<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - excessive stack usage with kernel address sanitizer"
href="https://bugs.llvm.org/show_bug.cgi?id=38809">38809</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>excessive stack usage with kernel address sanitizer
</td>
</tr>
<tr>
<th>Product</th>
<td>clang
</td>
</tr>
<tr>
<th>Version</th>
<td>trunk
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>enhancement
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>-New Bugs
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedclangbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>arnd@linaro.org
</td>
</tr>
<tr>
<th>CC</th>
<td>llvm-bugs@lists.llvm.org
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=20823" name="attach_20823" title="linux/drivers/video/backlight/ltv350qv.c, preprocessed, reduced">attachment 20823</a> <a href="attachment.cgi?id=20823&action=edit" title="linux/drivers/video/backlight/ltv350qv.c, preprocessed, reduced">[details]</a></span>
linux/drivers/video/backlight/ltv350qv.c, preprocessed, reduced
Building the Linux kernel with clang KASAN enabled shows many warnings about
possible stack overflow (we limit the frame size per function to 1024 to 2048
byte, depending on configuration, because the per-thread stack is very
limited).
I created a reduced test case from one of the scarier warnings:
$ clang-8 ltv350qv.c --target=aarch64-linux-gnu -c -O2 -Wframe-larger-than=500
-fsanitize=kernel-address -Wall -Wno-unused -Wno-sometimes-uninitialized
-Werror -mllvm -asan-stack=1 -mllvm -asan-use-after-scope=0
ltv350qv.c:181:6: error: stack frame size of 1760 bytes in function 'fn6'
[-Werror,-Wframe-larger-than=]
void fn6() {
^
ltv350qv.c:209:6: error: stack frame size of 10048 bytes in function 'fn7'
[-Werror,-Wframe-larger-than=]
void fn7() {
I tested this using
clang-8.0.0-svn341106-1~exp1+0~20180830200353.1747~1.gbp19b9f6 on Ubuntu, but
an old clang-3.9 shows the same behavior.
With gcc, the same function is fine with "asan-use-after-scope" disabled:
$ aarch-linux-gcc-8.0.1 -xc ltv350qv.c -S -O2 -Wframe-larger-than=100
-fsanitize=kernel-address -Wall -Wno-unused -Wno-attributes
-fno-strict-aliasing --param asan-stack=1 -Werror
-fno-sanitize-address-use-after-scope
ltv350qv.c: In function 'fn5':
ltv350qv.c:180:1: error: the frame size of 448 bytes is larger than 100 bytes
[-Werror=frame-larger-than=]
}
^
ltv350qv.c: In function 'fn6':
ltv350qv.c:208:1: error: the frame size of 512 bytes is larger than 100 bytes
[-Werror=frame-larger-than=]
}
^
cc1: all warnings being treated as errors
but turning on asan-use-after-scope makes gcc as bad as clang, which is
expected from the source code (the kernel turns it off by default for this
reason):
ltv350qv.c: In function 'fn5':
ltv350qv.c:180:1: error: the frame size of 10000 bytes is larger than 100 bytes
[-Werror=frame-larger-than=]
}
^
ltv350qv.c: In function 'fn6':
ltv350qv.c:208:1: error: the frame size of 1984 bytes is larger than 100 bytes
[-Werror=frame-larger-than=]
}
Using -fsantize=address in place of -fsanitize=kernel-address completely avoids
the high stack usage with clang, even with asan-use-after-scope enabled:
clang-8 ltv350qv.c --target=aarch64-linux-gnu -c -O2 -Wframe-larger-than=64
-fsanitize=address -Wall -Wno-unused -Wno-sometimes-uninitialized -Werror
-mllvm -asan-stack=1 -mllvm -asan-use-after-scope=1
ltv350qv.c:181:6: error: stack frame size of 96 bytes in function 'fn6'
[-Werror,-Wframe-larger-than=]
void fn6() {
^
ltv350qv.c:209:6: error: stack frame size of 96 bytes in function 'fn7'
[-Werror,-Wframe-larger-than=]
void fn7() {</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>