Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2979333imu; Thu, 29 Nov 2018 13:24:22 -0800 (PST) X-Google-Smtp-Source: AFSGD/V8stA0TUHB/mHj1eGf76NCWL01bEf8ocNoEC7IcZo33FEvYoJY52FD+LzSPl/iyw0DLQbX X-Received: by 2002:a17:902:f20d:: with SMTP id gn13mr2939610plb.11.1543526662542; Thu, 29 Nov 2018 13:24:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543526662; cv=none; d=google.com; s=arc-20160816; b=X5zc/0aQ15zhjtbnUBuF+mWdZqG2uOrnEaaSyg+8Y3OqwniK0tVHHpf1ZL/stfd3mY 1T2vdzjg1iRhP3vnNWMqL4rXEgkQRveJaDEkd+CsSsUkEKupz7NHNaeuWz8NHTUgKFh6 gPeOUphJC6s07jxgMEOU4fYVTy81BaskAp55AENR3zdGSbY1aRdLWh6fLmAEVRgCQ2ug mPMwevm/4ia3IkSbNUF3dGjS+ngIHZivuPCUX9yDmxXSuX/blVPEicGLGUfAybB8VHAG ZS6uyuwKQn+418axjJi8F4JFLg6cxEcMRS5oTrWBO9GRYxMqdGBFo3P/YNb8ChLcJL5q NEeQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=YtoLozhvB0D+lgZptg5qUvSEZyHcmvewXAqhj2dfoE0=; b=uOoCIsqQpKL4qfE5VSb/CJkxnTqhCO4CVzYIhApd3AcumzU9912DF9gJt3u8rsnwRl kZIaH78n3UU/VJX9aHO6p/ZFuqH8CwG8h7kkYUmRuG9zt4tC8rLUf3tvNTMDjkmFvrlf q64mLo9K3SI2tqX3G6TxhuxVjWr0e17ur6OPhJkxKzibyEozCuMRKvIJ5nlW+IT+by9Y zm+Eor6gmwshvI3YDHw2nwnFh8kytJwph4fOC4Qjc7PVoj6vHa5yp6Yd6lN8KB4I7jvM Mc3fmPhjT2tAvHMn3dlc+se25tajQxq/2CYDkjziOxDfbpIaF3dEXkiHywl+T8q/kng6 oNfw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=jvsuz5Uu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o21si2583413pgj.415.2018.11.29.13.24.07; Thu, 29 Nov 2018 13:24:22 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=jvsuz5Uu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726901AbeK3IaH (ORCPT + 99 others); Fri, 30 Nov 2018 03:30:07 -0500 Received: from mail-yb1-f193.google.com ([209.85.219.193]:34920 "EHLO mail-yb1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726192AbeK3IaH (ORCPT ); Fri, 30 Nov 2018 03:30:07 -0500 Received: by mail-yb1-f193.google.com with SMTP id z2-v6so1370212ybj.2 for ; Thu, 29 Nov 2018 13:23:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YtoLozhvB0D+lgZptg5qUvSEZyHcmvewXAqhj2dfoE0=; b=jvsuz5Uu68fEiCCQNY6X0pt0z/EtGwn55vaHbFbVLom8SbDI2SCjQBtDpF1iyMSNQy LXDjDBqesWxNaJOEKQtu3viROU6ShMythG+NbhcKAIrqfDhbLKXWfr4NrP0eIjMBayT5 b+EVE4Jr646hvzMQXmpVBiEAcx5ErfWWNiVPY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YtoLozhvB0D+lgZptg5qUvSEZyHcmvewXAqhj2dfoE0=; b=lAywHmUwTDw/ZIrlFfSFm2mtGTG96I7fsTnf1wfiLxkpsZk+WTcCNLDv1639Wmbwjc nuQpHaKtfPggUa4Blya+BMUcwrnNkKdVqyyFKuEY7/dkH9fLAZvjKa/ljLaizG9Mwt0M pNzcoXmymljBSTWy/Kd3EUL97N/slDKVjGWGcAXbBvtStbtqGYEDFYT1AerOC17jjKpG PiamogdSwhS/SAIiv3AqnnM+o1FBNzbXxqBohfkch9O2AtOtIBwvb56PpK8gs5OErWUR BGEKG9goVIV0mxlkib1y8QNLMOCaedPpj9iyKr97fJ5YiLZI+XQrMZvPe4qw1n7GR68x W95w== X-Gm-Message-State: AA+aEWZKTPOZ5QXdZswE9+8joL2C1WGrt/PCr3b7RzaUxCdavLvrkYWm cN3lMQeRyelPp2EelkqsShXp5hnZxYI= X-Received: by 2002:a25:2206:: with SMTP id i6-v6mr2955979ybi.151.1543526598998; Thu, 29 Nov 2018 13:23:18 -0800 (PST) Received: from mail-yw1-f42.google.com (mail-yw1-f42.google.com. [209.85.161.42]) by smtp.gmail.com with ESMTPSA id w77sm1102578ywa.9.2018.11.29.13.23.17 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 29 Nov 2018 13:23:17 -0800 (PST) Received: by mail-yw1-f42.google.com with SMTP id y194so1402858ywg.3 for ; Thu, 29 Nov 2018 13:23:17 -0800 (PST) X-Received: by 2002:a81:2890:: with SMTP id o138mr3289037ywo.168.1543526597070; Thu, 29 Nov 2018 13:23:17 -0800 (PST) MIME-Version: 1.0 References: <19391812db6444f3bd260546acded9b7@HXTBJIDCEMVIW02.hxtcorp.net> In-Reply-To: <19391812db6444f3bd260546acded9b7@HXTBJIDCEMVIW02.hxtcorp.net> From: Kees Cook Date: Thu, 29 Nov 2018 13:23:05 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 1/1] sched/headers: fix thread_info. is overwritten by STACK_END_MAGIC To: Wang Dongsheng Cc: David Howells , Thomas Gleixner , Ingo Molnar , Andrew Morton , Masahiro Yamada , Tony Luck , Will Deacon , Palmer Dabbelt , yu.zheng@hxt-semitech.com, LKML , Shunyong Yang , Greg KH , "# 3.4.x" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Nov 27, 2018 at 8:38 PM Wang, Dongsheng wrote: > > Hello Kees, > > On 2018/11/28 6:38, Kees Cook wrote: > > On Thu, Nov 22, 2018 at 11:54 PM, Wang Dongsheng > > wrote: > >> When select ARCH_TASK_STRUCT_ON_STACK the first of thread_info variable > >> is overwritten by STACK_END_MAGIC. In fact, the ARCH_TASK_STRUCT_ON_STACK > >> is not a real task on stack, it's only init_task on init_stack. > >> > >> Commit 0500871f21b2 ("Construct init thread stack in the linker script > >> rather than by union") added this macro and put task_strcut into > >> thread_union. This brings us the following possibilities: > >> TASK_ON_STACK THREAD_INFO_IN_TASK STACK > >> ----- <-- thread_info & stack > >> N N | | --- <-- task > >> | | | | > >> ----- --- > >> > >> ----- <-- stack > >> N Y | | --- <-- task(Including thread_info) > >> | | | | > >> ----- --- > >> > >> ----- <-- stack & task & thread_info > >> Y N | | > >> | | > >> ----- > >> > >> ----- <-- stack & task(Including thread_info) > >> Y Y | | > >> | | > >> ----- > >> The kernel has handled the first two cases correctly. > >> > >> For the third case: > >> TASK_ON_STACK: Y. THREAD_INFO_IN_TASK: N. this case > >> should never happen, because the task and thread_info will overlap. So > >> when TASK_ON_STACK is selected, THREAD_INFO_IN_TASK must be selected too. > >> > >> For the fourth case: > >> When task on stack, the end of stack should add a sizeof(task_struct) offset. > >> > >> This patch handled with the third and fourth case. > >> > >> Fixes: 0500871f21b2 ("Construct init thread stack in the linker ...") > >> > >> Signed-off-by: Wang Dongsheng > >> Signed-off-by: Shunyong Yang > >> --- > >> arch/Kconfig | 1 + > >> include/linux/sched/task_stack.h | 5 ++++- > >> 2 files changed, 5 insertions(+), 1 deletion(-) > >> > >> diff --git a/arch/Kconfig b/arch/Kconfig > >> index e1e540ffa979..0a2c73e73195 100644 > >> --- a/arch/Kconfig > >> +++ b/arch/Kconfig > >> @@ -251,6 +251,7 @@ config ARCH_HAS_SET_MEMORY > >> # Select if arch init_task must go in the __init_task_data section > >> config ARCH_TASK_STRUCT_ON_STACK > >> bool > >> + depends on THREAD_INFO_IN_TASK || IA64 > > The "IA64" part shouldn't be needed since IA64 already selects it. > > > > Since it's selected, it also can't have a depends, IIUC. > > Since the IA64 thread_info including task_struct, it doesn't need to > select THREAD_INFO_IN_TASK. > So we need to allow IA64 select ARCH_TASK_STRUCT_ON_STACK without > THREAD_INFO. Okay. > >> # Select if arch has its private alloc_task_struct() function > >> config ARCH_TASK_STRUCT_ALLOCATOR > >> diff --git a/include/linux/sched/task_stack.h b/include/linux/sched/task_stack.h > >> index 6a841929073f..624c48defb9e 100644 > >> --- a/include/linux/sched/task_stack.h > >> +++ b/include/linux/sched/task_stack.h > >> @@ -7,6 +7,7 @@ > >> */ > >> > >> #include > >> +#include > >> #include > >> > >> #ifdef CONFIG_THREAD_INFO_IN_TASK > >> @@ -25,7 +26,9 @@ static inline void *task_stack_page(const struct task_struct *task) > >> > >> static inline unsigned long *end_of_stack(const struct task_struct *task) > >> { > >> - return task->stack; > >> + if (!IS_ENABLED(CONFIG_ARCH_TASK_STRUCT_ON_STACK) || task != &init_task) > >> + return task->stack; > >> + return (unsigned long *)(task + 1); > >> } > > This seems like a strange place for the change. It feels more like > > init_task has been defined incorrectly. > > The init_task will put into init_stack when ARCH_TASK_STRUCT_ON_STACK is > selected. > include/asm-generic/vmlinux.lds.h: > #define INIT_TASK_DATA(align) \ > . = ALIGN(align); \ > __start_init_task = .; \ > init_thread_union = .; \ > init_stack = .; \ > KEEP(*(.data..init_task)) \ > KEEP(*(.data..init_thread_info)) \ > . = __start_init_task + THREAD_SIZE; \ > __end_init_task = .; > > So we need end_of_stack to offset sizeof(task_struct). Well, I guess I mean I'd rather the end_of_stack() code not be special-cased in the if. The default should be how it was. Perhaps: if (IS_ENABLED(CONFIG_ARCH_TASK_STRUCT_ON_STACK) && task == &init_task) return (unsigned long *)(task + 1); return task->stack; But it still feels strange: why can't task->stack point to the correct place in this special case? -- Kees Cook