[llvm-bugs] [Bug 38809] New: excessive stack usage with kernel address sanitizer
via llvm-bugs
llvm-bugs at lists.llvm.org
Mon Sep 3 02:04:11 PDT 2018
https://bugs.llvm.org/show_bug.cgi?id=38809
Bug ID: 38809
Summary: excessive stack usage with kernel address sanitizer
Product: clang
Version: trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: -New Bugs
Assignee: unassignedclangbugs at nondot.org
Reporter: arnd at linaro.org
CC: llvm-bugs at lists.llvm.org
Created attachment 20823
--> https://bugs.llvm.org/attachment.cgi?id=20823&action=edit
linux/drivers/video/backlight/ltv350qv.c, preprocessed, reduced
Building the Linux kernel with clang KASAN enabled shows many warnings about
possible stack overflow (we limit the frame size per function to 1024 to 2048
byte, depending on configuration, because the per-thread stack is very
limited).
I created a reduced test case from one of the scarier warnings:
$ clang-8 ltv350qv.c --target=aarch64-linux-gnu -c -O2 -Wframe-larger-than=500
-fsanitize=kernel-address -Wall -Wno-unused -Wno-sometimes-uninitialized
-Werror -mllvm -asan-stack=1 -mllvm -asan-use-after-scope=0
ltv350qv.c:181:6: error: stack frame size of 1760 bytes in function 'fn6'
[-Werror,-Wframe-larger-than=]
void fn6() {
^
ltv350qv.c:209:6: error: stack frame size of 10048 bytes in function 'fn7'
[-Werror,-Wframe-larger-than=]
void fn7() {
I tested this using
clang-8.0.0-svn341106-1~exp1+0~20180830200353.1747~1.gbp19b9f6 on Ubuntu, but
an old clang-3.9 shows the same behavior.
With gcc, the same function is fine with "asan-use-after-scope" disabled:
$ aarch-linux-gcc-8.0.1 -xc ltv350qv.c -S -O2 -Wframe-larger-than=100
-fsanitize=kernel-address -Wall -Wno-unused -Wno-attributes
-fno-strict-aliasing --param asan-stack=1 -Werror
-fno-sanitize-address-use-after-scope
ltv350qv.c: In function 'fn5':
ltv350qv.c:180:1: error: the frame size of 448 bytes is larger than 100 bytes
[-Werror=frame-larger-than=]
}
^
ltv350qv.c: In function 'fn6':
ltv350qv.c:208:1: error: the frame size of 512 bytes is larger than 100 bytes
[-Werror=frame-larger-than=]
}
^
cc1: all warnings being treated as errors
but turning on asan-use-after-scope makes gcc as bad as clang, which is
expected from the source code (the kernel turns it off by default for this
reason):
ltv350qv.c: In function 'fn5':
ltv350qv.c:180:1: error: the frame size of 10000 bytes is larger than 100 bytes
[-Werror=frame-larger-than=]
}
^
ltv350qv.c: In function 'fn6':
ltv350qv.c:208:1: error: the frame size of 1984 bytes is larger than 100 bytes
[-Werror=frame-larger-than=]
}
Using -fsantize=address in place of -fsanitize=kernel-address completely avoids
the high stack usage with clang, even with asan-use-after-scope enabled:
clang-8 ltv350qv.c --target=aarch64-linux-gnu -c -O2 -Wframe-larger-than=64
-fsanitize=address -Wall -Wno-unused -Wno-sometimes-uninitialized -Werror
-mllvm -asan-stack=1 -mllvm -asan-use-after-scope=1
ltv350qv.c:181:6: error: stack frame size of 96 bytes in function 'fn6'
[-Werror,-Wframe-larger-than=]
void fn6() {
^
ltv350qv.c:209:6: error: stack frame size of 96 bytes in function 'fn7'
[-Werror,-Wframe-larger-than=]
void fn7() {
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20180903/ab6de862/attachment-0001.html>
More information about the llvm-bugs
mailing list