From patchwork Wed Jun 14 21:15:46 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 105594 Delivered-To: patch@linaro.org Received: by 10.140.91.77 with SMTP id y71csp490561qgd; Wed, 14 Jun 2017 14:23:08 -0700 (PDT) X-Received: by 10.84.237.2 with SMTP id s2mr2202858plk.176.1497475388120; Wed, 14 Jun 2017 14:23:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1497475388; cv=none; d=google.com; s=arc-20160816; b=bPog4xLlrZeUQfYpVvlsVtzPRWkqw+ZS6YF+d7wQ9z9bnLhtLBzUw/mh35p4Eoqktl XPQLTEcHLl7NjL5GaBBRu9Eg4fwwjT8Wwr85MvmzIMQhNBXIyGT28qcXnfVcE8/F1nJS 0SpFDa4ILpvIOEl1QctH3y4s+VQi7avRWLwds3UE6TPkB1ZGmvbXUWSQB+LyYxhh65sv /NjLDTkM2rFtgmx9cGDRbeS9q2aDzxXuqDdskoUWj5FG8NRzjjyBVjCrrf/3PQ8LcfTY fEqSu1qt9m0pYrZ8GRSNZx/LlmUrtaezKvAxm6eLe0Ej4m9nc3r82tyZZVf3riCHuJ6P 6jLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=vhzMS+cAe3tKF/GyIlcaidIe3N3KrdX49cWF9enqk5s=; b=l72TDgeg4NTqsiWbZhIkcbXmVSs52rgLjf1zbO9SgIVOuCSRu0L76l7AyIm2PGWlDl zsClGTFRrdUV85YQf8rYqwlykSj6QIvuBlNYePUIv1GWvQfrHY2F2+gnxdFzfEFHc6GL NDGz3GHkagywny8ei11mM+nUOf7r7Rm6DzaVBTSaQ8JXj//9ymSVRQ0Azff4Z93TvmxE ADbgOICd8JscaQrTGczPc8E5i7P7o8da4OxgqYowYSX9ZVJ1mtI73l/sSO4aBS306o7b 4VRiZWtr0nzu5gtG0kQZ4dfPd75o5n5+s3BdBWa3CpQC1W4x8XYsC98W0vjHi0oL6A/+ tlIw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x13si809052plm.99.2017.06.14.14.23.07; Wed, 14 Jun 2017 14:23:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752609AbdFNVXF (ORCPT + 25 others); Wed, 14 Jun 2017 17:23:05 -0400 Received: from mout.kundenserver.de ([212.227.126.133]:57132 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752097AbdFNVXC (ORCPT ); Wed, 14 Jun 2017 17:23:02 -0400 Received: from wuerfel.lan ([78.42.17.5]) by mrelayeu.kundenserver.de (mreue001 [212.227.15.129]) with ESMTPA (Nemesis) id 0MVmFr-1dKTcB1Pjz-00Z2aB; Wed, 14 Jun 2017 23:22:36 +0200 From: Arnd Bergmann To: Andrew Morton Cc: kasan-dev@googlegroups.com, Dmitry Vyukov , Alexander Potapenko , Andrey Ryabinin , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Arend van Spriel , Arnd Bergmann , Masahiro Yamada , Michal Marek , Kees Cook , Ingo Molnar , "David S. Miller" , linux-kbuild@vger.kernel.org Subject: [PATCH v2 11/11] kasan: rework Kconfig settings Date: Wed, 14 Jun 2017 23:15:46 +0200 Message-Id: <20170614211556.2062728-12-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 In-Reply-To: <20170614211556.2062728-1-arnd@arndb.de> References: <20170614211556.2062728-1-arnd@arndb.de> X-Provags-ID: V03:K0:UC7R7148ukV/h+Xmfsb2bH5fU43HSGyW7dIgEYMkIjvRsF7ox38 yI+qtRIP5YLlX/s/Fs/lLB1ARVt/vh/8dxvN57jQOOgDaJtXylYf1cuYyrkaOTUtvzy3Y/4 vUxmFV5iVBOgET8ddZ4+dVruQWSzkEHCygOOHucXdnC7rteb5S/qKvIYSXv3gGaZbRG/PA2 RVbExV4O+/67zfMbw4ekw== X-UI-Out-Filterresults: notjunk:1; V01:K0:XWEPciEX5bM=:Gfxx6OFGPpG+Izumbj12Cv p+yaeTNfWmZto3R13FC/joMeIs1b6ZG6IfBcQjdgvWznsfH6RFwP1EQOOUxYIdA6grV5sNU1L 81Dzcn8xoGS3317ah/2FrHL2DYgKFD6+8aeNKS5LUOfwRc3lRuXNNVLPgjrJFAo2E7vaLRn4t Q21gRPCzq/JNdBHX+EhjoK9tw7+n1dl2s4jkJpjJcxgARFWFWRPViJwE56F5yHHIEfKUMMe3q prFNtmr6omgmWHvFd1V+TcU2aO0M+Nh44OBGvIn8gmnYbiQo+nSJMMuANp3PJ3igLxlTw83sX 5DZOzxbFkFKiBsl6FjPIhc8+WyJ1xOXkz8+H6vKhLCd3O+u+Pb6ENqQeprdF6KUres7HuBMC7 GplzkhCBkJ9UYOvFLArYnZJsaorkuL52oL34gnECIkrExpZgMykBaMr+TWQad6WSfMzBeZg0T B29KaFjiq1ZO9SwsuuTrK30ea9oF8m3P/p/Oabsg98+5pbS1f4puEuMZd1NR9XnYnMgNsiUbG wDBoaXWTl/bxFp8Fp4zc7lcbt7vutNznEJadJvaDoEDV3axKrAnIG2p7E9aUsGU2K/RgR1/8G furp6TEf8KICZe168NYzXaIYpCRDFcZ2nlgcQMoXYvgeIxUToXxbSu9eizjAe4RcXlt4IRZkf sR7xyWseirCqdvsoTNRRy5gokv0sFLmC2JQgURwrmGp7zreq18iuolxRdCkhXKwLvR0Q= Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org We get a lot of very large stack frames using gcc-7.0.1 with the default -fsanitize-address-use-after-scope --param asan-stack=1 options, which can easily cause an overflow of the kernel stack, e.g. drivers/acpi/nfit/core.c:2686:1: warning: the frame size of 4080 bytes is larger than 2048 bytes [-Wframe-larger-than=] drivers/gpu/drm/amd/amdgpu/si.c:1756:1: warning: the frame size of 7304 bytes is larger than 2048 bytes [-Wframe-larger-than=] drivers/gpu/drm/i915/gvt/handlers.c:2200:1: warning: the frame size of 43752 bytes is larger than 2048 bytes [-Wframe-larger-than=] drivers/gpu/drm/vmwgfx/vmwgfx_drv.c:952:1: warning: the frame size of 6032 bytes is larger than 2048 bytes [-Wframe-larger-than=] drivers/isdn/hardware/avm/b1.c:637:1: warning: the frame size of 13200 bytes is larger than 2048 bytes [-Wframe-larger-than=] drivers/media/dvb-frontends/stv090x.c:3089:1: warning: the frame size of 5880 bytes is larger than 2048 bytes [-Wframe-larger-than=] drivers/media/i2c/cx25840/cx25840-core.c:4964:1: warning: the frame size of 93992 bytes is larger than 2048 bytes [-Wframe-larger-than=] drivers/net/wireless/ralink/rt2x00/rt2800lib.c:4994:1: warning: the frame size of 23928 bytes is larger than 2048 bytes [-Wframe-larger-than=] drivers/staging/dgnc/dgnc_tty.c:2788:1: warning: the frame size of 7072 bytes is larger than 2048 bytes [-Wframe-larger-than=] fs/ntfs/mft.c:2762:1: warning: the frame size of 7432 bytes is larger than 2048 bytes [-Wframe-larger-than=] lib/atomic64_test.c:242:1: warning: the frame size of 12648 bytes is larger than 2048 bytes [-Wframe-larger-than=] To reduce this risk, -fsanitize-address-use-after-scope is now split out into a separate Kconfig option, vhich cannot be selected at the same time as KMEMCHECK, leading to stack frames that are smaller than 2 kilobytes most of the time on x86_64. An earlier version of this patch also prevented combining KASAN_EXTRA with KASAN_INLINE, but that is no longer necessary with gcc-7.0.1. A lot of warnings with KASAN_EXTRA go away if we disable KMEMCHECK, as -fsanitize-address-use-after-scope seems to understand the builtin memcpy, but adds checking code around an extern memcpy call. I had to work around a circular dependency, as DEBUG_SLAB/SLUB depended on !KMEMCHECK, while KASAN did it the other way round. Now we handle both the same way. All patches to get the frame size below 2048 bytes with CONFIG_KASAN=y and CONFIG_KASAN_EXTRA=n have been submitted along with this patch, so we can bring back that default now. KASAN_EXTRA=y still causes lots of warnings but now defaults to !COMPILE_TEST to disable it in allmodconfig, and it remains disabled in all other defconfigs since it is a new option. This reverts parts of commit commit 3f181b4 ("lib/Kconfig.debug: disable -Wframe-larger-than warnings with KASAN=y"). I experimented a bit more with smaller stack frames and have another follow-up series that reduces the warning limit for 64-bit architectures to 1280 bytes and 1536 when CONFIG_KASAN (but not KASAN_EXTRA) is enabled, this requires another ~25 patches to address the additional warnings. I also have patches for all KASAN_EXTRA warnings, but we should look at those separately and then decide whether to remove it completely, leaving out -fsanitize-address-use-after-scope. Signed-off-by: Arnd Bergmann --- lib/Kconfig.debug | 4 ++-- lib/Kconfig.kasan | 11 ++++++++++- lib/Kconfig.kmemcheck | 1 + scripts/Makefile.kasan | 3 +++ 4 files changed, 16 insertions(+), 3 deletions(-) -- 2.9.0 diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index ddbef2cac189..02ec4a4da7b1 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -217,7 +217,7 @@ config ENABLE_MUST_CHECK config FRAME_WARN int "Warn for stack frames larger than (needs gcc 4.4)" range 0 8192 - default 0 if KASAN + default 3072 if KASAN_EXTRA default 2048 if GCC_PLUGIN_LATENT_ENTROPY default 1024 if !64BIT default 2048 if 64BIT @@ -500,7 +500,7 @@ config DEBUG_OBJECTS_ENABLE_DEFAULT config DEBUG_SLAB bool "Debug slab memory allocations" - depends on DEBUG_KERNEL && SLAB && !KMEMCHECK + depends on DEBUG_KERNEL && SLAB && !KMEMCHECK && !KASAN help Say Y here to have the kernel do limited verification on memory allocation as well as poisoning memory on free to catch use of freed diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan index bd38aab05929..4d17a8f4742f 100644 --- a/lib/Kconfig.kasan +++ b/lib/Kconfig.kasan @@ -5,7 +5,7 @@ if HAVE_ARCH_KASAN config KASAN bool "KASan: runtime memory debugger" - depends on SLUB || (SLAB && !DEBUG_SLAB) + depends on SLUB || SLAB select CONSTRUCTORS select STACKDEPOT help @@ -20,6 +20,15 @@ config KASAN Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB (the resulting kernel does not boot). +config KASAN_EXTRA + bool "KAsan: extra checks" + depends on KASAN && !COMPILE_TEST + help + This enables further checks in the kernel address sanitizer, for now + it only includes the address-use-after-scope check that can lead + to excessive kernel stack usage, frame size warnings and longer + compile time. + choice prompt "Instrumentation type" depends on KASAN diff --git a/lib/Kconfig.kmemcheck b/lib/Kconfig.kmemcheck index 846e039a86b4..58b9f3f81dc8 100644 --- a/lib/Kconfig.kmemcheck +++ b/lib/Kconfig.kmemcheck @@ -7,6 +7,7 @@ menuconfig KMEMCHECK bool "kmemcheck: trap use of uninitialized memory" depends on DEBUG_KERNEL depends on !X86_USE_3DNOW + depends on !KASAN_EXTRA depends on SLUB || SLAB depends on !CC_OPTIMIZE_FOR_SIZE depends on !FUNCTION_TRACER diff --git a/scripts/Makefile.kasan b/scripts/Makefile.kasan index 9576775a86f6..3b3148faf866 100644 --- a/scripts/Makefile.kasan +++ b/scripts/Makefile.kasan @@ -29,5 +29,8 @@ else endif endif +ifdef CONFIG_KASAN_EXTRA CFLAGS_KASAN += $(call cc-option, -fsanitize-address-use-after-scope) endif + +endif