lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20170420134252.6dlkbbsvdotrxvzu@treble>
Date:   Thu, 20 Apr 2017 08:42:52 -0500
From:   Josh Poimboeuf <jpoimboe@...hat.com>
To:     Borislav Petkov <bp@...en8.de>
Cc:     x86-ml <x86@...nel.org>, lkml <linux-kernel@...r.kernel.org>
Subject: Re: WARNING: kernel stack regs at ffffc9000024fea8 in udevadm:92 has
 bad 'bp' value 00007fffc4614d30

On Thu, Apr 20, 2017 at 08:30:21AM -0500, Josh Poimboeuf wrote:
> On Thu, Apr 20, 2017 at 01:06:10PM +0200, Borislav Petkov wrote:
> > Hi,
> > 
> > the splat below started appearing on one of the boxes here with
> > rc7+tip/master from yesterday.
> > 
> > Ideas?
> 
> Thanks for reporting it.  This is another false positive.  It unwinded
> from an interrupt which came in right after calling into C code, but
> before it could set up the frame pointer.  This needs another unwinder
> check.

If it's recreatable, can you test with the following patch?


diff --git a/arch/x86/kernel/unwind_frame.c b/arch/x86/kernel/unwind_frame.c
index bda82df..abe36ff 100644
--- a/arch/x86/kernel/unwind_frame.c
+++ b/arch/x86/kernel/unwind_frame.c
@@ -91,16 +91,26 @@ static bool in_entry_code(unsigned long ip)
 	return false;
 }
 
+static inline unsigned long *last_frame(struct unwind_state *state)
+{
+	return (unsigned long *)task_pt_regs(state->task) - 2;
+}
+
 #ifdef CONFIG_X86_32
 #define GCC_REALIGN_WORDS 3
 #else
 #define GCC_REALIGN_WORDS 1
 #endif
 
+static inline unsigned long *last_aligned_frame(struct unwind_state *state)
+{
+	return last_frame(state) - GCC_REALIGN_WORDS;
+}
+
 static bool is_last_task_frame(struct unwind_state *state)
 {
-	unsigned long *last_bp = (unsigned long *)task_pt_regs(state->task) - 2;
-	unsigned long *aligned_bp = last_bp - GCC_REALIGN_WORDS;
+	unsigned long *last_bp = last_frame(state);
+	unsigned long *aligned_bp = last_aligned_frame(state);
 
 	/*
 	 * We have to check for the last task frame at two different locations
@@ -277,10 +287,12 @@ bool unwind_next_frame(struct unwind_state *state)
 
 	/*
 	 * Don't warn if the unwinder got lost due to an interrupt in entry
-	 * code before the stack was set up:
+	 * code before the first frame pointer got set up:
 	 */
 	if (state->got_irq && in_entry_code(state->ip))
 		goto the_end;
+	if (state->regs && (unsigned long *)state->regs->sp >= last_aligned_frame(state))
+		goto the_end;
 
 	if (state->regs) {
 		printk_deferred_once(KERN_WARNING

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ