lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 19 Jul 2019 13:56:27 -0700
From:   Nick Desaulniers <ndesaulniers@...gle.com>
To:     Arnd Bergmann <arnd@...db.de>
Cc:     Andrew Morton <akpm@...ux-foundation.org>, Qian Cai <cai@....pw>,
        Mark Brown <broonie@...nel.org>,
        Andrey Konovalov <andreyknvl@...gle.com>,
        Andrey Ryabinin <aryabinin@...tuozzo.com>,
        Vasily Gorbik <gor@...ux.ibm.com>,
        LKML <linux-kernel@...r.kernel.org>,
        clang-built-linux <clang-built-linux@...glegroups.com>,
        Kostya Serebryany <kcc@...gle.com>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        Alexander Potapenko <glider@...gle.com>
Subject: Re: [PATCH] [v2] kasan: remove clang version check for KASAN_STACK

On Fri, Jul 19, 2019 at 1:03 PM Arnd Bergmann <arnd@...db.de> wrote:
>
> asan-stack mode still uses dangerously large kernel stacks of
> tens of kilobytes in some drivers, and it does not seem that anyone
> is working on the clang bug.

Acked-by: Nick Desaulniers <ndesaulniers@...gle.com>

>
> Turn it off for all clang versions to prevent users from
> accidentally enabling it once they update to clang-9, and
> to help automated build testing with clang-9.
>
> Link: https://bugs.llvm.org/show_bug.cgi?id=38809
> Fixes: 6baec880d7a5 ("kasan: turn off asan-stack for clang-8 and earlier")
> Signed-off-by: Arnd Bergmann <arnd@...db.de>
> ---
> v2: disable the feature for all clang versions, not just 9 and below.
> ---
>  lib/Kconfig.kasan | 11 +++++------
>  1 file changed, 5 insertions(+), 6 deletions(-)
>
> diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
> index 4fafba1a923b..7fa97a8b5717 100644
> --- a/lib/Kconfig.kasan
> +++ b/lib/Kconfig.kasan
> @@ -106,7 +106,6 @@ endchoice
>
>  config KASAN_STACK_ENABLE
>         bool "Enable stack instrumentation (unsafe)" if CC_IS_CLANG && !COMPILE_TEST
> -       default !(CLANG_VERSION < 90000)
>         depends on KASAN
>         help
>           The LLVM stack address sanitizer has a know problem that
> @@ -115,11 +114,11 @@ config KASAN_STACK_ENABLE
>           Disabling asan-stack makes it safe to run kernels build
>           with clang-8 with KASAN enabled, though it loses some of
>           the functionality.
> -         This feature is always disabled when compile-testing with clang-8
> -         or earlier to avoid cluttering the output in stack overflow
> -         warnings, but clang-8 users can still enable it for builds without
> -         CONFIG_COMPILE_TEST.  On gcc and later clang versions it is
> -         assumed to always be safe to use and enabled by default.
> +         This feature is always disabled when compile-testing with clang
> +         to avoid cluttering the output in stack overflow warnings,
> +         but clang users can still enable it for builds without
> +         CONFIG_COMPILE_TEST.  On gcc it is assumed to always be safe
> +         to use and enabled by default.
>
>  config KASAN_STACK
>         int
> --
> 2.20.0
>
> --
> You received this message because you are subscribed to the Google Groups "Clang Built Linux" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to clang-built-linux+unsubscribe@...glegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/clang-built-linux/20190719200347.2596375-1-arnd%40arndb.de.



-- 
Thanks,
~Nick Desaulniers

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ