From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Arnd Bergmann <arnd@arndb.de>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.4 05/20] hns: avoid stack overflow with CONFIG_KASAN
Date: Mon, 13 Feb 2017 05:04:50 -0800 [thread overview]
Message-ID: <20170213130403.755701944@linuxfoundation.org> (raw)
In-Reply-To: <20170213130403.531813333@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
commit b3f2d07f4649adcf6905953a10d217b5683e4077 upstream.
The use of ACCESS_ONCE() looks like a micro-optimization to force gcc to use
an indexed load for the register address, but it has an absolutely detrimental
effect on builds with gcc-5 and CONFIG_KASAN=y, leading to a very likely
kernel stack overflow aside from very complex object code:
hisilicon/hns/hns_dsaf_gmac.c: In function 'hns_gmac_update_stats':
hisilicon/hns/hns_dsaf_gmac.c:419:1: error: the frame size of 2912 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
hisilicon/hns/hns_dsaf_ppe.c: In function 'hns_ppe_reset_common':
hisilicon/hns/hns_dsaf_ppe.c:390:1: error: the frame size of 1184 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
hisilicon/hns/hns_dsaf_ppe.c: In function 'hns_ppe_get_regs':
hisilicon/hns/hns_dsaf_ppe.c:621:1: error: the frame size of 3632 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
hisilicon/hns/hns_dsaf_rcb.c: In function 'hns_rcb_get_common_regs':
hisilicon/hns/hns_dsaf_rcb.c:970:1: error: the frame size of 2784 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
hisilicon/hns/hns_dsaf_gmac.c: In function 'hns_gmac_get_regs':
hisilicon/hns/hns_dsaf_gmac.c:641:1: error: the frame size of 5728 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
hisilicon/hns/hns_dsaf_rcb.c: In function 'hns_rcb_get_ring_regs':
hisilicon/hns/hns_dsaf_rcb.c:1021:1: error: the frame size of 2208 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
hisilicon/hns/hns_dsaf_main.c: In function 'hns_dsaf_comm_init':
hisilicon/hns/hns_dsaf_main.c:1209:1: error: the frame size of 1904 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
hisilicon/hns/hns_dsaf_xgmac.c: In function 'hns_xgmac_get_regs':
hisilicon/hns/hns_dsaf_xgmac.c:748:1: error: the frame size of 4704 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
hisilicon/hns/hns_dsaf_main.c: In function 'hns_dsaf_update_stats':
hisilicon/hns/hns_dsaf_main.c:2420:1: error: the frame size of 1088 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
hisilicon/hns/hns_dsaf_main.c: In function 'hns_dsaf_get_regs':
hisilicon/hns/hns_dsaf_main.c:2753:1: error: the frame size of 10768 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
This does not seem to happen any more with gcc-7, but removing the ACCESS_ONCE
seems safe anyway and it avoids a serious issue for some people. I have verified
that with gcc-5.3.1, the object code we get is better in the new version
both with and without CONFIG_KASAN, as we no longer allocate a 1344 byte
stack frame for hns_dsaf_get_regs() but otherwise have practically identical
object code.
With gcc-7.0.0, removing ACCESS_ONCE has no effect, the object code is already
good either way.
This patch is probably not urgent to get into 4.11 as only KASAN=y builds
with certain compilers are affected, but I still think it makes sense to
backport into older kernels.
Fixes: 511e6bc ("net: add Hisilicon Network Subsystem DSAF support")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/hisilicon/hns/hns_dsaf_reg.h | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
--- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_reg.h
+++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_reg.h
@@ -900,9 +900,7 @@
static inline void dsaf_write_reg(void __iomem *base, u32 reg, u32 value)
{
- u8 __iomem *reg_addr = ACCESS_ONCE(base);
-
- writel(value, reg_addr + reg);
+ writel(value, base + reg);
}
#define dsaf_write_dev(a, reg, value) \
@@ -910,9 +908,7 @@ static inline void dsaf_write_reg(void _
static inline u32 dsaf_read_reg(u8 __iomem *base, u32 reg)
{
- u8 __iomem *reg_addr = ACCESS_ONCE(base);
-
- return readl(reg_addr + reg);
+ return readl(base + reg);
}
#define dsaf_read_dev(a, reg) \
next prev parent reply other threads:[~2017-02-13 13:05 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-13 13:04 [PATCH 4.4 00/20] 4.4.49-stable review Greg Kroah-Hartman
2017-02-13 13:04 ` [PATCH 4.4 01/20] ARC: [arcompact] brown paper bag bug in unaligned access delay slot fixup Greg Kroah-Hartman
2017-02-13 13:04 ` Greg Kroah-Hartman
2017-02-13 13:04 ` [PATCH 4.4 02/20] selinux: fix off-by-one in setprocattr Greg Kroah-Hartman
2017-02-13 13:04 ` [PATCH 4.4 03/20] Revert "x86/ioapic: Restore IO-APIC irq_chip retrigger callback" Greg Kroah-Hartman
2017-02-13 13:04 ` [PATCH 4.4 04/20] cpumask: use nr_cpumask_bits for parsing functions Greg Kroah-Hartman
2017-02-13 13:04 ` Greg Kroah-Hartman [this message]
2017-02-13 13:04 ` [PATCH 4.4 06/20] ARM: 8643/3: arm/ptrace: Preserve previous registers for short regset write Greg Kroah-Hartman
2017-02-13 13:04 ` [PATCH 4.4 07/20] target: Dont BUG_ON during NodeACL dynamic -> explicit conversion Greg Kroah-Hartman
2017-02-13 13:04 ` [PATCH 4.4 08/20] target: Use correct SCSI status during EXTENDED_COPY exception Greg Kroah-Hartman
2017-02-13 13:04 ` [PATCH 4.4 09/20] target: Fix early transport_generic_handle_tmr abort scenario Greg Kroah-Hartman
2017-02-13 13:04 ` [PATCH 4.4 10/20] target: Fix COMPARE_AND_WRITE ref leak for non GOOD status Greg Kroah-Hartman
2017-02-13 13:04 ` [PATCH 4.4 11/20] ARM: 8642/1: LPAE: catch pending imprecise abort on unmask Greg Kroah-Hartman
2017-02-13 13:04 ` Greg Kroah-Hartman
2017-02-13 13:04 ` [PATCH 4.4 12/20] mac80211: Fix adding of mesh vendor IEs Greg Kroah-Hartman
2017-02-13 13:04 ` [PATCH 4.4 13/20] [PATCH] netvsc: Set maximum GSO size in the right place Greg Kroah-Hartman
2017-02-13 13:04 ` [PATCH 4.4 14/20] scsi: zfcp: fix use-after-free by not tracing WKA port open/close on failed send Greg Kroah-Hartman
2017-02-13 13:05 ` [PATCH 4.4 15/20] scsi: aacraid: Fix INTx/MSI-x issue with older controllers Greg Kroah-Hartman
2017-02-13 13:05 ` [PATCH 4.4 16/20] scsi: mpt3sas: disable ASPM for MPI2 controllers Greg Kroah-Hartman
2017-02-13 13:05 ` [PATCH 4.4 17/20] xen-netfront: Delete rx_refill_timer in xennet_disconnect_backend() Greg Kroah-Hartman
2017-02-13 13:05 ` [PATCH 4.4 18/20] ALSA: seq: Fix race at creating a queue Greg Kroah-Hartman
2017-02-13 13:05 ` [PATCH 4.4 19/20] ALSA: seq: Dont handle loop timeout at snd_seq_pool_done() Greg Kroah-Hartman
2017-02-13 13:05 ` [PATCH 4.4 20/20] drm/i915: fix use-after-free in page_flip_completed() Greg Kroah-Hartman
2017-02-13 17:09 ` [PATCH 4.4 00/20] 4.4.49-stable review Shuah Khan
2017-02-13 20:04 ` Guenter Roeck
2017-02-15 11:41 ` Sudip Mukherjee
2017-02-15 16:36 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170213130403.755701944@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=arnd@arndb.de \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.