1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 02:37:36 +00:00

Kernel: Don't check pledges or veil against code coverage data files

Coverage tools like LLVM's source-based coverage or GNU's --coverage
need to be able to write out coverage files from any binary, regardless
of its security posture. Not ignoring these pledges and veils means we
can't get our coverage data out without playing some serious tricks.

However this is pretty terrible for normal exeuction, so only skip these
checks when we explicitly configured userspace for coverage.
This commit is contained in:
Andrew Kaster 2022-03-04 18:05:24 -07:00 committed by Andreas Kling
parent 5120b39d0e
commit f08e91f67e
3 changed files with 30 additions and 8 deletions

View file

@ -527,6 +527,10 @@ if (ENABLE_KERNEL_COVERAGE_COLLECTION)
../Kernel/Syscall.cpp
)
set_source_files_properties(${KCOV_EXCLUDED_SOURCES} PROPERTIES COMPILE_FLAGS "-fno-sanitize-coverage=trace-pc")
elseif (ENABLE_USERSPACE_COVERAGE_COLLECTION)
# Disable checking open() pledges and the veil for coverage data when building userspace with coverage
# so that binaries can write out coverage data even with pledges/veil
add_compile_definitions(SKIP_PATH_VALIDATION_FOR_COVERAGE_INSTRUMENTATION)
endif()
# Kernel Undefined Behavior Sanitizer (KUBSAN)