Commit 7771bdbb authored by Andrey Ryabinin's avatar Andrey Ryabinin Committed by Linus Torvalds
Browse files

kasan: remove use after scope bugs detection. 

Use after scope bugs detector seems to be almost entirely useless for
the linux kernel.  It exists over two years, but I've seen only one
valid bug so far [1].  And the bug was fixed before it has been
reported.  There were some other use-after-scope reports, but they were
false-positives due to different reasons like incompatibility with
structleak plugin.

This feature significantly increases stack usage, especially with GCC <
9 version, and causes a 32K stack overflow.  It probably adds
performance penalty too.

Given all that, let's remove use-after-scope detector entirely.

While preparing this patch I've noticed that we mistakenly enable
use-after-scope detection for clang compiler regardless of
CONFIG_KASAN_EXTRA setting.  This is also fixed now.

[1] http://lkml.kernel.org/r/<20171129052106.rhgbjhhis53hkgfn@wfg-t540p.sh.intel.com>

Link: http://lkml.kernel.org/r/20190111185842.13978-1-aryabinin@virtuozzo.com


Signed-off-by: default avatarAndrey Ryabinin <aryabinin@virtuozzo.com>
Acked-by: Will Deacon <will.deacon@arm.com>		[arm64]
Cc: Qian Cai <cai@lca.pw>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 46612b75

arch/arm64/include/asm/memory.h

+0 −4
Original line number Diff line number Diff line
@@ -80,11 +80,7 @@ 
 */

#ifdef CONFIG_KASAN

#define KASAN_SHADOW_SIZE	(UL(1) << (VA_BITS - KASAN_SHADOW_SCALE_SHIFT))

#ifdef CONFIG_KASAN_EXTRA

#define KASAN_THREAD_SHIFT	2

#else

#define KASAN_THREAD_SHIFT	1

#endif /* CONFIG_KASAN_EXTRA */

#else

#define KASAN_SHADOW_SIZE	(0)

#define KASAN_THREAD_SHIFT	0

lib/Kconfig.debug

+0 −1
Original line number Diff line number Diff line
@@ -222,7 +222,6 @@ config ENABLE_MUST_CHECK 
config FRAME_WARN

	int "Warn for stack frames larger than (needs gcc 4.4)"

	range 0 8192

	default 3072 if KASAN_EXTRA

	default 2048 if GCC_PLUGIN_LATENT_ENTROPY

	default 1280 if (!64BIT && PARISC)

	default 1024 if (!64BIT && !PARISC)

lib/Kconfig.kasan

+0 −10
Original line number Diff line number Diff line
@@ -78,16 +78,6 @@ config KASAN_SW_TAGS 


endchoice



config KASAN_EXTRA

	bool "KASAN: extra checks"

	depends on KASAN_GENERIC && DEBUG_KERNEL && !COMPILE_TEST

	help

	  This enables further checks in generic KASAN, for now it only

	  includes the address-use-after-scope check that can lead to

	  excessive kernel stack usage, frame size warnings and longer

	  compile time.

	  See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715



choice

	prompt "Instrumentation type"

	depends on KASAN

lib/test_kasan.c

+0 −24
Original line number Diff line number Diff line
@@ -480,29 +480,6 @@ static noinline void __init copy_user_test(void) 
	kfree(kmem);

}



static noinline void __init use_after_scope_test(void)

{

	volatile char *volatile p;



	pr_info("use-after-scope on int\n");

	{

		int local = 0;



		p = (char *)&local;

	}

	p[0] = 1;

	p[3] = 1;



	pr_info("use-after-scope on array\n");

	{

		char local[1024] = {0};



		p = local;

	}

	p[0] = 1;

	p[1023] = 1;

}



static noinline void __init kasan_alloca_oob_left(void)

{

	volatile int i = 10;
@@ -682,7 +659,6 @@ static int __init kmalloc_tests_init(void) 
	kasan_alloca_oob_right();

	ksize_unpoisons_memory();

	copy_user_test();

	use_after_scope_test();

	kmem_cache_double_free();

	kmem_cache_invalid_free();

	kasan_memchr();

mm/kasan/generic.c

+0 −19
Original line number Diff line number Diff line
@@ -275,25 +275,6 @@ EXPORT_SYMBOL(__asan_storeN_noabort); 
void __asan_handle_no_return(void) {}

EXPORT_SYMBOL(__asan_handle_no_return);



/* Emitted by compiler to poison large objects when they go out of scope. */

void __asan_poison_stack_memory(const void *addr, size_t size)

{

	/*

	 * Addr is KASAN_SHADOW_SCALE_SIZE-aligned and the object is surrounded

	 * by redzones, so we simply round up size to simplify logic.

	 */

	kasan_poison_shadow(addr, round_up(size, KASAN_SHADOW_SCALE_SIZE),

			    KASAN_USE_AFTER_SCOPE);

}

EXPORT_SYMBOL(__asan_poison_stack_memory);



/* Emitted by compiler to unpoison large objects when they go into scope. */

void __asan_unpoison_stack_memory(const void *addr, size_t size)

{

	kasan_unpoison_shadow(addr, size);

}

EXPORT_SYMBOL(__asan_unpoison_stack_memory);



/* Emitted by compiler to poison alloca()ed objects. */

void __asan_alloca_poison(unsigned long addr, size_t size)

{

CRA Git | Maintained and supported by SUSTech CRA and CCSE