| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CACT4Y+a-HMXa869TtwAf_HZp8oYJ5MA=QFWyOPSrUGTBf_3b7g@mail.gmail.com>
Date: Tue, 13 Oct 2015 15:57:27 +0200
From: Dmitry Vyukov <dvyukov@...gle.com>
To: Ingo Molnar <mingo@...nel.org>
Cc: Andrey Ryabinin <aryabinin@...tuozzo.com>,
LKML <linux-kernel@...r.kernel.org>,
Thomas Gleixner <tglx@...utronix.de>,
"H. Peter Anvin" <hpa@...or.com>,
"x86@...nel.org" <x86@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Andy Lutomirski <luto@...capital.net>,
Andrey Konovalov <andreyknvl@...gle.com>,
Kostya Serebryany <kcc@...gle.com>,
Alexander Potapenko <glider@...gle.com>,
kasan-dev <kasan-dev@...glegroups.com>,
Borislav Petkov <bp@...en8.de>,
Denys Vlasenko <dvlasenk@...hat.com>,
Andi Kleen <ak@...ux.intel.com>,
Sasha Levin <sasha.levin@...cle.com>,
Wolfram Gloger <wmglo@...t.med.uni-muenchen.de>
Subject: Re: [PATCH v2 2/2] x86/process: Silence KASAN warnings in get_wchan()
On Tue, Oct 13, 2015 at 3:48 PM, Ingo Molnar <mingo@...nel.org> wrote:
>
> * Andrey Ryabinin <aryabinin@...tuozzo.com> wrote:
>
>> get_wchan() is racy by design, it may access volatile stack
>> of running task, thus it may access redzone in a stack frame
>> and cause KASAN to warn about this.
>>
>> Use READ_ONCE_NOCHECK() to silence these warnings.
>>
>> Reported-by: Sasha Levin <sasha.levin@...cle.com>
>> Signed-off-by: Andrey Ryabinin <aryabinin@...tuozzo.com>
>> ---
>> arch/x86/kernel/process.c | 6 +++---
>> 1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
>> index 39e585a..e28db18 100644
>> --- a/arch/x86/kernel/process.c
>> +++ b/arch/x86/kernel/process.c
>> @@ -550,14 +550,14 @@ unsigned long get_wchan(struct task_struct *p)
>> if (sp < bottom || sp > top)
>> return 0;
>>
>> - fp = READ_ONCE(*(unsigned long *)sp);
>> + fp = READ_ONCE_NOCHECK(*(unsigned long *)sp);
>> do {
>> if (fp < bottom || fp > top)
>> return 0;
>> - ip = READ_ONCE(*(unsigned long *)(fp + sizeof(unsigned long)));
>> + ip = READ_ONCE_NOCHECK(*(unsigned long *)(fp + sizeof(unsigned long)));
>> if (!in_sched_functions(ip))
>> return ip;
>> - fp = READ_ONCE(*(unsigned long *)fp);
>> + fp = READ_ONCE_NOCHECK(*(unsigned long *)fp);
>> } while (count++ < 16 && p->state != TASK_RUNNING);
>> return 0;
>> }
>
> Hm, exactly how is the 'red zone' defined? Is this about the current task mostly,
> or when doing get_wchan() on other tasks?
When code is compiled with AddressSanitizer, most variables on stack
have redzones around them, on entry function "poisons" these redzones
(any accesses to them will be flagged), on exit function "unpoisons"
these redzones.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists