From: Arnd Bergmann <arnd@arndb.de>
To: kasan-dev@googlegroups.com
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>,
Alexander Potapenko <glider@google.com>,
Dmitry Vyukov <dvyukov@google.com>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-media@vger.kernel.org, linux-wireless@vger.kernel.org,
kernel-build-reports@lists.linaro.org,
"David S . Miller" <davem@davemloft.net>,
Arnd Bergmann <arnd@arndb.de>
Subject: [PATCH 26/26] kasan: rework Kconfig settings
Date: Thu, 2 Mar 2017 17:38:34 +0100 [thread overview]
Message-ID: <20170302163834.2273519-27-arnd@arndb.de> (raw)
In-Reply-To: <20170302163834.2273519-1-arnd@arndb.de>
We get a lot of very large stack frames using gcc-7.0.1 with the default
-fsanitize-address-use-after-scope --param asan-stack=1 options, which
can easily cause an overflow of the kernel stack, e.g.
drivers/acpi/nfit/core.c:2686:1: warning: the frame size of 4080 bytes is larger than 2048 bytes [-Wframe-larger-than=]
drivers/gpu/drm/amd/amdgpu/si.c:1756:1: warning: the frame size of 7304 bytes is larger than 2048 bytes [-Wframe-larger-than=]
drivers/gpu/drm/i915/gvt/handlers.c:2200:1: warning: the frame size of 43752 bytes is larger than 2048 bytes [-Wframe-larger-than=]
drivers/gpu/drm/vmwgfx/vmwgfx_drv.c:952:1: warning: the frame size of 6032 bytes is larger than 2048 bytes [-Wframe-larger-than=]
drivers/isdn/hardware/avm/b1.c:637:1: warning: the frame size of 13200 bytes is larger than 2048 bytes [-Wframe-larger-than=]
drivers/media/dvb-frontends/stv090x.c:3089:1: warning: the frame size of 5880 bytes is larger than 2048 bytes [-Wframe-larger-than=]
drivers/media/i2c/cx25840/cx25840-core.c:4964:1: warning: the frame size of 93992 bytes is larger than 2048 bytes [-Wframe-larger-than=]
drivers/net/wireless/ralink/rt2x00/rt2800lib.c:4994:1: warning: the frame size of 23928 bytes is larger than 2048 bytes [-Wframe-larger-than=]
drivers/staging/dgnc/dgnc_tty.c:2788:1: warning: the frame size of 7072 bytes is larger than 2048 bytes [-Wframe-larger-than=]
fs/ntfs/mft.c:2762:1: warning: the frame size of 7432 bytes is larger than 2048 bytes [-Wframe-larger-than=]
lib/atomic64_test.c:242:1: warning: the frame size of 12648 bytes is larger than 2048 bytes [-Wframe-larger-than=]
To reduce this risk, -fsanitize-address-use-after-scope is now split out
into a separate Kconfig option, vhich cannot be selected at the same
time as KMEMCHECK, leading to stack frames that are smaller than 2
kilobytes most of the time on x86_64. An earlier version of this
patch also prevented combining KASAN_EXTRA with KASAN_INLINE, but that
is no longer necessary with the latest gcc-7.0.1 snapshot.
A lot of warnings with KASAN_EXTRA go away if we disable KMEMCHECK,
as -fsanitize-address-use-after-scope seems to understand the builtin
memcpy, but adds checking code around an extern memcpy call. I had
to work around a circular dependency, as DEBUG_SLAB/SLUB depended
on !KMEMCHECK, while KASAN did it the other way round. Now we handle
both the same way.
All patches to get the frame size below 3072 bytes with KASAN_EXTRA,
and below 2048 bytes without it have been submitted, so we can make
those the default now. Note that KASAN is only supported on arm64
and x86_64 at the moment, and both use 2048 byte stacks by default.
This reverts parts of commit commit 3f181b4 ("lib/Kconfig.debug:
disable -Wframe-larger-than warnings with KASAN=y").
I experimented a bit more with smaller stack frames and have another
follow-up series that reduces the warning limit for 64-bit architectures
to 1280 bytes and 1536 when CONFIG_KASAN (but not KASAN_EXTRA) is
enabled, this requires another ~25 patches to address the additional
warnings.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
lib/Kconfig.debug | 9 ++++-----
lib/Kconfig.kasan | 11 ++++++++++-
lib/Kconfig.kmemcheck | 1 +
scripts/Makefile.kasan | 3 +++
4 files changed, 18 insertions(+), 6 deletions(-)
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index 97d62c2da6c2..27c838c40a36 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -216,10 +216,9 @@ config ENABLE_MUST_CHECK
config FRAME_WARN
int "Warn for stack frames larger than (needs gcc 4.4)"
range 0 8192
- default 0 if KASAN
- default 2048 if GCC_PLUGIN_LATENT_ENTROPY
+ default 3072 if KASAN_EXTRA
default 1024 if !64BIT
- default 2048 if 64BIT
+ default 1280 if 64BIT
help
Tell gcc to warn at build time for stack frames larger than this.
Setting this too low will cause a lot of warnings.
@@ -499,7 +498,7 @@ config DEBUG_OBJECTS_ENABLE_DEFAULT
config DEBUG_SLAB
bool "Debug slab memory allocations"
- depends on DEBUG_KERNEL && SLAB && !KMEMCHECK
+ depends on DEBUG_KERNEL && SLAB && !KMEMCHECK && !KASAN
help
Say Y here to have the kernel do limited verification on memory
allocation as well as poisoning memory on free to catch use of freed
@@ -511,7 +510,7 @@ config DEBUG_SLAB_LEAK
config SLUB_DEBUG_ON
bool "SLUB debugging on by default"
- depends on SLUB && SLUB_DEBUG && !KMEMCHECK
+ depends on SLUB && SLUB_DEBUG && !KMEMCHECK && !KASAN
default n
help
Boot with debugging on by default. SLUB boots by default with
diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
index bd38aab05929..e88ce7cc13bb 100644
--- a/lib/Kconfig.kasan
+++ b/lib/Kconfig.kasan
@@ -5,7 +5,7 @@ if HAVE_ARCH_KASAN
config KASAN
bool "KASan: runtime memory debugger"
- depends on SLUB || (SLAB && !DEBUG_SLAB)
+ depends on SLUB || SLAB
select CONSTRUCTORS
select STACKDEPOT
help
@@ -20,6 +20,15 @@ config KASAN
Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB
(the resulting kernel does not boot).
+config KASAN_EXTRA
+ bool "KAsan: extra checks"
+ depends on KASAN
+ help
+ This enables further checks in the kernel address sanitizer, for now
+ it only includes the address-use-after-scope check which requires the
+ use of KASAN_OUTLINE to avoid excessive kernel stack frame sizes that
+ might lead to stack overflows.
+
choice
prompt "Instrumentation type"
depends on KASAN
diff --git a/lib/Kconfig.kmemcheck b/lib/Kconfig.kmemcheck
index 846e039a86b4..58b9f3f81dc8 100644
--- a/lib/Kconfig.kmemcheck
+++ b/lib/Kconfig.kmemcheck
@@ -7,6 +7,7 @@ menuconfig KMEMCHECK
bool "kmemcheck: trap use of uninitialized memory"
depends on DEBUG_KERNEL
depends on !X86_USE_3DNOW
+ depends on !KASAN_EXTRA
depends on SLUB || SLAB
depends on !CC_OPTIMIZE_FOR_SIZE
depends on !FUNCTION_TRACER
diff --git a/scripts/Makefile.kasan b/scripts/Makefile.kasan
index 9576775a86f6..3b3148faf866 100644
--- a/scripts/Makefile.kasan
+++ b/scripts/Makefile.kasan
@@ -29,5 +29,8 @@ else
endif
endif
+ifdef CONFIG_KASAN_EXTRA
CFLAGS_KASAN += $(call cc-option, -fsanitize-address-use-after-scope)
endif
+
+endif
--
2.9.0
next prev parent reply other threads:[~2017-03-02 16:48 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-02 16:38 [PATCH 00/26] bring back stack frame warning with KASAN Arnd Bergmann
2017-03-02 16:38 ` [PATCH 01/26] compiler: introduce noinline_for_kasan annotation Arnd Bergmann
2017-03-03 13:50 ` Andrey Ryabinin
2017-03-03 13:55 ` Alexander Potapenko
2017-03-03 14:30 ` Arnd Bergmann
2017-03-03 14:33 ` Alexander Potapenko
2017-03-03 14:51 ` Arnd Bergmann
2017-03-03 16:34 ` David Laight
2017-03-02 16:38 ` [PATCH 02/26] rewrite READ_ONCE/WRITE_ONCE Arnd Bergmann
2017-03-02 16:51 ` Christian Borntraeger
2017-03-02 17:55 ` Arnd Bergmann
2017-03-02 19:00 ` Christian Borntraeger
2017-03-02 21:45 ` Arnd Bergmann
2017-03-03 8:26 ` Christian Borntraeger
2017-03-03 9:54 ` Arnd Bergmann
2017-03-03 14:49 ` Peter Zijlstra
2017-03-03 14:57 ` Peter Zijlstra
2017-03-02 16:38 ` [PATCH 03/26] typecheck.h: avoid local variables in typecheck() macro Arnd Bergmann
2017-03-02 16:38 ` [PATCH 04/26] tty: kbd: reduce stack size with KASAN Arnd Bergmann
2017-03-02 16:38 ` [PATCH 05/26] netlink: mark nla_put_{u8,u16,u32} noinline_for_kasan Arnd Bergmann
2017-03-02 16:38 ` [PATCH 06/26] rocker: mark rocker_tlv_put_* functions as noinline_for_kasan Arnd Bergmann
2017-03-02 16:38 ` [PATCH 07/26] brcmsmac: reduce stack size with KASAN Arnd Bergmann
2017-03-06 9:16 ` Arend Van Spriel
2017-03-06 10:38 ` Arnd Bergmann
2017-03-06 11:02 ` Arend Van Spriel
2017-03-06 11:16 ` Arnd Bergmann
2017-03-06 11:18 ` Arnd Bergmann
2017-03-02 16:38 ` [PATCH 08/26] brcmsmac: make some local variables 'static const' to reduce stack size Arnd Bergmann
2017-03-06 9:30 ` Arend Van Spriel
2017-03-06 16:19 ` Kalle Valo
2017-03-06 21:34 ` Arnd Bergmann
2017-03-07 9:44 ` Kalle Valo
2017-03-07 9:55 ` Arend Van Spriel
2017-03-02 16:38 ` [PATCH 09/26] brcmsmac: split up wlc_phy_workarounds_nphy Arnd Bergmann
2017-03-06 9:31 ` Arend Van Spriel
2017-03-02 16:38 ` [PATCH 10/26] brcmsmac: reindent split functions Arnd Bergmann
2017-03-06 9:33 ` Arend Van Spriel
2017-03-06 16:24 ` Kalle Valo
2017-03-02 16:38 ` [PATCH 11/26] rtlwifi: reduce stack usage for KASAN Arnd Bergmann
2017-03-02 16:38 ` [PATCH 12/26] wl3501_cs: reduce stack size " Arnd Bergmann
2017-03-02 16:38 ` [PATCH 13/26] rtl8180: " Arnd Bergmann
2017-03-02 16:38 ` [PATCH 14/26] [media] dvb-frontends: reduce stack size in i2c access Arnd Bergmann
2017-03-02 16:38 ` [PATCH 15/26] [media] tuners: i2c: reduce stack usage for tuner_i2c_xfer_* Arnd Bergmann
2017-03-02 16:38 ` [PATCH 16/26] [media] i2c: adv7604: mark register access as noinline_for_kasan Arnd Bergmann
2017-03-02 16:38 ` [PATCH 17/26] [media] i2c: ks0127: reduce stack frame size for KASAN Arnd Bergmann
2017-03-02 16:38 ` [PATCH 18/26] [media] i2c: cx25840: avoid stack overflow with KASAN Arnd Bergmann
2017-03-02 16:38 ` [PATCH 19/26] [media] r820t: mark register functions as noinline_for_kasan Arnd Bergmann
2017-03-02 16:38 ` [PATCH 20/26] [media] em28xx: split up em28xx_dvb_init to reduce stack size Arnd Bergmann
2017-04-17 17:07 ` Mauro Carvalho Chehab
2017-03-02 16:38 ` [PATCH 21/26] drm/bridge: ps8622: reduce stack size for KASAN Arnd Bergmann
2017-03-02 16:38 ` [PATCH 22/26] drm/i915/gvt: don't overflow the kernel stack with KASAN Arnd Bergmann
2017-03-02 16:38 ` [PATCH 23/26] mtd: cfi: reduce stack size " Arnd Bergmann
2017-03-02 16:38 ` [PATCH 24/26] ocfs2: " Arnd Bergmann
2017-03-02 17:46 ` Joe Perches
2017-03-02 22:22 ` Arnd Bergmann
2017-03-02 22:40 ` Joe Perches
2017-03-02 22:59 ` Arnd Bergmann
2017-03-02 23:58 ` Joe Perches
2017-03-02 16:38 ` [PATCH 25/26] isdn: eicon: mark divascapi incompatible with kasan Arnd Bergmann
2017-03-03 14:20 ` Andrey Ryabinin
2017-03-03 14:54 ` Arnd Bergmann
2017-03-03 15:22 ` Andrey Ryabinin
2017-03-03 15:37 ` Arnd Bergmann
2017-03-02 16:38 ` Arnd Bergmann [this message]
2017-03-03 14:51 ` [PATCH 26/26] kasan: rework Kconfig settings Andrey Ryabinin
2017-03-03 15:03 ` Arnd Bergmann
2017-03-03 12:25 ` [PATCH 00/26] bring back stack frame warning with KASAN Alexander Potapenko
2017-03-03 12:54 ` Arnd Bergmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170302163834.2273519-27-arnd@arndb.de \
--to=arnd@arndb.de \
--cc=aryabinin@virtuozzo.com \
--cc=davem@davemloft.net \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=kernel-build-reports@lists.linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox