Re: [PATCH] [v2] kasan: remove clang version check for KASAN_STACK

From: Nick Desaulniers
Date: Fri Jul 19 2019 - 16:56:44 EST


On Fri, Jul 19, 2019 at 1:03 PM Arnd Bergmann <arnd@xxxxxxxx> wrote:
>
> asan-stack mode still uses dangerously large kernel stacks of
> tens of kilobytes in some drivers, and it does not seem that anyone
> is working on the clang bug.

Acked-by: Nick Desaulniers <ndesaulniers@xxxxxxxxxx>

>
> Turn it off for all clang versions to prevent users from
> accidentally enabling it once they update to clang-9, and
> to help automated build testing with clang-9.
>
> Link: https://bugs.llvm.org/show_bug.cgi?id=38809
> Fixes: 6baec880d7a5 ("kasan: turn off asan-stack for clang-8 and earlier")
> Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx>
> ---
> v2: disable the feature for all clang versions, not just 9 and below.
> ---
> lib/Kconfig.kasan | 11 +++++------
> 1 file changed, 5 insertions(+), 6 deletions(-)
>
> diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
> index 4fafba1a923b..7fa97a8b5717 100644
> --- a/lib/Kconfig.kasan
> +++ b/lib/Kconfig.kasan
> @@ -106,7 +106,6 @@ endchoice
>
> config KASAN_STACK_ENABLE
> bool "Enable stack instrumentation (unsafe)" if CC_IS_CLANG && !COMPILE_TEST
> - default !(CLANG_VERSION < 90000)
> depends on KASAN
> help
> The LLVM stack address sanitizer has a know problem that
> @@ -115,11 +114,11 @@ config KASAN_STACK_ENABLE
> Disabling asan-stack makes it safe to run kernels build
> with clang-8 with KASAN enabled, though it loses some of
> the functionality.
> - This feature is always disabled when compile-testing with clang-8
> - or earlier to avoid cluttering the output in stack overflow
> - warnings, but clang-8 users can still enable it for builds without
> - CONFIG_COMPILE_TEST. On gcc and later clang versions it is
> - assumed to always be safe to use and enabled by default.
> + This feature is always disabled when compile-testing with clang
> + to avoid cluttering the output in stack overflow warnings,
> + but clang users can still enable it for builds without
> + CONFIG_COMPILE_TEST. On gcc it is assumed to always be safe
> + to use and enabled by default.
>
> config KASAN_STACK
> int
> --
> 2.20.0
>
> --
> You received this message because you are subscribed to the Google Groups "Clang Built Linux" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to clang-built-linux+unsubscribe@xxxxxxxxxxxxxxxxx
> To view this discussion on the web visit https://groups.google.com/d/msgid/clang-built-linux/20190719200347.2596375-1-arnd%40arndb.de.



--
Thanks,
~Nick Desaulniers