From patchwork Thu Mar 2 16:38:30 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 9601349 X-Patchwork-Delegate: kvalo@adurom.com Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 807BA60429 for ; Thu, 2 Mar 2017 18:16:41 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 77319285CF for ; Thu, 2 Mar 2017 18:16:41 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6BC6D285D3; Thu, 2 Mar 2017 18:16:41 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.4 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E3C73285CF for ; Thu, 2 Mar 2017 18:16:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752270AbdCBSQg (ORCPT ); Thu, 2 Mar 2017 13:16:36 -0500 Received: from mout.kundenserver.de ([212.227.126.131]:65510 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753217AbdCBSQf (ORCPT ); Thu, 2 Mar 2017 13:16:35 -0500 Received: from wuerfel.lan ([78.42.17.5]) by mrelayeu.kundenserver.de (mreue001 [212.227.15.129]) with ESMTPA (Nemesis) id 0M2kwo-1cTbIV3GJ4-00sfIB; Thu, 02 Mar 2017 17:38:57 +0100 From: Arnd Bergmann To: kasan-dev@googlegroups.com Cc: Andrey Ryabinin , Alexander Potapenko , Dmitry Vyukov , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, linux-wireless@vger.kernel.org, kernel-build-reports@lists.linaro.org, "David S . Miller" , Arnd Bergmann Subject: [PATCH 22/26] drm/i915/gvt: don't overflow the kernel stack with KASAN Date: Thu, 2 Mar 2017 17:38:30 +0100 Message-Id: <20170302163834.2273519-23-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 In-Reply-To: <20170302163834.2273519-1-arnd@arndb.de> References: <20170302163834.2273519-1-arnd@arndb.de> X-Provags-ID: V03:K0:/jw5U77y+u4hsh9y/RDJ9mc4PhyVg1Fuixt2ata69lYHbtJ7QtX mpsuBVtBC7K6J0kf+N2ezl+LzRYNKr8TC3NS8BygB5mY2fw02z5WAfTwT5+YzxJRP3kg8uA Tm6Fu7Qlc7Gs3uB12husl/K2xzz4CtcxBEzrPQrAw2Ug8anhWYW29XmhUgZMHt7e40TdalH iW0KHvZXko84jQv5yDGsQ== X-UI-Out-Filterresults: notjunk:1; V01:K0:S7w5uBNTUsk=:a4sxr630R6372ZWWm7tyd4 0v4rka30VKWKtlBXwSBPa0KEyMNJyGJJzpk3nO6Rx1HLR8YpIYTDWiftIWvpzXC4g1V7Oq/e5 8hRce4D5P9qkqMN5IM3hCKoA0n9Hq7IncPsHRe3pOrEJc2mWjTz8sCUT7hpJSdIxvhxT+dePc Fl1L9GP0d3b9KaZia9TE05ooEwbvpQnO43ayNSyrR9/DGyr1/QdHJ+7dCpZu0cSTNYn6ycBYA /mOkP+9Q80OVlB2vpgsgYukaLssxjgvAIkhdre15pTHnPWYlp2LOHkmqaaOCYGbdG6RqqfEIW l5p84WQ5gmZsStSbjl7A4eYW1PSJ85jlTKkxjrCqXmBZnXAHdTrmvlQ6gCx8vGye2r4ayiiCn eA/XlZ0cszqvBES+hX7lYW0JbvFlepje7l/m6eEOHlskASnfji0M7n0f9AisBXixOFbZWp7kC 7sLUuG5C1/Yef373MIK6m7NS42CbXLOpMbQq5E5bkIo+SB9fmEyzJvDjgNxiuh9ZacSvIPXgg iLE3Qs8PM5+LAOtpiym0FCF9/cLLQcWKqljN/yWS/x4v4PVAMvDc8gApNApK8DKTESXDc2n6K HfdRAAr/dwGoG3Ua8f/p9NsHrt9wRHSo2mB1R/LT8Bmis+lP3U6hX1Fz1y+qPeshFvfoZwUjD 7LS5lUNIp3AajYdV3uAZxKADu6dmcFial2G3ELTj2TZ7d8qo0AYxcITTJ8beibIRam9k= Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Enabling CONFIG_KASAN can lead to an instant stack overflow: drivers/gpu/drm/i915/gvt/handlers.c: In function 'init_generic_mmio_info': drivers/gpu/drm/i915/gvt/handlers.c:2200:1: error: the frame size of 30464 bytes is larger than 3072 bytes [-Werror=frame-larger-than=] drivers/gpu/drm/i915/gvt/handlers.c: In function 'init_broadwell_mmio_info': drivers/gpu/drm/i915/gvt/handlers.c:2402:1: error: the frame size of 5376 bytes is larger than 3072 bytes [-Werror=frame-larger-than=] drivers/gpu/drm/i915/gvt/handlers.c: In function 'init_skl_mmio_info': drivers/gpu/drm/i915/gvt/handlers.c:2628:1: error: the frame size of 5296 bytes is larger than 3072 bytes [-Werror=frame-larger-than=] The reason is the INTEL_GVT_MMIO_OFFSET() hack that attempts to convert any type (including i915_reg_t) into a u32 by reading the first four bytes, in combination with the stack sanitizer that adds a redzone around each instance. Originally, i915_reg_t was introduced to add a little extra type safety by disallowing simple type casts, and INTEL_GVT_MMIO_OFFSET() goes the opposite way by allowing any type as input, including those that are not safe in this context. I'm replacing it with an implementation that specifically allows the three types that are actually used as input: 'i915_reg_t' (from _MMIO constants), 'int' (from other constants), and 'unsigned int' (from function arguments), and any other type should now provoke a build error. This also solves the stack overflow as we no longer use a local variable for each instance. Signed-off-by: Arnd Bergmann --- drivers/gpu/drm/i915/gvt/mmio.h | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/i915/gvt/mmio.h b/drivers/gpu/drm/i915/gvt/mmio.h index 3bc620f56f35..bf40100fc626 100644 --- a/drivers/gpu/drm/i915/gvt/mmio.h +++ b/drivers/gpu/drm/i915/gvt/mmio.h @@ -78,13 +78,20 @@ bool intel_gvt_match_device(struct intel_gvt *gvt, unsigned long device); int intel_gvt_setup_mmio_info(struct intel_gvt *gvt); void intel_gvt_clean_mmio_info(struct intel_gvt *gvt); +static inline u32 intel_gvt_mmio_offset(unsigned int offset) +{ + return offset; +} + struct intel_gvt_mmio_info *intel_gvt_find_mmio_info(struct intel_gvt *gvt, unsigned int offset); -#define INTEL_GVT_MMIO_OFFSET(reg) ({ \ - typeof(reg) __reg = reg; \ - u32 *offset = (u32 *)&__reg; \ - *offset; \ -}) +#define INTEL_GVT_MMIO_OFFSET(reg) \ +__builtin_choose_expr(__builtin_types_compatible_p(typeof(reg), int), intel_gvt_mmio_offset, \ +__builtin_choose_expr(__builtin_types_compatible_p(typeof(reg), unsigned int), intel_gvt_mmio_offset, \ +__builtin_choose_expr(__builtin_types_compatible_p(typeof(reg), i915_reg_t), i915_mmio_reg_offset, \ + (void)(0) \ +)))(reg) + int intel_vgpu_init_mmio(struct intel_vgpu *vgpu); void intel_vgpu_reset_mmio(struct intel_vgpu *vgpu);