Loading Documentation/dev-tools/gcov.rst +14 −4 Original line number Diff line number Diff line Loading @@ -34,10 +34,6 @@ Configure the kernel with:: CONFIG_DEBUG_FS=y CONFIG_GCOV_KERNEL=y select the gcc's gcov format, default is autodetect based on gcc version:: CONFIG_GCOV_FORMAT_AUTODETECT=y and to get coverage data for the entire kernel:: CONFIG_GCOV_PROFILE_ALL=y Loading Loading @@ -169,6 +165,20 @@ b) gcov is run on the BUILD machine [user@build] gcov -o /tmp/coverage/tmp/out/init main.c Note on compilers ----------------- GCC and LLVM gcov tools are not necessarily compatible. Use gcov_ to work with GCC-generated .gcno and .gcda files, and use llvm-cov_ for Clang. .. _gcov: http://gcc.gnu.org/onlinedocs/gcc/Gcov.html .. _llvm-cov: https://llvm.org/docs/CommandGuide/llvm-cov.html Build differences between GCC and Clang gcov are handled by Kconfig. It automatically selects the appropriate gcov format depending on the detected toolchain. Troubleshooting --------------- Loading Documentation/x86/mds.rst +6 −38 Original line number Diff line number Diff line Loading @@ -142,45 +142,13 @@ Mitigation points mds_user_clear. The mitigation is invoked in prepare_exit_to_usermode() which covers most of the kernel to user space transitions. There are a few exceptions which are not invoking prepare_exit_to_usermode() on return to user space. These exceptions use the paranoid exit code. all but one of the kernel to user space transitions. The exception is when we return from a Non Maskable Interrupt (NMI), which is handled directly in do_nmi(). - Non Maskable Interrupt (NMI): Access to sensible data like keys, credentials in the NMI context is mostly theoretical: The CPU can do prefetching or execute a misspeculated code path and thereby fetching data which might end up leaking through a buffer. But for mounting other attacks the kernel stack address of the task is already valuable information. So in full mitigation mode, the NMI is mitigated on the return from do_nmi() to provide almost complete coverage. - Double fault (#DF): A double fault is usually fatal, but the ESPFIX workaround, which can be triggered from user space through modify_ldt(2) is a recoverable double fault. #DF uses the paranoid exit path, so explicit mitigation in the double fault handler is required. - Machine Check Exception (#MC): Another corner case is a #MC which hits between the CPU buffer clear invocation and the actual return to user. As this still is in kernel space it takes the paranoid exit path which does not clear the CPU buffers. So the #MC handler repopulates the buffers to some extent. Machine checks are not reliably controllable and the window is extremly small so mitigation would just tick a checkbox that this theoretical corner case is covered. To keep the amount of special cases small, ignore #MC. - Debug Exception (#DB): This takes the paranoid exit path only when the INT1 breakpoint is in kernel space. #DB on a user space address takes the regular exit path, so no extra mitigation required. (The reason that NMI is special is that prepare_exit_to_usermode() can enable IRQs. In NMI context, NMIs are blocked, and we don't want to enable IRQs with NMIs blocked.) 2. C-State transition Loading Makefile +37 −8 Original line number Diff line number Diff line # SPDX-License-Identifier: GPL-2.0 VERSION = 4 PATCHLEVEL = 19 SUBLEVEL = 44 SUBLEVEL = 45 EXTRAVERSION = NAME = "People's Front" Loading Loading @@ -612,6 +612,16 @@ ifdef CONFIG_FUNCTION_TRACER CC_FLAGS_FTRACE := -pg endif # Make toolchain changes before including arch/$(SRCARCH)/Makefile to ensure # ar/cc/ld-* macros return correct values. ifdef CONFIG_LTO_CLANG # use llvm-ar for building symbol tables from IR files, and llvm-nm instead # of objdump for processing symbol versions and exports LLVM_AR := llvm-ar LLVM_NM := llvm-nm export LLVM_AR LLVM_NM endif # The arch Makefile can set ARCH_{CPP,A,C}FLAGS to override the default # values of the respective KBUILD_* variables ARCH_CPPFLAGS := Loading @@ -624,7 +634,7 @@ ifeq ($(may-sync-config),1) # Read in dependencies to all Kconfig* files, make sure to run syncconfig if # changes are detected. This should be included after arch/$(SRCARCH)/Makefile # because some architectures define CROSS_COMPILE there. -include include/config/auto.conf.cmd include include/config/auto.conf.cmd # To avoid any implicit rule to kick in, define an empty command $(KCONFIG_CONFIG): ; Loading Loading @@ -819,8 +829,24 @@ KBUILD_CFLAGS_KERNEL += -ffunction-sections -fdata-sections LDFLAGS_vmlinux += --gc-sections endif ifdef CONFIG_LTO_CLANG lto-clang-flags := -flto -fvisibility=hidden # allow disabling only clang LTO where needed DISABLE_LTO_CLANG := -fno-lto -fvisibility=default export DISABLE_LTO_CLANG endif ifdef CONFIG_LTO LTO_CFLAGS := $(lto-clang-flags) KBUILD_CFLAGS += $(LTO_CFLAGS) DISABLE_LTO := $(DISABLE_LTO_CLANG) export LTO_CFLAGS DISABLE_LTO endif ifdef CONFIG_CFI_CLANG cfi-clang-flags += -fsanitize=cfi cfi-clang-flags += -fsanitize=cfi $(call cc-option, -fsplit-lto-unit) DISABLE_CFI_CLANG := -fno-sanitize=cfi ifdef CONFIG_MODULES cfi-clang-flags += -fsanitize-cfi-cross-dso Loading @@ -830,17 +856,19 @@ ifdef CONFIG_CFI_PERMISSIVE cfi-clang-flags += -fsanitize-recover=cfi -fno-sanitize-trap=cfi endif # also disable CFI when LTO is disabled DISABLE_LTO_CLANG += $(DISABLE_CFI_CLANG) # allow disabling only clang CFI where needed export DISABLE_CFI_CLANG endif ifdef CONFIG_CFI # cfi-flags are re-tested in prepare-compiler-check cfi-flags := $(cfi-clang-flags) KBUILD_CFLAGS += $(cfi-flags) CFI_CFLAGS := $(cfi-clang-flags) KBUILD_CFLAGS += $(CFI_CFLAGS) DISABLE_CFI := $(DISABLE_CFI_CLANG) export DISABLE_CFI DISABLE_LTO += $(DISABLE_CFI) export CFI_CFLAGS DISABLE_CFI endif # arch Makefile may override CC so keep this after arch Makefile is included Loading Loading @@ -1639,7 +1667,8 @@ clean: $(clean-dirs) -o -name modules.builtin -o -name '.tmp_*.o.*' \ -o -name '*.c.[012]*.*' \ -o -name '*.ll' \ -o -name '*.gcno' \) -type f -print | xargs rm -f -o -name '*.gcno' \ -o -name '*.*.symversions' \) -type f -print | xargs rm -f # Generate tags for editors # --------------------------------------------------------------------------- Loading arch/Kconfig +39 −0 Original line number Diff line number Diff line Loading @@ -474,6 +474,45 @@ config STACKPROTECTOR_STRONG about 20% of all kernel functions, which increases the kernel code size by about 2%. config LTO def_bool n config ARCH_SUPPORTS_LTO_CLANG bool help An architecture should select this option if it supports: - compiling with clang, - compiling inline assembly with clang's integrated assembler, - and linking with LLD. choice prompt "Link-Time Optimization (LTO) (EXPERIMENTAL)" default LTO_NONE help This option turns on Link-Time Optimization (LTO). config LTO_NONE bool "None" config LTO_CLANG bool "Use clang Link Time Optimization (LTO) (EXPERIMENTAL)" depends on ARCH_SUPPORTS_LTO_CLANG depends on !FTRACE_MCOUNT_RECORD || HAVE_C_RECORDMCOUNT depends on !KASAN depends on CC_IS_CLANG && LD_IS_LLD select LTO help This option enables clang's Link Time Optimization (LTO), which allows the compiler to optimize the kernel globally at link time. If you enable this option, the compiler generates LLVM IR instead of object files, and the actual compilation from IR occurs at the LTO link step, which may take several minutes. If you select this option, you must compile the kernel with clang and LLD. endchoice config CFI bool Loading arch/arm/boot/dts/exynos5260.dtsi +1 −1 Original line number Diff line number Diff line Loading @@ -223,7 +223,7 @@ wakeup-interrupt-controller { compatible = "samsung,exynos4210-wakeup-eint"; interrupt-parent = <&gic>; interrupts = <GIC_SPI 32 IRQ_TYPE_LEVEL_HIGH>; interrupts = <GIC_SPI 48 IRQ_TYPE_LEVEL_HIGH>; }; }; Loading Loading
Documentation/dev-tools/gcov.rst +14 −4 Original line number Diff line number Diff line Loading @@ -34,10 +34,6 @@ Configure the kernel with:: CONFIG_DEBUG_FS=y CONFIG_GCOV_KERNEL=y select the gcc's gcov format, default is autodetect based on gcc version:: CONFIG_GCOV_FORMAT_AUTODETECT=y and to get coverage data for the entire kernel:: CONFIG_GCOV_PROFILE_ALL=y Loading Loading @@ -169,6 +165,20 @@ b) gcov is run on the BUILD machine [user@build] gcov -o /tmp/coverage/tmp/out/init main.c Note on compilers ----------------- GCC and LLVM gcov tools are not necessarily compatible. Use gcov_ to work with GCC-generated .gcno and .gcda files, and use llvm-cov_ for Clang. .. _gcov: http://gcc.gnu.org/onlinedocs/gcc/Gcov.html .. _llvm-cov: https://llvm.org/docs/CommandGuide/llvm-cov.html Build differences between GCC and Clang gcov are handled by Kconfig. It automatically selects the appropriate gcov format depending on the detected toolchain. Troubleshooting --------------- Loading
Documentation/x86/mds.rst +6 −38 Original line number Diff line number Diff line Loading @@ -142,45 +142,13 @@ Mitigation points mds_user_clear. The mitigation is invoked in prepare_exit_to_usermode() which covers most of the kernel to user space transitions. There are a few exceptions which are not invoking prepare_exit_to_usermode() on return to user space. These exceptions use the paranoid exit code. all but one of the kernel to user space transitions. The exception is when we return from a Non Maskable Interrupt (NMI), which is handled directly in do_nmi(). - Non Maskable Interrupt (NMI): Access to sensible data like keys, credentials in the NMI context is mostly theoretical: The CPU can do prefetching or execute a misspeculated code path and thereby fetching data which might end up leaking through a buffer. But for mounting other attacks the kernel stack address of the task is already valuable information. So in full mitigation mode, the NMI is mitigated on the return from do_nmi() to provide almost complete coverage. - Double fault (#DF): A double fault is usually fatal, but the ESPFIX workaround, which can be triggered from user space through modify_ldt(2) is a recoverable double fault. #DF uses the paranoid exit path, so explicit mitigation in the double fault handler is required. - Machine Check Exception (#MC): Another corner case is a #MC which hits between the CPU buffer clear invocation and the actual return to user. As this still is in kernel space it takes the paranoid exit path which does not clear the CPU buffers. So the #MC handler repopulates the buffers to some extent. Machine checks are not reliably controllable and the window is extremly small so mitigation would just tick a checkbox that this theoretical corner case is covered. To keep the amount of special cases small, ignore #MC. - Debug Exception (#DB): This takes the paranoid exit path only when the INT1 breakpoint is in kernel space. #DB on a user space address takes the regular exit path, so no extra mitigation required. (The reason that NMI is special is that prepare_exit_to_usermode() can enable IRQs. In NMI context, NMIs are blocked, and we don't want to enable IRQs with NMIs blocked.) 2. C-State transition Loading
Makefile +37 −8 Original line number Diff line number Diff line # SPDX-License-Identifier: GPL-2.0 VERSION = 4 PATCHLEVEL = 19 SUBLEVEL = 44 SUBLEVEL = 45 EXTRAVERSION = NAME = "People's Front" Loading Loading @@ -612,6 +612,16 @@ ifdef CONFIG_FUNCTION_TRACER CC_FLAGS_FTRACE := -pg endif # Make toolchain changes before including arch/$(SRCARCH)/Makefile to ensure # ar/cc/ld-* macros return correct values. ifdef CONFIG_LTO_CLANG # use llvm-ar for building symbol tables from IR files, and llvm-nm instead # of objdump for processing symbol versions and exports LLVM_AR := llvm-ar LLVM_NM := llvm-nm export LLVM_AR LLVM_NM endif # The arch Makefile can set ARCH_{CPP,A,C}FLAGS to override the default # values of the respective KBUILD_* variables ARCH_CPPFLAGS := Loading @@ -624,7 +634,7 @@ ifeq ($(may-sync-config),1) # Read in dependencies to all Kconfig* files, make sure to run syncconfig if # changes are detected. This should be included after arch/$(SRCARCH)/Makefile # because some architectures define CROSS_COMPILE there. -include include/config/auto.conf.cmd include include/config/auto.conf.cmd # To avoid any implicit rule to kick in, define an empty command $(KCONFIG_CONFIG): ; Loading Loading @@ -819,8 +829,24 @@ KBUILD_CFLAGS_KERNEL += -ffunction-sections -fdata-sections LDFLAGS_vmlinux += --gc-sections endif ifdef CONFIG_LTO_CLANG lto-clang-flags := -flto -fvisibility=hidden # allow disabling only clang LTO where needed DISABLE_LTO_CLANG := -fno-lto -fvisibility=default export DISABLE_LTO_CLANG endif ifdef CONFIG_LTO LTO_CFLAGS := $(lto-clang-flags) KBUILD_CFLAGS += $(LTO_CFLAGS) DISABLE_LTO := $(DISABLE_LTO_CLANG) export LTO_CFLAGS DISABLE_LTO endif ifdef CONFIG_CFI_CLANG cfi-clang-flags += -fsanitize=cfi cfi-clang-flags += -fsanitize=cfi $(call cc-option, -fsplit-lto-unit) DISABLE_CFI_CLANG := -fno-sanitize=cfi ifdef CONFIG_MODULES cfi-clang-flags += -fsanitize-cfi-cross-dso Loading @@ -830,17 +856,19 @@ ifdef CONFIG_CFI_PERMISSIVE cfi-clang-flags += -fsanitize-recover=cfi -fno-sanitize-trap=cfi endif # also disable CFI when LTO is disabled DISABLE_LTO_CLANG += $(DISABLE_CFI_CLANG) # allow disabling only clang CFI where needed export DISABLE_CFI_CLANG endif ifdef CONFIG_CFI # cfi-flags are re-tested in prepare-compiler-check cfi-flags := $(cfi-clang-flags) KBUILD_CFLAGS += $(cfi-flags) CFI_CFLAGS := $(cfi-clang-flags) KBUILD_CFLAGS += $(CFI_CFLAGS) DISABLE_CFI := $(DISABLE_CFI_CLANG) export DISABLE_CFI DISABLE_LTO += $(DISABLE_CFI) export CFI_CFLAGS DISABLE_CFI endif # arch Makefile may override CC so keep this after arch Makefile is included Loading Loading @@ -1639,7 +1667,8 @@ clean: $(clean-dirs) -o -name modules.builtin -o -name '.tmp_*.o.*' \ -o -name '*.c.[012]*.*' \ -o -name '*.ll' \ -o -name '*.gcno' \) -type f -print | xargs rm -f -o -name '*.gcno' \ -o -name '*.*.symversions' \) -type f -print | xargs rm -f # Generate tags for editors # --------------------------------------------------------------------------- Loading
arch/Kconfig +39 −0 Original line number Diff line number Diff line Loading @@ -474,6 +474,45 @@ config STACKPROTECTOR_STRONG about 20% of all kernel functions, which increases the kernel code size by about 2%. config LTO def_bool n config ARCH_SUPPORTS_LTO_CLANG bool help An architecture should select this option if it supports: - compiling with clang, - compiling inline assembly with clang's integrated assembler, - and linking with LLD. choice prompt "Link-Time Optimization (LTO) (EXPERIMENTAL)" default LTO_NONE help This option turns on Link-Time Optimization (LTO). config LTO_NONE bool "None" config LTO_CLANG bool "Use clang Link Time Optimization (LTO) (EXPERIMENTAL)" depends on ARCH_SUPPORTS_LTO_CLANG depends on !FTRACE_MCOUNT_RECORD || HAVE_C_RECORDMCOUNT depends on !KASAN depends on CC_IS_CLANG && LD_IS_LLD select LTO help This option enables clang's Link Time Optimization (LTO), which allows the compiler to optimize the kernel globally at link time. If you enable this option, the compiler generates LLVM IR instead of object files, and the actual compilation from IR occurs at the LTO link step, which may take several minutes. If you select this option, you must compile the kernel with clang and LLD. endchoice config CFI bool Loading
arch/arm/boot/dts/exynos5260.dtsi +1 −1 Original line number Diff line number Diff line Loading @@ -223,7 +223,7 @@ wakeup-interrupt-controller { compatible = "samsung,exynos4210-wakeup-eint"; interrupt-parent = <&gic>; interrupts = <GIC_SPI 32 IRQ_TYPE_LEVEL_HIGH>; interrupts = <GIC_SPI 48 IRQ_TYPE_LEVEL_HIGH>; }; }; Loading
