mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-11-01 08:58:07 +00:00
1cbdf60bd1
By using outlined checks we can achieve a significant code size improvement by moving the tag-based ASAN checks into separate functions. Unlike the existing CONFIG_KASAN_OUTLINE mode these functions have a custom calling convention that preserves most registers and is specialized to the register containing the address and the type of access, and as a result we can eliminate the code size and performance overhead of a standard calling convention such as AAPCS for these functions. This change depends on a separate series of changes to Clang [1] to support outlined checks in the kernel, although the change works fine without them (we just don't get outlined checks). This is because the flag -mllvm -hwasan-inline-all-checks=0 has no effect until the Clang changes land. The flag was introduced in the Clang 9.0 timeframe as part of the support for outlined checks in userspace and because our minimum Clang version is 10.0 we can pass it unconditionally. Outlined checks require a new runtime function with a custom calling convention. Add this function to arch/arm64/lib. I measured the code size of defconfig + tag-based KASAN, as well as boot time (i.e. time to init launch) on a DragonBoard 845c with an Android arm64 GKI kernel. The results are below: code size boot time CONFIG_KASAN_INLINE=y before 92824064 6.18s CONFIG_KASAN_INLINE=y after 38822400 6.65s CONFIG_KASAN_OUTLINE=y 39215616 11.48s We can see straight away that specialized outlined checks beat the existing CONFIG_KASAN_OUTLINE=y on both code size and boot time for tag-based ASAN. As for the comparison between CONFIG_KASAN_INLINE=y before and after we saw similar performance numbers in userspace [2] and decided that since the performance overhead is minimal compared to the overhead of tag-based ASAN itself as well as compared to the code size improvements we would just replace the inlined checks with the specialized outlined checks without the option to select between them, and that is what I have implemented in this patch. Signed-off-by: Peter Collingbourne <pcc@google.com> Acked-by: Andrey Konovalov <andreyknvl@gmail.com> Reviewed-by: Mark Rutland <mark.rutland@arm.com> Tested-by: Mark Rutland <mark.rutland@arm.com> Link: https://linux-review.googlesource.com/id/I1a30036c70ab3c3ee78d75ed9b87ef7cdc3fdb76 Link: [1] https://reviews.llvm.org/D90426 Link: [2] https://reviews.llvm.org/D56954 Link: https://lore.kernel.org/r/20210526174927.2477847-3-pcc@google.com Signed-off-by: Will Deacon <will@kernel.org>
58 lines
1.7 KiB
Text
58 lines
1.7 KiB
Text
# SPDX-License-Identifier: GPL-2.0
|
|
CFLAGS_KASAN_NOSANITIZE := -fno-builtin
|
|
KASAN_SHADOW_OFFSET ?= $(CONFIG_KASAN_SHADOW_OFFSET)
|
|
|
|
cc-param = $(call cc-option, -mllvm -$(1), $(call cc-option, --param $(1)))
|
|
|
|
ifdef CONFIG_KASAN_STACK
|
|
stack_enable := 1
|
|
else
|
|
stack_enable := 0
|
|
endif
|
|
|
|
ifdef CONFIG_KASAN_GENERIC
|
|
|
|
ifdef CONFIG_KASAN_INLINE
|
|
call_threshold := 10000
|
|
else
|
|
call_threshold := 0
|
|
endif
|
|
|
|
CFLAGS_KASAN_MINIMAL := -fsanitize=kernel-address
|
|
|
|
# -fasan-shadow-offset fails without -fsanitize
|
|
CFLAGS_KASAN_SHADOW := $(call cc-option, -fsanitize=kernel-address \
|
|
-fasan-shadow-offset=$(KASAN_SHADOW_OFFSET), \
|
|
$(call cc-option, -fsanitize=kernel-address \
|
|
-mllvm -asan-mapping-offset=$(KASAN_SHADOW_OFFSET)))
|
|
|
|
ifeq ($(strip $(CFLAGS_KASAN_SHADOW)),)
|
|
CFLAGS_KASAN := $(CFLAGS_KASAN_MINIMAL)
|
|
else
|
|
# Now add all the compiler specific options that are valid standalone
|
|
CFLAGS_KASAN := $(CFLAGS_KASAN_SHADOW) \
|
|
$(call cc-param,asan-globals=1) \
|
|
$(call cc-param,asan-instrumentation-with-call-threshold=$(call_threshold)) \
|
|
$(call cc-param,asan-stack=$(stack_enable)) \
|
|
$(call cc-param,asan-instrument-allocas=1)
|
|
endif
|
|
|
|
endif # CONFIG_KASAN_GENERIC
|
|
|
|
ifdef CONFIG_KASAN_SW_TAGS
|
|
|
|
ifdef CONFIG_KASAN_INLINE
|
|
instrumentation_flags := $(call cc-param,hwasan-mapping-offset=$(KASAN_SHADOW_OFFSET))
|
|
else
|
|
instrumentation_flags := $(call cc-param,hwasan-instrument-with-calls=1)
|
|
endif
|
|
|
|
CFLAGS_KASAN := -fsanitize=kernel-hwaddress \
|
|
$(call cc-param,hwasan-instrument-stack=$(stack_enable)) \
|
|
$(call cc-param,hwasan-use-short-granules=0) \
|
|
$(call cc-param,hwasan-inline-all-checks=0) \
|
|
$(instrumentation_flags)
|
|
|
|
endif # CONFIG_KASAN_SW_TAGS
|
|
|
|
export CFLAGS_KASAN CFLAGS_KASAN_NOSANITIZE
|