[PATCH v3 1/5] kasan: add compiler support for clang
Moved to start of patchset
[PATCH v3 2/5] kasan/Makefile: Support LLVM style asan parameters.
Using Andrey's version.
Fixed up bug with testing CFLAGS_KASAN_SHADOW
Modifed to not output gcc style options on llvm
[PATCH v3 3/5] kasan: support alloca() poisoning
Added alloca makefile option here
Modified to only unpoison the last block
[PATCH v3 4/5] kasan: Add tests for alloca poisoning
No change
[PATCH v3 5/5] kasan: added functions for unpoisoning stack variables
No change
Paul Lawrence (5):
kasan: add compiler support for clang
kasan/Makefile: Support LLVM style asan parameters.
kasan: support alloca() poisoning
kasan: Add tests for alloca poisonong
kasan: added functions for unpoisoning stack variables
include/linux/compiler-clang.h | 8 +++++++
lib/test_kasan.c | 22 +++++++++++++++++++
mm/kasan/kasan.c | 49 ++++++++++++++++++++++++++++++++++++++++++
mm/kasan/kasan.h | 8 +++++++
mm/kasan/report.c | 4 ++++
scripts/Makefile.kasan | 30 ++++++++++++++++----------
6 files changed, 110 insertions(+), 11 deletions(-)
--
2.15.0.531.g2ccb3012c9-goog
For now we can hard-code ASAN ABI level 5, since historical clang builds
can't build the kernel anyway. We also need to emulate gcc's
__SANITIZE_ADDRESS__ flag, or memset() calls won't be instrumented.
Signed-off-by: Greg Hackmann <[email protected]>
Signed-off-by: Paul Lawrence <[email protected]>
---
include/linux/compiler-clang.h | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/include/linux/compiler-clang.h b/include/linux/compiler-clang.h
index 3b609edffa8f..d02a4df3f473 100644
--- a/include/linux/compiler-clang.h
+++ b/include/linux/compiler-clang.h
@@ -19,3 +19,11 @@
#define randomized_struct_fields_start struct {
#define randomized_struct_fields_end };
+
+/* all clang versions usable with the kernel support KASAN ABI version 5 */
+#define KASAN_ABI_VERSION 5
+
+/* emulate gcc's __SANITIZE_ADDRESS__ flag */
+#if __has_feature(address_sanitizer)
+#define __SANITIZE_ADDRESS__
+#endif
--
2.15.0.531.g2ccb3012c9-goog
clang's AddressSanitizer implementation adds redzones on either side of
alloca()ed buffers. These redzones are 32-byte aligned and at least 32
bytes long.
__asan_alloca_poison() is passed the size and address of the allocated
buffer, *excluding* the redzones on either side. The left redzone will
always be to the immediate left of this buffer; but AddressSanitizer may
need to add padding between the end of the buffer and the right redzone.
If there are any 8-byte chunks inside this padding, we should poison
those too.
__asan_allocas_unpoison() is just passed the top and bottom of the
dynamic stack area, so unpoisoning is simpler.
Signed-off-by: Greg Hackmann <[email protected]>
Signed-off-by: Paul Lawrence <[email protected]>
---
mm/kasan/kasan.c | 34 ++++++++++++++++++++++++++++++++++
mm/kasan/kasan.h | 8 ++++++++
mm/kasan/report.c | 4 ++++
scripts/Makefile.kasan | 3 ++-
4 files changed, 48 insertions(+), 1 deletion(-)
diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c
index 405bba487df5..d96b36088b2f 100644
--- a/mm/kasan/kasan.c
+++ b/mm/kasan/kasan.c
@@ -736,6 +736,40 @@ void __asan_unpoison_stack_memory(const void *addr, size_t size)
}
EXPORT_SYMBOL(__asan_unpoison_stack_memory);
+/* Emitted by compiler to poison alloca()ed objects. */
+void __asan_alloca_poison(unsigned long addr, size_t size)
+{
+ size_t rounded_up_size = round_up(size, KASAN_SHADOW_SCALE_SIZE);
+ size_t padding_size = round_up(size, KASAN_ALLOCA_REDZONE_SIZE) -
+ rounded_up_size;
+ size_t rounded_down_size = round_down(size, KASAN_SHADOW_SCALE_SIZE);
+
+ const void *left_redzone = (const void *)(addr -
+ KASAN_ALLOCA_REDZONE_SIZE);
+ const void *right_redzone = (const void *)(addr + rounded_up_size);
+
+ WARN_ON(!IS_ALIGNED(addr, KASAN_ALLOCA_REDZONE_SIZE));
+
+ kasan_unpoison_shadow((const void *)(addr + rounded_down_size),
+ size - rounded_down_size);
+ kasan_poison_shadow(left_redzone, KASAN_ALLOCA_REDZONE_SIZE,
+ KASAN_ALLOCA_LEFT);
+ kasan_poison_shadow(right_redzone,
+ padding_size + KASAN_ALLOCA_REDZONE_SIZE,
+ KASAN_ALLOCA_RIGHT);
+}
+EXPORT_SYMBOL(__asan_alloca_poison);
+
+/* Emitted by compiler to unpoison alloca()ed areas when the stack unwinds. */
+void __asan_allocas_unpoison(const void *stack_top, const void *stack_bottom)
+{
+ if (unlikely(!stack_top || stack_top > stack_bottom))
+ return;
+
+ kasan_unpoison_shadow(stack_top, stack_bottom - stack_top);
+}
+EXPORT_SYMBOL(__asan_allocas_unpoison);
+
#ifdef CONFIG_MEMORY_HOTPLUG
static int __meminit kasan_mem_notifier(struct notifier_block *nb,
unsigned long action, void *data)
diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h
index c70851a9a6a4..7c0bcd1f4c0d 100644
--- a/mm/kasan/kasan.h
+++ b/mm/kasan/kasan.h
@@ -24,6 +24,14 @@
#define KASAN_STACK_PARTIAL 0xF4
#define KASAN_USE_AFTER_SCOPE 0xF8
+/*
+ * alloca redzone shadow values
+ */
+#define KASAN_ALLOCA_LEFT 0xCA
+#define KASAN_ALLOCA_RIGHT 0xCB
+
+#define KASAN_ALLOCA_REDZONE_SIZE 32
+
/* Don't break randconfig/all*config builds */
#ifndef KASAN_ABI_VERSION
#define KASAN_ABI_VERSION 1
diff --git a/mm/kasan/report.c b/mm/kasan/report.c
index 410c8235e671..eff12e040498 100644
--- a/mm/kasan/report.c
+++ b/mm/kasan/report.c
@@ -102,6 +102,10 @@ static const char *get_shadow_bug_type(struct kasan_access_info *info)
case KASAN_USE_AFTER_SCOPE:
bug_type = "use-after-scope";
break;
+ case KASAN_ALLOCA_LEFT:
+ case KASAN_ALLOCA_RIGHT:
+ bug_type = "alloca-out-of-bounds";
+ break;
}
return bug_type;
diff --git a/scripts/Makefile.kasan b/scripts/Makefile.kasan
index 7c00be9216f4..b4983cf8a9d4 100644
--- a/scripts/Makefile.kasan
+++ b/scripts/Makefile.kasan
@@ -32,7 +32,8 @@ else
$(call cc-param,asan-globals=1) \
$(call cc-param,asan-instrumentation-with-call-threshold=$(call_threshold)) \
$(call cc-param,asan-stack=1) \
- $(call cc-param,asan-use-after-scope=1)
+ $(call cc-param,asan-use-after-scope=1) \
+ $(call cc-param,asan-instrument-allocas=1)
endif
endif
--
2.15.0.531.g2ccb3012c9-goog
Signed-off-by: Greg Hackmann <[email protected]>
Signed-off-by: Paul Lawrence <[email protected]>
---
lib/test_kasan.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/lib/test_kasan.c b/lib/test_kasan.c
index ef1a3ac1397e..2724f86c4cef 100644
--- a/lib/test_kasan.c
+++ b/lib/test_kasan.c
@@ -472,6 +472,26 @@ static noinline void __init use_after_scope_test(void)
p[1023] = 1;
}
+static noinline void __init kasan_alloca_oob_left(void)
+{
+ volatile int i = 10;
+ char alloca_array[i];
+ char *p = alloca_array - 1;
+
+ pr_info("out-of-bounds to left on alloca\n");
+ *(volatile char *)p;
+}
+
+static noinline void __init kasan_alloca_oob_right(void)
+{
+ volatile int i = 10;
+ char alloca_array[i];
+ char *p = alloca_array + i;
+
+ pr_info("out-of-bounds to right on alloca\n");
+ *(volatile char *)p;
+}
+
static int __init kmalloc_tests_init(void)
{
/*
@@ -502,6 +522,8 @@ static int __init kmalloc_tests_init(void)
memcg_accounted_kmem_cache();
kasan_stack_oob();
kasan_global_oob();
+ kasan_alloca_oob_left();
+ kasan_alloca_oob_right();
ksize_unpoisons_memory();
copy_user_test();
use_after_scope_test();
--
2.15.0.531.g2ccb3012c9-goog
From: Alexander Potapenko <[email protected]>
As a code-size optimization, LLVM builds since r279383 may
bulk-manipulate the shadow region when (un)poisoning large memory
blocks. This requires new callbacks that simply do an uninstrumented
memset().
This fixes linking the Clang-built kernel when using KASAN.
Signed-off-by: Alexander Potapenko <[email protected]>
[[email protected]: fix memset() parameters, and tweak
commit message to describe new callbacks]
Signed-off-by: Greg Hackmann <[email protected]>
Signed-off-by: Paul Lawrence <[email protected]>
---
mm/kasan/kasan.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c
index d96b36088b2f..8aaee42fcfab 100644
--- a/mm/kasan/kasan.c
+++ b/mm/kasan/kasan.c
@@ -770,6 +770,21 @@ void __asan_allocas_unpoison(const void *stack_top, const void *stack_bottom)
}
EXPORT_SYMBOL(__asan_allocas_unpoison);
+/* Emitted by the compiler to [un]poison local variables. */
+#define DEFINE_ASAN_SET_SHADOW(byte) \
+ void __asan_set_shadow_##byte(const void *addr, size_t size) \
+ { \
+ __memset((void *)addr, 0x##byte, size); \
+ } \
+ EXPORT_SYMBOL(__asan_set_shadow_##byte)
+
+DEFINE_ASAN_SET_SHADOW(00);
+DEFINE_ASAN_SET_SHADOW(f1);
+DEFINE_ASAN_SET_SHADOW(f2);
+DEFINE_ASAN_SET_SHADOW(f3);
+DEFINE_ASAN_SET_SHADOW(f5);
+DEFINE_ASAN_SET_SHADOW(f8);
+
#ifdef CONFIG_MEMORY_HOTPLUG
static int __meminit kasan_mem_notifier(struct notifier_block *nb,
unsigned long action, void *data)
--
2.15.0.531.g2ccb3012c9-goog
LLVM doesn't understand GCC-style paramters ("--param asan-foo=bar"),
thus we currently we don't use inline/globals/stack instrumentation
when building the kernel with clang.
Add support for LLVM-style parameters ("-mllvm -asan-foo=bar") to
enable all KASAN features.
Signed-off-by: Andrey Ryabinin <[email protected]>
---
scripts/Makefile.kasan | 29 ++++++++++++++++++-----------
1 file changed, 18 insertions(+), 11 deletions(-)
diff --git a/scripts/Makefile.kasan b/scripts/Makefile.kasan
index 1ce7115aa499..7c00be9216f4 100644
--- a/scripts/Makefile.kasan
+++ b/scripts/Makefile.kasan
@@ -10,10 +10,7 @@ KASAN_SHADOW_OFFSET ?= $(CONFIG_KASAN_SHADOW_OFFSET)
CFLAGS_KASAN_MINIMAL := -fsanitize=kernel-address
-CFLAGS_KASAN := $(call cc-option, -fsanitize=kernel-address \
- -fasan-shadow-offset=$(KASAN_SHADOW_OFFSET) \
- --param asan-stack=1 --param asan-globals=1 \
- --param asan-instrumentation-with-call-threshold=$(call_threshold))
+cc-param = $(call cc-option, -mllvm -$(1), $(call cc-option, --param $(1)))
ifeq ($(call cc-option, $(CFLAGS_KASAN_MINIMAL) -Werror),)
ifneq ($(CONFIG_COMPILE_TEST),y)
@@ -21,13 +18,23 @@ ifeq ($(call cc-option, $(CFLAGS_KASAN_MINIMAL) -Werror),)
-fsanitize=kernel-address is not supported by compiler)
endif
else
- ifeq ($(CFLAGS_KASAN),)
- ifneq ($(CONFIG_COMPILE_TEST),y)
- $(warning CONFIG_KASAN: compiler does not support all options.\
- Trying minimal configuration)
- endif
- CFLAGS_KASAN := $(CFLAGS_KASAN_MINIMAL)
- endif
+ # -fasan-shadow-offset fails without -fsanitize
+ CFLAGS_KASAN_SHADOW := $(call cc-option, -fsanitize=kernel-address \
+ -fasan-shadow-offset=$(KASAN_SHADOW_OFFSET), \
+ $(call cc-option, -fsanitize=kernel-address \
+ -mllvm -asan-mapping-offset=$(KASAN_SHADOW_OFFSET)))
+
+ ifeq ("$(CFLAGS_KASAN_SHADOW)"," ")
+ CFLAGS_KASAN := $(CFLAGS_KASAN_MINIMAL)
+ else
+ # Now add all the compiler specific options that are valid standalone
+ CFLAGS_KASAN := $(CFLAGS_KASAN_SHADOW) \
+ $(call cc-param,asan-globals=1) \
+ $(call cc-param,asan-instrumentation-with-call-threshold=$(call_threshold)) \
+ $(call cc-param,asan-stack=1) \
+ $(call cc-param,asan-use-after-scope=1)
+ endif
+
endif
CFLAGS_KASAN += $(call cc-option, -fsanitize-address-use-after-scope)
--
2.15.0.531.g2ccb3012c9-goog
On Fri, Dec 1, 2017 at 10:36 PM, Paul Lawrence <[email protected]> wrote:
> clang's AddressSanitizer implementation adds redzones on either side of
> alloca()ed buffers. These redzones are 32-byte aligned and at least 32
> bytes long.
>
> __asan_alloca_poison() is passed the size and address of the allocated
> buffer, *excluding* the redzones on either side. The left redzone will
> always be to the immediate left of this buffer; but AddressSanitizer may
> need to add padding between the end of the buffer and the right redzone.
> If there are any 8-byte chunks inside this padding, we should poison
> those too.
>
> __asan_allocas_unpoison() is just passed the top and bottom of the
> dynamic stack area, so unpoisoning is simpler.
>
> Signed-off-by: Greg Hackmann <[email protected]>
> Signed-off-by: Paul Lawrence <[email protected]>
> ---
> mm/kasan/kasan.c | 34 ++++++++++++++++++++++++++++++++++
> mm/kasan/kasan.h | 8 ++++++++
> mm/kasan/report.c | 4 ++++
> scripts/Makefile.kasan | 3 ++-
> 4 files changed, 48 insertions(+), 1 deletion(-)
>
> diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c
> index 405bba487df5..d96b36088b2f 100644
> --- a/mm/kasan/kasan.c
> +++ b/mm/kasan/kasan.c
> @@ -736,6 +736,40 @@ void __asan_unpoison_stack_memory(const void *addr, size_t size)
> }
> EXPORT_SYMBOL(__asan_unpoison_stack_memory);
>
> +/* Emitted by compiler to poison alloca()ed objects. */
> +void __asan_alloca_poison(unsigned long addr, size_t size)
> +{
> + size_t rounded_up_size = round_up(size, KASAN_SHADOW_SCALE_SIZE);
> + size_t padding_size = round_up(size, KASAN_ALLOCA_REDZONE_SIZE) -
> + rounded_up_size;
> + size_t rounded_down_size = round_down(size, KASAN_SHADOW_SCALE_SIZE);
> +
> + const void *left_redzone = (const void *)(addr -
> + KASAN_ALLOCA_REDZONE_SIZE);
> + const void *right_redzone = (const void *)(addr + rounded_up_size);
> +
> + WARN_ON(!IS_ALIGNED(addr, KASAN_ALLOCA_REDZONE_SIZE));
> +
> + kasan_unpoison_shadow((const void *)(addr + rounded_down_size),
> + size - rounded_down_size);
> + kasan_poison_shadow(left_redzone, KASAN_ALLOCA_REDZONE_SIZE,
> + KASAN_ALLOCA_LEFT);
> + kasan_poison_shadow(right_redzone,
> + padding_size + KASAN_ALLOCA_REDZONE_SIZE,
> + KASAN_ALLOCA_RIGHT);
> +}
> +EXPORT_SYMBOL(__asan_alloca_poison);
> +
> +/* Emitted by compiler to unpoison alloca()ed areas when the stack unwinds. */
> +void __asan_allocas_unpoison(const void *stack_top, const void *stack_bottom)
> +{
> + if (unlikely(!stack_top || stack_top > stack_bottom))
> + return;
> +
> + kasan_unpoison_shadow(stack_top, stack_bottom - stack_top);
> +}
> +EXPORT_SYMBOL(__asan_allocas_unpoison);
> +
> #ifdef CONFIG_MEMORY_HOTPLUG
> static int __meminit kasan_mem_notifier(struct notifier_block *nb,
> unsigned long action, void *data)
> diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h
> index c70851a9a6a4..7c0bcd1f4c0d 100644
> --- a/mm/kasan/kasan.h
> +++ b/mm/kasan/kasan.h
> @@ -24,6 +24,14 @@
> #define KASAN_STACK_PARTIAL 0xF4
> #define KASAN_USE_AFTER_SCOPE 0xF8
>
> +/*
> + * alloca redzone shadow values
> + */
> +#define KASAN_ALLOCA_LEFT 0xCA
> +#define KASAN_ALLOCA_RIGHT 0xCB
> +
> +#define KASAN_ALLOCA_REDZONE_SIZE 32
> +
> /* Don't break randconfig/all*config builds */
> #ifndef KASAN_ABI_VERSION
> #define KASAN_ABI_VERSION 1
> diff --git a/mm/kasan/report.c b/mm/kasan/report.c
> index 410c8235e671..eff12e040498 100644
> --- a/mm/kasan/report.c
> +++ b/mm/kasan/report.c
> @@ -102,6 +102,10 @@ static const char *get_shadow_bug_type(struct kasan_access_info *info)
> case KASAN_USE_AFTER_SCOPE:
> bug_type = "use-after-scope";
> break;
> + case KASAN_ALLOCA_LEFT:
> + case KASAN_ALLOCA_RIGHT:
> + bug_type = "alloca-out-of-bounds";
> + break;
> }
>
> return bug_type;
> diff --git a/scripts/Makefile.kasan b/scripts/Makefile.kasan
> index 7c00be9216f4..b4983cf8a9d4 100644
> --- a/scripts/Makefile.kasan
> +++ b/scripts/Makefile.kasan
> @@ -32,7 +32,8 @@ else
> $(call cc-param,asan-globals=1) \
> $(call cc-param,asan-instrumentation-with-call-threshold=$(call_threshold)) \
> $(call cc-param,asan-stack=1) \
> - $(call cc-param,asan-use-after-scope=1)
> + $(call cc-param,asan-use-after-scope=1) \
> + $(call cc-param,asan-instrument-allocas=1)
> endif
>
> endif
Reviewed-by: Dmitry Vyukov <[email protected]>
On Fri, Dec 1, 2017 at 10:36 PM, Paul Lawrence <[email protected]> wrote:
> [PATCH v3 1/5] kasan: add compiler support for clang
> Moved to start of patchset
>
> [PATCH v3 2/5] kasan/Makefile: Support LLVM style asan parameters.
> Using Andrey's version.
> Fixed up bug with testing CFLAGS_KASAN_SHADOW
> Modifed to not output gcc style options on llvm
>
> [PATCH v3 3/5] kasan: support alloca() poisoning
> Added alloca makefile option here
> Modified to only unpoison the last block
>
> [PATCH v3 4/5] kasan: Add tests for alloca poisoning
> No change
>
> [PATCH v3 5/5] kasan: added functions for unpoisoning stack variables
> No change
>
> Paul Lawrence (5):
> kasan: add compiler support for clang
> kasan/Makefile: Support LLVM style asan parameters.
> kasan: support alloca() poisoning
> kasan: Add tests for alloca poisonong
> kasan: added functions for unpoisoning stack variables
>
> include/linux/compiler-clang.h | 8 +++++++
> lib/test_kasan.c | 22 +++++++++++++++++++
> mm/kasan/kasan.c | 49 ++++++++++++++++++++++++++++++++++++++++++
> mm/kasan/kasan.h | 8 +++++++
> mm/kasan/report.c | 4 ++++
> scripts/Makefile.kasan | 30 ++++++++++++++++----------
> 6 files changed, 110 insertions(+), 11 deletions(-)
The series looks good to me. Thanks for working on this, we need clang.
On 12/02/2017 12:36 AM, Paul Lawrence wrote:
>
Missing:
From: Andrey Ryabinin <[email protected]>
Please, don't change authorship of the patches.
> LLVM doesn't understand GCC-style paramters ("--param asan-foo=bar"),
> thus we currently we don't use inline/globals/stack instrumentation
> when building the kernel with clang.
>
> Add support for LLVM-style parameters ("-mllvm -asan-foo=bar") to
> enable all KASAN features.
>
> Signed-off-by: Andrey Ryabinin <[email protected]>
> ---
> scripts/Makefile.kasan | 29 ++++++++++++++++++-----------
> 1 file changed, 18 insertions(+), 11 deletions(-)
>
> diff --git a/scripts/Makefile.kasan b/scripts/Makefile.kasan
> index 1ce7115aa499..7c00be9216f4 100644
> --- a/scripts/Makefile.kasan
> +++ b/scripts/Makefile.kasan
> @@ -10,10 +10,7 @@ KASAN_SHADOW_OFFSET ?= $(CONFIG_KASAN_SHADOW_OFFSET)
>
> + # -fasan-shadow-offset fails without -fsanitize
> + CFLAGS_KASAN_SHADOW := $(call cc-option, -fsanitize=kernel-address \
> + -fasan-shadow-offset=$(KASAN_SHADOW_OFFSET), \
> + $(call cc-option, -fsanitize=kernel-address \
> + -mllvm -asan-mapping-offset=$(KASAN_SHADOW_OFFSET)))
> +
> + ifeq ("$(CFLAGS_KASAN_SHADOW)"," ")
This not how it was in my original patch. Why you changed this?
Condition is always false now, so it breaks kasan with 4.9.x gcc.
> + CFLAGS_KASAN := $(CFLAGS_KASAN_MINIMAL)
> + else
> + # Now add all the compiler specific options that are valid standalone
> + CFLAGS_KASAN := $(CFLAGS_KASAN_SHADOW) \
> + $(call cc-param,asan-globals=1) \
I don't think we are using alloca in kernel mode code, and we shouldn't.
What do I miss? Is this hidden support for on-stack VLAs? I thought
we'd get rid of them as well.
On 12/04/2017 07:20 PM, Paul Lawrence wrote:
>
> > + # -fasan-shadow-offset fails without -fsanitize
> > + CFLAGS_KASAN_SHADOW := $(call cc-option, -fsanitize=kernel-address \
> > + -fasan-shadow-offset=$(KASAN_SHADOW_OFFSET), \
> > + $(call cc-option, -fsanitize=kernel-address \
> > + -mllvm -asan-mapping-offset=$(KASAN_SHADOW_OFFSET)))
> > +
> > + ifeq ("$(CFLAGS_KASAN_SHADOW)"," ")
>
> This not how it was in my original patch. Why you changed this?
> Condition is always false now, so it breaks kasan with 4.9.x gcc.
>
>
> I had the opposite problem - CFLAGS_KASAN_SHADOW is always at least a space, and the
> original condition would always be false, which is why I changed it. On investigation, I found
> that if the line was split it would always be a space - $(false,whatever,empty-string) would be
> truly empty, but if the line was split after the second comma it would be one space. Is this a
> difference in our make systems?
I dunno, but it could be.
Anyways, does the fixup bellow works for you?
---
scripts/Makefile.kasan | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/Makefile.kasan b/scripts/Makefile.kasan
index 7c00be9216f4..d5a1a4b6d079 100644
--- a/scripts/Makefile.kasan
+++ b/scripts/Makefile.kasan
@@ -24,7 +24,7 @@ else
$(call cc-option, -fsanitize=kernel-address \
-mllvm -asan-mapping-offset=$(KASAN_SHADOW_OFFSET)))
- ifeq ("$(CFLAGS_KASAN_SHADOW)"," ")
+ ifeq ($(strip $(CFLAGS_KASAN_SHADOW)),)
CFLAGS_KASAN := $(CFLAGS_KASAN_MINIMAL)
else
# Now add all the compiler specific options that are valid standalone
--
2.13.6
On 12/04/2017 07:42 PM, Christoph Hellwig wrote:
> I don't think we are using alloca in kernel mode code, and we shouldn't.
> What do I miss? Is this hidden support for on-stack VLAs? I thought
> we'd get rid of them as well.
>
Yes, this is for on-stack VLA. Last time I checked, we still had a few.
On 12/04/2017 07:55 PM, Andrey Ryabinin wrote:
>
>
> On 12/04/2017 07:42 PM, Christoph Hellwig wrote:
>> I don't think we are using alloca in kernel mode code, and we shouldn't.
>> What do I miss? Is this hidden support for on-stack VLAs? I thought
>> we'd get rid of them as well.
>>
>
> Yes, this is for on-stack VLA. Last time I checked, we still had a few.
>
E.g. building with -Wvla:
/home/andrew/linux/sound/core/pcm_native.c: In function ‘constrain_params_by_rules’:
/home/andrew/linux/sound/core/pcm_native.c:326:2: warning: ISO C90 forbids variable length array ‘rstamps’ [-Wvla]
unsigned int rstamps[constrs->rules_num];
^~~~~~~~
In file included from /home/andrew/linux/crypto/cbc.c:14:0:
/home/andrew/linux/include/crypto/cbc.h: In function ‘crypto_cbc_decrypt_inplace’:
/home/andrew/linux/include/crypto/cbc.h:116:2: warning: ISO C90 forbids variable length array ‘last_iv’ [-Wvla]
u8 last_iv[bsize];
^~
/home/andrew/linux/crypto/pcbc.c: In function ‘crypto_pcbc_encrypt_inplace’:
/home/andrew/linux/crypto/pcbc.c:75:2: warning: ISO C90 forbids variable length array ‘tmpbuf’ [-Wvla]
u8 tmpbuf[bsize];
^~
/home/andrew/linux/crypto/pcbc.c: In function ‘crypto_pcbc_decrypt_inplace’:
/home/andrew/linux/crypto/pcbc.c:147:2: warning: ISO C90 forbids variable length array ‘tmpbuf’ [-Wvla]
u8 tmpbuf[bsize] __aligned(__alignof__(u32));
^~
/home/andrew/linux/crypto/cts.c: In function ‘cts_cbc_encrypt’:
/home/andrew/linux/crypto/cts.c:107:2: warning: ISO C90 forbids variable length array ‘d’ [-Wvla]
u8 d[bsize * 2] __aligned(__alignof__(u32));
^~
/home/andrew/linux/crypto/cts.c: In function ‘cts_cbc_decrypt’:
/home/andrew/linux/crypto/cts.c:186:2: warning: ISO C90 forbids variable length array ‘d’ [-Wvla]
u8 d[bsize * 2] __aligned(__alignof__(u32));
^~
/home/andrew/linux/crypto/ctr.c: In function ‘crypto_ctr_crypt_final’:
/home/andrew/linux/crypto/ctr.c:61:2: warning: ISO C90 forbids variable length array ‘tmp’ [-Wvla]
u8 tmp[bsize + alignmask];
^~
/home/andrew/linux/crypto/ctr.c: In function ‘crypto_ctr_crypt_inplace’:
/home/andrew/linux/crypto/ctr.c:109:2: warning: ISO C90 forbids variable length array ‘tmp’ [-Wvla]
u8 tmp[bsize + alignmask];