Re: [PATCH] kasan: turn off asan-stack for clang-8 and earlier

From: Arnd Bergmann
Date: Wed Feb 20 2019 - 16:13:43 EST

On Wed, Feb 20, 2019 at 9:02 PM Nick Desaulniers
<ndesaulniers@xxxxxxxxxx> wrote:
> On Wed, Feb 20, 2019 at 10:44 AM Mark Brown <broonie@xxxxxxxxxx> wrote:
> >
> > On Wed, Feb 20, 2019 at 10:07:36AM -0800, Nick Desaulniers wrote:
> >
> > > I like Evgenii's idea:
> > >
> >
> > That's a suggestion to tune the inlining heuristics.
> Yes; but it will also improve KASAN (if feasible).

>From my experiments that I cited in the bug report, very few cases
seem to actually be the result of different inlining decisions, and those
that are tend to be kernel bugs (e.g. in drivers/scsi/bfa/bfa_fcs_lport.c
clang reports a larger stack than gcc because it combines two functions
that individually use 800 bytes each, but if one calls the other, we
use even more stack than the combined function).

In the example in
( there is no inlining, yet clang uses
over ten times as much stack space as gcc, for reasons I still
can't explain. My assumption right now is that the underlying bug
causes most of the problems with excessive stack usage in
allmodconfig kernels.

> > > While I myself share Arnd's goal of driving compiler warnings to zero,
> > > in general I'd prefer not to disable warning-producing-features or
> > > disable warnings outright for cases where we have some ideas of
> > > changes we can make to the compiler. There's probably a list now of
> > > false warnings produced by old versions of Clang from bugs in Clang
> > > that we fixed. I'm not interested in additionally trying to work
> > > around those somehow in kernel sources.
> >
> > We do have infrastructure in the kernel for managing warnings based on
> > compiler version (Arnd was looking at some improvements to that IIRC),
> > if we've got a kernel that builds with a given compiler it's worth
> > looking at tuning what we do with that compiler. If newer versions of
> > the compiler work better or have new options we can turn things on for
> > them.
> so maybe something like (pseudocode):
> if kasan && clang && clang_version < 9:
> disable -Wframe-larger-than=
> If you overrun the stack with KASAN, a warning would be nice, but
> you'll hopefully find out the hard way at runtime. And that doesn't
> require up to 114 Makefile changes, which would be kind of obnoxious
> for this papercut.

That would mean that build testing allmodconfig with clang would
ignore all the interesting stack overflow bugs that happen in real
user systems without KASAN.