[PATCH 01/26] compiler: introduce noinline_for_kasan annotation
0 views
Skip to first unread message
Arnd Bergmann
Mar 2, 2017, 11:38:51 AM3/2/17
to kasa...@googlegroups.com, Andrey Ryabinin, Alexander Potapenko, Dmitry Vyukov, net...@vger.kernel.org, linux-...@vger.kernel.org, linux...@vger.kernel.org, linux-w...@vger.kernel.org, kernel-bui...@lists.linaro.org, David S . Miller, Arnd Bergmann
When CONFIG_KASAN is set, we can run into some code that uses incredible
amounts of kernel stack:
drivers/staging/dgnc/dgnc_neo.c:1056:1: error: the frame size of 11112 bytes is larger than 2048 bytes [-Werror=frame-larger-than=]
drivers/media/i2c/cx25840/cx25840-core.c:4960:1: error: the frame size of 94000 bytes is larger than 2048 bytes [-Werror=frame-larger-than=]
drivers/media/dvb-frontends/stv090x.c:3430:1: error: the frame size of 5312 bytes is larger than 3072 bytes [-Werror=frame-larger-than=]
This happens when a sanitizer uses stack memory each time an inline function
gets called. This introduces a new annotation for those functions to make
them either 'inline' or 'noinline' dependning on the CONFIG_KASAN symbol.
Signed-off-by: Arnd Bergmann <ar...@arndb.de>
---
include/linux/compiler.h | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index f8110051188f..56b90897a459 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -416,6 +416,17 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
*/
#define noinline_for_stack noinline
+/*
+ * CONFIG_KASAN can lead to extreme stack usage with certain patterns when
+ * one function gets inlined many times and each instance requires a stack
+ * ckeck.
+ */
+#ifdef CONFIG_KASAN
+#define noinline_for_kasan noinline __maybe_unused
+#else
+#define noinline_for_kasan inline
+#endif
+
#ifndef __always_inline
#define __always_inline inline
#endif
--
2.9.0
amounts of kernel stack:
drivers/staging/dgnc/dgnc_neo.c:1056:1: error: the frame size of 11112 bytes is larger than 2048 bytes [-Werror=frame-larger-than=]
drivers/media/i2c/cx25840/cx25840-core.c:4960:1: error: the frame size of 94000 bytes is larger than 2048 bytes [-Werror=frame-larger-than=]
drivers/media/dvb-frontends/stv090x.c:3430:1: error: the frame size of 5312 bytes is larger than 3072 bytes [-Werror=frame-larger-than=]
This happens when a sanitizer uses stack memory each time an inline function
gets called. This introduces a new annotation for those functions to make
them either 'inline' or 'noinline' dependning on the CONFIG_KASAN symbol.
Signed-off-by: Arnd Bergmann <ar...@arndb.de>
---
include/linux/compiler.h | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index f8110051188f..56b90897a459 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -416,6 +416,17 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
*/
#define noinline_for_stack noinline
+/*
+ * CONFIG_KASAN can lead to extreme stack usage with certain patterns when
+ * one function gets inlined many times and each instance requires a stack
+ * ckeck.
+ */
+#ifdef CONFIG_KASAN
+#define noinline_for_kasan noinline __maybe_unused
+#else
+#define noinline_for_kasan inline
+#endif
+
#ifndef __always_inline
#define __always_inline inline
#endif
--
2.9.0
Andrey Ryabinin
Mar 3, 2017, 8:49:18 AM3/3/17
to Arnd Bergmann, kasa...@googlegroups.com, Alexander Potapenko, Dmitry Vyukov, net...@vger.kernel.org, linux-...@vger.kernel.org, linux...@vger.kernel.org, linux-w...@vger.kernel.org, kernel-bui...@lists.linaro.org, David S . Miller
that we always noinline function for the sake of kasan, while noinline_iff_kasan
clearly indicates that function is noinline only if kasan is used.
Alexander Potapenko
Mar 3, 2017, 8:55:37 AM3/3/17
to Andrey Ryabinin, Arnd Bergmann, kasan-dev, Dmitry Vyukov, net...@vger.kernel.org, LKML, linux...@vger.kernel.org, linux-w...@vger.kernel.org, kernel-bui...@lists.linaro.org, David S . Miller
tools, e.g. KMSAN (which isn't there yet).
So it might be better to choose a macro name that doesn't use the name "KASAN".
E.g. noinline_iff_memtool (or noinline_iff_memory_tool if that's not too long).
WDYT?
>> +#else
>> +#define noinline_for_kasan inline
>> +#endif
>> +
>> #ifndef __always_inline
>> #define __always_inline inline
>> #endif
>>
>
> --
>> +#define noinline_for_kasan inline
>> +#endif
>> +
>> #ifndef __always_inline
>> #define __always_inline inline
>> #endif
>>
>
> You received this message because you are subscribed to the Google Groups "kasan-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+...@googlegroups.com.
> To post to this group, send email to kasa...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/7e7a62de-3b79-6044-72fa-4ade418953d1%40virtuozzo.com.
> For more options, visit https://groups.google.com/d/optout.
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Arnd Bergmann
Mar 3, 2017, 9:30:38 AM3/3/17
to Alexander Potapenko, Andrey Ryabinin, kasan-dev, Dmitry Vyukov, Networking, LKML, linux...@vger.kernel.org, linux-wireless, kernel-bui...@lists.linaro.org, David S . Miller
On Fri, Mar 3, 2017 at 2:55 PM, Alexander Potapenko <gli...@google.com> wrote:
> On Fri, Mar 3, 2017 at 2:50 PM, Andrey Ryabinin <arya...@virtuozzo.com> wrote:
>>> @@ -416,6 +416,17 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
>>> */
>>> #define noinline_for_stack noinline
>>>
>>> +/*
>>> + * CONFIG_KASAN can lead to extreme stack usage with certain patterns when
>>> + * one function gets inlined many times and each instance requires a stack
>>> + * ckeck.
>>> + */
>>> +#ifdef CONFIG_KASAN
>>> +#define noinline_for_kasan noinline __maybe_unused
>>
>>
>> noinline_iff_kasan might be a better name. noinline_for_kasan gives the impression
>> that we always noinline function for the sake of kasan, while noinline_iff_kasan
>> clearly indicates that function is noinline only if kasan is used.
Fine with me. I actually tried to come up with a name that implies that the
> On Fri, Mar 3, 2017 at 2:50 PM, Andrey Ryabinin <arya...@virtuozzo.com> wrote:
>>> @@ -416,6 +416,17 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
>>> */
>>> #define noinline_for_stack noinline
>>>
>>> +/*
>>> + * CONFIG_KASAN can lead to extreme stack usage with certain patterns when
>>> + * one function gets inlined many times and each instance requires a stack
>>> + * ckeck.
>>> + */
>>> +#ifdef CONFIG_KASAN
>>> +#define noinline_for_kasan noinline __maybe_unused
>>
>>
>> noinline_iff_kasan might be a better name. noinline_for_kasan gives the impression
>> that we always noinline function for the sake of kasan, while noinline_iff_kasan
>> clearly indicates that function is noinline only if kasan is used.
symbol is actually "inline" (or even __always_inline_ without KASAN, but
couldn't think of any good name for it.
> FWIW we may be facing the same problem with other compiler-based
> tools, e.g. KMSAN (which isn't there yet).
> So it might be better to choose a macro name that doesn't use the name "KASAN".
> E.g. noinline_iff_memtool (or noinline_iff_memory_tool if that's not too long).
> WDYT?
asan-stack=1 and -fsanitize-address-use-after-scope do? As I understood it,
KMSAN would add extra code for maintaining the uninit bits, but in an example
like this
int f(int *);
static inline __attribute__((always_inline)) int g(void)
{
int i;
f(&i);
return i;
}
int f(void)
{
return g()+g()+g()+g();
}
each of the four copies of 'i' could have the same location on the stack
and get marked uninitialized again before calling f(). We only need
noinline_for_kasan (whatever we end up calling that) for compiler
features that force each instance of 'i' to have its own stack redzone.
Arnd
Alexander Potapenko
Mar 3, 2017, 9:33:17 AM3/3/17
to Arnd Bergmann, Andrey Ryabinin, kasan-dev, Dmitry Vyukov, Networking, LKML, linux...@vger.kernel.org, linux-wireless, kernel-bui...@lists.linaro.org, David S . Miller
instrumentation) may cause heavy register spilling which will also
blow up the stack frames.
> int f(int *);
> static inline __attribute__((always_inline)) int g(void)
> {
> int i;
> f(&i);
> return i;
> }
> int f(void)
> {
> return g()+g()+g()+g();
> }
>
> each of the four copies of 'i' could have the same location on the stack
> and get marked uninitialized again before calling f(). We only need
> noinline_for_kasan (whatever we end up calling that) for compiler
> features that force each instance of 'i' to have its own stack redzone.
>
> Arnd
> static inline __attribute__((always_inline)) int g(void)
> {
> int i;
> f(&i);
> return i;
> }
> int f(void)
> {
> return g()+g()+g()+g();
> }
>
> each of the four copies of 'i' could have the same location on the stack
> and get marked uninitialized again before calling f(). We only need
> noinline_for_kasan (whatever we end up calling that) for compiler
> features that force each instance of 'i' to have its own stack redzone.
>
> Arnd
Arnd Bergmann
Mar 3, 2017, 9:51:42 AM3/3/17
to Alexander Potapenko, Andrey Ryabinin, kasan-dev, Dmitry Vyukov, Networking, LKML, linux...@vger.kernel.org, linux-wireless, kernel-bui...@lists.linaro.org, David S . Miller
On Fri, Mar 3, 2017 at 3:33 PM, Alexander Potapenko <gli...@google.com> wrote:
> On Fri, Mar 3, 2017 at 3:30 PM, Arnd Bergmann <ar...@arndb.de> wrote:
>> On Fri, Mar 3, 2017 at 2:55 PM, Alexander Potapenko <gli...@google.com> wrote:
>>
>> Would KMSAN also force local variables to be non-overlapping the way that
>> asan-stack=1 and -fsanitize-address-use-after-scope do? As I understood it,
>> KMSAN would add extra code for maintaining the uninit bits, but in an example
>> like this
> The thing is that KMSAN (and other tools that insert heavyweight
> instrumentation) may cause heavy register spilling which will also
> blow up the stack frames.
In that case, I would expect a mostly distinct set of functions to have large
> On Fri, Mar 3, 2017 at 3:30 PM, Arnd Bergmann <ar...@arndb.de> wrote:
>> On Fri, Mar 3, 2017 at 2:55 PM, Alexander Potapenko <gli...@google.com> wrote:
>>
>> Would KMSAN also force local variables to be non-overlapping the way that
>> asan-stack=1 and -fsanitize-address-use-after-scope do? As I understood it,
>> KMSAN would add extra code for maintaining the uninit bits, but in an example
>> like this
> The thing is that KMSAN (and other tools that insert heavyweight
> instrumentation) may cause heavy register spilling which will also
> blow up the stack frames.
stack frames with KMSAN, compared to the ones that need
noinline_for_kasan. In most cases I patched, the called inline function is
actually trivial, but invoked many times from the same caller.
Arnd
David Laight
Mar 3, 2017, 11:34:38 AM3/3/17
to Andrey Ryabinin, Arnd Bergmann, kasa...@googlegroups.com, Alexander Potapenko, Dmitry Vyukov, net...@vger.kernel.org, linux-...@vger.kernel.org, linux...@vger.kernel.org, linux-w...@vger.kernel.org, kernel-bui...@lists.linaro.org, David S . Miller
From: Andrey Ryabinin
> Sent: 03 March 2017 13:50
...
David
> Sent: 03 March 2017 13:50
...
> noinline_iff_kasan might be a better name. noinline_for_kasan gives the impression
> that we always noinline function for the sake of kasan, while noinline_iff_kasan
> clearly indicates that function is noinline only if kasan is used.
noinline_if_stackbloat
> that we always noinline function for the sake of kasan, while noinline_iff_kasan
> clearly indicates that function is noinline only if kasan is used.
David
Reply all
Reply to author
Forward
0 new messages