Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp3526328pxf; Mon, 15 Mar 2021 11:31:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyVPaWtGmWvH560NY6IgY90g+bGUJfB4oCJV86gZd4jtdMExeoWsP3oK8zrV7bm56eh7fFT X-Received: by 2002:a50:ef0a:: with SMTP id m10mr31474271eds.261.1615833070379; Mon, 15 Mar 2021 11:31:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1615833070; cv=none; d=google.com; s=arc-20160816; b=llhAqPq30aJKSmkNjdcUhZTRnEfbFGfDjl3YU3KhJs1ceR0BPJQZaEozXkaFlWfGUy 7fLLF4gGrKMF/lKoErd5pPiJGYmM8SmyMna1aNPz2q8eLdSLeI/miTVckQumIZ9WUu0b sPl3VmFCsHY0mjH/zf93KkOZUXEhoQuz7nOZtqSo6eeK3jHx1TwZRb27WZZUcMMff8xP FKlNBQ0CSwroQooTA9XGuW98nn9GX23AnetmfEJnWw8Jpi0biNNObDpEv6Kt3z1zYs4r du/jKnG8YS1C2EhYm2RaJJlRksXV2Lkv560HKUZuVbffXrM8z7eI0JCxuDwYb/Ppgird 45Sg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=WJMiGvs2eIJcXfHXXWxX4oSWOSax0w7mMUfIWlY/hb0=; b=BeL9zEOMtOSS1+yUtJbTD3F8trD7CC3zUp/tB6OWXAzDZX6UBddlkCz9fIvJYxz1DA 9oANRtIcx5H6Dh40odNuj6oI6VOtaK+eWxqdoOCi2w7QAJ8z0V6Nx6pnZMvWnQX/VLOl ddcNRxZlQPCzxc9GVZEN+lfNcgcEJ9/+LZPl7/nBjz5Lkoi438fWnCjec6Qd7H24skfH pdHYKuifR+73EhXhKXFk8WDoL1qIEZxGxT+uRGZye+Mrsb6Dzym1ACU1dJfbQIcCudzK 9wcqt5+qpkiX5QZmL9/zCMxKOZtJq4yXKe7C2/ibH0kDxNYBm9J76nAvYMQ3WOxjjYDo 6IrA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=KyvCDg9f; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e7si10836776ejz.428.2021.03.15.11.30.47; Mon, 15 Mar 2021 11:31:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=KyvCDg9f; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240178AbhCOOdj (ORCPT + 99 others); Mon, 15 Mar 2021 10:33:39 -0400 Received: from mail.kernel.org ([198.145.29.99]:37522 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233290AbhCOOBW (ORCPT ); Mon, 15 Mar 2021 10:01:22 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 6172A64F83; Mon, 15 Mar 2021 14:00:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1615816861; bh=NXdXqmdt7hrYH53lf2g2E6l1LsH2NPZG1CXPDYcBpFs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=KyvCDg9f/h6ZLDto3TeBOEU6VCf7TRUFmFoJJoPLr+FEj9YSBovgm/hA8LmND1Viq 0Z3fp4HmiV+wCGsA9QeZxGi05D9iDzYEnrEncINcGb9w39lkN7F3VzodfHkQYqDulZ +/z/FBlXHYPOndCNuKjWiZP6hC1mOJB+CVAGeBhA= From: gregkh@linuxfoundation.org To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ivan Babrou , Josh Poimboeuf , "Peter Zijlstra (Intel)" , Borislav Petkov , "Steven Rostedt (VMware)" , stable@kernel.org Subject: [PATCH 4.19 115/120] x86/unwind/orc: Disable KASAN checking in the ORC unwinder, part 2 Date: Mon, 15 Mar 2021 14:57:46 +0100 Message-Id: <20210315135723.748249721@linuxfoundation.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210315135720.002213995@linuxfoundation.org> References: <20210315135720.002213995@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Greg Kroah-Hartman From: Josh Poimboeuf commit e504e74cc3a2c092b05577ce3e8e013fae7d94e6 upstream. KASAN reserves "redzone" areas between stack frames in order to detect stack overruns. A read or write to such an area triggers a KASAN "stack-out-of-bounds" BUG. Normally, the ORC unwinder stays in-bounds and doesn't access the redzone. But sometimes it can't find ORC metadata for a given instruction. This can happen for code which is missing ORC metadata, or for generated code. In such cases, the unwinder attempts to fall back to frame pointers, as a best-effort type thing. This fallback often works, but when it doesn't, the unwinder can get confused and go off into the weeds into the KASAN redzone, triggering the aforementioned KASAN BUG. But in this case, the unwinder's confusion is actually harmless and working as designed. It already has checks in place to prevent off-stack accesses, but those checks get short-circuited by the KASAN BUG. And a BUG is a lot more disruptive than a harmless unwinder warning. Disable the KASAN checks by using READ_ONCE_NOCHECK() for all stack accesses. This finishes the job started by commit 881125bfe65b ("x86/unwind: Disable KASAN checking in the ORC unwinder"), which only partially fixed the issue. Fixes: ee9f8fce9964 ("x86/unwind: Add the ORC unwinder") Reported-by: Ivan Babrou Signed-off-by: Josh Poimboeuf Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Borislav Petkov Reviewed-by: Steven Rostedt (VMware) Tested-by: Ivan Babrou Cc: stable@kernel.org Link: https://lkml.kernel.org/r/9583327904ebbbeda399eca9c56d6c7085ac20fe.1612534649.git.jpoimboe@redhat.com Signed-off-by: Greg Kroah-Hartman --- arch/x86/kernel/unwind_orc.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) --- a/arch/x86/kernel/unwind_orc.c +++ b/arch/x86/kernel/unwind_orc.c @@ -346,8 +346,8 @@ static bool deref_stack_regs(struct unwi if (!stack_access_ok(state, addr, sizeof(struct pt_regs))) return false; - *ip = regs->ip; - *sp = regs->sp; + *ip = READ_ONCE_NOCHECK(regs->ip); + *sp = READ_ONCE_NOCHECK(regs->sp); return true; } @@ -359,8 +359,8 @@ static bool deref_stack_iret_regs(struct if (!stack_access_ok(state, addr, IRET_FRAME_SIZE)) return false; - *ip = regs->ip; - *sp = regs->sp; + *ip = READ_ONCE_NOCHECK(regs->ip); + *sp = READ_ONCE_NOCHECK(regs->sp); return true; } @@ -381,12 +381,12 @@ static bool get_reg(struct unwind_state return false; if (state->full_regs) { - *val = ((unsigned long *)state->regs)[reg]; + *val = READ_ONCE_NOCHECK(((unsigned long *)state->regs)[reg]); return true; } if (state->prev_regs) { - *val = ((unsigned long *)state->prev_regs)[reg]; + *val = READ_ONCE_NOCHECK(((unsigned long *)state->prev_regs)[reg]); return true; }