| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250620113846.3950478-1-arnd@kernel.org>
Date: Fri, 20 Jun 2025 13:38:31 +0200
From: Arnd Bergmann <arnd@...nel.org>
To: Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
Nathan Chancellor <nathan@...nel.org>
Cc: Arnd Bergmann <arnd@...db.de>,
John Fastabend <john.fastabend@...il.com>,
Martin KaFai Lau <martin.lau@...ux.dev>,
Eduard Zingerman <eddyz87@...il.com>,
Song Liu <song@...nel.org>,
Yonghong Song <yonghong.song@...ux.dev>,
KP Singh <kpsingh@...nel.org>,
Stanislav Fomichev <sdf@...ichev.me>,
Hao Luo <haoluo@...gle.com>,
Jiri Olsa <jolsa@...nel.org>,
Nick Desaulniers <nick.desaulniers+lkml@...il.com>,
Bill Wendling <morbo@...gle.com>,
Justin Stitt <justinstitt@...gle.com>,
Kumar Kartikeya Dwivedi <memxor@...il.com>,
Luis Gerhorst <luis.gerhorst@....de>,
bpf@...r.kernel.org,
linux-kernel@...r.kernel.org,
llvm@...ts.linux.dev
Subject: [PATCH] bpf: turn off sanitizer in do_misc_fixups for old clang
From: Arnd Bergmann <arnd@...db.de>
clang versions before version 18 manage to badly optimize the bpf
verifier, with lots of variable spills leading to excessive stack
usage in addition to likely rather slow code:
kernel/bpf/verifier.c:23936:5: error: stack frame size (2096) exceeds limit (1280) in 'bpf_check' [-Werror,-Wframe-larger-than]
kernel/bpf/verifier.c:21563:12: error: stack frame size (1984) exceeds limit (1280) in 'do_misc_fixups' [-Werror,-Wframe-larger-than]
Turn off the sanitizer in the two functions that suffer the most from
this when using one of the affected clang version.
Signed-off-by: Arnd Bergmann <arnd@...db.de>
---
kernel/bpf/verifier.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 2fa797a6d6a2..7724c7a56d79 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -19810,7 +19810,14 @@ static int do_check_insn(struct bpf_verifier_env *env, bool *do_print_state)
return 0;
}
-static int do_check(struct bpf_verifier_env *env)
+#if defined(CONFIG_CC_IS_CLANG) && CONFIG_CLANG_VERSION < 180100
+/* old clang versions cause excessive stack usage here */
+#define __workaround_kasan __disable_sanitizer_instrumentation
+#else
+#define __workaround_kasan
+#endif
+
+static __workaround_kasan int do_check(struct bpf_verifier_env *env)
{
bool pop_log = !(env->log.level & BPF_LOG_LEVEL2);
struct bpf_verifier_state *state = env->cur_state;
@@ -21817,7 +21824,7 @@ static int add_hidden_subprog(struct bpf_verifier_env *env, struct bpf_insn *pat
/* Do various post-verification rewrites in a single program pass.
* These rewrites simplify JIT and interpreter implementations.
*/
-static int do_misc_fixups(struct bpf_verifier_env *env)
+static __workaround_kasan int do_misc_fixups(struct bpf_verifier_env *env)
{
struct bpf_prog *prog = env->prog;
enum bpf_attach_type eatype = prog->expected_attach_type;
--
2.39.5
Powered by blists - more mailing lists