Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp7486284imm;
        Tue, 28 Aug 2018 12:59:04 -0700 (PDT)
X-Google-Smtp-Source: ANB0VdaxNScCIXOUZHI3Mm8pa0IyLLFCw614ZdFhNTprZQjvegR/yEcyer0GfptiNWN+nxaTryF2
X-Received: by 2002:a62:cc41:: with SMTP id a62-v6mr2919048pfg.131.1535486344697;
        Tue, 28 Aug 2018 12:59:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1535486344; cv=none;
        d=google.com; s=arc-20160816;
        b=dmWgDkOCLIG9jb7wP6ObxtdRMlwLY6RK/zX/SO/6ZyyMPElKZyX6EssOU8xPahln4L
         XHcp/nsHFknT3DJBmd7AWC916qDIMeupgj9QWdl9PcVufXs2C9DmPIBrMqg/gJ2fbGRO
         VxYWYBhgZdHLPE0tH7b7Gl7k9W2fQgY5RmlJYci4TDxR6XsXHi0kHOteB41VuqUsg453
         9ipGw9wJuEQbtZ+lEI5R+sS6unYWZU8nDPgGafjy5w8G+FPcm5CwAq6RAW8wYEeIypJA
         dtAU6Wi1bd3tiLncGL60OkB53QgcSRY7TPrHb/yl9+YkgQwroHxSeGRd58Xh5+KlBx/r
         9w+g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:to:references:message-id
         :content-transfer-encoding:cc:date:in-reply-to:from:subject
         :mime-version:dkim-signature:arc-authentication-results;
        bh=tvb/DCvUeEbadK2R470HWzjykOMJBHLUW9W1lNObMAI=;
        b=jg2ZQIrL3Y+ZixmmYG3/kVLom6KvgjgdGSP3xJOO6XND5r59M1ivPjkuZg6X2bITmq
         FjXxQqCv5nay/SaiOthlAKvfY06z1U4I+H2qfd2BWkAQO/YWwgrUKTr7GQF66p99zh+t
         gV2X+Tv3uzkc1KLxWbAFFeG2/A2GA7Eb6MtuizKFgbcsfeBsPU0Zd3cCD62+n+sLqB8Z
         ZN1J74zcQYjRQia6Xfi//bFpgpDSjmosfoaByprUYMkyrM9GvIOrIDDF1v5tT7Yujn87
         wnrriz5mfegR6L8XqYtbfwlBf0YVjDbfwar6Cy8wvSFZM11h6UMZVHPe0VKXcjTeJDEu
         sEsw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=0HBQh0hM;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id p2-v6si1844036pgj.391.2018.08.28.12.58.47;
        Tue, 28 Aug 2018 12:59:04 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=0HBQh0hM;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727206AbeH1Xuv (ORCPT <rfc822;radocaj.bane@gmail.com>
        + 99 others); Tue, 28 Aug 2018 19:50:51 -0400
Received: from mail-pl1-f195.google.com ([209.85.214.195]:35612 "EHLO
        mail-pl1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726975AbeH1Xuv (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 28 Aug 2018 19:50:51 -0400
Received: by mail-pl1-f195.google.com with SMTP id d9-v6so1193982plr.2
        for <linux-kernel@vger.kernel.org>; Tue, 28 Aug 2018 12:57:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=amacapital-net.20150623.gappssmtp.com; s=20150623;
        h=mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=tvb/DCvUeEbadK2R470HWzjykOMJBHLUW9W1lNObMAI=;
        b=0HBQh0hMCBxH3wU9DHE9sAGuNdB2Gpbzv+F2c48aoP0FaKsMEZfU8WxnsR2oaBCzHw
         7gVPq8yw+el5Khq0/TXRX7LVJ9RA+WeDviVV8yTp0nVodQDUvtCXbUvb4y29DcN10/Bu
         JHWiU5Dg+7yRv53o25UAUPix5To69LP0JbC9WhtQz6crP4UVirUHQ5JwcQj0BJ3PPgj/
         JPQdLIakw4+fswYSbCOWc8O7MCR7u9wljuZIt3H0PcKzYTqc4D+7RaM9/HQ0vzDKw7ck
         fP784onYk7DkJxyHFrwm18bAwD8b6dtSU2+pvPGt6J+5ugdS14wLSMFSV87PW0dP97ma
         bIsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=tvb/DCvUeEbadK2R470HWzjykOMJBHLUW9W1lNObMAI=;
        b=H/7wDTofUsT6z+m4GsRJOG/zS6ahX+1xgcSPSwohs7kpSarxoYQbqrCwInA2HPxgHO
         WTYwFj2d/8aBec43k/fpeCBAU6Xb1c/WUZ1/epdHI+gbhKiJiV1GsWTV95DOFaU//LkK
         3ppEjpoh6mTyy/JqaK9Kj1GqLumXcBq/zkHl0DHwmYxeMD6x5+WxeRBq59ef84+FKHrj
         rj/q4hUMyuHUQWAVeAveDlT84/WiJaKXpc4ln1flLX4eDpKEclP1p/v/NNB8aQ7ye/xK
         xIVKZhHztMVE9qL1txEpL9Xv+S5C01seFpg/Iwe7OicMEOv/fbmQMoT3MikD/xcxX93N
         C7hw==
X-Gm-Message-State: APzg51D7pMkTc6+ocXur93doAfDbCkLA7NhSRwdr3roWqB0RRpDyX7ZI
        C6jB5Yf1qW1J4TWNw/Kmel40AlCCQtQ=
X-Received: by 2002:a17:902:8d91:: with SMTP id v17-v6mr2943180plo.9.1535486259989;
        Tue, 28 Aug 2018 12:57:39 -0700 (PDT)
Received: from ?IPv6:2600:1010:b006:491e:652e:b846:6d92:563c? ([2600:1010:b006:491e:652e:b846:6d92:563c])
        by smtp.gmail.com with ESMTPSA id c88-v6sm3112661pfe.132.2018.08.28.12.57.38
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 28 Aug 2018 12:57:38 -0700 (PDT)
Content-Type: text/plain;
        charset=utf-8
Mime-Version: 1.0 (1.0)
Subject: Re: [PATCH] x86/entry/64: wipe KASAN stack shadow in rewind_stack_do_exit()
From:   Andy Lutomirski <luto@amacapital.net>
X-Mailer: iPhone Mail (15G77)
In-Reply-To: <daba9c5b-b5c6-beaa-ca96-81cf6af760b9@virtuozzo.com>
Date:   Tue, 28 Aug 2018 12:57:36 -0700
Cc:     Jann Horn <jannh@google.com>, Andy Lutomirski <luto@kernel.org>,
        the arch/x86 maintainers <x86@kernel.org>,
        kernel list <linux-kernel@vger.kernel.org>,
        Dmitry Vyukov <dvyukov@google.com>, kasan-dev@googlegroups.com,
        Alexander Potapenko <glider@google.com>,
        Kees Cook <keescook@chromium.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <CA9DE24E-D1DC-4000-A9E5-0905C6433F04@amacapital.net>
References: <20180824235826.62741-1-jannh@google.com> <0897d173-6a30-09df-f16a-76322384fe0d@virtuozzo.com> <CAG48ez1zYqx8-1We3JkDBmYREksUMoUe7VBeAOv2JH98gVWcKw@mail.gmail.com> <daba9c5b-b5c6-beaa-ca96-81cf6af760b9@virtuozzo.com>
To:     Andrey Ryabinin <aryabinin@virtuozzo.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



> On Aug 28, 2018, at 4:33 AM, Andrey Ryabinin <aryabinin@virtuozzo.com> wro=
te:
>=20
>=20
>=20
> On 08/28/2018 01:38 PM, Jann Horn wrote:
>=20
>>>=20
>>>=20
>>> Why this has to be done in the rewind_stack_do_exit()?
>>> Are there any problems with calling the kasan_unpoison_task_stack(curren=
t) from oops_end(), before the rewind_stack_do_exit()?
>>=20
>> Ooh, good point! I didn't see that KASAN instrumentation is disabled
>> for dumpstack.c.=20
>=20
> It doesn't really matter. This would work with instrumented oops_end() as w=
ell.
> kasan_unpoison_task_stack() will unpoison everything including oops_end's s=
tack.
> It would be also ok if kasan_unpoison_task_stack() instrumented, or callin=
g any number of instrumented functions
> in between kasan_unpoison_task_stack() and rewind_stack_do_exit(). As long=
 as we return from these functions before
> the rewind_stack_do_exit(), the stack will be unpoisoned on return.

I think that, if all this is in C, we need rewind_stack_do_exit()=E2=80=99s c=
aller to be uninstrumented. Which it is.