| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 21 Apr 2023 13:01:11 +0000
From: Tudor Ambarus <tudor.ambarus@...aro.org>
To: nathan@...nel.org, ndesaulniers@...gle.com, trix@...hat.com,
akpm@...ux-foundation.org
Cc: arnd@...db.de, joneslee@...gle.com, peterz@...radead.org,
keescook@...omium.org, jpoimboe@...nel.org,
zhaoyang.huang@...soc.com, liam.howlett@...cle.com,
rdunlap@...radead.org, geert+renesas@...der.be,
linux-kernel@...r.kernel.org, llvm@...ts.linux.dev,
broonie@...nel.org, dvyukov@...gle.com, nogikh@...gle.com,
Tudor Ambarus <tudor.ambarus@...aro.org>
Subject: [PATCH] Kconfig.debug: disable CONFIG_FRAME_WARN for KASAN_STACK && CC_IS_CLANG by default
Building with clang-15 a x86_64_defconfig kernel were CONFIG_KASAN
and CONFIG_KASAN_STACK are enabled resulted in the following errors:
drivers/block/loop.c:1531:12: error: stack frame size (2616) exceeds limit (2048) in 'lo_ioctl'
drivers/gpu/drm/i915/gt/intel_workarounds.c:964:6: error: stack frame size (3032) exceeds limit (2048) in 'intel_engine_init_ctx_wa'
drivers/gpu/drm/i915/gt/intel_workarounds.c:1818:6: error: stack frame size (5496) exceeds limit (2048) in 'intel_gt_init_workarounds'
drivers/gpu/drm/i915/gt/intel_workarounds.c:3153:6: error: stack frame size (5848) exceeds limit (2048) in 'intel_engine_init_workarounds'
drivers/usb/core/devio.c:2801:13: error: stack frame size (2104) exceeds limit (2048) in 'usbdev_ioctl'
With Clang, stack instrumentation has a problem that causes excessive
stack usage, see https://bugs.llvm.org/show_bug.cgi?id=38809.
KASAN_STACK with clang is deemed unsafe and disabled when
compile-testing. However when !COMPILE_TEST the errors are hit because
CONFIG_FRAME_WARN is not disabled.
Looking into the errors, they are indeed caused by compiling with clang
and KASAN_STACK enabled. I determined KASAN_STACK's bloat by lowering
the CONFIG_FRAME_WARN limit. Thus when KASAN and KASAN_STACK are
disabled the same stack frames have the following sizes:
drivers/block/loop.c:1531:12: error: stack frame size (528) exceeds limit (50) in 'lo_ioctl'
drivers/gpu/drm/i915/gt/intel_workarounds.c:964:6: error: stack frame size (72) exceeds limit (50) in 'intel_engine_init_ctx_wa'
drivers/gpu/drm/i915/gt/intel_workarounds.c:1818:6: error: stack frame size (104) exceeds limit (50) in 'intel_gt_init_workarounds'
drivers/gpu/drm/i915/gt/intel_workarounds.c:3153:6: error: stack frame size (88) exceeds limit (50) in 'intel_engine_init_workarounds'
drivers/usb/core/devio.c:2801:13: error: stack frame size (416) exceeds limit (50) in 'usbdev_ioctl'
When KASAN is enabled and KASAN_STACK is disabled the same stack frames
have the following sizes:
drivers/block/loop.c:1531:12: error: stack frame size (600) exceeds limit (50) in 'lo_ioctl'
drivers/gpu/drm/i915/gt/intel_workarounds.c:964:6: error: stack frame size (120) exceeds limit (50) in 'intel_engine_init_ctx_wa'
drivers/gpu/drm/i915/gt/intel_workarounds.c:1818:6: error: stack frame size (136) exceeds limit (50) in 'intel_gt_init_workarounds'
drivers/gpu/drm/i915/gt/intel_workarounds.c:3153:6: error: stack frame size (128) exceeds limit (50) in 'intel_engine_init_workarounds'
drivers/usb/core/devio.c:2801:13: error: stack frame size (480) exceeds limit (50) in 'usbdev_ioctl'
The conclusion is that when KASAN is enabled the stack usage increases a
bit, but nothing unmanageable ~30-70 bytes, whereas when enabling
KASAN_STACK the stack usage is excessive, from ~1.7K to ~5.8K for these
cases.
Disable CONFIG_FRAME_WARN for KASAN_STACK && CC_IS_CLANG by default.
Adventurers can still override the default value by input prompt or
explicit values in defconfigs in case they feel that some real warnings
are missed.
Signed-off-by: Tudor Ambarus <tudor.ambarus@...aro.org>
---
lib/Kconfig.debug | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index 39d1d93164bd..c5e8b76737af 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -430,6 +430,7 @@ config FRAME_WARN
int "Warn for stack frames larger than"
range 0 8192
default 0 if KMSAN
+ default 0 if KASAN_STACK && CC_IS_CLANG
default 2048 if GCC_PLUGIN_LATENT_ENTROPY
default 2048 if PARISC
default 1536 if (!64BIT && XTENSA)
--
2.40.0.634.g4ca3ef3211-goog
Powered by blists - more mailing lists