Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753942AbdCFLLE (ORCPT ); Mon, 6 Mar 2017 06:11:04 -0500 Received: from mail-qk0-f175.google.com ([209.85.220.175]:33595 "EHLO mail-qk0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753909AbdCFLK7 (ORCPT ); Mon, 6 Mar 2017 06:10:59 -0500 Subject: Re: [PATCH 07/26] brcmsmac: reduce stack size with KASAN To: Arnd Bergmann References: <20170302163834.2273519-1-arnd@arndb.de> <20170302163834.2273519-8-arnd@arndb.de> <76733196-0948-8cbf-8b74-c1e3687a8c09@broadcom.com> Cc: kasan-dev , Andrey Ryabinin , Alexander Potapenko , Dmitry Vyukov , Networking , Linux Kernel Mailing List , linux-media@vger.kernel.org, linux-wireless , kernel-build-reports@lists.linaro.org, "David S . Miller" From: Arend Van Spriel Message-ID: <2dd6ce84-0285-b4c1-97d4-bb41a6ffec04@broadcom.com> Date: Mon, 6 Mar 2017 12:02:19 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2248 Lines: 48 On 6-3-2017 11:38, Arnd Bergmann wrote: > On Mon, Mar 6, 2017 at 10:16 AM, Arend Van Spriel > wrote: >> On 2-3-2017 17:38, Arnd Bergmann wrote: >>> The wlc_phy_table_write_nphy/wlc_phy_table_read_nphy functions always put an object >>> on the stack, which will each require a redzone with KASAN and lead to possible >>> stack overflow: >>> >>> drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c: In function 'wlc_phy_workarounds_nphy': >>> drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c:17135:1: warning: the frame size of 6312 bytes is larger than 1000 bytes [-Wframe-larger-than=] >> >> Looks like this warning text ended up in the wrong commit message. Got >> me confused for a sec :-p > > What's wrong about the warning? The warning is about the function 'wlc_phy_workarounds_nphy' (see PATCH 9/26) and not about wlc_phy_table_write_nphy/wlc_phy_table_read_nphy functions. >>> This marks the two functions as noinline_for_kasan, avoiding the problem entirely. >> >> Frankly I seriously dislike annotating code for the sake of some >> (dynamic) memory analyzer. To me the whole thing seems rather >> unnecessary. If the code passes the 2048 stack limit without KASAN it >> would seem the limit with KASAN should be such that no warning is given. >> I suspect that it is rather difficult to predict the additional size of >> the instrumentation code and on some systems there might be a real issue >> with increased stack usage. > > The frame sizes don't normally change that much. There are a couple of > drivers like brcmsmac that repeatedly call an inline function which has > a local variable that it passes by reference to an extern function. > > While normally those variables share a stack location, KASAN forces > each instance to its own location and adds (in this case) 80 bytes of > redzone around it to detect out-of-bounds access. > > While most drivers are fine with a 1500 byte warning limit, increasing > the limit to 7kb would silence brcmsmac (unless more registers > are accessed from wlc_phy_workarounds_nphy) but also risk a > stack overflow to go unnoticed. Given the amount of local variables maybe just tag the functions with noinline instead. Regards, Arend