On Fri, Mar 13, 2026 at 09:37:24AM -0700, Nathan Chancellor wrote: > On Fri, Mar 13, 2026 at 10:58:29AM +0000, Vincent Donnefort wrote: > > Compiler and tooling-generated symbols are difficult to maintain > > across all supported architectures. Make the allowlist more robust by > > replacing the harcoded list with a mechanism that automatically detects > > these symbols. > > > > This mechanism generates a C function designed to trigger common > > compiler-inserted symbols. > > > > Signed-off-by: Vincent Donnefort <[email protected]> > > > > --- > > > > Changes in v2: > > > > - Use filechk (Nathan) > > - Removed deprecated extra-y (Nathan) > > - Added simple_ring_buffer in allowlist (Nathan) > > - Added memcpy() to generate more symbols (Nathan) > > - Added __sancov > > > > diff --git a/kernel/trace/Makefile b/kernel/trace/Makefile > > index beb15936829d..96627a909ecc 100644 > > --- a/kernel/trace/Makefile > > +++ b/kernel/trace/Makefile > > @@ -136,17 +136,42 @@ obj-$(CONFIG_TRACE_REMOTE_TEST) += remote_test.o > > # simple_ring_buffer is used by the pKVM hypervisor which does not have > > access > > # to all kernel symbols. Fail the build if forbidden symbols are found. > > # > > -UNDEFINED_ALLOWLIST := memset alt_cb_patch_nops __x86 __ubsan __asan > > __kasan __gcov __aeabi_unwind > > -UNDEFINED_ALLOWLIST += __stack_chk_fail stackleak_track_stack __ref_stack > > __sanitizer llvm_gcda llvm_gcov > > -UNDEFINED_ALLOWLIST += .TOC\. __clear_pages_unrolled __memmove copy_page > > warn_slowpath_fmt > > -UNDEFINED_ALLOWLIST += ftrace_likely_update __hwasan_load __hwasan_store > > __hwasan_tag_memory > > -UNDEFINED_ALLOWLIST += warn_bogus_irq_restore __stack_chk_guard > > -UNDEFINED_ALLOWLIST := $(addprefix -e , $(UNDEFINED_ALLOWLIST)) > > +# undefsyms_base generates a set of compiler and tooling-generated symbols > > that can > > +# safely be ignored for simple_ring_buffer. > > +# > > +filechk_undefsyms_base = \ > > + echo '$(pound)include <linux/atomic.h>'; \ > > + echo '$(pound)include <linux/string.h>'; \ > > + echo '$(pound)include <asm/page.h>'; \ > > + echo 'static char page[PAGE_SIZE] __aligned(PAGE_SIZE);'; \ > > + echo 'void undefsyms_base(void *p, int n);'; \ > > + echo 'void undefsyms_base(void *p, int n) {'; \ > > + echo ' char buffer[256] = { 0 };'; \ > > + echo ' u32 u = 0;'; \ > > + echo ' memset((char * volatile)page, 8, PAGE_SIZE);'; \ > > + echo ' memset((char * volatile)buffer, 8, sizeof(buffer));'; \ > > + echo ' memcpy((void * volatile)p, buffer, sizeof(buffer));'; \ > > + echo ' cmpxchg((u32 * volatile)&u, 0, 8);'; \ > > + echo ' WARN_ON(n == 0xdeadbeef);'; \ > > + echo '}' > > + > > +$(obj)/undefsyms_base.c: FORCE > > + $(call filechk,undefsyms_base) > > + > > +clean-files += undefsyms_base.c > > + > > +$(obj)/undefsyms_base.o: $(obj)/undefsyms_base.c > > + > > +targets += undefsyms_base.o > > + > > +UNDEFINED_ALLOWLIST = __asan __gcov __kasan __kcsan __hwasan __sancov > > __sanitizer __tsan __ubsan __x86_indirect_thunk \ > > + simple_ring_buffer \ > > + $(shell $(NM) -u $(obj)/undefsyms_base.o 2>/dev/null | > > awk '{print $$2}') > > > > quiet_cmd_check_undefined = NM $< > > - cmd_check_undefined = test -z "`$(NM) -u $< | grep -v > > $(UNDEFINED_ALLOWLIST)`" > > + cmd_check_undefined = test -z "`$(NM) -u $< | grep -v $(addprefix -e > > , $(UNDEFINED_ALLOWLIST))`" > > > > -$(obj)/%.o.checked: $(obj)/%.o FORCE > > +$(obj)/%.o.checked: $(obj)/%.o $(obj)/undefsyms_base.o FORCE > > $(call if_changed,check_undefined) > > > > always-$(CONFIG_SIMPLE_RING_BUFFER) += simple_ring_buffer.o.checked > > > > base-commit: 33f2e266515717c4b2df585dadefa0525557726c > > -- > > 2.53.0.851.ga537e3e6e9-goog > > > > Thanks! This is almost perfect for my tests, one final thing that I > noticed as a result of my full overnight builds. For ARCH=riscv (and > some other architectures from a quick grep), there is some logic in > their include/asm/string.h files to avoid FORTIFY_SOURCE when KASAN is > enabled for the entire build but not enabled for the particular file. As > undefsyms_base.o is not linked into vmlinux or modules, it does not > automatically have KASAN enabled. > > $ cat allmod.config > CONFIG_GCOV_KERNEL=n > CONFIG_LTO_CLANG_THIN=y > CONFIG_WERROR=n > > $ make -skj"$(nproc)" ARCH=riscv KCONFIG_ALLCONFIG=1 LLVM=1 mrproper > allmodconfig kernel/trace/ > Unexpected symbols in kernel/trace/simple_ring_buffer.o: > U __fortify_panic > U __write_overflow_field > ... > > This cures that for me. > > diff --git a/kernel/trace/Makefile b/kernel/trace/Makefile > index 260382f62dbf..55af887a90e2 100644 > --- a/kernel/trace/Makefile > +++ b/kernel/trace/Makefile > @@ -164,6 +164,11 @@ $(obj)/undefsyms_base.o: $(obj)/undefsyms_base.c > > targets += undefsyms_base.o > > +# ensure KASAN is enabled to avoid logic that may disable FORTIFY_SOURCE when > +# KASAN is not enabled. undefsyms_base.o does not automatically get KASAN > flags > +# because it is not linked into vmlinux. > +KASAN_SANITIZE_undefsyms_base.o := y > + > UNDEFINED_ALLOWLIST = __asan __gcov __kasan __kcsan __hwasan __sancov > __sanitizer __tsan __ubsan __x86_indirect_thunk \ > simple_ring_buffer \ > $(shell $(NM) -u $(obj)/undefsyms_base.o 2>/dev/null | > awk '{print $$2}') > -- > > With that addressed: > > Reviewed-by: Nathan Chancellor <[email protected]> > Tested-by: Nathan Chancellor <[email protected]>
I've just sent a v3 with all that. I have tested locally with allmodconfig and many architectures with both clang and gcc. Thanks a lot for your help! -- Vincent > > Cheers, > Nathan
