Received: by 2002:a05:6520:2f93:b029:af:d4db:7a05 with SMTP id 19csp2298299lkf; Fri, 5 Feb 2021 09:38:10 -0800 (PST) X-Google-Smtp-Source: ABdhPJxGIUxaEoNq6YC4vA4tttsAD8P3orKVaECHQOFJFRXVTMPgqgTPZObYTKDXZ37f3UlruhB+ X-Received: by 2002:a17:907:f81:: with SMTP id kb1mr5053074ejc.466.1612546690598; Fri, 05 Feb 2021 09:38:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612546690; cv=none; d=google.com; s=arc-20160816; b=EyEdVOGjodGEXknmZF3wLbw42LxfX1zoEvOfxdNWU+YQnTWyTd3dPKZ4LsGwwmGcKM FbQL1+wnjwTMAIzaz/GVhj6oGi8KEklgPziPJknC0MnI/DPV0U/TlsMr8e95r4g9Q5Uv I8JlPuZrvIqlXK6jNgkQ9KOMrzfF0LCmct0ayQAKodhQC5LOtszJA3dy2tXTJwVx97H8 fE2zsB+KmGM6v8kLunY7NsXEiVjJzCPaFnNoxBpbTKg2mCUtpak3BIVXuKun3maarKZl hdN6PaON6PD4givvt6dVVM5B2Wnmk3TlLGTabyUJUPxv5i21BdYB70YnkjqH/VypE+Tw 6ccQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=EvtTCE/NKzZrLF/W1ANwAIySNuG0jiSRiMrpZGGhcNE=; b=0Ppd6MlfDvJWsltVa4Mg634U35tQ+SpbTCq7DI21SZyCbHEgnHFGrCR64dItrbU9y1 HoD3UbOSoYQlZCluNpxs3hn/qwCLofbmJpyoA7uVRujkBSCV5E/2NYlRlFAQ7kw+dqSh ZE6+g/KAUjSrzdwcdPYac8jkxIGSd1Aq/jhJaLF0j5345LiTBOAS1SkxGuJSpbtT5Exa J1O+4sGfMgIx4MQMp1Nvmds2VMcwykeGQDb+Uvg+E/x9gHToNk/TWOqYT7MgL3aAzlqA 5i9bhjqL0dwZxgRY1tkM6WfktMm7PGf0Qh58oeNN0banCmwGZvhouQzj0gjXMPveNUpF LOLg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=K4ZvzM87; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w17si6424654ejb.242.2021.02.05.09.37.45; Fri, 05 Feb 2021 09:38:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=K4ZvzM87; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233231AbhBEPvu (ORCPT + 99 others); Fri, 5 Feb 2021 10:51:50 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:47700 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233394AbhBEPrx (ORCPT ); Fri, 5 Feb 2021 10:47:53 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1612546129; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EvtTCE/NKzZrLF/W1ANwAIySNuG0jiSRiMrpZGGhcNE=; b=K4ZvzM87kejTF9ppS7jNMCd/nslz/Fwb0JTCa9kEY7981QkcWJh3IGxyv+K13nh3xwUkD+ xMdvLOlmTTcvPnnS1t03j0AqHyO6Ott1fTGWeve3ubyfAA2BhxaYmw5a8G1ranK+nJEnXu 5FF/il5OYsZ4UiqickGT2b4Sxw/zXdk= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-512-Y-gj2c7gNDyCqFGSWn8xRQ-1; Fri, 05 Feb 2021 09:24:14 -0500 X-MC-Unique: Y-gj2c7gNDyCqFGSWn8xRQ-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 92D371005501; Fri, 5 Feb 2021 14:24:12 +0000 (UTC) Received: from treble.redhat.com (ovpn-116-178.rdu2.redhat.com [10.10.116.178]) by smtp.corp.redhat.com (Postfix) with ESMTP id E64995D9CC; Fri, 5 Feb 2021 14:24:11 +0000 (UTC) From: Josh Poimboeuf To: x86@kernel.org Cc: linux-kernel@vger.kernel.org, Ivan Babrou , Peter Zijlstra , Steven Rostedt , stable@vger.kernel.org Subject: [PATCH 1/2] x86/unwind/orc: Disable KASAN checking in the ORC unwinder, part 2 Date: Fri, 5 Feb 2021 08:24:02 -0600 Message-Id: <9583327904ebbbeda399eca9c56d6c7085ac20fe.1612534649.git.jpoimboe@redhat.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org KASAN reserves "redzone" areas between stack frames in order to detect stack overruns. A read or write to such an area triggers a KASAN "stack-out-of-bounds" BUG. Normally, the ORC unwinder stays in-bounds and doesn't access the redzone. But sometimes it can't find ORC metadata for a given instruction. This can happen for code which is missing ORC metadata, or for generated code. In such cases, the unwinder attempts to fall back to frame pointers, as a best-effort type thing. This fallback often works, but when it doesn't, the unwinder can get confused and go off into the weeds into the KASAN redzone, triggering the aforementioned KASAN BUG. But in this case, the unwinder's confusion is actually harmless and working as designed. It already has checks in place to prevent off-stack accesses, but those checks get short-circuited by the KASAN BUG. And a BUG is a lot more disruptive than a harmless unwinder warning. Disable the KASAN checks by using READ_ONCE_NOCHECK() for all stack accesses. This finishes the job started by commit 881125bfe65b ("x86/unwind: Disable KASAN checking in the ORC unwinder"), which only partially fixed the issue. Fixes: ee9f8fce9964 ("x86/unwind: Add the ORC unwinder") Reported-by: Ivan Babrou Cc: stable@vger.kernel.org Signed-off-by: Josh Poimboeuf --- arch/x86/kernel/unwind_orc.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/arch/x86/kernel/unwind_orc.c b/arch/x86/kernel/unwind_orc.c index 73f800100066..c451d5f6422f 100644 --- a/arch/x86/kernel/unwind_orc.c +++ b/arch/x86/kernel/unwind_orc.c @@ -367,8 +367,8 @@ static bool deref_stack_regs(struct unwind_state *state, unsigned long addr, if (!stack_access_ok(state, addr, sizeof(struct pt_regs))) return false; - *ip = regs->ip; - *sp = regs->sp; + *ip = READ_ONCE_NOCHECK(regs->ip); + *sp = READ_ONCE_NOCHECK(regs->sp); return true; } @@ -380,8 +380,8 @@ static bool deref_stack_iret_regs(struct unwind_state *state, unsigned long addr if (!stack_access_ok(state, addr, IRET_FRAME_SIZE)) return false; - *ip = regs->ip; - *sp = regs->sp; + *ip = READ_ONCE_NOCHECK(regs->ip); + *sp = READ_ONCE_NOCHECK(regs->sp); return true; } @@ -402,12 +402,12 @@ static bool get_reg(struct unwind_state *state, unsigned int reg_off, return false; if (state->full_regs) { - *val = ((unsigned long *)state->regs)[reg]; + *val = READ_ONCE_NOCHECK(((unsigned long *)state->regs)[reg]); return true; } if (state->prev_regs) { - *val = ((unsigned long *)state->prev_regs)[reg]; + *val = READ_ONCE_NOCHECK(((unsigned long *)state->prev_regs)[reg]); return true; } -- 2.29.2