From patchwork Tue Dec 5 21:51:19 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 10093833 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id A355660329 for ; Tue, 5 Dec 2017 21:53:34 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9721D29977 for ; Tue, 5 Dec 2017 21:53:34 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8BE5629983; Tue, 5 Dec 2017 21:53:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2F19429977 for ; Tue, 5 Dec 2017 21:53:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752357AbdLEVxU (ORCPT ); Tue, 5 Dec 2017 16:53:20 -0500 Received: from mout.kundenserver.de ([212.227.17.13]:61517 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751937AbdLEVxS (ORCPT ); Tue, 5 Dec 2017 16:53:18 -0500 Received: from wuerfel.lan ([149.172.96.106]) by mrelayeu.kundenserver.de (mreue102 [212.227.15.145]) with ESMTPA (Nemesis) id 0M4ZiO-1fIpQk3Ndc-00yevf; Tue, 05 Dec 2017 22:51:54 +0100 From: Arnd Bergmann To: Andrew Morton Cc: Kees Cook , Mauro Carvalho Chehab , linux-media@vger.kernel.org, kasan-dev@googlegroups.com, Dmitry Vyukov , Alexander Potapenko , Andrey Ryabinin , linux-kbuild@vger.kernel.org, Arnd Bergmann , stable@vger.kernel.org, Daniel Micay , Greg Kroah-Hartman , Martin Wilck , Dan Williams , linux-kernel@vger.kernel.org Subject: [PATCH] string.h: work around for increased stack usage Date: Tue, 5 Dec 2017 22:51:19 +0100 Message-Id: <20171205215143.3085755-1-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 X-Provags-ID: V03:K0:VQgXDjP9eK4+StWURuEMmZ2exfcrp6RndSF1ydspo7q4gh7A0Xa KS5pxycoE3SOwmFMmld8xN7InjEBIrIo1NjMkwv/Hez5paDV7vFlHOUqyNS0WvwgZBk2s5e 7QN5y0FnVGlDwuL5I8rTpzyCHr4V6u+7D0nrmb3kGayXA5ndFMEa/iJSz4tGpulAB3yreED upFXl8GAOPfAXJBmhLu3Q== X-UI-Out-Filterresults: notjunk:1; V01:K0:4MlgYqDGkro=:86SBotCwvOGtqfuBc3pAFh Ts2GlwSlyVkN4nLdBj8/yOKJpmvsEf5U4B34C5LEKqn2Im+0flD9bcy6YVudebnxJ1L+6DohR j7/mJKmRr1jH71XkbagBe8DtuQ5GJCV6EjdEjMD4RMpu5TPs4kQiig3Gcw4tvdkqq8XH2bcPT GPR369VoyO+J/xD/evdJQOb/BsyADR0MSdq2fP/OvXgBkO/uzi7JpYvfYeVMG/ezZm4I+TwiF IkJY5otNKF9KdzruAmkXFYKnXPMA49xqMsDNYJnZeRAl1YKHswda6TOajLCHGHJ5mC+XM+URw gaznGO1LfT4QqlLR6FXyD+s2tqJSz4o21KPfmyHff1xn1UrdLqnliS74jjPSNuySzaW4rtgrI EbFP/P3M+i0wF17ve4JHDkXi3wtwtJDNBHyGeVNS2OXeqoyc3ApIvj4DL1cbSsYq9iOS4OHaD qDZhA8U5NxlmejUK6xYTeMCWveQIvlm77pke5Qkxbihk8luCGP+XyM5YG7vl8xSOljQexs+Ba Q8RHwb/362kJS4kiGyfzbqgqZ5zDfhIgs4vpV5Ofd8qDVmUcAJU7Q/4s//uxw95PwsGlTCPJO E9zZSUs8x6J2BSScWet1KAv1+O0pTqkeUKB7RsRCxfWDfxi4IVIskLUebuRNPypnQwd1gMbb/ gxXaUK/0ut/bgDfKtIA0KlO/IAvUsZOemI787cprci9JC0azVvT4LWnK+kQwSp9s2RV7+04MH xlnZpJ2cuY44brz0QrNZ7TdLQErz25a3bKoIWg== Sender: linux-media-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The hardened strlen() function causes rather large stack usage in at least one file in the kernel, in particular when CONFIG_KASAN is enabled: drivers/media/usb/em28xx/em28xx-dvb.c: In function 'em28xx_dvb_init': drivers/media/usb/em28xx/em28xx-dvb.c:2062:1: error: the frame size of 3256 bytes is larger than 204 bytes [-Werror=frame-larger-than=] Analyzing this problem led to the discovery that gcc fails to merge the stack slots for the i2c_board_info[] structures after we strlcpy() into them, due to the 'noreturn' attribute on the source string length check. I reported this as a gcc bug, but it is unlikely to get fixed for gcc-8, since it is relatively easy to work around, and it gets triggered rarely. An earlier workaround I did added an empty inline assembly statement before the call to fortify_panic(), which works surprisingly well, but is really ugly and unintuitive. This is a new approach to the same problem, this time addressing it by not calling the 'extern __real_strnlen()' function for string constants where __builtin_strlen() is a compile-time constant and therefore known to be safe. We do this by checking if the last character in the string is a compile-time constant '\0'. If it is, we can assume that strlen() of the string is also constant. As a side-effect, this should also improve the object code output for any other call of strlen() on a string constant. Cc: stable@vger.kernel.org Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82365 Link: https://patchwork.kernel.org/patch/9980413/ Link: https://patchwork.kernel.org/patch/9974047/ Signed-off-by: Arnd Bergmann --- v3: don't use an asm barrier but use a constant string change. Aside from two other patches for drivers/media that I sent last week, this should fix all stack frames above 2KB, once all three are merged, I'll send the patch to re-enable the warning. --- include/linux/string.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/linux/string.h b/include/linux/string.h index 410ecf17de3c..e5cc3f27f6e0 100644 --- a/include/linux/string.h +++ b/include/linux/string.h @@ -259,7 +259,8 @@ __FORTIFY_INLINE __kernel_size_t strlen(const char *p) { __kernel_size_t ret; size_t p_size = __builtin_object_size(p, 0); - if (p_size == (size_t)-1) + if (p_size == (size_t)-1 || + (__builtin_constant_p(p[p_size - 1]) && p[p_size - 1] == '\0')) return __builtin_strlen(p); ret = strnlen(p, p_size); if (p_size <= ret)