lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 13 Oct 2015 16:57:02 +0300
From:	Andrey Ryabinin <aryabinin@...tuozzo.com>
To:	Ingo Molnar <mingo@...nel.org>
CC:	<linux-kernel@...r.kernel.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	"H. Peter Anvin" <hpa@...or.com>, <x86@...nel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Andy Lutomirski <luto@...capital.net>,
	Andrey Konovalov <andreyknvl@...gle.com>,
	Kostya Serebryany <kcc@...gle.com>,
	Alexander Potapenko <glider@...gle.com>,
	kasan-dev <kasan-dev@...glegroups.com>,
	Borislav Petkov <bp@...en8.de>,
	Denys Vlasenko <dvlasenk@...hat.com>,
	Andi Kleen <ak@...ux.intel.com>,
	Dmitry Vyukov <dvyukov@...gle.com>,
	Sasha Levin <sasha.levin@...cle.com>,
	Wolfram Gloger <wmglo@...t.med.uni-muenchen.de>
Subject: Re: [PATCH v2 2/2] x86/process: Silence KASAN warnings in get_wchan()



On 10/13/2015 04:48 PM, Ingo Molnar wrote:
> 
> * Andrey Ryabinin <aryabinin@...tuozzo.com> wrote:
> 
>> get_wchan() is racy by design, it may access volatile stack
>> of running task, thus it may access redzone in a stack frame
>> and cause KASAN to warn about this.
>>
>> Use READ_ONCE_NOCHECK() to silence these warnings.
>>
>> Reported-by: Sasha Levin <sasha.levin@...cle.com>
>> Signed-off-by: Andrey Ryabinin <aryabinin@...tuozzo.com>
>> ---
>>  arch/x86/kernel/process.c | 6 +++---
>>  1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
>> index 39e585a..e28db18 100644
>> --- a/arch/x86/kernel/process.c
>> +++ b/arch/x86/kernel/process.c
>> @@ -550,14 +550,14 @@ unsigned long get_wchan(struct task_struct *p)
>>  	if (sp < bottom || sp > top)
>>  		return 0;
>>  
>> -	fp = READ_ONCE(*(unsigned long *)sp);
>> +	fp = READ_ONCE_NOCHECK(*(unsigned long *)sp);
>>  	do {
>>  		if (fp < bottom || fp > top)
>>  			return 0;
>> -		ip = READ_ONCE(*(unsigned long *)(fp + sizeof(unsigned long)));
>> +		ip = READ_ONCE_NOCHECK(*(unsigned long *)(fp + sizeof(unsigned long)));
>>  		if (!in_sched_functions(ip))
>>  			return ip;
>> -		fp = READ_ONCE(*(unsigned long *)fp);
>> +		fp = READ_ONCE_NOCHECK(*(unsigned long *)fp);
>>  	} while (count++ < 16 && p->state != TASK_RUNNING);
>>  	return 0;
>>  }
> 
> Hm, exactly how is the 'red zone' defined? Is this about the current task mostly, 
> or when doing get_wchan() on other tasks?

We doing get_whcan() *only* on other tasks:

520:	if (!p || p == current || p->state == TASK_RUNNING)
521:		return 0;


Current wouldn't be a problem for KASAN.

 


> Thanks,
> 
> 	Ingo
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ