lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 23 Dec 2017 11:14:51 +0100
From:   Arnd Bergmann <>
To:     Andrew Morton <>
Cc:     "# 3.4.x" <>,
        Mauro Carvalho Chehab <>,
        Andrey Ryabinin <>,
        Alexander Potapenko <>,
        Dmitry Vyukov <>,
        kasan-dev <>,
        Masahiro Yamada <>,
        Michal Marek <>,
        Ingo Molnar <>,
        Byungchul Park <>,
        "Paul E. McKenney" <>,
        Peter Zijlstra <>,
        Geert Uytterhoeven <>,
        Josh Poimboeuf <>,
        Thomas Gleixner <>,
        Greg Kroah-Hartman <>,
        Linux Kernel Mailing List <>,
        Linux Kbuild mailing list <>
Subject: Re: [PATCH] [v4] kasan: rework Kconfig settings

On Fri, Dec 22, 2017 at 11:41 PM, Andrew Morton
<> wrote:
> On Thu, 21 Dec 2017 14:46:39 +0100 Arnd Bergmann <> wrote:

> Cc:stable is tricky.  Apart from the ordering/scheduling issue,
> 16c3ada89cff doesn't have a cc:stable tag so merging this patch into
> stable will cause the abovementioned warning.
> Do we really need to backport this?

I think we do: without this patch, enabling KASAN will lead to
unavoidable kernel
stack overflow in certain device drivers when built with gcc-7 or higher on
linux-4.10+ or any version that contains a backport of commit c5caf21ab0cf8.
Most people are probably still on older compilers, but it will get
worse over time
as they upgrade their distros.

The warnings we get on kernels older than this should all be for code that uses
dangerously large stack frames, though most of them do not cause an actual
stack overflow by themselves.The asan-stack option was added in linux-4.0,
and commit 3f181b4d8652 ("lib/Kconfig.debug: disable -Wframe-larger-than
warnings with KASAN=y") effectively turned off the warning for allmodconfig
kernels, so I would like to see this fix backported to any kernels
later than 4.0.

I have done dozens of fixes for individual functions with stack frames larger
than 2048 bytes with asan-stack, and I plan to make sure that all those fixes
make it into the stable kernels as well (most are already there).

Part of the complication here is that asan-stack (from 4.0) was originally
assumed to always require much larger stacks, but that turned out to be
a combination of multiple gcc bugs that we have now worked around and
fixed, but sanitize-address-use-after-scope (from v4.10) has a much higher
inherent stack usage and also suffers from at least three other problems
that we have analyzed but not yet fixed upstream, each of them makes
the stack usage more severe than it should be.


Powered by blists - more mailing lists