Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755516AbcCBPoJ (ORCPT <rfc822;w@1wt.eu>);
	Wed, 2 Mar 2016 10:44:09 -0500
Received: from foss.arm.com ([217.140.101.70]:59412 "EHLO foss.arm.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1755362AbcCBPoG (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Wed, 2 Mar 2016 10:44:06 -0500
Date: Wed, 2 Mar 2016 15:43:58 +0000
From: Mark Rutland <mark.rutland@arm.com>
To: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: linux-kernel@vger.kernel.org, Alexander Potapenko <glider@google.com>,
        Andrey Konovalov <adech.fo@gmail.com>,
        Dmitriy Vyukov <dvyukov@google.com>, will.deacon@arm.com,
        catalin.marinas@arm.com, Andrew Morton <akpm@linux-foundation.org>,
        kasan-dev@googlegroups.com, Ingo Molnar <mingo@kernel.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [PATCH 2/2] kasan: unpoison stack of idle task on cpu online
Message-ID: <20160302154357.GF11670@leverpostej>
References: <56D6E250.7070301@gmail.com>
 <1456926719-13102-1-git-send-email-aryabinin@virtuozzo.com>
 <1456926719-13102-2-git-send-email-aryabinin@virtuozzo.com>
 <20160302145004.GC11670@leverpostej>
 <56D70675.7050503@virtuozzo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <56D70675.7050503@virtuozzo.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1433
Lines: 41

On Wed, Mar 02, 2016 at 06:27:49PM +0300, Andrey Ryabinin wrote:
> On 03/02/2016 05:50 PM, Mark Rutland wrote:
> > On Wed, Mar 02, 2016 at 04:51:59PM +0300, Andrey Ryabinin wrote:

[...]

> > Is all the above necessary?
> > 
> > Surely we can just include <linux/smpboot.h> in mm/kasan/kasan.c?
> 
> It is necessary. kernel/smpboot.h != include/linux/smpboot.h

Ah, I'd misread the patch. Sorry for the noise!

[...]

> >> +		struct task_struct *tidle = idle_thread_get(cpu);
> >> +		kasan_unpoison_shadow(task_stack_page(tidle), THREAD_SIZE);
> > 
> > We never expect the stack to hit the end of the thread_info, so we can
> > start at task_stack_page(tidle) + 1, and avoid the shadow for
> > sizeof(struct thread_info).
> > 
> 
> I wouldn't bother, it's simpler to unpoison all. Size of struct thread_info is 32-bytes. That's 4-bytes of shadow.
> I don't think it matters whether you do memset of 2048 or 2044 bytes.
> 
> > Do we do any poisoning of the thread_info structure in the thread_union?
> 
> No, why would we poison it? It's absolutely valid memory and available for access.

For some reason I thought ASAN might poison gaps between struct
elements, or at least held open the option to. I guess inserting padding
would be an ABI issue, so it probably doesn't.

In the absence of that, I agree that always starting at
task_stack_page(t), and clearing the shadow for THREAD_SIZE bytes of
stack makes sense).

Thanks,
Mark.