| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 21 Sep 2018 11:17:58 -0700
From: Nick Desaulniers <ndesaulniers@...gle.com>
To: Dmitry Vyukov <dvyukov@...gle.com>
Cc: Andrey Ryabinin <aryabinin@...tuozzo.com>, luto@...nel.org,
Jason@...c4.com, Alexander Potapenko <glider@...gle.com>,
Arnd Bergmann <arnd@...db.de>,
Ard Biesheuvel <ard.biesheuvel@...aro.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] framewarn: expand KASAN_EXTRA exception to KASAN
On Fri, Sep 21, 2018 at 10:59 AM Nick Desaulniers
<ndesaulniers@...gle.com> wrote:
>
> On Fri, Sep 21, 2018 at 2:45 AM Dmitry Vyukov <dvyukov@...gle.com> wrote:
> >
> > On Fri, Sep 21, 2018 at 11:25 AM, Andrey Ryabinin
> > <aryabinin@...tuozzo.com> wrote:
> > > On 09/21/2018 04:50 AM, Andy Lutomirski wrote:
> > >> This patch seems reasonable, but you emailed the wrong people :)
> > >>
> > >> On Thu, Sep 20, 2018 at 5:15 PM Jason A. Donenfeld <Jason@...c4.com> wrote:
> > >>>
> > >>> It turns out that KASAN in general will bloat stack frames in unexpected
> > >>> ways, not just KASAN_EXTRA. So, this patch trivially changes that
> > >>> default to be associated with KASAN instead of KASAN_EXTRA.
> > >>>
> > >
> > > KASAN_EXTRA bloats stack more than just KASAN, that's why the limit is higher than just for KASAN.
> > > If want more details, tead the changelog from commit e7c52b84fb18f08ce49b6067ae6285aca79084a8
> > >
> > > If anything causes "stack frame > 2048" warning for KASAN we should at least try to fix it,
> > > I mean reduce stack usage.
> >
> >
> > +Nick who is also hitting these warnings on clang/arm64 build. As far
> > as I understand the situation there is much worse.
> >
> > I would be good to understand/fix the worst offenders. But the stack
> > size increase with KASAN is a real, inherent thing. So if we live very
> > close the edge, we can get people using different compilers and/or
> > versions of compilers constantly breaking each other. And clang hits
> > this warnings in lots of places today just because the current code
> > was tailored to gcc over long period, i.e. allowing more locals where
> > gcc happened to handle that better and having fewer locals where gcc
> > happened to handle it worse. But for another compiler all these
> > assumptions are significantly perturbed.
> >
> > Nick, do you know what frame size limit eliminates the bulk of
> > warnings on clang? Is 3072 a reasonable limit allowing to fix the
> > remaining outliners?
>
> Here's a plot of the distribution from an arm64 clang build with
> allyesconfig minus LSE_ATOMICS, BIG_ENDIAN, and GCOV:
> https://github.com/ClangBuiltLinux/linux/issues/39#issuecomment-423621655
>
> A value of 3072 would ignore 79 out of the 128 instances (62%).
A value of 4614 would ignore 95% of the instances (2 standard
deviations of the distribution of current warnings).
>
> Some values are huge outliers.
>
> >
> >
> > >>> Signed-off-by: Jason A. Donenfeld <Jason@...c4.com>
> > >>> ---
> > >>> lib/Kconfig.debug | 2 +-
> > >>> 1 file changed, 1 insertion(+), 1 deletion(-)
> > >>>
> > >>> diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
> > >>> index 4966c4fbe7f7..39078a080e29 100644
> > >>> --- a/lib/Kconfig.debug
> > >>> +++ b/lib/Kconfig.debug
> > >>> @@ -222,7 +222,7 @@ config ENABLE_MUST_CHECK
> > >>> config FRAME_WARN
> > >>> int "Warn for stack frames larger than (needs gcc 4.4)"
> > >>> range 0 8192
> > >>> - default 3072 if KASAN_EXTRA
> > >>> + default 3072 if KASAN
> > >>> default 2048 if GCC_PLUGIN_LATENT_ENTROPY
> > >>> default 1280 if (!64BIT && PARISC)
> > >>> default 1024 if (!64BIT && !PARISC)
> > >>> --
> > >>> 2.19.0
>
>
>
> --
> Thanks,
> ~Nick Desaulniers
--
Thanks,
~Nick Desaulniers
Powered by blists - more mailing lists