[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <e74919c7-6b32-f55c-ff88-c3abd851476f@virtuozzo.com>
Date: Fri, 9 Feb 2018 11:53:19 +0300
From: Kirill Tkhai <ktkhai@...tuozzo.com>
To: Matthew Wilcox <willy@...radead.org>,
Josh Poimboeuf <jpoimboe@...hat.com>
Cc: Dmitry Vyukov <dvyukov@...gle.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H. Peter Anvin" <hpa@...or.com>,
Andrey Ryabinin <aryabinin@...tuozzo.com>,
Alexander Potapenko <glider@...gle.com>,
Andy Lutomirski <luto@...nel.org>,
Borislav Petkov <bp@...en8.de>,
Juergen Gross <jgross@...e.com>,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
Kees Cook <keescook@...omium.org>,
Mathias Krause <minipli@...glemail.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Kate Stewart <kstewart@...uxfoundation.org>,
LKML <linux-kernel@...r.kernel.org>,
kasan-dev <kasan-dev@...glegroups.com>,
Linux-MM <linux-mm@...ck.org>
Subject: Re: [PATCH RFC] x86: KASAN: Sanitize unauthorized irq stack access
On 08.02.2018 22:00, Matthew Wilcox wrote:
> On Thu, Feb 08, 2018 at 11:20:26AM -0600, Josh Poimboeuf wrote:
>> The patch description is confusing. It talks about "crappy drivers irq
>> handlers when they access wrong memory on the stack". But if I
>> understand correctly, the patch doesn't actually protect against that
>> case, because irq handlers run on the irq stack, and this patch only
>> affects code which *isn't* running on the irq stack.
>
> This would catch a crappy driver which allocates some memory on the
> irq stack, squirrels the pointer to it away in a data structure, then
> returns to process (or softirq) context and dereferences the pointer.
Yes, this is exactly what I mean. The patch allows stack modifications
for interrupt time, and catches wrong accesses from another contexts/cpus
(when there is no interrupt executing in parallel).
It's possible to catch wrong accesses in interrupt time also, but we need
to unmap irq stacks on another cpus to do that, which is not KASAN thing.
But, I hope we may be lucky and catch such situations even if we only check
for accesses, which are going not in interrupt time.
> I have no idea if that's the case that Kirill is tracking down, but it's
> something I can imagine someone doing.
Kirill
Powered by blists - more mailing lists