| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Nov 2017 20:19:34 -0600
From: Josh Poimboeuf <jpoimboe@...hat.com>
To: x86@...nel.org
Cc: Fengguang Wu <fengguang.wu@...el.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H. Peter Anvin" <hpa@...or.com>,
Thiago Jung Bauermann <bauerman@...ux.vnet.ibm.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: [PATCH] x86/unwind: Disable KASAN checking in the ORC unwinder
Fengguang reported a KASAN warning:
Kprobe smoke test: started
==================================================================
BUG: KASAN: stack-out-of-bounds in deref_stack_reg+0xb5/0x11a
Read of size 8 at addr ffff8800001c7cd8 by task swapper/1
CPU: 0 PID: 1 Comm: swapper Not tainted 4.14.0-rc8 #26
Call Trace:
<#DB>
...
save_trace+0xd9/0x1d3
mark_lock+0x5f7/0xdc3
__lock_acquire+0x6b4/0x38ef
? kretprobe_table_lock+0x1a/0x42
? debug_show_all_locks+0x222/0x222
? get_usage_char+0x36/0x36
? lock_acquire+0x1a1/0x2aa
lock_acquire+0x1a1/0x2aa
? kretprobe_table_lock+0x1a/0x42
_raw_spin_lock_irqsave+0x46/0x55
? kretprobe_table_lock+0x1a/0x42
kretprobe_table_lock+0x1a/0x42
pre_handler_kretprobe+0x3f5/0x521
? __unregister_kprobe_bottom+0x1eb/0x1eb
? rcu_nmi_exit+0x70/0x98
? paranoid_exit_no_swapgs+0x10/0x10
? kprobe_target+0x1/0x11
kprobe_int3_handler+0x19c/0x25f
do_int3+0x61/0x142
int3+0x30/0x60
RIP: 0010:kprobe_target+0x1/0x11
RSP: 0000:ffff8800001c7cd0 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 1ffff10000038f9b RCX: 0000000000000000
RDX: ffffed0000038f6f RSI: 0000000000000000 RDI: 00000000bd9f051f
RBP: ffff8800001c7cf8 R08: fffffbffffeaf26e R09: fffffbffffeaf26d
R10: ffff8800001c7c80 R11: 0000000000000001 R12: ffffffff8208b990
R13: ffffffff8208b980 R14: 0000000000000001 R15: dffffc0000000000
</#DB>
bzImage64_load+0xea5/0xea5
? j_kprobe_target+0x33/0x33
? up_write+0x1c/0x31
? blocking_notifier_chain_register+0x97/0xa1
? init_kprobes+0x410/0x43d
...
The ORC unwinder got confused by some kprobes changes, which isn't
surprising since the runtime code no longer matches vmlinux and the
stack was modified for kretprobes.
Until we have a way for generated code to register changes with the
unwinder, these types of warnings are inevitable. So just disable KASAN
checks for stack accesses in the ORC unwinder.
Reported-by: Fengguang Wu <fengguang.wu@...el.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@...hat.com>
---
arch/x86/kernel/unwind_orc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/unwind_orc.c b/arch/x86/kernel/unwind_orc.c
index b95007e7c1b3..a3f973b2c97a 100644
--- a/arch/x86/kernel/unwind_orc.c
+++ b/arch/x86/kernel/unwind_orc.c
@@ -279,7 +279,7 @@ static bool deref_stack_reg(struct unwind_state *state, unsigned long addr,
if (!stack_access_ok(state, addr, sizeof(long)))
return false;
- *val = READ_ONCE_TASK_STACK(state->task, *(unsigned long *)addr);
+ *val = READ_ONCE_NOCHECK(*(unsigned long *)addr);
return true;
}
--
2.13.6
Powered by blists - more mailing lists