subr_compressor.c standard \
compile-with "${NORMAL_C} -I$S/contrib/zstd/lib/freebsd"
kern/subr_coverage.c optional coverage \
compile-with "${NORMAL_C:N-fsanitize*:N-fno-sanitize*}"
compile-with "${NOSAN_C}"
kern/subr_counter.c standard
kern/subr_csan.c optional kcsan \
compile-with "${NORMAL_C:N-fsanitize*:N-fstack-protector*}"
compile-with "${NOSAN_C:N-fstack-protector*}"
kern/subr_devstat.c standard
kern/subr_disk.c standard
kern/subr_early.c standard
@@ -3914,7 +3914,7 @@ kern/subr_mchain.c optional libmchain
kern/subr_memdesc.c standard
kern/subr_module.c standard
kern/subr_msan.c optional kmsan \
compile-with "${NORMAL_C:N-fsanitize*:N-fno-sanitize*:N-fstack-protector*}"
compile-with "${NOSAN_C:N-fstack-protector*}"
kern/subr_msgbuf.c standard
kern/subr_param.c standard
kern/subr_pcpu.c standard
+3 -3
View File
@@ -81,7 +81,7 @@ arm64/arm64/trap.c standard
arm64/arm64/uio_machdep.c standard
arm64/arm64/undefined.c standard
arm64/arm64/unwind.c optional ddb | kdtrace_hooks | stack \
compile-with "${NORMAL_C:N-fsanitize*:N-fno-sanitize*}"
compile-with "${NOSAN_C}"
arm64/arm64/vfp.c standard
arm64/arm64/vm_machdep.c standard
@@ -124,10 +124,10 @@ arm64/vmm/vmm_arm64.c optional vmm
arm64/vmm/vmm_reset.c optional vmm
arm64/vmm/vmm_call.S optional vmm
arm64/vmm/vmm_hyp_exception.S optional vmm \
compile-with "${NORMAL_C:N-fsanitize*:N-fno-sanitize*:N-mbranch-protection*} -fpie" \
compile-with "${NOSAN_C:N-mbranch-protection*} -fpie" \
no-obj
arm64/vmm/vmm_hyp.c optional vmm \
compile-with "${NORMAL_C:N-fsanitize*:N-fno-sanitize*:N-mbranch-protection*} -fpie" \
compile-with "${NOSAN_C:N-mbranch-protection*} -fpie" \
no-obj
vmm_hyp_blob.elf.full optional vmm \
dependency "vmm_hyp.o vmm_hyp_exception.o" \
+2
View File
@@ -294,6 +294,8 @@ CSTD?= gnu99
CFLAGS+= -std=${CSTD}
.endif # CSTD
NOSAN_CFLAGS= ${CFLAGS:N-fsanitize*:N-fno-sanitize*:N-fasan-shadow-offset*}
# Please keep this if in sync with bsd.sys.mk
.if ${LD} != "ld" && (${CC:[1]:H} != ${LD:[1]:H} || ${LD:[1]:T} != "ld")
# Add -fuse-ld=${LD} if $LD is in a different directory or not called "ld".
+3 -3
View File
@@ -245,21 +245,21 @@ offset.inc: $S/kern/genoffset.sh genoffset.o
NM='${NM}' NMFLAGS='${NMFLAGS}' sh $S/kern/genoffset.sh genoffset.o > ${.TARGET}
genoffset.o: $S/kern/genoffset.c
${CC} -c ${CFLAGS:N-flto*:N-fno-common:N-fsanitize*:N-fno-sanitize*} \
${CC} -c ${NOSAN_CFLAGS:N-flto*:N-fno-common} \
-fcommon $S/kern/genoffset.c
# genoffset_test.o is not actually used for anything - the point of compiling it
# is to exercise the CTASSERT that checks that the offsets in the offset.inc
# _lite struct(s) match those in the original(s).
genoffset_test.o: $S/kern/genoffset.c offset.inc
${CC} -c ${CFLAGS:N-flto*:N-fno-common:N-fsanitize*:N-fno-sanitize*} \
${CC} -c ${NOSAN_CFLAGS:N-flto*:N-fno-common} \
-fcommon -DOFFSET_TEST $S/kern/genoffset.c -o ${.TARGET}
assym.inc: $S/kern/genassym.sh genassym.o genoffset_test.o
NM='${NM}' NMFLAGS='${NMFLAGS}' sh $S/kern/genassym.sh genassym.o > ${.TARGET}
genassym.o: $S/$M/$M/genassym.c offset.inc
${CC} -c ${CFLAGS:N-flto*:N-fno-common:N-fsanitize*:N-fno-sanitize*} \
${CC} -c ${NOSAN_CFLAGS:N-flto*:N-fno-common} \
-fcommon $S/$M/$M/genassym.c
OBJS_DEPEND_GUESS+= opt_global.h
+7 -2
View File
@@ -129,11 +129,12 @@ KMSAN_ENABLED!= grep KMSAN opt_global.h || true ; echo
.if !empty(KMSAN_ENABLED)
# Disable -fno-sanitize-memory-param-retval until interceptors have been
# updated to work properly with it.
SAN_CFLAGS+= -DSAN_NEEDS_INTERCEPTORS -DSAN_INTERCEPTOR_PREFIX=kmsan \
MSAN_CFLAGS+= -DSAN_NEEDS_INTERCEPTORS -DSAN_INTERCEPTOR_PREFIX=kmsan \
-fsanitize=kernel-memory
.if ${COMPILER_TYPE} == "clang" && ${COMPILER_VERSION} >= 160000
SAN_CFLAGS+= -fno-sanitize-memory-param-retval
MSAN_CFLAGS+= -fno-sanitize-memory-param-retval
.endif
SAN_CFLAGS+= ${MSAN_CFLAGS}
.endif
KUBSAN_ENABLED!= grep KUBSAN opt_global.h || true ; echo
@@ -212,6 +213,10 @@ NORMAL_FWO= ${CC:N${CCACHE_BIN}} -c ${ASM_CFLAGS} ${WERROR} -o ${.TARGET} \
$S/kern/firmw.S -DFIRMW_FILE=\""${.ALLSRC:M*.fw}"\" \
-DFIRMW_SYMBOL="${.ALLSRC:M*.fw:C/[-.\/]/_/g}"
# Remove sanitizer arguments. Some -fno-sanitize* and -fasan-shadow-offset*
# arguments become an error if the appropriate sanitizer is not enabled.
NOSAN_C= ${NORMAL_C:N-fsanitize*:N-fno-sanitize*:N-fasan-shadow-offset*}
# for ZSTD in the kernel (include zstd/lib/freebsd before other CFLAGS)
ZSTD_C= ${CC} -c -DZSTD_HEAPMODE=1 -I$S/contrib/zstd/lib/freebsd ${CFLAGS} \
-I$S/contrib/zstd/lib -I$S/contrib/zstd/lib/common ${WERROR} \
+2 -2
View File
@@ -526,13 +526,13 @@ assym.inc: ${SYSDIR}/kern/genassym.sh
sh ${SYSDIR}/kern/genassym.sh genassym.o > ${.TARGET}
genassym.o: ${SYSDIR}/${MACHINE}/${MACHINE}/genassym.c offset.inc
genassym.o: ${SRCS:Mopt_*.h}
${CC} -c ${CFLAGS:N-flto*:N-fno-common:N-fsanitize*:N-fno-sanitize*} -fcommon \
${CC} -c ${NOSAN_CFLAGS:N-flto*:N-fno-common} -fcommon \
${SYSDIR}/${MACHINE}/${MACHINE}/genassym.c
offset.inc: ${SYSDIR}/kern/genoffset.sh genoffset.o
sh ${SYSDIR}/kern/genoffset.sh genoffset.o > ${.TARGET}
genoffset.o: ${SYSDIR}/kern/genoffset.c
genoffset.o: ${SRCS:Mopt_*.h}
${CC} -c ${CFLAGS:N-flto*:N-fno-common:N-fsanitize*:N-fno-sanitize*} -fcommon \
${CC} -c ${NOSAN_CFLAGS:N-flto*:N-fno-common} -fcommon \
${SYSDIR}/kern/genoffset.c
CLEANDEPENDFILES+= ${_ILINKS}
+1 -2
View File
@@ -89,8 +89,7 @@ linux_support.o: linux_support.S assym.inc linux_assym.h
${.ALLSRC:M*.S:u} -o ${.TARGET}
linux_genassym.o: offset.inc
${CC} -c ${CFLAGS:N-flto*:N-fno-common:N-fsanitize*:N-fno-sanitize*} \
-fcommon ${.IMPSRC}
${CC} -c ${NOSAN_CFLAGS:N-flto*:N-fno-common} -fcommon ${.IMPSRC}
.if !defined(KERNBUILDDIR)
.warning Building Linuxulator outside of a kernel does not make sense
+6 -9
View File
@@ -44,12 +44,11 @@ CLEANFILES+= vmm_hyp_blob.elf vmm_hyp_blob.bin
vmm_hyp_exception.o: vmm_hyp_exception.S
${CC} -c -x assembler-with-cpp -DLOCORE \
${CFLAGS:N-fsanitize*:N-fno-sanitize*:N-mbranch-protection*} \
${.IMPSRC} -o ${.TARGET} -fpie
${NOSAN_CFLAGS:N-mbranch-protection*} ${.IMPSRC} -o ${.TARGET} -fpie
vmm_hyp.o: vmm_hyp.c
${CC} -c ${CFLAGS:N-fsanitize*:N-fno-sanitize*:N-mbranch-protection*} \
${.IMPSRC} -o ${.TARGET} -fpie
${CC} -c ${NOSAN_CFLAGS:N-mbranch-protection*} ${.IMPSRC} \
-o ${.TARGET} -fpie
vmm_hyp_blob.elf.full: vmm_hyp_exception.o vmm_hyp.o
${LD} -m ${LD_EMULATION} -Bdynamic -L ${SYSDIR}/conf -T ${SYSDIR}/conf/ldscript.arm64 \
@@ -135,14 +134,12 @@ svm_support.o:
${.IMPSRC} -o ${.TARGET}
hyp_genassym.o: offset.inc
${CC} -c ${CFLAGS:N-flto:N-fno-common} -fcommon ${.IMPSRC}
${CC} -c ${NOSAN_CFLAGS:N-flto:N-fno-common} -fcommon ${.IMPSRC}
vmx_genassym.o: offset.inc
${CC} -c ${CFLAGS:N-flto*:N-fno-common:N-fsanitize*:N-fno-sanitize*} \
-fcommon ${.IMPSRC}
${CC} -c ${NOSAN_CFLAGS:N-flto*:N-fno-common} -fcommon ${.IMPSRC}
svm_genassym.o: offset.inc
${CC} -c ${CFLAGS:N-flto*:N-fno-common:N-fsanitize*:N-fno-sanitize*} \
-fcommon ${.IMPSRC}
${CC} -c ${NOSAN_CFLAGS:N-flto*:N-fno-common} -fcommon ${.IMPSRC}
.include <bsd.kmod.mk>