| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Feb 2019 20:00:37 +0300
From: Andrey Ryabinin <aryabinin@...tuozzo.com>
To: Arnd Bergmann <arnd@...db.de>,
Andrey Konovalov <andreyknvl@...gle.com>
Cc: Masahiro Yamada <yamada.masahiro@...ionext.com>,
Michal Marek <michal.lkml@...kovi.net>,
Andrew Morton <akpm@...ux-foundation.org>,
Dmitry Vyukov <dvyukov@...gle.com>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Mark Brown <broonie@...nel.org>, Qian Cai <cai@....pw>,
Alexander Potapenko <glider@...gle.com>,
Martin Schwidefsky <schwidefsky@...ibm.com>,
Christoph Lameter <cl@...ux.com>,
LKML <linux-kernel@...r.kernel.org>,
Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>,
kasan-dev <kasan-dev@...glegroups.com>
Subject: Re: [PATCH] kasan: turn off asan-stack for clang-8 and earlier
On 2/20/19 5:51 PM, Arnd Bergmann wrote:
> On Wed, Feb 20, 2019 at 3:45 PM Andrey Konovalov <andreyknvl@...gle.com> wrote:
>>
>> On Tue, Feb 19, 2019 at 10:49 PM Arnd Bergmann <arnd@...db.de> wrote:
>>>
>>> Building an arm64 allmodconfig kernel with clang results in over 140 warnings
>>> about overly large stack frames, the worst ones being:
>>>
>>> drivers/gpu/drm/panel/panel-sitronix-st7789v.c:196:12: error: stack frame size of 20224 bytes in function 'st7789v_prepare'
>>> drivers/video/fbdev/omap2/omapfb/displays/panel-tpo-td028ttec1.c:196:12: error: stack frame size of 13120 bytes in function 'td028ttec1_panel_enable'
>>> drivers/usb/host/max3421-hcd.c:1395:1: error: stack frame size of 10048 bytes in function 'max3421_spi_thread'
>>> drivers/net/wan/slic_ds26522.c:209:12: error: stack frame size of 9664 bytes in function 'slic_ds26522_probe'
>>> drivers/crypto/ccp/ccp-ops.c:2434:5: error: stack frame size of 8832 bytes in function 'ccp_run_cmd'
>>> drivers/media/dvb-frontends/stv0367.c:1005:12: error: stack frame size of 7840 bytes in function 'stv0367ter_algo'
>>>
>>> None of these happen with gcc today, and almost all of these are the result
>>> of a single known bug in llvm. Hopefully it will eventually get fixed with the
>>> clang-9 release.
>>>
>>> In the meantime, the best idea I have is to turn off asan-stack for clang-8
>>> and earlier, so we can produce a kernel that is safe to run.
>>
>> Hi Arnd,
>>
>> I don't think it's good to disable KASAN stack instrumentation for the
>> whole kernel by default with clang. It makes more sense to disable
>> stack instrumentation only for these few drivers.
>
> Do you mean just the 114 files that we get warnings for in allmodconfig,
> or also those that run into the same bug but stay below the warning limit,
> and the ones that don't warn in allmodconfig but do warn in other
> configurations?
>
> I would have to some more research, but I expect several hundred
> patches before we get to a clean randconfig build with a broken
> compiler.
Manually maintaining asan-stack parameter for the sake of one broken compiler isn't a great idea either.
Couple alternative suggestions:
1) If we can't fix the problem or the cost of fixing is too high, maybe just hide it? Disable -Wframe-larger-then on pre clang-9 compilers.
2) Fallback cflags. The idea is to try to compile every the file with "-mllvm -asan-stack=1 -Wframe-larger-than=2048 -Werror" at first,
and fallback to "-mllvm -asan-stack=0" if failed. So it would be something similar to $(call cc-option, -mllvm -asan-stack=1 -Wframe-larger-than=2048 -Werror, -mllvm -asan-stack=0)
except that "cc-option" tries options only once on some code example while we need to try options on every file that we actually compile.
Honestly, I'm not sure that it's worthy to hack Kbuild engine for that particular use-case.
Powered by blists - more mailing lists