Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756482AbcK3Sfw (ORCPT ); Wed, 30 Nov 2016 13:35:52 -0500 Received: from mx1.redhat.com ([209.132.183.28]:50522 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755208AbcK3Sfp (ORCPT ); Wed, 30 Nov 2016 13:35:45 -0500 Date: Wed, 30 Nov 2016 12:35:07 -0600 From: Josh Poimboeuf To: Scott Bauer Cc: linux-kernel@vger.kernel.org, peterz@infradead.org, mingo@kernel.org, luto@amacapital.net Subject: Re: BUG: KASAN: stack-out-of-bounds in unwind_get_return_address Message-ID: <20161130183507.syv3cdpp3hzxi77k@treble> References: <20161129181300.GA29095@sbauer-Z170X-UD5> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20161129181300.GA29095@sbauer-Z170X-UD5> User-Agent: Mutt/1.6.0.1 (2016-04-01) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Wed, 30 Nov 2016 18:35:08 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1828 Lines: 48 On Tue, Nov 29, 2016 at 11:13:01AM -0700, Scott Bauer wrote: > This is super easy to repro ontop of 4.9-rc7: > run pm-suspend and it hits every time > > > [ 968.667086] ================================================================== > [ 968.667091] BUG: KASAN: stack-out-of-bounds in unwind_get_return_address+0x11d/0x130 at addr ffff8803867d7878 > [ 968.667092] Read of size 8 by task pm-suspend/7774 > [ 968.667095] page:ffffea000e19f5c0 count:0 mapcount:0 mapping: (null) index:0x0 > [ 968.667096] flags: 0x2ffff0000000000() > [ 968.667097] page dumped because: kasan: bad access detected Thanks for reporting this. I think it's a false positive caused by the fact that the suspend and resume happen at different contexts. Can you test if this patch fixes it? diff --git a/arch/x86/kernel/acpi/sleep.c b/arch/x86/kernel/acpi/sleep.c index 4858733..62bd046 100644 --- a/arch/x86/kernel/acpi/sleep.c +++ b/arch/x86/kernel/acpi/sleep.c @@ -115,6 +115,9 @@ int x86_acpi_suspend_lowlevel(void) pause_graph_tracing(); do_suspend_lowlevel(); unpause_graph_tracing(); + + kasan_unpoison_stack_below_sp(); + return 0; } diff --git a/include/linux/kasan.h b/include/linux/kasan.h index 820c0ad..ca36126 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -45,6 +45,12 @@ void kasan_unpoison_shadow(const void *address, size_t size); void kasan_unpoison_task_stack(struct task_struct *task); void kasan_unpoison_stack_above_sp_to(const void *watermark); +asmlinkage void kasan_unpoison_task_stack_below(const void *watermark); + +static inline void kasan_unpoison_stack_below_sp(void) +{ + kasan_unpoison_task_stack_below(__builtin_frame_address(0)); +} void kasan_alloc_pages(struct page *page, unsigned int order); void kasan_free_pages(struct page *page, unsigned int order);