| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Oct 2018 11:20:16 +0000
From: Chunhui Li (李春辉)
<chunhui.li@...iatek.com>
To: Mark Rutland <mark.rutland@....com>
CC: Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will.deacon@....com>,
Matthias Brugger <matthias.bgg@...il.com>,
"Marc Zyngier" <marc.zyngier@....com>,
Ard Biesheuvel <ard.biesheuvel@...aro.org>,
James Morse <james.morse@....com>,
Masahiro Yamada <yamada.masahiro@...ionext.com>,
"linux-arm-kernel@...ts.infradead.org"
<linux-arm-kernel@...ts.infradead.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-mediatek@...ts.infradead.org"
<linux-mediatek@...ts.infradead.org>,
wsd_upstream <wsd_upstream@...iatek.com>,
Miles Chen (陳民樺)
<Miles.Chen@...iatek.com>,
Walter-ZH Wu (吳祖寰)
<Walter-ZH.Wu@...iatek.com>,
Yu Liang (梁宇) <Yu.Liang@...iatek.com>,
Nicholas Tang (鄭秦輝)
<nicholas.tang@...iatek.com>
Subject: 答复: 答复: [PATCH] kasan: avoid out-of-bounds in unwind_frame
Hi Mark,
Ok, thanks for your help
Best regards,
Chunhui Li
-----邮件原件-----
发件人: Mark Rutland [mailto:mark.rutland@....com]
发送时间: 2018年10月10日 17:26
收件人: Chunhui Li (李春辉)
抄送: Catalin Marinas; Will Deacon; Matthias Brugger; Marc Zyngier; Ard Biesheuvel; James Morse; Masahiro Yamada; linux-arm-kernel@...ts.infradead.org; linux-kernel@...r.kernel.org; linux-mediatek@...ts.infradead.org; wsd_upstream; Miles Chen (陳民樺); Walter-ZH Wu (吳祖寰); Yu Liang (梁宇); Nicholas Tang (鄭秦輝)
主题: Re: 答复: [PATCH] kasan: avoid out-of-bounds in unwind_frame
On Wed, Oct 10, 2018 at 06:45:17AM +0000, Chunhui Li (李春辉) wrote:
> Hi Mark,
>
> kasan detect out-of-bounds in stacktrace.c line 70, it's already over
> READ_ONCE_NOCHECK, but still crash
> kernel-4.9/arch/arm64/kernel/stacktrace.c
> 69frame->sp = fp + 0x10;
> 70frame->fp = READ_ONCE_NOCHECK(*(unsigned long *)(fp));
>
> we test on Android platform, kernel-4.9 build with clang 6.0.2, we will do experiment to clarify whether compiler related issue.
>
> READ_ONCE_NOCHECK->__read_once_size_nocheck with __no_sanitize_address
> if enable CONFIG_KASAN
>
> kernel-4.9/include/linux/compiler-gcc.h
> #define __no_sanitize_address __attribute__((no_sanitize_address))
>
> kernel-4.9/include/linux/compiler-clang.h
> #define __no_sanitize_address __attribute__((no_sanitize("address")))
If READ_ONCE_NOCHECK() isn't working as intended, then this is a compiler issue, and there are bigger problems regardless.
If we need to workaround some compiler issue, that should be done in the implementation of READ_ONCE_NOCHECK().
Please note that there are other issues with using clang to compile the kernel; at minimum 7.0.0 is required to build a mainline kernel (and even then, the LSE atomics have to be explicitly disabled), so if this only affects 6.0.x, I don't think we need to carry any workaround upstream.
> there is patch from internet, avoid kasan by wrapping with kasan_disable_current, it seems better.
> https://lore.kernel.org/patchwork/patch/644463
> such as:
> +kasan_disable_current();
> // access fp
> +kasan_enable_current();
Please note that the solution later in the thread [1] was to use READ_ONCE_NOCHECK().
Thanks,
Mark.
[1] https://lore.kernel.org/patchwork/patch/644463/#829858
Powered by blists - more mailing lists