Re: [PATCH 4.9 09/62] kasan: turn on -fsanitize-address-use-after-scope
From: Andrey Ryabinin
Date: Mon May 06 2019 - 11:37:08 EST
On 5/6/19 6:10 PM, Greg Kroah-Hartman wrote:
> On Mon, May 06, 2019 at 05:55:54PM +0300, Andrey Ryabinin wrote:
>>
>>
>> On 5/6/19 5:32 PM, Greg Kroah-Hartman wrote:
>>> From: Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx>
>>>
>>> commit c5caf21ab0cf884ef15b25af234f620e4a233139 upstream.
>>>
>>> In the upcoming gcc7 release, the -fsanitize=kernel-address option at
>>> first implied new -fsanitize-address-use-after-scope option. This would
>>> cause link errors on older kernels because they don't have two new
>>> functions required for use-after-scope support. Therefore, gcc7 changed
>>> default to -fno-sanitize-address-use-after-scope.
>>>
>>> Now the kernel has everything required for that feature since commit
>>> 828347f8f9a5 ("kasan: support use-after-scope detection"). So, to make it
>>> work, we just have to enable use-after-scope in CFLAGS.
>>>
>>> Link: http://lkml.kernel.org/r/1481207977-28654-1-git-send-email-aryabinin@xxxxxxxxxxxxx
>>> Signed-off-by: Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx>
>>> Acked-by: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
>>> Cc: Alexander Potapenko <glider@xxxxxxxxxx>
>>> Cc: Andrey Konovalov <andreyknvl@xxxxxxxxxx>
>>> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
>>> Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
>>> Signed-off-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx>
>>> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
>>>
>>> ---
>>> scripts/Makefile.kasan | 2 ++
>>> 1 file changed, 2 insertions(+)
>>>
>>> --- a/scripts/Makefile.kasan
>>> +++ b/scripts/Makefile.kasan
>>> @@ -29,6 +29,8 @@ else
>>> endif
>>> endif
>>>
>>> +CFLAGS_KASAN += $(call cc-option, -fsanitize-address-use-after-scope)
>>> +
>>> CFLAGS_KASAN_NOSANITIZE := -fno-builtin
>>>
>>> endif
>>>
>>>
>>
>> This shouldn't be in the -stable.
>
> Why not? Does no one use gcc7 with this kernel and kasan?
>
You don't need this patch to use kasan on this kernel with gcc7.
This patch only enables detection of use-after-scope bugs. This feature appeared to be useless,
hence it disabled recently by commit 7771bdbbfd3d ("kasan: remove use after scope bugs detection.")
The link errors mentioned in changelog was the problem only for some period of time in the development branch of GCC 7.
The released GCC7 version doesn't have this problem.