Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp7421185imm;
        Tue, 28 Aug 2018 11:44:56 -0700 (PDT)
X-Google-Smtp-Source: ANB0VdbcdPn1z+XjDI90nhPpAf0gYDAXDmmYW6CRG5Un5Fayg8ky3lDflyDWMM0MTbXQZE51RCI9
X-Received: by 2002:a62:1c0a:: with SMTP id c10-v6mr2768475pfc.41.1535481895950;
        Tue, 28 Aug 2018 11:44:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1535481895; cv=none;
        d=google.com; s=arc-20160816;
        b=ZIeH+EMs3zD0NbJP+NuOBlbbHeXvhu94g6wCwF5J2woURVPhU94ByCTFzf3uelOJQS
         CLc42IPlc1AhpO2h6mxzNTZO+KzaJpMyaWeAR/qadErRjuIKEO2C2Ydj1ky6TRxoaf3i
         UP/RmLwknSoRsg539FcalmvgpJ+ZGef82dzxEhJnIrM/BmGrKqLbAVPo7rueYdY9TPmA
         JiQQoMNLuwt38KgFl0Ge+9IQ7uGm4QOIeJ7rxvuFd7gthQGjhKDNYCoALEMDSHWJWbd/
         ZNtyr6XY6tD+7L9U+JIweac/UVOEx3L5vuz6LZZ9WFNXEjEMM51ODI0A8SWbRvCAsh6I
         Sakw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:from:subject:mime-version
         :message-id:date:dkim-signature:arc-authentication-results;
        bh=WGp+otou0eK2K6flVd65sfE2AMfT6kBTfP3rn6W8shg=;
        b=YrUi47UukCDA+gT4srEpu0izUclbNQioTSMLkNBS+QidBZKaO30tsFtLKJq5UaGmIo
         NFi2UdQ+5gQ3RWwst+guwgKBJ2OOdg2Mr47uwWL5iht2hngqP8VWLsB2mL1AX9XAeOz1
         RxCBLSxiPKSyjkKxSWKE+O1Q9mKJAwJstFvKml3jxXXych6OX2HNiMW+aot3ZHkcX71P
         9MDfnd8EI/TDJNSjoPMtcU6mVKkUfvMMJFrZe286J5K5Ebf7fRcI2O1CKOHuASEZJoiE
         Gtgj9ksbJ3ZRifHhbWgN1NfIcwyUf6qpQjnLNSF5sTK2QtaqyZG5pP/racdux2RRJ50w
         yaow==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=Y8qI3fAo;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id a1-v6si1622776pfd.273.2018.08.28.11.44.40;
        Tue, 28 Aug 2018 11:44:55 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=Y8qI3fAo;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727344AbeH1WfX (ORCPT <rfc822;radocaj.bane@gmail.com>
        + 99 others); Tue, 28 Aug 2018 18:35:23 -0400
Received: from mail-yb0-f202.google.com ([209.85.213.202]:48019 "EHLO
        mail-yb0-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726833AbeH1WfW (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 28 Aug 2018 18:35:22 -0400
Received: by mail-yb0-f202.google.com with SMTP id s27-v6so1213397ybe.14
        for <linux-kernel@vger.kernel.org>; Tue, 28 Aug 2018 11:42:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=date:message-id:mime-version:subject:from:to:cc;
        bh=WGp+otou0eK2K6flVd65sfE2AMfT6kBTfP3rn6W8shg=;
        b=Y8qI3fAo6k+5jw+mKstOh6YJe+Z+RxHvo9rLIo1lonjn1LAJy5KxKgzI/rDRXM/fBS
         u6LbBnVgGzXJxH8mMtwccqGt5aHXCmiVbLq96mvOB1p3pVGsrxKtzVOEpCK3kUOZFX5b
         j/Wi7rB2bOxClbRYxs5QBuswM6M3uIhEPyyrztHcIlmBew80WYaeP6YXz/eHoXcJkX1/
         gDNnRaI2t9gvUKlr5cKMNnN+hHpWb1fZxI78agm6XMce8CTlQuDgxzaDm4kMU6i5pWvH
         8o0qV3F5poUUFlQ/2+Euja9OPbDHxaj3HCJIrai1GQ5dFIZcfjbdcVgzWpi/egDw4PjK
         qbHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc;
        bh=WGp+otou0eK2K6flVd65sfE2AMfT6kBTfP3rn6W8shg=;
        b=kC1KAGw65nOXx/BqwV1AYP4a3Xi3FfhFAIYbu/uOiIcRlFig8F/owJ97MKfRbNFqpH
         qvOPm07cGm2V4hGGaPJNaU/zluvl3s/B07CXuBGMhs90pIBgf/vLhTJRcM8FipSs+qJ4
         ckpFAHDBx6DjeNLTWeTHNCKAxiJU81WLlnOSrsJ23AhP4LTecOa6Rg+4ikADA1BbiJjQ
         ScwUh+dL/2wcbZTqMxp6L59emUmESvzI+19J8Dnqu1qPEPJY3gVlmf1M0EWWrzj02mwA
         oGdJnGkrpaaJ+JMSBTiVSSd/H70Zrb0cL1dcPjsRt/kLZEVAvl2WgbkUPCLno21LDRQW
         hm9g==
X-Gm-Message-State: APzg51CRAJlpqCA5WcnTaD1bfHusaDuwT0OmsD1tiBJr+npXMwsp421C
        iR524JlS4LX7kWnK11ml2maBjPUyDQ==
X-Received: by 2002:a81:270d:: with SMTP id n13-v6mr883025ywn.146.1535481746910;
 Tue, 28 Aug 2018 11:42:26 -0700 (PDT)
Date:   Tue, 28 Aug 2018 20:40:33 +0200
Message-Id: <20180828184033.93712-1-jannh@google.com>
Mime-Version: 1.0
X-Mailer: git-send-email 2.19.0.rc0.228.g281dcd1b4d0-goog
Subject: [PATCH v2] x86/entry/64: wipe KASAN stack shadow before rewind_stack_do_exit()
From:   Jann Horn <jannh@google.com>
To:     Andy Lutomirski <luto@kernel.org>,
        "the arch/x86 maintainers" <x86@kernel.org>,
        Dmitry Vyukov <dvyukov@google.com>,
        Andrey Ryabinin <aryabinin@virtuozzo.com>, jannh@google.com
Cc:     kernel list <linux-kernel@vger.kernel.org>,
        kasan-dev@googlegroups.com,
        Alexander Potapenko <glider@google.com>,
        Kees Cook <keescook@chromium.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Reset the KASAN shadow state of the task stack before rewinding RSP.
Without this, a kernel oops will leave parts of the stack poisoned, and
code running under do_exit() can trip over such poisoned regions and cause
nonsensical false-positive KASAN reports about stack-out-of-bounds bugs.

This patch does not wipe exception stacks; if you oops on an exception
stack, you might get random KASAN false-positives from other tasks
afterwards. This is probably relatively uninteresting, since if you're
oopsing on an exception stack, you likely have bigger things to worry
about. It'd be more interesting if vmapped stacks and KASAN were
compatible, since then handle_stack_overflow() would oops from exception
stack context.

Fixes: 2deb4be28077 ("x86/dumpstack: When OOPSing, rewind the stack before do_exit()")
Signed-off-by: Jann Horn <jannh@google.com>
---
v2:
 - Rewrite, do it in C from oops_end() instead of in assembly
   (Andrey Ryabinin)


 arch/x86/kernel/dumpstack.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c
index 9c8652974f8e..1596e6bfea6f 100644
--- a/arch/x86/kernel/dumpstack.c
+++ b/arch/x86/kernel/dumpstack.c
@@ -17,6 +17,7 @@
 #include <linux/bug.h>
 #include <linux/nmi.h>
 #include <linux/sysfs.h>
+#include <linux/kasan.h>
 
 #include <asm/cpu_entry_area.h>
 #include <asm/stacktrace.h>
@@ -346,7 +347,10 @@ void oops_end(unsigned long flags, struct pt_regs *regs, int signr)
 	 * We're not going to return, but we might be on an IST stack or
 	 * have very little stack space left.  Rewind the stack and kill
 	 * the task.
+	 * Before we rewind the stack, we have to tell KASAN that we're going to
+	 * reuse the task stack and that existing poisons are invalid.
 	 */
+	kasan_unpoison_task_stack(current);
 	rewind_stack_do_exit(signr);
 }
 NOKPROBE_SYMBOL(oops_end);
-- 
2.19.0.rc0.228.g281dcd1b4d0-goog