From patchwork Tue Feb 20 11:55:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 128890 Delivered-To: patch@linaro.org Received: by 10.46.124.24 with SMTP id x24csp4558491ljc; Tue, 20 Feb 2018 04:02:46 -0800 (PST) X-Google-Smtp-Source: AH8x224U13LlSGDNJrDj8joGPc/2jCllwinypmMU7jNJRvvWW3zP1W1DE480I1y5o4r2r/Kk5tlY X-Received: by 2002:a17:902:8a4:: with SMTP id 33-v6mr17064114pll.279.1519128165938; Tue, 20 Feb 2018 04:02:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519128165; cv=none; d=google.com; s=arc-20160816; b=ytTLXtrNcuzqOgUhR73wXqiCdf3C2NUA9GGXlWrdKqS3nkVRcZT85sk2i0fDfbm3eU 9+mb9YtoVtkWau/dsTtPzobsJK03KYf7hIKE/xt3dzC7wbHQUNU7RnzggXZ7f3vkvv98 yJdxtZW7KY/dqWhziInMVYrdOOhPwTWUsDX0h6VplBBAi7vdAR8N2GcUMhcgKvV6cWzg 0Hy1xnJtl2B12t0zfIL20hAlL+Q5C4xDtS7mA+QEDdiJeUvRA2NNwS8WZmtzBdROtRdg OoopTHPq/MyLeb3+mz8tWrNUJYy1CXXJ5bm7VMnf6e8CWYiJqWjJpVrCZ7/E1lSVqUwf jI4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=n0VPyhCXMZURuvjGfsn+sOKO7XNwJVSThX0pcKQE9K4=; b=N8wCBoeEi3EGGgFQRTo+3ZtKccKt/NRiLYf24J9+YSt3vm84Xt7FRICudDQGzQ76QZ pIUHfYimM+5DVE8Bmo/P91UnfHWpAmvHiEEuDYQsrfeoGbRPp1vi4k8DSNW8N92DtPin sdb3Uv/OESfeUbqkAqJYuffLdUpgCkP5AgDUE8bQp5BNtzmXmWXn1ik5WgcNwuXPnFCy mGoNtcC0bSPQY4k4OIGH0Y6GZs2v5RNW8gf3RAYSuCuMxRPPjyC86ZKmA3Xon+pnNjNN xme3UgbkOtHdiUDFXs7omn72xYwAExtXUDYak9QobF7Sovl04G0eS+jjpgbpJnKZzsP0 YmjQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d12si3028254pgt.558.2018.02.20.04.02.20; Tue, 20 Feb 2018 04:02:45 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752137AbeBTMCR (ORCPT + 28 others); Tue, 20 Feb 2018 07:02:17 -0500 Received: from mout.kundenserver.de ([217.72.192.75]:46519 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751459AbeBTMAV (ORCPT ); Tue, 20 Feb 2018 07:00:21 -0500 Received: from wuerfel.lan ([95.208.111.237]) by mrelayeu.kundenserver.de (mreue105 [212.227.15.145]) with ESMTPA (Nemesis) id 0LdmTL-1eOhjs30Rn-00j0Pm; Tue, 20 Feb 2018 13:00:11 +0100 From: Arnd Bergmann To: stable@vger.kernel.org Cc: Greg KH , linux-kernel@vger.kernel.org, Arnd Bergmann , Mauro Carvalho Chehab , Andrey Ryabinin , Alexander Potapenko , Dmitry Vyukov , Andrey Konovalov , Andrew Morton , Linus Torvalds , Sudip Mukherjee , Sasha Levin Subject: [4.4-stable 22/22] kasan: rework Kconfig settings Date: Tue, 20 Feb 2018 12:55:09 +0100 Message-Id: <20180220115527.1806578-23-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 In-Reply-To: <20180220115527.1806578-1-arnd@arndb.de> References: <20180220115527.1806578-1-arnd@arndb.de> X-Provags-ID: V03:K0:S4mdm5x4T++C9QIixzjcAyGZztw2Zy+ftfeWHzCdBr9tmDnyvLd 7TxMbnkqGnj2EPd6s1wyDcMmITN6XRBYqIQGPhFIKIC93C/pORvDSnx8VpFkw7kMMI8ty6x uV6mRkvOezSskeR6DhXVGyweZtkCVRNy+gdUTfHS6Jsp1NerKBlMhhZG8NWZw04AMVbe20d Ojcz/sZqsyOSSCCGm3tNw== X-UI-Out-Filterresults: notjunk:1; V01:K0:bVxY23n4UA0=:m0lyNLaLHxedUEauTCm1Yy 07SNmLRWDZlcRzfhMb6kJfQ28ZBK32c7jVtiSf8cCJ9UlZWQTk28mJB8FpkZppQUJ+8QsSmWW DVmd69pU7y7zXLmNn2qWpBDl2rY58KRTTtRKuL7mC/RU8DlkArI1m2JiDMdVal0IMZDRG7cyK vXELcXIiO+x7nn3nhJhCgd43hbajLzbIDNerInW8KF4hjXN0SXn8FlpPcJg1puSTabj/cepFy +qFdNqsJTscGJNbxZdlBnWwT/Lh9DXjkzTE50npzi79F09c6jGIiM03cBhdk2QaNOt65AqiTk yUaNHobffZVPWe3SHCOhEAZR8V5VpmNfoDasmJMV2t1BEd8LRDqvMZObozKYkvcLkw7TmrUsL stVYFbJOk1NIpwX1E5JCRrYbjcIkp9oBeQZahtaLdq4qw7JImG8RAMUQhUy58ZciYAkBXn98m gbZWmyporQZ+U2pZGTXVbJHqpO8ZaBkyKXJZR/AzbaR0pvi8sAXOjvqQAqtP6WLrI5IMHJUUI lwPceMSCR3HmMUqa45kGgR22p+EONmSt5dhtzopHz2jRqBmPxhjsS/ujGCF+5Qz/RbFbhnOqx mBXj/TQFfmKCG3dhql3QEOm6hBWoqsR2KlSoCsxDLHUUhFlkcc7b5krEJubdXKcRX143c3QZd sUncxDuCis3rcY5d2BqLnCWhLEZeU3qwYAAaWCjDm9NjhKAyF0hg/S05wLM1ZIuHCW1IB6Qcg kvgH1kvWtMjhArgEtweDdwwPko1jvKhXIaB0xA== Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org commit e7c52b84fb18f08ce49b6067ae6285aca79084a8 upstream. We get a lot of very large stack frames using gcc-7.0.1 with the default -fsanitize-address-use-after-scope --param asan-stack=1 options, which can easily cause an overflow of the kernel stack, e.g. drivers/gpu/drm/i915/gvt/handlers.c:2434:1: warning: the frame size of 46176 bytes is larger than 3072 bytes drivers/net/wireless/ralink/rt2x00/rt2800lib.c:5650:1: warning: the frame size of 23632 bytes is larger than 3072 bytes lib/atomic64_test.c:250:1: warning: the frame size of 11200 bytes is larger than 3072 bytes drivers/gpu/drm/i915/gvt/handlers.c:2621:1: warning: the frame size of 9208 bytes is larger than 3072 bytes drivers/media/dvb-frontends/stv090x.c:3431:1: warning: the frame size of 6816 bytes is larger than 3072 bytes fs/fscache/stats.c:287:1: warning: the frame size of 6536 bytes is larger than 3072 bytes To reduce this risk, -fsanitize-address-use-after-scope is now split out into a separate CONFIG_KASAN_EXTRA Kconfig option, leading to stack frames that are smaller than 2 kilobytes most of the time on x86_64. An earlier version of this patch also prevented combining KASAN_EXTRA with KASAN_INLINE, but that is no longer necessary with gcc-7.0.1. All patches to get the frame size below 2048 bytes with CONFIG_KASAN=y and CONFIG_KASAN_EXTRA=n have been merged by maintainers now, so we can bring back that default now. KASAN_EXTRA=y still causes lots of warnings but now defaults to !COMPILE_TEST to disable it in allmodconfig, and it remains disabled in all other defconfigs since it is a new option. I arbitrarily raise the warning limit for KASAN_EXTRA to 3072 to reduce the noise, but an allmodconfig kernel still has around 50 warnings on gcc-7. I experimented a bit more with smaller stack frames and have another follow-up series that reduces the warning limit for 64-bit architectures to 1280 bytes (without CONFIG_KASAN). With earlier versions of this patch series, I also had patches to address the warnings we get with KASAN and/or KASAN_EXTRA, using a "noinline_if_stackbloat" annotation. That annotation now got replaced with a gcc-8 bugfix (see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715) and a workaround for older compilers, which means that KASAN_EXTRA is now just as bad as before and will lead to an instant stack overflow in a few extreme cases. This reverts parts of commit 3f181b4d8652 ("lib/Kconfig.debug: disable -Wframe-larger-than warnings with KASAN=y"). Two patches in linux-next should be merged first to avoid introducing warnings in an allmodconfig build: 3cd890dbe2a4 ("media: dvb-frontends: fix i2c access helpers for KASAN") 16c3ada89cff ("media: r820t: fix r820t_write_reg for KASAN") Do we really need to backport this? I think we do: without this patch, enabling KASAN will lead to unavoidable kernel stack overflow in certain device drivers when built with gcc-7 or higher on linux-4.10+ or any version that contains a backport of commit c5caf21ab0cf8. Most people are probably still on older compilers, but it will get worse over time as they upgrade their distros. The warnings we get on kernels older than this should all be for code that uses dangerously large stack frames, though most of them do not cause an actual stack overflow by themselves.The asan-stack option was added in linux-4.0, and commit 3f181b4d8652 ("lib/Kconfig.debug: disable -Wframe-larger-than warnings with KASAN=y") effectively turned off the warning for allmodconfig kernels, so I would like to see this fix backported to any kernels later than 4.0. I have done dozens of fixes for individual functions with stack frames larger than 2048 bytes with asan-stack, and I plan to make sure that all those fixes make it into the stable kernels as well (most are already there). Part of the complication here is that asan-stack (from 4.0) was originally assumed to always require much larger stacks, but that turned out to be a combination of multiple gcc bugs that we have now worked around and fixed, but sanitize-address-use-after-scope (from v4.10) has a much higher inherent stack usage and also suffers from at least three other problems that we have analyzed but not yet fixed upstream, each of them makes the stack usage more severe than it should be. Link: http://lkml.kernel.org/r/20171221134744.2295529-1-arnd@arndb.de Signed-off-by: Arnd Bergmann Acked-by: Andrey Ryabinin Cc: Mauro Carvalho Chehab Cc: Andrey Ryabinin Cc: Alexander Potapenko Cc: Dmitry Vyukov Cc: Andrey Konovalov Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds [arnd: rebase to v4.4; only re-enable warning] Signed-off-by: Arnd Bergmann --- lib/Kconfig.debug | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.9.0 diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index b53b375e14bd..f0602beeba26 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -197,7 +197,7 @@ config ENABLE_MUST_CHECK config FRAME_WARN int "Warn for stack frames larger than (needs gcc 4.4)" range 0 8192 - default 0 if KASAN + default 2048 if GCC_PLUGIN_LATENT_ENTROPY default 1024 if !64BIT default 2048 if 64BIT help