| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190415132339.wiqyzygqklliyml7@treble>
Date: Mon, 15 Apr 2019 08:23:39 -0500
From: Josh Poimboeuf <jpoimboe@...hat.com>
To: Thomas Gleixner <tglx@...utronix.de>
Cc: Andy Lutomirski <luto@...nel.org>,
LKML <linux-kernel@...r.kernel.org>, X86 ML <x86@...nel.org>,
Sean Christopherson <sean.j.christopherson@...el.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Pekka Enberg <penberg@...nel.org>,
Linux-MM <linux-mm@...ck.org>
Subject: Re: [patch V4 01/32] mm/slab: Fix broken stack trace storage
On Mon, Apr 15, 2019 at 11:02:58AM +0200, Thomas Gleixner wrote:
> kstack_end() is broken on interrupt stacks as they are not guaranteed to be
> sized THREAD_SIZE and THREAD_SIZE aligned.
>
> Use the stack tracer instead. Remove the pointless pointer increment at the
> end of the function while at it.
>
> Fixes: 98eb235b7feb ("[PATCH] page unmapping debug") - History tree
> Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
> Cc: Andrew Morton <akpm@...ux-foundation.org>
> Cc: Pekka Enberg <penberg@...nel.org>
> Cc: linux-mm@...ck.org
> ---
> V4: Made the code simpler to understand (Andy) and make it actually compile
> ---
> mm/slab.c | 30 ++++++++++++++----------------
> 1 file changed, 14 insertions(+), 16 deletions(-)
>
> --- a/mm/slab.c
> +++ b/mm/slab.c
> @@ -1470,33 +1470,31 @@ static bool is_debug_pagealloc_cache(str
> static void store_stackinfo(struct kmem_cache *cachep, unsigned long *addr,
> unsigned long caller)
> {
> - int size = cachep->object_size;
> + int size = cachep->object_size / sizeof(unsigned long);
>
> addr = (unsigned long *)&((char *)addr)[obj_offset(cachep)];
>
> - if (size < 5 * sizeof(unsigned long))
> + if (size < 5)
> return;
>
> *addr++ = 0x12345678;
> *addr++ = caller;
> *addr++ = smp_processor_id();
> - size -= 3 * sizeof(unsigned long);
> + size -= 3;
> +#ifdef CONFIG_STACKTRACE
> {
> - unsigned long *sptr = &caller;
> - unsigned long svalue;
> -
> - while (!kstack_end(sptr)) {
> - svalue = *sptr++;
> - if (kernel_text_address(svalue)) {
> - *addr++ = svalue;
> - size -= sizeof(unsigned long);
> - if (size <= sizeof(unsigned long))
> - break;
> - }
> - }
> + struct stack_trace trace = {
> + /* Leave one for the end marker below */
> + .max_entries = size - 1,
> + .entries = addr,
> + .skip = 3,
> + };
>
> + save_stack_trace(&trace);
> + addr += trace.nr_entries;
> }
> - *addr++ = 0x87654321;
> +#endif
> + *addr = 0x87654321;
Looks like stack_trace.nr_entries isn't initialized? (though this code
gets eventually replaced by a later patch)
Who actually reads this stack trace? I couldn't find a consumer.
--
Josh
Powered by blists - more mailing lists