Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1143974imm; Wed, 1 Aug 2018 10:55:28 -0700 (PDT) X-Google-Smtp-Source: AAOMgpe2Ohs935H0o56Q/3sa0MPW4u3JKxtTeyLa1O9UBJU9cHKrg1ZxG6P3kgsNpxibGS1YB3pK X-Received: by 2002:a63:6849:: with SMTP id d70-v6mr24790012pgc.7.1533146128019; Wed, 01 Aug 2018 10:55:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533146127; cv=none; d=google.com; s=arc-20160816; b=nyAMWn184VPMqv2iP21yb9TgZ7Tgq8jlybawIUH/EueMzFOJ6sNEfoio8nAymv4ysi 3wbQ6Gg/oneJTN4+ehqm5PPdb2WwPxq8CyJsI992wXndZj7C6T16c3lyLR/SaZZTF05v RPi3UZvFWhKmAetEXJGlq75eO76WyHjuuEnCsjbh4gwMkIpPF1hh1uD+MQWqvC5NSt7m a4tIC3bfFMheGryWDbvxiHbXYjRTcvXevVTh3ZIBeYhechsaWXhJ+tqGWBx+RG0/UEbk 7+3QchG0ZxLL3QOawUaU8fsuWl1FPjNQBzHeUAmZ7X3UONy5PUlpUD3W0W6LYWUn0a+i 0bZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=SLx8DlTZsgpgshkPXorPCfj6zWuQPwpagXZI5pgZPXA=; b=o7piXj8TkYsGkaedVlgvx60T68xFdKl1i00HicJqoGpFZInbGTr49xPbiR/UVB2B6l JGikR6jQGpLBg0RiJUt1KUK6T04M2kNDPKJNt151CZmC448HJ81gU89XCmb4n25yhRnh Q3qTK3Ndo97+LZT38wC5/gurQOEVh8PoCpyaB0jCgZQ/MWTkDB2NUUXsdq8j+FidJUCi wZh8pfqZFoc9K7IrfdknR9HWqdb7qIkK9Sy+GCo/ah5sgjmK7sgYJ1ZwKxEsmV1wwpYR dqWl5NB/xF6/xMZqxCK3B3UGWqh5D4BgW9geFh1DgygDoe96Vn4897BGSXYIU2K0Y9KA F/+g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l18-v6si17923469pfk.78.2018.08.01.10.55.13; Wed, 01 Aug 2018 10:55:27 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2405582AbeHATlF (ORCPT + 99 others); Wed, 1 Aug 2018 15:41:05 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:50152 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2405955AbeHATIk (ORCPT ); Wed, 1 Aug 2018 15:08:40 -0400 Received: from localhost (D57E6652.static.ziggozakelijk.nl [213.126.102.82]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 2465E134C; Wed, 1 Aug 2018 17:12:49 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Mark Rutland , Andrey Ryabinin , Dmitry Vyukov , Ingo Molnar , Peter Zijlstra , Andrew Morton , Linus Torvalds , Sasha Levin Subject: [PATCH 4.14 020/246] kcov: ensure irq code sees a valid area Date: Wed, 1 Aug 2018 18:48:50 +0200 Message-Id: <20180801165012.667812846@linuxfoundation.org> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180801165011.700991984@linuxfoundation.org> References: <20180801165011.700991984@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Mark Rutland [ Upstream commit c9484b986ef03492357fddd50afbdd02929cfa72 ] Patch series "kcov: fix unexpected faults". These patches fix a few issues where KCOV code could trigger recursive faults, discovered while debugging a patch enabling KCOV for arch/arm: * On CONFIG_PREEMPT kernels, there's a small race window where __sanitizer_cov_trace_pc() can see a bogus kcov_area. * Lazy faulting of the vmalloc area can cause mutual recursion between fault handling code and __sanitizer_cov_trace_pc(). * During the context switch, switching the mm can cause the kcov_area to be transiently unmapped. These are prerequisites for enabling KCOV on arm, but the issues themsevles are generic -- we just happen to avoid them by chance rather than design on x86-64 and arm64. This patch (of 3): For kernels built with CONFIG_PREEMPT, some C code may execute before or after the interrupt handler, while the hardirq count is zero. In these cases, in_task() can return true. A task can be interrupted in the middle of a KCOV_DISABLE ioctl while it resets the task's kcov data via kcov_task_init(). Instrumented code executed during this period will call __sanitizer_cov_trace_pc(), and as in_task() returns true, will inspect t->kcov_mode before trying to write to t->kcov_area. In kcov_init_task() we update t->kcov_{mode,area,size} with plain stores, which may be re-ordered, torn, etc. Thus __sanitizer_cov_trace_pc() may see bogus values for any of these fields, and may attempt to write to memory which is not mapped. Let's avoid this by using WRITE_ONCE() to set t->kcov_mode, with a barrier() to ensure this is ordered before we clear t->kov_{area,size}. This ensures that any code execute while kcov_init_task() is preempted will either see valid values for t->kcov_{area,size}, or will see that t->kcov_mode is KCOV_MODE_DISABLED, and bail out without touching t->kcov_area. Link: http://lkml.kernel.org/r/20180504135535.53744-2-mark.rutland@arm.com Signed-off-by: Mark Rutland Acked-by: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Ingo Molnar Cc: Peter Zijlstra Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- kernel/kcov.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/kernel/kcov.c +++ b/kernel/kcov.c @@ -108,7 +108,8 @@ static void kcov_put(struct kcov *kcov) void kcov_task_init(struct task_struct *t) { - t->kcov_mode = KCOV_MODE_DISABLED; + WRITE_ONCE(t->kcov_mode, KCOV_MODE_DISABLED); + barrier(); t->kcov_size = 0; t->kcov_area = NULL; t->kcov = NULL;