lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20230421130111.4041641-1-tudor.ambarus@linaro.org>
Date:   Fri, 21 Apr 2023 13:01:11 +0000
From:   Tudor Ambarus <tudor.ambarus@...aro.org>
To:     nathan@...nel.org, ndesaulniers@...gle.com, trix@...hat.com,
        akpm@...ux-foundation.org
Cc:     arnd@...db.de, joneslee@...gle.com, peterz@...radead.org,
        keescook@...omium.org, jpoimboe@...nel.org,
        zhaoyang.huang@...soc.com, liam.howlett@...cle.com,
        rdunlap@...radead.org, geert+renesas@...der.be,
        linux-kernel@...r.kernel.org, llvm@...ts.linux.dev,
        broonie@...nel.org, dvyukov@...gle.com, nogikh@...gle.com,
        Tudor Ambarus <tudor.ambarus@...aro.org>
Subject: [PATCH] Kconfig.debug: disable CONFIG_FRAME_WARN for KASAN_STACK && CC_IS_CLANG by default

Building with clang-15 a x86_64_defconfig kernel were CONFIG_KASAN
and CONFIG_KASAN_STACK are enabled resulted in the following errors:

drivers/block/loop.c:1531:12: error: stack frame size (2616) exceeds limit (2048) in 'lo_ioctl'
drivers/gpu/drm/i915/gt/intel_workarounds.c:964:6: error: stack frame size (3032) exceeds limit (2048) in 'intel_engine_init_ctx_wa'
drivers/gpu/drm/i915/gt/intel_workarounds.c:1818:6: error: stack frame size (5496) exceeds limit (2048) in 'intel_gt_init_workarounds'
drivers/gpu/drm/i915/gt/intel_workarounds.c:3153:6: error: stack frame size (5848) exceeds limit (2048) in 'intel_engine_init_workarounds'
drivers/usb/core/devio.c:2801:13: error: stack frame size (2104) exceeds limit (2048) in 'usbdev_ioctl'

With Clang, stack instrumentation has a problem that causes excessive
stack usage, see https://bugs.llvm.org/show_bug.cgi?id=38809.
KASAN_STACK with clang is deemed unsafe and disabled when
compile-testing. However when !COMPILE_TEST the errors are hit because
CONFIG_FRAME_WARN is not disabled.

Looking into the errors, they are indeed caused by compiling with clang
and KASAN_STACK enabled. I determined KASAN_STACK's bloat by lowering
the CONFIG_FRAME_WARN limit. Thus when KASAN and KASAN_STACK are
disabled the same stack frames have the following sizes:

drivers/block/loop.c:1531:12: error: stack frame size (528) exceeds limit (50) in 'lo_ioctl'
drivers/gpu/drm/i915/gt/intel_workarounds.c:964:6: error: stack frame size (72) exceeds limit (50) in 'intel_engine_init_ctx_wa'
drivers/gpu/drm/i915/gt/intel_workarounds.c:1818:6: error: stack frame size (104) exceeds limit (50) in 'intel_gt_init_workarounds'
drivers/gpu/drm/i915/gt/intel_workarounds.c:3153:6: error: stack frame size (88) exceeds limit (50) in 'intel_engine_init_workarounds'
drivers/usb/core/devio.c:2801:13: error: stack frame size (416) exceeds limit (50) in 'usbdev_ioctl'

When KASAN is enabled and KASAN_STACK is disabled the same stack frames
have the following sizes:

drivers/block/loop.c:1531:12: error: stack frame size (600) exceeds limit (50) in 'lo_ioctl'
drivers/gpu/drm/i915/gt/intel_workarounds.c:964:6: error: stack frame size (120) exceeds limit (50) in 'intel_engine_init_ctx_wa'
drivers/gpu/drm/i915/gt/intel_workarounds.c:1818:6: error: stack frame size (136) exceeds limit (50) in 'intel_gt_init_workarounds'
drivers/gpu/drm/i915/gt/intel_workarounds.c:3153:6: error: stack frame size (128) exceeds limit (50) in 'intel_engine_init_workarounds'
drivers/usb/core/devio.c:2801:13: error: stack frame size (480) exceeds limit (50) in 'usbdev_ioctl'

The conclusion is that when KASAN is enabled the stack usage increases a
bit, but nothing unmanageable ~30-70 bytes, whereas when enabling
KASAN_STACK the stack usage is excessive, from ~1.7K to ~5.8K for these
cases.

Disable CONFIG_FRAME_WARN for KASAN_STACK && CC_IS_CLANG by default.
Adventurers can still override the default value by input prompt or
explicit values in defconfigs in case they feel that some real warnings
are missed.

Signed-off-by: Tudor Ambarus <tudor.ambarus@...aro.org>
---
 lib/Kconfig.debug | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index 39d1d93164bd..c5e8b76737af 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -430,6 +430,7 @@ config FRAME_WARN
 	int "Warn for stack frames larger than"
 	range 0 8192
 	default 0 if KMSAN
+	default 0 if KASAN_STACK && CC_IS_CLANG
 	default 2048 if GCC_PLUGIN_LATENT_ENTROPY
 	default 2048 if PARISC
 	default 1536 if (!64BIT && XTENSA)
-- 
2.40.0.634.g4ca3ef3211-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ