compiler_types: Provide __no_kstack_erase to disable coverage only on Clang

In order to support Clang's stack depth tracking (for Linux's kstack_erase
feature), the coverage sanitizer needed to be disabled for __init (and
__head) section code. Doing this universally (i.e. for GCC too) created
a number of unexpected problems, ranging from changes to inlining logic
to failures to DCE code on earlier GCC versions.

Since this change is only needed for Clang, specialize it so that GCC
doesn't see the change as it isn't needed there (the GCC implementation
of kstack_erase uses a GCC plugin that removes stack depth tracking
instrumentation from __init sections during a late pass in the IR).

Successfully build and boot tested with GCC 12 and Clang 22.

Fixes: 381a38ea53d2 ("init.h: Disable sanitizer coverage for __init and __head")
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202507270258.neWuiXLd-lkp@intel.com/
Reported-by: syzbot+5245cb609175fb6e8122@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/6888d004.a00a0220.26d0e1.0004.GAE@google.com/
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Marco Elver <elver@google.com>
Link: https://lore.kernel.org/r/20250729234055.it.233-kees@kernel.org
Signed-off-by: Kees Cook <kees@kernel.org>

diff --git a/arch/x86/include/asm/init.h b/arch/x86/include/asm/init.h
index 6bfdaeddbae888afd8334b9641c9ddf009e6ec56..5a68e9db65189373f7c6d4d08718fcb3abc6c03b 100644 (file)
--- a/arch/x86/include/asm/init.h
+++ b/arch/x86/include/asm/init.h
@@ -5,7 +5,7 @@
 #if defined(CONFIG_CC_IS_CLANG) && CONFIG_CLANG_VERSION < 170000
 #define __head __section(".head.text") __no_sanitize_undefined __no_stack_protector
 #else
-#define __head __section(".head.text") __no_sanitize_undefined __no_sanitize_coverage
+#define __head __section(".head.text") __no_sanitize_undefined __no_kstack_erase
 #endif
 
 struct x86_mapping_info {

diff --git a/include/linux/compiler-clang.h b/include/linux/compiler-clang.h
index 4fc8e26914adfd2fe6aba5874417da3b6825b522..fa4ffe037bc77f4ff2e4e69d50afcc57d856d961 100644 (file)
--- a/include/linux/compiler-clang.h
+++ b/include/linux/compiler-clang.h
@@ -89,6 +89,9 @@
 #define __no_sanitize_coverage
 #endif
 
+/* Only Clang needs to disable the coverage sanitizer for kstack_erase. */
+#define __no_kstack_erase      __no_sanitize_coverage
+
 #if __has_feature(shadow_call_stack)
 # define __noscs       __attribute__((__no_sanitize__("shadow-call-stack")))
 #endif

diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h
index 2b77d12e07b2e1d4217a2a055d04e4267e5ac6c0..16755431fc11ee5e31c31df236fcda6c83a15b15 100644 (file)
--- a/include/linux/compiler_types.h
+++ b/include/linux/compiler_types.h
@@ -424,6 +424,10 @@ struct ftrace_likely_data {
 # define randomized_struct_fields_end
 #endif
 
+#ifndef __no_kstack_erase
+# define __no_kstack_erase
+#endif
+
 #ifndef __noscs
 # define __noscs
 #endif

diff --git a/include/linux/init.h b/include/linux/init.h
index c65a050d52a770d290bb22ab5de1a5e9097ca9e0..a60d32d227ee4180f6b98730e1b1ac45607a0222 100644 (file)
--- a/include/linux/init.h
+++ b/include/linux/init.h
@@ -51,7 +51,7 @@
    discard it in modules) */
 #define __init         __section(".init.text") __cold __latent_entropy \
                                                __noinitretpoline       \
-                                               __no_sanitize_coverage
+                                               __no_kstack_erase
 #define __initdata     __section(".init.data")
 #define __initconst    __section(".init.rodata")
 #define __exitdata     __section(".exit.data")