lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 10 Oct 2018 06:45:17 +0000
From:   Chunhui Li (李春辉) <chunhui.li@...iatek.com>
To:     Mark Rutland <mark.rutland@....com>
CC:     Catalin Marinas <catalin.marinas@....com>,
        Will Deacon <will.deacon@....com>,
        Matthias Brugger <matthias.bgg@...il.com>,
        "Marc Zyngier" <marc.zyngier@....com>,
        Ard Biesheuvel <ard.biesheuvel@...aro.org>,
        James Morse <james.morse@....com>,
        Masahiro Yamada <yamada.masahiro@...ionext.com>,
        "linux-arm-kernel@...ts.infradead.org" 
        <linux-arm-kernel@...ts.infradead.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-mediatek@...ts.infradead.org" 
        <linux-mediatek@...ts.infradead.org>,
        wsd_upstream <wsd_upstream@...iatek.com>,
        Miles Chen (��民��) <Miles.Chen@...iatek.com>,
        Walter-ZH Wu (�亲驽�) 
        <Walter-ZH.Wu@...iatek.com>,
        Yu Liang (梁宇) <Yu.Liang@...iatek.com>,
        Nicholas Tang (��秦�x) 
        <nicholas.tang@...iatek.com>
Subject: 答复: [PATCH] kasan: avoid out-of-bounds in unwind_frame

Hi Mark,

kasan detect out-of-bounds in stacktrace.c line 70, it's already over READ_ONCE_NOCHECK, but still crash
kernel-4.9/arch/arm64/kernel/stacktrace.c
69	frame->sp = fp + 0x10;
70	frame->fp = READ_ONCE_NOCHECK(*(unsigned long *)(fp));

we test on Android platform, kernel-4.9 build with clang 6.0.2, we will do experiment to clarify whether compiler related issue.

READ_ONCE_NOCHECK->__read_once_size_nocheck with __no_sanitize_address if enable CONFIG_KASAN

kernel-4.9/include/linux/compiler-gcc.h
#define __no_sanitize_address __attribute__((no_sanitize_address))

kernel-4.9/include/linux/compiler-clang.h
#define __no_sanitize_address __attribute__((no_sanitize("address")))

there is patch from internet, avoid kasan by wrapping with kasan_disable_current, it seems better.
https://lore.kernel.org/patchwork/patch/644463
such as:
+	kasan_disable_current();
  // access fp
+	kasan_enable_current();

Thanks
Chunhui Li

-----邮件原件-----
发件人: Mark Rutland [mailto:mark.rutland@....com] 
发送时间: 2018年10月9日 18:39
收件人: Chunhui Li (李春辉)
抄送: Catalin Marinas; Will Deacon; Matthias Brugger; Marc Zyngier; Ard Biesheuvel; James Morse; Masahiro Yamada; linux-arm-kernel@...ts.infradead.org; linux-kernel@...r.kernel.org; linux-mediatek@...ts.infradead.org; wsd_upstream
主题: Re: [PATCH] kasan: avoid out-of-bounds in unwind_frame

On Tue, Oct 09, 2018 at 06:11:03PM +0800, Chunhui Li wrote:
> From: "chunhui.li" <chunhui.li@...iatek.com>
> 
>    kasan detect unwind_frame out-of-bounds error when one task dump 
> another, log as below
> BUG: KASAN: out-of-bounds in unwind_frame+0x140/0x20c Read of size 8 
> at addr ffffffea1e2378e0 by task AnrMonitorThrea/1111 avoid kasan 
> out-of-bounds error by disable kasan for stacktrace.c

This doesn't look right. Since unwind_frame uses READ_ONCE_NOCHECK(), we should never perform an access that KASAN complains about.

I don't think that we should completely disable instrumentation of stacktrace.c.

Can you please figure out precisely which line KASAN is complaining about? i.e. use scripts/faddr2line.

Thanks,
Mark.

> 
> Signed-off-by: chunhui.li <chunhui.li@...iatek.com>
> ---
>  arch/arm64/kernel/Makefile | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/arch/arm64/kernel/Makefile b/arch/arm64/kernel/Makefile 
> index 95ac737..606d0e2 100644
> --- a/arch/arm64/kernel/Makefile
> +++ b/arch/arm64/kernel/Makefile
> @@ -57,6 +57,8 @@ arm64-obj-$(CONFIG_CRASH_DUMP)		+= crash_dump.o
>  arm64-obj-$(CONFIG_ARM_SDE_INTERFACE)	+= sdei.o
>  arm64-obj-$(CONFIG_ARM64_SSBD)		+= ssbd.o
>  
> +KASAN_SANITIZE_stacktrace.o := n
> +
>  obj-y					+= $(arm64-obj-y) vdso/ probes/
>  obj-m					+= $(arm64-obj-m)
>  head-y					:= head.o
> --
> 1.9.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ