From 0f6e56089becdaf165d63612def35433fa4f8a8d Mon Sep 17 00:00:00 2001 From: Arnd Bergmann Date: Fri, 20 Jun 2025 13:38:31 +0200 Subject: [PATCH] bpf: turn off sanitizer in do_misc_fixups for old clang clang versions before version 18 manage to badly optimize the bpf verifier, with lots of variable spills leading to excessive stack usage in addition to likely rather slow code: kernel/bpf/verifier.c:23936:5: error: stack frame size (2096) exceeds limit (1280) in 'bpf_check' [-Werror,-Wframe-larger-than] kernel/bpf/verifier.c:21563:12: error: stack frame size (1984) exceeds limit (1280) in 'do_misc_fixups' [-Werror,-Wframe-larger-than] Turn off the sanitizer in the two functions that suffer the most from this when using one of the affected clang version. Signed-off-by: Arnd Bergmann --- kernel/bpf/verifier.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 279a649332624..4b5de4a457764 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -19811,7 +19811,14 @@ static int do_check_insn(struct bpf_verifier_env *env, bool *do_print_state) return 0; } -static int do_check(struct bpf_verifier_env *env) +#if defined(CONFIG_CC_IS_CLANG) && CONFIG_CLANG_VERSION < 180100 +/* old clang versions cause excessive stack usage here */ +#define __workaround_kasan __disable_sanitizer_instrumentation +#else +#define __workaround_kasan +#endif + +static __workaround_kasan int do_check(struct bpf_verifier_env *env) { bool pop_log = !(env->log.level & BPF_LOG_LEVEL2); struct bpf_verifier_state *state = env->cur_state; @@ -21818,7 +21825,7 @@ static int add_hidden_subprog(struct bpf_verifier_env *env, struct bpf_insn *pat /* Do various post-verification rewrites in a single program pass. * These rewrites simplify JIT and interpreter implementations. */ -static int do_misc_fixups(struct bpf_verifier_env *env) +static __workaround_kasan int do_misc_fixups(struct bpf_verifier_env *env) { struct bpf_prog *prog = env->prog; enum bpf_attach_type eatype = prog->expected_attach_type;