From 41daf899b3ecb9aa6d34d5ca20ad78fa069bdfb8 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 1 Jul 2026 12:27:43 -0500 Subject: [PATCH] linuxkm/linuxkm_wc_port.h: * when including kernel headers with gcc-17+, ignore -Wconstant-logical-operand. * when CONFIG_KMSAN, explicitly map memcpy(), memset(), memmove(), strcpy(), strncpy(), and strncat(), to clang builtins, to get proper __msan interception. * genericize WC_SANITIZE_DISABLE() and WC_SANITIZE_ENABLE() to cover both KASAN and KMSAN, and use the generic macros in wc_linuxkm_stack_hwm_prepare() and wc_linuxkm_stack_hwm_measure_rel(). --- .wolfssl_known_macro_extras | 1 + linuxkm/linuxkm_wc_port.h | 45 ++++++++++++++++++++++++++++++++----- 2 files changed, 41 insertions(+), 5 deletions(-) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index f76c82b8d5..d19f3af727 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -130,6 +130,7 @@ CONFIG_IDF_TARGET_ESP32S3 CONFIG_IDF_TARGET_ESP8266 CONFIG_IDF_TARGET_ESP8684 CONFIG_KASAN +CONFIG_KMSAN CONFIG_KPROBES CONFIG_MAIN_TASK_STACK_SIZE CONFIG_MBEDTLS_CERTIFICATE_BUNDLE diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h index 0e64c14be7..f9f390700a 100644 --- a/linuxkm/linuxkm_wc_port.h +++ b/linuxkm/linuxkm_wc_port.h @@ -349,14 +349,34 @@ _Pragma("clang diagnostic ignored \"-Wshorten-64-to-32\""); _Pragma("clang diagnostic ignored \"-Wframe-address\""); #endif +#if defined(__GNUC__) && (__GNUC__ >= 17) + _Pragma("GCC diagnostic ignored \"-Wconstant-logical-operand\""); +#endif - #ifdef CONFIG_KASAN + /* KASAN and KMSAN are mutually exclusive, so we need to consider at most + * one of them here. + */ + #if defined(CONFIG_KASAN) #ifndef WC_SANITIZE_DISABLE #define WC_SANITIZE_DISABLE() kasan_disable_current() #endif #ifndef WC_SANITIZE_ENABLE #define WC_SANITIZE_ENABLE() kasan_enable_current() #endif + #elif defined(CONFIG_KMSAN) + #ifndef WC_SANITIZE_DISABLE + #define WC_SANITIZE_DISABLE() kmsan_disable_current() + #endif + #ifndef WC_SANITIZE_ENABLE + #define WC_SANITIZE_ENABLE() kmsan_enable_current() + #endif + #else + #ifndef WC_SANITIZE_DISABLE + #define WC_SANITIZE_DISABLE() do {} while (0) + #endif + #ifndef WC_SANITIZE_ENABLE + #define WC_SANITIZE_ENABLE() do {} while (0) + #endif #endif #if defined(CONFIG_FORTIFY_SOURCE) && \ @@ -1725,12 +1745,12 @@ pr_err("ERROR: bottom of stack is not STACK_END_MAGIC.\n"); local_irq_save(flags); - kasan_disable_current(); + WC_SANITIZE_DISABLE(); z = wc_linuxkm_stack_left(); if (z > WC_KERNEL_STACK_MARGIN_BOTTOM + WC_KERNEL_STACK_MARGIN_TOP) memset((void *)(s + WC_KERNEL_STACK_MARGIN_BOTTOM), sentinel, z - (WC_KERNEL_STACK_MARGIN_BOTTOM + WC_KERNEL_STACK_MARGIN_TOP)); - kasan_enable_current(); + WC_SANITIZE_ENABLE(); local_irq_restore(flags); if (z <= WC_KERNEL_STACK_MARGIN_BOTTOM + WC_KERNEL_STACK_MARGIN_TOP) pr_err("ERROR: wc_linuxkm_stack_hwm_prepare() called with only %lu bytes of stack left, " @@ -1742,11 +1762,11 @@ unsigned char *i; if (z <= WC_KERNEL_STACK_MARGIN_BOTTOM + WC_KERNEL_STACK_MARGIN_TOP) return (unsigned long)-1; - kasan_disable_current(); + WC_SANITIZE_DISABLE(); for (i = (unsigned char *)s + WC_KERNEL_STACK_MARGIN_BOTTOM; i < ((unsigned char *)s + z) && (*i == sentinel); ++i); - kasan_enable_current(); + WC_SANITIZE_ENABLE(); return z - ((unsigned long)i - s); } static __always_inline unsigned long wc_linuxkm_stack_hwm_measure_total(unsigned char sentinel) { @@ -1809,6 +1829,21 @@ #define XGMTIME(c, t) gmtime(c) #define NO_TIMEVAL 1 + /* MSAN needs to intercept these string functions to properly instrument + * them, but we build with -ffreestanding, which inhibits the interception. + * Fix that with explicit mappings here. + */ + #ifdef CONFIG_KMSAN + #define memcpy(d,s,l) __builtin_memcpy((d),(s),(l)) + #define memset(d,v,l) __builtin_memset((d),(v),(l)) + #define memmove(d,s,l) __builtin_memmove((d),(s),(l)) + #define strcpy(d,s,l) __builtin_strcpy((d),(s),(l)) + #if LINUX_VERSION_CODE < KERNEL_VERSION(7, 2, 0) + #define strncpy(d,s,l) __builtin_strncpy((d),(s),(l)) + #endif + #define strncat(d,s,l) __builtin_strncat((d),(s),(l)) + #endif + #endif /* BUILDING_WOLFSSL */ #if LINUX_VERSION_CODE >= KERNEL_VERSION(7, 2, 0)