diff --git a/sys/conf/files b/sys/conf/files --- a/sys/conf/files +++ b/sys/conf/files @@ -3811,7 +3811,7 @@ kern/kern_intr.c standard kern/kern_jail.c standard kern/kern_kcov.c optional kcov \ - compile-with "${NORMAL_C:N-fsanitize*} ${NORMAL_C:M-fsanitize=kernel-memory}" + compile-with "${NOSAN_C} ${MSAN_CFLAGS}" kern/kern_khelp.c standard kern/kern_kthread.c standard kern/kern_ktr.c optional ktr @@ -3879,7 +3879,7 @@ kern/subr_acl_nfs4.c optional ufs_acl | zfs kern/subr_acl_posix1e.c optional ufs_acl kern/subr_asan.c optional kasan \ - compile-with "${NORMAL_C:N-fsanitize*:N-fstack-protector*}" + compile-with "${NOSAN_C:N-fstack-protector*}" kern/subr_autoconf.c standard kern/subr_blist.c standard kern/subr_boot.c standard @@ -3891,10 +3891,10 @@ kern/subr_compressor.c standard \ compile-with "${NORMAL_C} -I$S/contrib/zstd/lib/freebsd" kern/subr_coverage.c optional coverage \ - compile-with "${NORMAL_C:N-fsanitize*:N-fno-sanitize*}" + compile-with "${NOSAN_C}" kern/subr_counter.c standard kern/subr_csan.c optional kcsan \ - compile-with "${NORMAL_C:N-fsanitize*:N-fstack-protector*}" + compile-with "${NOSAN_C:N-fstack-protector*}" kern/subr_devstat.c standard kern/subr_disk.c standard kern/subr_early.c standard @@ -3914,7 +3914,7 @@ kern/subr_memdesc.c standard kern/subr_module.c standard kern/subr_msan.c optional kmsan \ - compile-with "${NORMAL_C:N-fsanitize*:N-fno-sanitize*:N-fstack-protector*}" + compile-with "${NOSAN_C:N-fstack-protector*}" kern/subr_msgbuf.c standard kern/subr_param.c standard kern/subr_pcpu.c standard diff --git a/sys/conf/files.arm64 b/sys/conf/files.arm64 --- a/sys/conf/files.arm64 +++ b/sys/conf/files.arm64 @@ -81,7 +81,7 @@ arm64/arm64/uio_machdep.c standard arm64/arm64/undefined.c standard arm64/arm64/unwind.c optional ddb | kdtrace_hooks | stack \ - compile-with "${NORMAL_C:N-fsanitize*:N-fno-sanitize*}" + compile-with "${NOSAN_C}" arm64/arm64/vfp.c standard arm64/arm64/vm_machdep.c standard @@ -124,10 +124,10 @@ arm64/vmm/vmm_reset.c optional vmm arm64/vmm/vmm_call.S optional vmm arm64/vmm/vmm_hyp_exception.S optional vmm \ - compile-with "${NORMAL_C:N-fsanitize*:N-fno-sanitize*:N-mbranch-protection*} -fpie" \ + compile-with "${NOSAN_C:N-mbranch-protection*} -fpie" \ no-obj arm64/vmm/vmm_hyp.c optional vmm \ - compile-with "${NORMAL_C:N-fsanitize*:N-fno-sanitize*:N-mbranch-protection*} -fpie" \ + compile-with "${NOSAN_C:N-mbranch-protection*} -fpie" \ no-obj vmm_hyp_blob.elf.full optional vmm \ dependency "vmm_hyp.o vmm_hyp_exception.o" \ diff --git a/sys/conf/kern.mk b/sys/conf/kern.mk --- a/sys/conf/kern.mk +++ b/sys/conf/kern.mk @@ -294,6 +294,8 @@ CFLAGS+= -std=${CSTD} .endif # CSTD +NOSAN_CFLAGS= ${CFLAGS:N-fsanitize*:N-fno-sanitize*:N-fasan-shadow-offset*} + # Please keep this if in sync with bsd.sys.mk .if ${LD} != "ld" && (${CC:[1]:H} != ${LD:[1]:H} || ${LD:[1]:T} != "ld") # Add -fuse-ld=${LD} if $LD is in a different directory or not called "ld". diff --git a/sys/conf/kern.post.mk b/sys/conf/kern.post.mk --- a/sys/conf/kern.post.mk +++ b/sys/conf/kern.post.mk @@ -245,21 +245,21 @@ NM='${NM}' NMFLAGS='${NMFLAGS}' sh $S/kern/genoffset.sh genoffset.o > ${.TARGET} genoffset.o: $S/kern/genoffset.c - ${CC} -c ${CFLAGS:N-flto*:N-fno-common:N-fsanitize*:N-fno-sanitize*} \ + ${CC} -c ${NOSAN_CFLAGS:N-flto*:N-fno-common} \ -fcommon $S/kern/genoffset.c # genoffset_test.o is not actually used for anything - the point of compiling it # is to exercise the CTASSERT that checks that the offsets in the offset.inc # _lite struct(s) match those in the original(s). genoffset_test.o: $S/kern/genoffset.c offset.inc - ${CC} -c ${CFLAGS:N-flto*:N-fno-common:N-fsanitize*:N-fno-sanitize*} \ + ${CC} -c ${NOSAN_CFLAGS:N-flto*:N-fno-common} \ -fcommon -DOFFSET_TEST $S/kern/genoffset.c -o ${.TARGET} assym.inc: $S/kern/genassym.sh genassym.o genoffset_test.o NM='${NM}' NMFLAGS='${NMFLAGS}' sh $S/kern/genassym.sh genassym.o > ${.TARGET} genassym.o: $S/$M/$M/genassym.c offset.inc - ${CC} -c ${CFLAGS:N-flto*:N-fno-common:N-fsanitize*:N-fno-sanitize*} \ + ${CC} -c ${NOSAN_CFLAGS:N-flto*:N-fno-common} \ -fcommon $S/$M/$M/genassym.c OBJS_DEPEND_GUESS+= opt_global.h diff --git a/sys/conf/kern.pre.mk b/sys/conf/kern.pre.mk --- a/sys/conf/kern.pre.mk +++ b/sys/conf/kern.pre.mk @@ -129,11 +129,12 @@ .if !empty(KMSAN_ENABLED) # Disable -fno-sanitize-memory-param-retval until interceptors have been # updated to work properly with it. -SAN_CFLAGS+= -DSAN_NEEDS_INTERCEPTORS -DSAN_INTERCEPTOR_PREFIX=kmsan \ +MSAN_CFLAGS+= -DSAN_NEEDS_INTERCEPTORS -DSAN_INTERCEPTOR_PREFIX=kmsan \ -fsanitize=kernel-memory .if ${COMPILER_TYPE} == "clang" && ${COMPILER_VERSION} >= 160000 -SAN_CFLAGS+= -fno-sanitize-memory-param-retval +MSAN_CFLAGS+= -fno-sanitize-memory-param-retval .endif +SAN_CFLAGS+= ${MSAN_CFLAGS} .endif KUBSAN_ENABLED!= grep KUBSAN opt_global.h || true ; echo @@ -212,6 +213,10 @@ $S/kern/firmw.S -DFIRMW_FILE=\""${.ALLSRC:M*.fw}"\" \ -DFIRMW_SYMBOL="${.ALLSRC:M*.fw:C/[-.\/]/_/g}" +# Remove sanitizer arguments. Some -fno-sanitize* and -fasan-shadow-offset* +# arguments become an error if the appropriate sanitizer is not enabled. +NOSAN_C= ${NORMAL_C:N-fsanitize*:N-fno-sanitize*:N-fasan-shadow-offset*} + # for ZSTD in the kernel (include zstd/lib/freebsd before other CFLAGS) ZSTD_C= ${CC} -c -DZSTD_HEAPMODE=1 -I$S/contrib/zstd/lib/freebsd ${CFLAGS} \ -I$S/contrib/zstd/lib -I$S/contrib/zstd/lib/common ${WERROR} \ diff --git a/sys/conf/kmod.mk b/sys/conf/kmod.mk --- a/sys/conf/kmod.mk +++ b/sys/conf/kmod.mk @@ -526,13 +526,13 @@ sh ${SYSDIR}/kern/genassym.sh genassym.o > ${.TARGET} genassym.o: ${SYSDIR}/${MACHINE}/${MACHINE}/genassym.c offset.inc genassym.o: ${SRCS:Mopt_*.h} - ${CC} -c ${CFLAGS:N-flto*:N-fno-common:N-fsanitize*:N-fno-sanitize*} -fcommon \ + ${CC} -c ${NOSAN_CFLAGS:N-flto*:N-fno-common} -fcommon \ ${SYSDIR}/${MACHINE}/${MACHINE}/genassym.c offset.inc: ${SYSDIR}/kern/genoffset.sh genoffset.o sh ${SYSDIR}/kern/genoffset.sh genoffset.o > ${.TARGET} genoffset.o: ${SYSDIR}/kern/genoffset.c genoffset.o: ${SRCS:Mopt_*.h} - ${CC} -c ${CFLAGS:N-flto*:N-fno-common:N-fsanitize*:N-fno-sanitize*} -fcommon \ + ${CC} -c ${NOSAN_CFLAGS:N-flto*:N-fno-common} -fcommon \ ${SYSDIR}/kern/genoffset.c CLEANDEPENDFILES+= ${_ILINKS} diff --git a/sys/modules/linux64/Makefile b/sys/modules/linux64/Makefile --- a/sys/modules/linux64/Makefile +++ b/sys/modules/linux64/Makefile @@ -89,8 +89,7 @@ ${.ALLSRC:M*.S:u} -o ${.TARGET} linux_genassym.o: offset.inc - ${CC} -c ${CFLAGS:N-flto*:N-fno-common:N-fsanitize*:N-fno-sanitize*} \ - -fcommon ${.IMPSRC} + ${CC} -c ${NOSAN_CFLAGS:N-flto*:N-fno-common} -fcommon ${.IMPSRC} .if !defined(KERNBUILDDIR) .warning Building Linuxulator outside of a kernel does not make sense diff --git a/sys/modules/vmm/Makefile b/sys/modules/vmm/Makefile --- a/sys/modules/vmm/Makefile +++ b/sys/modules/vmm/Makefile @@ -44,12 +44,11 @@ vmm_hyp_exception.o: vmm_hyp_exception.S ${CC} -c -x assembler-with-cpp -DLOCORE \ - ${CFLAGS:N-fsanitize*:N-fno-sanitize*:N-mbranch-protection*} \ - ${.IMPSRC} -o ${.TARGET} -fpie + ${NOSAN_CFLAGS:N-mbranch-protection*} ${.IMPSRC} -o ${.TARGET} -fpie vmm_hyp.o: vmm_hyp.c - ${CC} -c ${CFLAGS:N-fsanitize*:N-fno-sanitize*:N-mbranch-protection*} \ - ${.IMPSRC} -o ${.TARGET} -fpie + ${CC} -c ${NOSAN_CFLAGS:N-mbranch-protection*} ${.IMPSRC} \ + -o ${.TARGET} -fpie vmm_hyp_blob.elf.full: vmm_hyp_exception.o vmm_hyp.o ${LD} -m ${LD_EMULATION} -Bdynamic -L ${SYSDIR}/conf -T ${SYSDIR}/conf/ldscript.arm64 \ @@ -135,14 +134,12 @@ ${.IMPSRC} -o ${.TARGET} hyp_genassym.o: offset.inc - ${CC} -c ${CFLAGS:N-flto:N-fno-common} -fcommon ${.IMPSRC} + ${CC} -c ${NOSAN_CFLAGS:N-flto:N-fno-common} -fcommon ${.IMPSRC} vmx_genassym.o: offset.inc - ${CC} -c ${CFLAGS:N-flto*:N-fno-common:N-fsanitize*:N-fno-sanitize*} \ - -fcommon ${.IMPSRC} + ${CC} -c ${NOSAN_CFLAGS:N-flto*:N-fno-common} -fcommon ${.IMPSRC} svm_genassym.o: offset.inc - ${CC} -c ${CFLAGS:N-flto*:N-fno-common:N-fsanitize*:N-fno-sanitize*} \ - -fcommon ${.IMPSRC} + ${CC} -c ${NOSAN_CFLAGS:N-flto*:N-fno-common} -fcommon ${.IMPSRC} .include