Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp7061891imm; Tue, 28 Aug 2018 05:55:30 -0700 (PDT) X-Google-Smtp-Source: ANB0VdYuVzVAVuXNnEX9fWe1CXwyQNM2oMcxvEc4+/b2muiprZI//zHwLgKUR1s7/oXs3wceOMMH X-Received: by 2002:a63:225f:: with SMTP id t31-v6mr1432966pgm.275.1535460930548; Tue, 28 Aug 2018 05:55:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535460930; cv=none; d=google.com; s=arc-20160816; b=qd+JglB/Hfd0niTCVMYhsu9sC5EzebL4+kP+rWlUnptbBE+AxR3/GbJCSYEnyGCU7r U3UfLernteHmIz9KqiF7riLujX1yNXAR88zQ6HUjaU1ojAnOuBO7iUj7Pniidr0fr1F9 87x6d+Dlocuoo2KVbVT4Nq5iiXgeqsoI43Ey/sZNfvBHwd7PxGNTmzmwZwTIHfWY6E2I sS+RopSRg7gt50pq501AQFDgAkhcDUzQCVXTNGbqUrahibPzXZ4ZF5/PE9ROaKjxzn+d J7MUPUGdup+JjOoQqwUciKaey5QQPSWG+P+29hUHUy7Xyc29H/p0GsXxYoX7CaqMNfuc m13A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=VhuPjqUcE2fnwKEMiyQ5suCaFvItXEpYSihBClHoLSE=; b=iY/42oDo0aIm52nGMDox+iKAMQCc59rlNYKcK4rJmmTxIsT24z2000AxKRicEd7li6 PQm04Brl646gAF+SBPgv8yDqCccPfLxR3ieVUfnswcv2qWQlThZqGWN48MX56WSpe2lA 5jD5BlN/Zqc+E3FdWr1ovpsbYnswyPTjVTY00Sh4wsM7IzZ3dNnSn0ccE4J/ySbugqD/ g71lmhB84TgGc8k6isyvJwatm8clkF06YcqJM1QtPaWqqH5+l+hDFynsK+c40AUaTS0B jmmbSBz8HKSErlaqIDGLQoILWgZf5XI1EBndj0qsfeLq0XDk02hLXJsri6YVdKXQxquy SnNg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=R55dIruw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e68-v6si969870plb.38.2018.08.28.05.55.14; Tue, 28 Aug 2018 05:55:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=R55dIruw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727959AbeH1Qpf (ORCPT + 99 others); Tue, 28 Aug 2018 12:45:35 -0400 Received: from mail-oi0-f67.google.com ([209.85.218.67]:39724 "EHLO mail-oi0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726998AbeH1Qpf (ORCPT ); Tue, 28 Aug 2018 12:45:35 -0400 Received: by mail-oi0-f67.google.com with SMTP id c190-v6so2590991oig.6 for ; Tue, 28 Aug 2018 05:54:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VhuPjqUcE2fnwKEMiyQ5suCaFvItXEpYSihBClHoLSE=; b=R55dIruwHtZ6Faa9Xa8bHA+Jr6j6vMLnpiRPKvx+EcXSakmtogIV/hB3ZIZ4Zb/Gto tsDrVRO0cowU5ejFaUqcggkZlEvp29TAZVZnqIBG/uekLNth7TSgZmloDKQd9lsxKSCN zJwBdGgb994Jwd6chhG0JabEGdRsk6q2tCESOsaiUjuEdvqP482eTYUYtox+dl+7rKWn xnZ+cDSJwpKAtEcBB3cWAkbahXATbDe1XPpskEKqnoEWLSSAWxx0jy8XBh+VCSnGsGg2 /QWLkXSaCqfhcHqdQLFQJDHNdSXtE9iiWmeo9ZbhJJ7qPgTgbTgBjNsqvU5CO9TGG90h nwFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VhuPjqUcE2fnwKEMiyQ5suCaFvItXEpYSihBClHoLSE=; b=nDt+mmwPt8OWIQ3+F8VNKb/XbC9U71AtNQ4x0y49OkUL0N6Z30RoeLiCJp3oXZKT0d 0JU5go0cwYtgme9vqN2bAaYcZ/VApiDXWkG+PHxL6tC1roXBqafMMH2lYcVvpHxRdXVt rHeROXOGX4G6/iKJRqMXiXbmeEVXybbk/Yts9OhJSUqv2EARiNXJQw8A12hgBBD3acUu NWVcYBJfzHh3/3bKY1mIwsplntXBO8sfL3vSyC3Kv5bmrOE4MUYqqFETqCMenY0VLvzb RJLtEEp/4B5g7pnvl023Y+vVE5qlz/PW9t10VLsNVTKMVaclY0r2nfJgP/pTxV6XI4SQ /LuA== X-Gm-Message-State: APzg51AHT85xCb5MK2kTvWZq4fpzOPpi7/++WErSnJAAp12RwWstreTw Z9+A0VowACNO9GZDrXOnLn7wHsJGE71hkNci26WKSg== X-Received: by 2002:aca:3882:: with SMTP id f124-v6mr1304257oia.195.1535460842135; Tue, 28 Aug 2018 05:54:02 -0700 (PDT) MIME-Version: 1.0 References: <20180824235826.62741-1-jannh@google.com> <0897d173-6a30-09df-f16a-76322384fe0d@virtuozzo.com> In-Reply-To: From: Jann Horn Date: Tue, 28 Aug 2018 14:53:35 +0200 Message-ID: Subject: Re: [PATCH] x86/entry/64: wipe KASAN stack shadow in rewind_stack_do_exit() To: Andrey Ryabinin Cc: Andy Lutomirski , "the arch/x86 maintainers" , kernel list , Dmitry Vyukov , kasan-dev@googlegroups.com, Alexander Potapenko , Kees Cook Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Aug 28, 2018 at 1:33 PM Andrey Ryabinin wrote: > On 08/28/2018 01:38 PM, Jann Horn wrote: > >> Why this has to be done in the rewind_stack_do_exit()? > >> Are there any problems with calling the kasan_unpoison_task_stack(current) from oops_end(), before the rewind_stack_do_exit()? > > > > Ooh, good point! I didn't see that KASAN instrumentation is disabled > > for dumpstack.c. > > It doesn't really matter. This would work with instrumented oops_end() as well. > kasan_unpoison_task_stack() will unpoison everything including oops_end's stack. > It would be also ok if kasan_unpoison_task_stack() instrumented, But then that would rely on ASAN implementation details, so I'd be hesitant to do that. > or calling any number of instrumented functions > in between kasan_unpoison_task_stack() and rewind_stack_do_exit(). As long as we return from these functions before > the rewind_stack_do_exit(), the stack will be unpoisoned on return. Yeah, I understand that. :)