[PATCH] [RESEND v2] structleak: disable STRUCTLEAK_BYREF in combination with KASAN_STACK
Arnd Bergmann
arnd at arndb.de
Mon Jul 22 14:26:40 UTC 2019
On Mon, Jul 22, 2019 at 3:43 PM Alexander Potapenko <glider at google.com> wrote:
> On Mon, Jul 22, 2019 at 1:41 PM Arnd Bergmann <arnd at arndb.de> wrote:
> >
> > KASAN_STACK is currently implied by KASAN on gcc, but could be made a
> > user selectable option if we want to allow combining (non-stack) KASAN
> > with GCC_PLUGIN_STRUCTLEAK_BYREF.
> >
> > Note that it would be possible to specifically address the files that
> > print the warning, but presumably the overall stack usage is still
> > significantly higher than in other configurations, so this would not
> > address the full problem.
> >
> > I could not test this with CONFIG_INIT_STACK_ALL, which may or may not
> > suffer from a similar problem.
> We would love to be able to run KASAN together with
> CONFIG_INIT_STACK_ALL on syzbot, as this will potentially reduce the
> number of flaky errors.
Doesn't that just limit the usefulness of KASAN, as you no longer catch
actual accesses to unintialized variables that KASAN is designed to find?
> Given that we already increase the stack size in KASAN builds, how big
> of a problem are these warnings?
> Perhaps it's better to disable them in this configuration, or push the limit up?
I'm really hoping to lower the per-function limit for 'allmodconfig' builds,
since both a high limit and lots of bogus warnings prevent us from
noticing any newly introduced functions that use a lot of kernel stack
without KASAN.
An allmodconfig build (and ideally also any randconfig build) should always
complete without warnings to be useful for compile testing.
Arnd
More information about the Linux-security-module-archive
mailing list