Re: [PATCH] [v4] kasan: rework Kconfig settings
From: Arnd Bergmann
Date: Sat Dec 23 2017 - 05:14:58 EST
On Fri, Dec 22, 2017 at 11:41 PM, Andrew Morton
<akpm@xxxxxxxxxxxxxxxxxxxx> wrote:
> On Thu, 21 Dec 2017 14:46:39 +0100 Arnd Bergmann <arnd@xxxxxxxx> wrote:
> Cc:stable is tricky. Apart from the ordering/scheduling issue,
> 16c3ada89cff doesn't have a cc:stable tag so merging this patch into
> stable will cause the abovementioned warning.
>
> Do we really need to backport this?
I think we do: without this patch, enabling KASAN will lead to
unavoidable kernel
stack overflow in certain device drivers when built with gcc-7 or higher on
linux-4.10+ or any version that contains a backport of commit c5caf21ab0cf8.
Most people are probably still on older compilers, but it will get
worse over time
as they upgrade their distros.
The warnings we get on kernels older than this should all be for code that uses
dangerously large stack frames, though most of them do not cause an actual
stack overflow by themselves.The asan-stack option was added in linux-4.0,
and commit 3f181b4d8652 ("lib/Kconfig.debug: disable -Wframe-larger-than
warnings with KASAN=y") effectively turned off the warning for allmodconfig
kernels, so I would like to see this fix backported to any kernels
later than 4.0.
I have done dozens of fixes for individual functions with stack frames larger
than 2048 bytes with asan-stack, and I plan to make sure that all those fixes
make it into the stable kernels as well (most are already there).
Part of the complication here is that asan-stack (from 4.0) was originally
assumed to always require much larger stacks, but that turned out to be
a combination of multiple gcc bugs that we have now worked around and
fixed, but sanitize-address-use-after-scope (from v4.10) has a much higher
inherent stack usage and also suffers from at least three other problems
that we have analyzed but not yet fixed upstream, each of them makes
the stack usage more severe than it should be.
Arnd