Received: by 2002:ab2:6a05:0:b0:1f8:1780:a4ed with SMTP id w5csp2237418lqo; Mon, 13 May 2024 11:48:28 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVdtVurtpu3lVicvTsznbLG1175UPlUaeQh+KZRX+F+wP2RljVixOypWBzvWNUK+2HBoNLDYAqI/x+wr+hT5Qs4ts0S/RE0q4nx1Xhe0Q== X-Google-Smtp-Source: AGHT+IHYGtefFdADaIe7s8m3D87XkUZQECQPXcWWMMnRs6KFv4pUPkdhvflcfw/pZctH1lHG3Cuw X-Received: by 2002:a05:6a20:6a22:b0:1af:8e8d:cefd with SMTP id adf61e73a8af0-1afde1ddafdmr14552685637.51.1715626107969; Mon, 13 May 2024 11:48:27 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715626107; cv=pass; d=google.com; s=arc-20160816; b=mmzzcEdzPntk8F/nKYVVoGueyliNhCwK0wTxbPZOf3Cu5k4Y+ELH06NdZJvrSdr4ds dL53iGnNInclNg5Yg8rxLV8hiH4VGQbiuxTWoJAfvpdmd9utkkSJDUebnRJzzknuR8Wx SCXfuyWNJwUNLR8/YPgKf6tFiBT4EtSQieDz/oBtZNIwgJOKZ9cuuk/lERCUo6ovxo64 o4JMkSrG6Eb5ZXveiQ3yz/u0gB2KHBlLqoJN1VIXukrxQudUya2yhNjFewtP/7UuCN6V YvQXzTpZAqvZRInRscsD15GtQMnKC+yppcdi2U1chag3tliHbX/CL4h2/P7m/WhGyfxJ Qtyw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=YMCvolyyAMKqM2SEdNiyJ59O3X5pzLBrCG8ngReTAYg=; fh=fY8GoBl+7UHoQjbGNSxPVeM2U8GTQ7X8cgsF7iPymUU=; b=ABzdBowqEa2R9zo87YfXPgu07mxGJiyIkkR+/1o4Rq4G5ic+DuvczLGPz8sztrws2Q IBSXDV/nNFva4zw8fuLE6lKguYiAmGRX8F5GfyZYYobPWNjARCT37qDrX8zDQzoxx/6V /iASyjJu6FH0UQHW5xNZkWG41UOc3gSezRiRDd8bSiWuMwkuuWpJMMSojbvIooKAPb+S L2MX3up41CyYk9BHEcgNqF6JVJJjXhY76TQwpxC2tbC9URW4UxGmI/O4YddK5kXiQst8 Myy0qSjZhfZq2vey4xxyDaC+vORgMLfqmoXWVx39BKfMCasaGJPq7U1WPKBVGjNRvdLb 6etw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=kQv2VY3r; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-177985-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-177985-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id 98e67ed59e1d1-2b628a5d81fsi11347815a91.75.2024.05.13.11.48.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 May 2024 11:48:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-177985-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=kQv2VY3r; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-177985-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-177985-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 9080828146E for ; Mon, 13 May 2024 18:48:27 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 06E8E3C08A; Mon, 13 May 2024 18:48:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="kQv2VY3r" Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EA2D437153 for ; Mon, 13 May 2024 18:48:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.179 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715626098; cv=none; b=RHYofGHR0dJzsuAbRKps/oZFNaxjYh3Pbo3FVct0XmJfguD/4CCJu1KcbuMHk43WTVeNNlnXTYq9ExIcigRwGmlI9TX4+a4TESNIz7sUU90gNvIRTjZY5AEF5m3U3CnI3XDXgkxhfUsLZYhYWf2XDFYSg7wub5yMJmGK2H7/HL8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715626098; c=relaxed/simple; bh=6YuPwQ/qKNz8HYBBy+q1ODXRn/TuSyAWfvhMnueWmI0=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=B/9ja/u1d2FXtwe/wbjv1jz4dntZls/WU4fUYGCX2TsQAe25rThKxAaUL5U9xDTwBHhdsMapZsfp+uH1xGsrl/yhYidsRBMnBhV9Ah/UzH7H0pby+YpOmdChfEE1emP5Nct+ACQsWpIxvR15BxwUrzdMafMNKSdk5sSQtfyp+fY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=kQv2VY3r; arc=none smtp.client-ip=209.85.210.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Received: by mail-pf1-f179.google.com with SMTP id d2e1a72fcca58-6f44b390d5fso4035203b3a.3 for ; Mon, 13 May 2024 11:48:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1715626096; x=1716230896; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=YMCvolyyAMKqM2SEdNiyJ59O3X5pzLBrCG8ngReTAYg=; b=kQv2VY3rQSya4uXDs+ROzi24zH2iLgT/DDvwH/Ce3mPbBzuN22DIV9mdtqws4mVnkF P5sC+oDe+Ml5DxmUH4o3P8IJZgV/rJ+eG96FU7wXhtSXiDahLE59Dp8yFDbNyUmQd8y+ xxDUqgkheyCv22+fYmBxae2dszVx7POHu11TI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715626096; x=1716230896; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=YMCvolyyAMKqM2SEdNiyJ59O3X5pzLBrCG8ngReTAYg=; b=Y6HGeDhdJJjsL43/L7cex0gcH/pvj17b6ibHe87ccowIwnZcP/18VPshoWu+tlXYqF ljJ32NuKf05MUZXLWhpEpuwlpyZU2DoV5dMOYwjBRtMWTgOIrtA118SzD1c5ccxZTg+D 9V0WmdvL5by9rsH4uepjm4NicoIyWJ2FnDWji8Wt6Qq93qkGrDpCM0Komw2KUj1Yr8n6 5C5WeAGtG7v7WMaod7cPPteEW7EaIr1EblfBai50CoXth1t4LHStfWWq3SpqlNiZ/p9Z 0AaCYjyZJBjot7Qvi49+FyJtVazf1A6j/SxFHFGfrA64KD4vmQZrWGM9iGX0c3uYTsFK WlWg== X-Forwarded-Encrypted: i=1; AJvYcCXv7g+70bpuBVzZsm71wgMVa7DDe5ZP42epU7ZR3hGPTEhMA0pVB+huYSiTjCCRDxluMg4z26S2dhD9qTu0Ns0iH9y68z1LoYcVXe5S X-Gm-Message-State: AOJu0YzQqYEuQ/kbgbll6vuXN/tdZIPy7WoxNkY1dIN7qw4n6yuB2/Ny 5VUZomNGJM7DxK+CsYly9FyBOmRHTRHKM+RcdIU+PAXEDEzy5ywr/2ZnPsuV0g== X-Received: by 2002:a05:6a21:983:b0:1a7:a6f3:1827 with SMTP id adf61e73a8af0-1afde1b719fmr11220335637.46.1715626096189; Mon, 13 May 2024 11:48:16 -0700 (PDT) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-6f4d2a87bb1sm7697326b3a.87.2024.05.13.11.48.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 May 2024 11:48:15 -0700 (PDT) Date: Mon, 13 May 2024 11:48:14 -0700 From: Kees Cook To: Masahiro Yamada Cc: linux-kbuild@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org, Andrey Ryabinin , Alexander Potapenko , Andrey Konovalov , Dmitry Vyukov , Vincenzo Frascino , Marco Elver , Josh Poimboeuf , Peter Zijlstra , Peter Oberparleiter , Roberto Sassu , Johannes Berg , kasan-dev@googlegroups.com, linux-hardening@vger.kernel.org Subject: Re: [PATCH 0/3] kbuild: remove many tool coverage variables Message-ID: <202405131136.73E766AA8@keescook> References: <20240506133544.2861555-1-masahiroy@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240506133544.2861555-1-masahiroy@kernel.org> In the future can you CC the various maintainers of the affected tooling? :) On Mon, May 06, 2024 at 10:35:41PM +0900, Masahiro Yamada wrote: > > This patch set removes many instances of the following variables: > > - OBJECT_FILES_NON_STANDARD > - KASAN_SANITIZE > - UBSAN_SANITIZE > - KCSAN_SANITIZE > - KMSAN_SANITIZE > - GCOV_PROFILE > - KCOV_INSTRUMENT > > Such tools are intended only for kernel space objects, most of which > are listed in obj-y, lib-y, or obj-m. This is a reasonable assertion, and the changes really simplify things now and into the future. Thanks for finding such a clean solution! I note that it also immediately fixes the issue noticed and fixed here: https://lore.kernel.org/all/20240513122754.1282833-1-roberto.sassu@huaweicloud.com/ > The best guess is, objects in $(obj-y), $(lib-y), $(obj-m) can opt in > such tools. Otherwise, not. > > This works in most places. I am worried about the use of "guess" and "most", though. :) Before, we had some clear opt-out situations, and now it's more of a side-effect. I think this is okay, but I'd really like to know more about your testing. It seems like you did build testing comparing build flags, since you call out some of the explicit changes in patch 2, quoting: > - include arch/mips/vdso/vdso-image.o into UBSAN, GCOV, KCOV > - include arch/sparc/vdso/vdso-image-*.o into UBSAN > - include arch/sparc/vdso/vma.o into UBSAN > - include arch/x86/entry/vdso/extable.o into KASAN, KCSAN, UBSAN, GCOV, KCOV > - include arch/x86/entry/vdso/vdso-image-*.o into KASAN, KCSAN, UBSAN, GCOV, KCOV > - include arch/x86/entry/vdso/vdso32-setup.o into KASAN, KCSAN, UBSAN, GCOV, KCOV > - include arch/x86/entry/vdso/vma.o into GCOV, KCOV > - include arch/x86/um/vdso/vma.o into KASAN, GCOV, KCOV I would agree that these cases are all likely desirable. Did you find any cases where you found that instrumentation was _removed_ where not expected? -Kees -- Kees Cook