| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Feb 2019 13:06:20 +0300
From: Andrey Ryabinin <aryabinin@...tuozzo.com>
To: Arnd Bergmann <arnd@...db.de>
Cc: Andrey Konovalov <andreyknvl@...gle.com>,
Masahiro Yamada <yamada.masahiro@...ionext.com>,
Michal Marek <michal.lkml@...kovi.net>,
Andrew Morton <akpm@...ux-foundation.org>,
Dmitry Vyukov <dvyukov@...gle.com>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Mark Brown <broonie@...nel.org>, Qian Cai <cai@....pw>,
Alexander Potapenko <glider@...gle.com>,
Martin Schwidefsky <schwidefsky@...ibm.com>,
Christoph Lameter <cl@...ux.com>,
LKML <linux-kernel@...r.kernel.org>,
Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>,
kasan-dev <kasan-dev@...glegroups.com>
Subject: Re: [PATCH] kasan: turn off asan-stack for clang-8 and earlier
On 2/20/19 8:35 PM, Arnd Bergmann wrote:
> On Wed, Feb 20, 2019 at 6:00 PM Andrey Ryabinin <aryabinin@...tuozzo.com> wrote:
>> On 2/20/19 5:51 PM, Arnd Bergmann wrote:
>>> On Wed, Feb 20, 2019 at 3:45 PM Andrey Konovalov <andreyknvl@...gle.com> wrote:
>>> I would have to some more research, but I expect several hundred
>>> patches before we get to a clean randconfig build with a broken
>>> compiler.
>>
>> Manually maintaining asan-stack parameter for the sake of one broken compiler isn't a great idea either.
>>
>> Couple alternative suggestions:
>>
>> 1) If we can't fix the problem or the cost of fixing is too high, maybe just hide it? Disable -Wframe-larger-then on pre clang-9 compilers.
>>
>> 2) Fallback cflags. The idea is to try to compile every the file with "-mllvm -asan-stack=1 -Wframe-larger-than=2048 -Werror" at first,
>> and fallback to "-mllvm -asan-stack=0" if failed. So it would be something similar to $(call cc-option, -mllvm -asan-stack=1 -Wframe-larger-than=2048 -Werror, -mllvm -asan-stack=0)
>> except that "cc-option" tries options only once on some code example while we need to try options on every file that we actually compile.
>> Honestly, I'm not sure that it's worthy to hack Kbuild engine for that particular use-case.
>
> My original plan was to put this under CONFIG_KASAN_EXTRA to allow you
> to still enable it in older compilers, but you just removed that option ;-)
>
> Maybe bringing it back would be a compromise? That way it's hidden from
> all the build testing bots (because of the !CONFIG_COMPILE_TEST dependency),
> but anyone who really wants it can still have the option, and set
> CONFIG_FRAME_WARN
> to whichever value they like.
>
I think there is much simpler solution:
---
lib/Kconfig.kasan | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
index 219cddc913ac..6cd035f06cee 100644
--- a/lib/Kconfig.kasan
+++ b/lib/Kconfig.kasan
@@ -105,6 +105,8 @@ endchoice
config KASAN_STACK
int
+ range 0 1
+ prompt "Enable stack instrumentation (unsafe)" if CC_IS_CLANG && (CLANG_VERSION < 90000)
default 0 if CC_IS_CLANG && (CLANG_VERSION < 90000)
default 1
help
--
AFAIK, randconfig is not able to randomize int config options, so it will be disabled for build robots,
but users still will be able to enable it.
Powered by blists - more mailing lists