From patchwork Tue Dec 5 21:51:19 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 120757 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp6286647qgn; Tue, 5 Dec 2017 13:53:21 -0800 (PST) X-Google-Smtp-Source: AGs4zMayVmavDmKktFQkZkS6TZ93/XCVHUXS4+fogLMjd7tktb7+dI+/DjCTth5aSjKUtnyuxNVG X-Received: by 10.98.74.19 with SMTP id x19mr391576pfa.43.1512510801113; Tue, 05 Dec 2017 13:53:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512510801; cv=none; d=google.com; s=arc-20160816; b=AXNCaaceAqK40+RfZtoCO54h3neVYF3P3i1Rc9VCk/4DuGWaQGGVVlb2cA3ZxCGkaC GeOnRoabLwaDS3M7HKreoeqB/4V1uzLLTaQdx7jv08uo/4wI5B2UuNzhM/Ab0wFIB028 YJRT7CCdHOz5yFGUZg7qxr6kElZdChGbV8vJpvCgSlQ9DZ2bWDYwBzjqAAc9R82mg6MP BjobDtJfvTPitoZYp/iRZg4K+RVsE2py77i8JLUw0LvzA1GCnmT+sYtG3AZC4wMZr45R rvzXubO1IYcUDGnPkqgw/QfT948Gj6d+5vmS9Zi27UJSaP1tGlO4R0I5F84OPHodBhC4 g68A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=gAfUCegUFoZpAHB37ocsZIvFD+xgfl1hfmZl9wbK0p4=; b=TLi5QHzQhpkYtCBsJiNOMynx7SUehs0TH5eZC8Wjda4gs2yjGt7kHzWkVzV7b64VKq 384m3YQ/Yt+Nq6vGGhbSmaF7ux9yR4IrIRdBCH16QBUr+jH41DmkMNSnPVCdTBN81bf3 1pJvwVv7YeU3eEQJ/vjQlH4e1Wu4htLj5ImNndilPVEJzhg89F1kjZZfyu1Y+aG4REsv vO9/KUZ2IGXCJFkjfQjJCnSO8JJWqfbX6kkMFn6rtOZ/Jnhd3ValixO7lmCy88DLu+JJ YP3eIHoLTkYbAg9NMBbHHPty6dYkZ67ZczjupWskK0csqqDPTSHF1CgJL9bc+F1a8iiG ql7A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j21si679862pga.622.2017.12.05.13.53.20; Tue, 05 Dec 2017 13:53:21 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752338AbdLEVxU (ORCPT + 10 others); Tue, 5 Dec 2017 16:53:20 -0500 Received: from mout.kundenserver.de ([212.227.17.13]:61517 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751937AbdLEVxS (ORCPT ); Tue, 5 Dec 2017 16:53:18 -0500 Received: from wuerfel.lan ([149.172.96.106]) by mrelayeu.kundenserver.de (mreue102 [212.227.15.145]) with ESMTPA (Nemesis) id 0M4ZiO-1fIpQk3Ndc-00yevf; Tue, 05 Dec 2017 22:51:54 +0100 From: Arnd Bergmann To: Andrew Morton Cc: Kees Cook , Mauro Carvalho Chehab , linux-media@vger.kernel.org, kasan-dev@googlegroups.com, Dmitry Vyukov , Alexander Potapenko , Andrey Ryabinin , linux-kbuild@vger.kernel.org, Arnd Bergmann , stable@vger.kernel.org, Daniel Micay , Greg Kroah-Hartman , Martin Wilck , Dan Williams , linux-kernel@vger.kernel.org Subject: [PATCH] string.h: work around for increased stack usage Date: Tue, 5 Dec 2017 22:51:19 +0100 Message-Id: <20171205215143.3085755-1-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 X-Provags-ID: V03:K0:VQgXDjP9eK4+StWURuEMmZ2exfcrp6RndSF1ydspo7q4gh7A0Xa KS5pxycoE3SOwmFMmld8xN7InjEBIrIo1NjMkwv/Hez5paDV7vFlHOUqyNS0WvwgZBk2s5e 7QN5y0FnVGlDwuL5I8rTpzyCHr4V6u+7D0nrmb3kGayXA5ndFMEa/iJSz4tGpulAB3yreED upFXl8GAOPfAXJBmhLu3Q== X-UI-Out-Filterresults: notjunk:1; V01:K0:4MlgYqDGkro=:86SBotCwvOGtqfuBc3pAFh Ts2GlwSlyVkN4nLdBj8/yOKJpmvsEf5U4B34C5LEKqn2Im+0flD9bcy6YVudebnxJ1L+6DohR j7/mJKmRr1jH71XkbagBe8DtuQ5GJCV6EjdEjMD4RMpu5TPs4kQiig3Gcw4tvdkqq8XH2bcPT GPR369VoyO+J/xD/evdJQOb/BsyADR0MSdq2fP/OvXgBkO/uzi7JpYvfYeVMG/ezZm4I+TwiF IkJY5otNKF9KdzruAmkXFYKnXPMA49xqMsDNYJnZeRAl1YKHswda6TOajLCHGHJ5mC+XM+URw gaznGO1LfT4QqlLR6FXyD+s2tqJSz4o21KPfmyHff1xn1UrdLqnliS74jjPSNuySzaW4rtgrI EbFP/P3M+i0wF17ve4JHDkXi3wtwtJDNBHyGeVNS2OXeqoyc3ApIvj4DL1cbSsYq9iOS4OHaD qDZhA8U5NxlmejUK6xYTeMCWveQIvlm77pke5Qkxbihk8luCGP+XyM5YG7vl8xSOljQexs+Ba Q8RHwb/362kJS4kiGyfzbqgqZ5zDfhIgs4vpV5Ofd8qDVmUcAJU7Q/4s//uxw95PwsGlTCPJO E9zZSUs8x6J2BSScWet1KAv1+O0pTqkeUKB7RsRCxfWDfxi4IVIskLUebuRNPypnQwd1gMbb/ gxXaUK/0ut/bgDfKtIA0KlO/IAvUsZOemI787cprci9JC0azVvT4LWnK+kQwSp9s2RV7+04MH xlnZpJ2cuY44brz0QrNZ7TdLQErz25a3bKoIWg== Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org The hardened strlen() function causes rather large stack usage in at least one file in the kernel, in particular when CONFIG_KASAN is enabled: drivers/media/usb/em28xx/em28xx-dvb.c: In function 'em28xx_dvb_init': drivers/media/usb/em28xx/em28xx-dvb.c:2062:1: error: the frame size of 3256 bytes is larger than 204 bytes [-Werror=frame-larger-than=] Analyzing this problem led to the discovery that gcc fails to merge the stack slots for the i2c_board_info[] structures after we strlcpy() into them, due to the 'noreturn' attribute on the source string length check. I reported this as a gcc bug, but it is unlikely to get fixed for gcc-8, since it is relatively easy to work around, and it gets triggered rarely. An earlier workaround I did added an empty inline assembly statement before the call to fortify_panic(), which works surprisingly well, but is really ugly and unintuitive. This is a new approach to the same problem, this time addressing it by not calling the 'extern __real_strnlen()' function for string constants where __builtin_strlen() is a compile-time constant and therefore known to be safe. We do this by checking if the last character in the string is a compile-time constant '\0'. If it is, we can assume that strlen() of the string is also constant. As a side-effect, this should also improve the object code output for any other call of strlen() on a string constant. Cc: stable@vger.kernel.org Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82365 Link: https://patchwork.kernel.org/patch/9980413/ Link: https://patchwork.kernel.org/patch/9974047/ Signed-off-by: Arnd Bergmann --- v3: don't use an asm barrier but use a constant string change. Aside from two other patches for drivers/media that I sent last week, this should fix all stack frames above 2KB, once all three are merged, I'll send the patch to re-enable the warning. --- include/linux/string.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -- 2.9.0 diff --git a/include/linux/string.h b/include/linux/string.h index 410ecf17de3c..e5cc3f27f6e0 100644 --- a/include/linux/string.h +++ b/include/linux/string.h @@ -259,7 +259,8 @@ __FORTIFY_INLINE __kernel_size_t strlen(const char *p) { __kernel_size_t ret; size_t p_size = __builtin_object_size(p, 0); - if (p_size == (size_t)-1) + if (p_size == (size_t)-1 || + (__builtin_constant_p(p[p_size - 1]) && p[p_size - 1] == '\0')) return __builtin_strlen(p); ret = strnlen(p, p_size); if (p_size <= ret)