linuxkm/linuxkm_wc_port.h:

* when including kernel headers with gcc-17+, ignore -Wconstant-logical-operand.

* when CONFIG_KMSAN, explicitly map memcpy(), memset(), memmove(), strcpy(),
  strncpy(), and strncat(), to clang builtins, to get proper __msan
  interception.

* genericize WC_SANITIZE_DISABLE() and WC_SANITIZE_ENABLE() to cover both KASAN
  and KMSAN, and use the generic macros in wc_linuxkm_stack_hwm_prepare() and
  wc_linuxkm_stack_hwm_measure_rel().
This commit is contained in:
Daniel Pouzzner
2026-07-01 12:27:43 -05:00
parent 64a4c7a7ae
commit 41daf899b3
2 changed files with 41 additions and 5 deletions
+1
View File
@@ -130,6 +130,7 @@ CONFIG_IDF_TARGET_ESP32S3
CONFIG_IDF_TARGET_ESP8266
CONFIG_IDF_TARGET_ESP8684
CONFIG_KASAN
CONFIG_KMSAN
CONFIG_KPROBES
CONFIG_MAIN_TASK_STACK_SIZE
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
+40 -5
View File
@@ -349,14 +349,34 @@
_Pragma("clang diagnostic ignored \"-Wshorten-64-to-32\"");
_Pragma("clang diagnostic ignored \"-Wframe-address\"");
#endif
#if defined(__GNUC__) && (__GNUC__ >= 17)
_Pragma("GCC diagnostic ignored \"-Wconstant-logical-operand\"");
#endif
#ifdef CONFIG_KASAN
/* KASAN and KMSAN are mutually exclusive, so we need to consider at most
* one of them here.
*/
#if defined(CONFIG_KASAN)
#ifndef WC_SANITIZE_DISABLE
#define WC_SANITIZE_DISABLE() kasan_disable_current()
#endif
#ifndef WC_SANITIZE_ENABLE
#define WC_SANITIZE_ENABLE() kasan_enable_current()
#endif
#elif defined(CONFIG_KMSAN)
#ifndef WC_SANITIZE_DISABLE
#define WC_SANITIZE_DISABLE() kmsan_disable_current()
#endif
#ifndef WC_SANITIZE_ENABLE
#define WC_SANITIZE_ENABLE() kmsan_enable_current()
#endif
#else
#ifndef WC_SANITIZE_DISABLE
#define WC_SANITIZE_DISABLE() do {} while (0)
#endif
#ifndef WC_SANITIZE_ENABLE
#define WC_SANITIZE_ENABLE() do {} while (0)
#endif
#endif
#if defined(CONFIG_FORTIFY_SOURCE) && \
@@ -1725,12 +1745,12 @@
pr_err("ERROR: bottom of stack is not STACK_END_MAGIC.\n");
local_irq_save(flags);
kasan_disable_current();
WC_SANITIZE_DISABLE();
z = wc_linuxkm_stack_left();
if (z > WC_KERNEL_STACK_MARGIN_BOTTOM + WC_KERNEL_STACK_MARGIN_TOP)
memset((void *)(s + WC_KERNEL_STACK_MARGIN_BOTTOM), sentinel,
z - (WC_KERNEL_STACK_MARGIN_BOTTOM + WC_KERNEL_STACK_MARGIN_TOP));
kasan_enable_current();
WC_SANITIZE_ENABLE();
local_irq_restore(flags);
if (z <= WC_KERNEL_STACK_MARGIN_BOTTOM + WC_KERNEL_STACK_MARGIN_TOP)
pr_err("ERROR: wc_linuxkm_stack_hwm_prepare() called with only %lu bytes of stack left, "
@@ -1742,11 +1762,11 @@
unsigned char *i;
if (z <= WC_KERNEL_STACK_MARGIN_BOTTOM + WC_KERNEL_STACK_MARGIN_TOP)
return (unsigned long)-1;
kasan_disable_current();
WC_SANITIZE_DISABLE();
for (i = (unsigned char *)s + WC_KERNEL_STACK_MARGIN_BOTTOM;
i < ((unsigned char *)s + z) && (*i == sentinel);
++i);
kasan_enable_current();
WC_SANITIZE_ENABLE();
return z - ((unsigned long)i - s);
}
static __always_inline unsigned long wc_linuxkm_stack_hwm_measure_total(unsigned char sentinel) {
@@ -1809,6 +1829,21 @@
#define XGMTIME(c, t) gmtime(c)
#define NO_TIMEVAL 1
/* MSAN needs to intercept these string functions to properly instrument
* them, but we build with -ffreestanding, which inhibits the interception.
* Fix that with explicit mappings here.
*/
#ifdef CONFIG_KMSAN
#define memcpy(d,s,l) __builtin_memcpy((d),(s),(l))
#define memset(d,v,l) __builtin_memset((d),(v),(l))
#define memmove(d,s,l) __builtin_memmove((d),(s),(l))
#define strcpy(d,s,l) __builtin_strcpy((d),(s),(l))
#if LINUX_VERSION_CODE < KERNEL_VERSION(7, 2, 0)
#define strncpy(d,s,l) __builtin_strncpy((d),(s),(l))
#endif
#define strncat(d,s,l) __builtin_strncat((d),(s),(l))
#endif
#endif /* BUILDING_WOLFSSL */
#if LINUX_VERSION_CODE >= KERNEL_VERSION(7, 2, 0)