[llvm-bugs] [Bug 38809] New: excessive stack usage with kernel address sanitizer

Mon Sep 3 02:04:11 PDT 2018

https://bugs.llvm.org/show_bug.cgi?id=38809

            Bug ID: 38809
           Summary: excessive stack usage with kernel address sanitizer
           Product: clang
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: -New Bugs
          Assignee: unassignedclangbugs at nondot.org
          Reporter: arnd at linaro.org
                CC: llvm-bugs at lists.llvm.org

Created attachment 20823
  --> https://bugs.llvm.org/attachment.cgi?id=20823&action=edit
linux/drivers/video/backlight/ltv350qv.c, preprocessed, reduced

Building the Linux kernel with clang KASAN enabled shows many warnings about
possible stack overflow (we limit the frame size per function to 1024 to 2048
byte, depending on configuration, because the per-thread stack is very
limited).

I created a reduced test case from one of the scarier warnings:

$ clang-8 ltv350qv.c --target=aarch64-linux-gnu  -c -O2 -Wframe-larger-than=500
-fsanitize=kernel-address  -Wall  -Wno-unused -Wno-sometimes-uninitialized
-Werror -mllvm -asan-stack=1 -mllvm -asan-use-after-scope=0
ltv350qv.c:181:6: error: stack frame size of 1760 bytes in function 'fn6'
[-Werror,-Wframe-larger-than=]
void fn6() {
     ^
ltv350qv.c:209:6: error: stack frame size of 10048 bytes in function 'fn7'
[-Werror,-Wframe-larger-than=]
void fn7() {

I tested this using
clang-8.0.0-svn341106-1~exp1+0~20180830200353.1747~1.gbp19b9f6 on Ubuntu, but
an old clang-3.9 shows the same behavior.

With gcc, the same function is fine with "asan-use-after-scope" disabled:

$ aarch-linux-gcc-8.0.1 -xc ltv350qv.c   -S -O2 -Wframe-larger-than=100
-fsanitize=kernel-address   -Wall  -Wno-unused -Wno-attributes 
-fno-strict-aliasing --param asan-stack=1 -Werror 
-fno-sanitize-address-use-after-scope
ltv350qv.c: In function 'fn5':
ltv350qv.c:180:1: error: the frame size of 448 bytes is larger than 100 bytes
[-Werror=frame-larger-than=]
 }
 ^
ltv350qv.c: In function 'fn6':
ltv350qv.c:208:1: error: the frame size of 512 bytes is larger than 100 bytes
[-Werror=frame-larger-than=]
 }
 ^
cc1: all warnings being treated as errors

but turning on asan-use-after-scope makes gcc as bad as clang, which is
expected from the source code (the kernel turns it off by default for this
reason):
ltv350qv.c: In function 'fn5':
ltv350qv.c:180:1: error: the frame size of 10000 bytes is larger than 100 bytes
[-Werror=frame-larger-than=]
 }
 ^
ltv350qv.c: In function 'fn6':
ltv350qv.c:208:1: error: the frame size of 1984 bytes is larger than 100 bytes
[-Werror=frame-larger-than=]
 }

Using -fsantize=address in place of -fsanitize=kernel-address completely avoids
the high stack usage with clang, even with asan-use-after-scope enabled:

clang-8 ltv350qv.c --target=aarch64-linux-gnu  -c -O2 -Wframe-larger-than=64
-fsanitize=address  -Wall  -Wno-unused -Wno-sometimes-uninitialized -Werror
-mllvm -asan-stack=1  -mllvm -asan-use-after-scope=1

ltv350qv.c:181:6: error: stack frame size of 96 bytes in function 'fn6'
[-Werror,-Wframe-larger-than=]
void fn6() {
     ^
ltv350qv.c:209:6: error: stack frame size of 96 bytes in function 'fn7'
[-Werror,-Wframe-larger-than=]
void fn7() {

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20180903/ab6de862/attachment-0001.html>