lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 14 Jun 2017 23:15:35 +0200
From:   Arnd Bergmann <arnd@...db.de>
To:     Andrew Morton <akpm@...ux-foundation.org>
Cc:     kasan-dev@...glegroups.com, Dmitry Vyukov <dvyukov@...gle.com>,
        Alexander Potapenko <glider@...gle.com>,
        Andrey Ryabinin <aryabinin@...tuozzo.com>,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        Arend van Spriel <arend.vanspriel@...adcom.com>,
        Arnd Bergmann <arnd@...db.de>
Subject: [PATCH v2 00/11] bring back stack frame warning with KASAN

This is a new version of patches I originally submitted back in
March [1], this time reducing the size of the series even further.

This minimal set of patches only makes sure that we do get
frame size warnings in allmodconfig for x86_64 and arm64 again,
even with KASAN enabled.

The changes this time are reduced to:

- I'm introducing "noinline_if_stackbloat" and use it in a number
  of places that suffer from inline functions with local variables
  - netlink, as used in various parts of the kernel
  - a number of drivers/media drivers
  - a handful of wireless network drivers
- a rework for the brcmsmac driver
- -fsanitize-address-use-after-scope is moved to a separate
  CONFIG_KASAN_EXTRA option that increases the warning limit
- CONFIG_KASAN_EXTRA is disabled with CONFIG_COMPILE_TEST,
  improving compile speed and disabling code that leads to
  valid warnings on gcc-7.0.1
- kmemcheck conflicts with CONFIG_KASAN_EXTRA

Compared to the previous version, I no longer have patches
to fix all the CONFIG_KASAN_EXTRA warnings:

- READ_ONCE/WRITE_ONCE cause problems in lots of code
- typecheck() causes huge problems in a few places
- many more uses of noinline_if_stackbloat

This series lets us add back a stack frame warning for the regular
2048 bytes without CONFIG_KASAN_EXTRA. I set the warning limit with
KASAN_EXTRA to 3072, since I have an additional set of patches
to address all files that surpass that limit. We can debate whether
we want to apply those as a follow-up, or instead remove the option
entirely.

Another follow-up series I have reduces the warning limit with
KASAN to 1536, and without KASAN to 1280 for 64-bit architectures.

I hope that Andrew can pick up the entire series for mmotm, and
we can eventually backport most of it to stable kernels and
address the warnings that kernelci still reports for this problem [2].

     Arnd

[1] https://lkml.org/lkml/2017/3/2/508
[2] https://kernelci.org/build/id/593f89a659b51463306b958d/logs/

 kasan: rework Kconfig settings
 brcmsmac: reindent split functions
 brcmsmac: split up wlc_phy_workarounds_nphy
 brcmsmac: make some local variables 'static const' to reduce stack size
 r820t: mark register functions as noinline_if_stackbloat
 dvb-frontends: reduce stack size in i2c access
 mtd: cfi: reduce stack size with KASAN
 rocker: mark rocker_tlv_put_* functions as noinline_if_stackbloat
 tty: kbd: reduce stack size with KASAN
 netlink: mark nla_put_{u8,u16,u32} noinline_if_stackbloat
 compiler: introduce noinline_if_stackbloat annotation

Arnd Bergmann (11):
 drivers/media/dvb-frontends/ascot2e.c                        |    3 +-
 drivers/media/dvb-frontends/cxd2841er.c                      |    4 +-
 drivers/media/dvb-frontends/drx39xyj/drxj.c                  |   14 +-
 drivers/media/dvb-frontends/helene.c                         |    4 +-
 drivers/media/dvb-frontends/horus3a.c                        |    2 +-
 drivers/media/dvb-frontends/itd1000.c                        |    2 +-
 drivers/media/dvb-frontends/mt312.c                          |    2 +-
 drivers/media/dvb-frontends/si2165.c                         |   14 +-
 drivers/media/dvb-frontends/stb0899_drv.c                    |    2 +-
 drivers/media/dvb-frontends/stb6100.c                        |    2 +-
 drivers/media/dvb-frontends/stv0367.c                        |    2 +-
 drivers/media/dvb-frontends/stv090x.c                        |    2 +-
 drivers/media/dvb-frontends/stv6110.c                        |    2 +-
 drivers/media/dvb-frontends/stv6110x.c                       |    2 +-
 drivers/media/dvb-frontends/tda8083.c                        |    2 +-
 drivers/media/dvb-frontends/zl10039.c                        |    2 +-
 drivers/media/tuners/r820t.c                                 |    4 +-
 drivers/mtd/chips/cfi_cmdset_0020.c                          |    8 +-
 drivers/net/ethernet/rocker/rocker_tlv.h                     |   24 +-
 drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c | 1856 +++++++++++++++++++++++-------------------------
 drivers/tty/vt/keyboard.c                                    |    6 +-
 include/linux/compiler.h                                     |   11 +
 include/linux/mtd/map.h                                      |    8 +-
 include/net/netlink.h                                        |   36 +-
 lib/Kconfig.debug                                            |    4 +-
 lib/Kconfig.kasan                                            |   11 +-
 lib/Kconfig.kmemcheck                                        |    1 +
 scripts/Makefile.kasan                                       |    3 +
 28 files changed, 986 insertions(+), 1047 deletions(-)

-- 
2.9.0

Powered by blists - more mailing lists