| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAKwvOdkv9DebPrB1BLriY+SY5a8EX5VsDVLRS-2-cbORMdTcTQ@mail.gmail.com>
Date: Fri, 19 Jul 2019 13:56:27 -0700
From: Nick Desaulniers <ndesaulniers@...gle.com>
To: Arnd Bergmann <arnd@...db.de>
Cc: Andrew Morton <akpm@...ux-foundation.org>, Qian Cai <cai@....pw>,
Mark Brown <broonie@...nel.org>,
Andrey Konovalov <andreyknvl@...gle.com>,
Andrey Ryabinin <aryabinin@...tuozzo.com>,
Vasily Gorbik <gor@...ux.ibm.com>,
LKML <linux-kernel@...r.kernel.org>,
clang-built-linux <clang-built-linux@...glegroups.com>,
Kostya Serebryany <kcc@...gle.com>,
Dmitry Vyukov <dvyukov@...gle.com>,
Alexander Potapenko <glider@...gle.com>
Subject: Re: [PATCH] [v2] kasan: remove clang version check for KASAN_STACK
On Fri, Jul 19, 2019 at 1:03 PM Arnd Bergmann <arnd@...db.de> wrote:
>
> asan-stack mode still uses dangerously large kernel stacks of
> tens of kilobytes in some drivers, and it does not seem that anyone
> is working on the clang bug.
Acked-by: Nick Desaulniers <ndesaulniers@...gle.com>
>
> Turn it off for all clang versions to prevent users from
> accidentally enabling it once they update to clang-9, and
> to help automated build testing with clang-9.
>
> Link: https://bugs.llvm.org/show_bug.cgi?id=38809
> Fixes: 6baec880d7a5 ("kasan: turn off asan-stack for clang-8 and earlier")
> Signed-off-by: Arnd Bergmann <arnd@...db.de>
> ---
> v2: disable the feature for all clang versions, not just 9 and below.
> ---
> lib/Kconfig.kasan | 11 +++++------
> 1 file changed, 5 insertions(+), 6 deletions(-)
>
> diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
> index 4fafba1a923b..7fa97a8b5717 100644
> --- a/lib/Kconfig.kasan
> +++ b/lib/Kconfig.kasan
> @@ -106,7 +106,6 @@ endchoice
>
> config KASAN_STACK_ENABLE
> bool "Enable stack instrumentation (unsafe)" if CC_IS_CLANG && !COMPILE_TEST
> - default !(CLANG_VERSION < 90000)
> depends on KASAN
> help
> The LLVM stack address sanitizer has a know problem that
> @@ -115,11 +114,11 @@ config KASAN_STACK_ENABLE
> Disabling asan-stack makes it safe to run kernels build
> with clang-8 with KASAN enabled, though it loses some of
> the functionality.
> - This feature is always disabled when compile-testing with clang-8
> - or earlier to avoid cluttering the output in stack overflow
> - warnings, but clang-8 users can still enable it for builds without
> - CONFIG_COMPILE_TEST. On gcc and later clang versions it is
> - assumed to always be safe to use and enabled by default.
> + This feature is always disabled when compile-testing with clang
> + to avoid cluttering the output in stack overflow warnings,
> + but clang users can still enable it for builds without
> + CONFIG_COMPILE_TEST. On gcc it is assumed to always be safe
> + to use and enabled by default.
>
> config KASAN_STACK
> int
> --
> 2.20.0
>
> --
> You received this message because you are subscribed to the Google Groups "Clang Built Linux" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to clang-built-linux+unsubscribe@...glegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/clang-built-linux/20190719200347.2596375-1-arnd%40arndb.de.
--
Thanks,
~Nick Desaulniers
Powered by blists - more mailing lists