Received: by 10.223.164.202 with SMTP id h10csp5147484wrb;
        Tue, 21 Nov 2017 05:31:49 -0800 (PST)
X-Google-Smtp-Source: AGs4zMZGTganP6GCcuxLiKSaxqrfftfAV/KjMxvuvq36m3z4BCJfgGS/n2kOp6o+0qTUQz7xNZfK
X-Received: by 10.99.117.7 with SMTP id q7mr17127720pgc.96.1511271109725;
        Tue, 21 Nov 2017 05:31:49 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1511271109; cv=none;
        d=google.com; s=arc-20160816;
        b=sZN4mrnQ4yUCJ2m3l4fAzEDMa6Jk4HMNHenU4sDcJnvWyELZZvD88txtdsN+AjbMei
         ECMY//xeftdQq8vuwxp6IswDss6gznPTfOxOpk6jt3RDZM6fYsUh5BuhVOCpVq+dvnOM
         Fvw978BwTNCHAXsX35veE4Xkp9rVOD1pgtHu6xpHrbI7eFcx3VJK95X0xlR9rnPVrzep
         igGs7Es2jdXOOrOID8emWxAwNrgxvidEYCWWoqKpOK/0Z1BIFXgXnKSEqW/gzPfhzhOD
         OzWvo1qGOhdp7TDDerFteWSZFxkbTLts+Njofi6SH/ofkG2KRa7uMuKURsjU2zNJJ7lA
         L3aQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:to:references:message-id
         :content-transfer-encoding:cc:date:in-reply-to:from:subject
         :mime-version:dkim-signature:arc-authentication-results;
        bh=+VoPAIOTIPc+QHFzTRkI19dtSKC1VnN28qVA6escIEo=;
        b=Vm8x9Ir9BL8cfwYTJj/vQHZ6kzZIF2+Xp4htxu0OMay0+GZIw4DWS5DledfaOJase4
         YJO5LRzrLYXUhdTNcoJek0UVnFUHONS6ZTWDjaw+m/kGxZbKM3Q66Q5JlN444VAGjGom
         x1yZlUytFhO1m54B9b1pM5g/50aYxBuksY44phqEkAym6nX1/WoCK3T1B/3F5976b5zO
         c6qmCjm41gFbUTrfVD1fkTmgLKPTYnGW1HbAjBKxlh1s97a6s6qdxrFroAw9UOxl5C1Q
         5jceHPQmRItlonzbbYqchcETTE4yOfADNNCNyet/IISEv0n54/YvYse+NQLuAycIP7tD
         J6bA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=x0nRhqSW;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s14si10953666pgr.330.2017.11.21.05.31.38;
        Tue, 21 Nov 2017 05:31:49 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=x0nRhqSW;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751364AbdKUNar (ORCPT <rfc822;yuankui.zhao@gmail.com>
        + 76 others); Tue, 21 Nov 2017 08:30:47 -0500
Received: from mail-io0-f194.google.com ([209.85.223.194]:46425 "EHLO
        mail-io0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751115AbdKUNaq (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 21 Nov 2017 08:30:46 -0500
Received: by mail-io0-f194.google.com with SMTP id q64so6565921iof.13
        for <linux-kernel@vger.kernel.org>; Tue, 21 Nov 2017 05:30:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=amacapital-net.20150623.gappssmtp.com; s=20150623;
        h=mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=+VoPAIOTIPc+QHFzTRkI19dtSKC1VnN28qVA6escIEo=;
        b=x0nRhqSWJWU2crq3nUac4AxC8EZq71hyayAQvUrQ1fZwhV1lwQz0IMoVu9hiILKQQs
         lYG+p0I6Dgzt3H0lORQ8I3SmpDgnfbSiwOiqktofuiHycqZEaIDSRJKpGVINKYLxTd2y
         rCZwNCCQwb5GZs6DbGWGYAhL8PhSVFDRAThoxHnlz9V5VUgqN/DKajUqk++J1SPZoHW9
         igb7ewldwA0LeWUX/f8OG8htZ0CQ+/0a+G0oSPo9GA7DpH5vCOPc05ldkA6geueYOAvv
         JtAxy1DcBJ9/t4Bl5vKB5yluicQlrdoTFmaBQDkXGHsXUugL/Rc74YZEVLKnzCkCYa56
         1FrQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=+VoPAIOTIPc+QHFzTRkI19dtSKC1VnN28qVA6escIEo=;
        b=dllcmgoJVA9lv0RbkeIqLX2TeUAhC/CxX8RfzUNsM3V/diehvi/8k+as4QwwvZE8so
         rVI7M+OMEvrMx5d7FpxXo0twYrFGBlqXrQMfZb7hbuOxU30WuNEfWoZdaijea5oFzhFF
         qKhVzwnDoho43cScg3afdNSu7KtxAw20qM+7YO+6Aq5laSXTo/uOweNnK/RJz9Oz+rlr
         Gh3BU7WWS5pFmDhkss+2mt38ToCN4F7X66mgiGg3yJgX3/IFOBfaC5a3yhsjqP2OKs8Q
         eU1n2YVhLXRxiaVKQYKlI8VRmQmWo1nEY2pBqpo7cnAxQjx+HTSSraDfmV01xGbaRcMR
         Ul9A==
X-Gm-Message-State: AJaThX7wnvnd65XjljOJRXnBBPIvkbxIoERYYcmaPRjGo3kovHs0topi
        50hVvwN56GRau7w9/Nx/labV2A==
X-Received: by 10.107.143.85 with SMTP id r82mr17702881iod.299.1511271045244;
        Tue, 21 Nov 2017 05:30:45 -0800 (PST)
Received: from [192.168.1.143] (c-67-166-60-92.hsd1.co.comcast.net. [67.166.60.92])
        by smtp.gmail.com with ESMTPSA id 191sm674687itb.21.2017.11.21.05.30.44
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 21 Nov 2017 05:30:44 -0800 (PST)
Content-Type: text/plain;
        charset=us-ascii
Mime-Version: 1.0 (1.0)
Subject: Re: KASAN help, please (Re: [PATCH 00/16] Entry stuff, in decent shape now)
From:   Andy Lutomirski <luto@amacapital.net>
X-Mailer: iPhone Mail (15B150)
In-Reply-To: <CACT4Y+b0PRoO75bnZR4bU0XMGmbnaf1yLXFS1at8iq-rjQGNiA@mail.gmail.com>
Date:   Tue, 21 Nov 2017 06:30:43 -0700
Cc:     Andy Lutomirski <luto@kernel.org>,
        Andrey Ryabinin <aryabinin@virtuozzo.com>,
        Alexander Potapenko <glider@google.com>,
        kasan-dev <kasan-dev@googlegroups.com>, X86 ML <x86@kernel.org>,
        Borislav Petkov <bpetkov@suse.de>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Brian Gerst <brgerst@gmail.com>,
        Dave Hansen <dave.hansen@intel.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Josh Poimboeuf <jpoimboe@redhat.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <524C9832-A11E-4018-8844-BF785B9BFAE6@amacapital.net>
References: <CALCETrUAQSg9fQmLwE_tq58sZgMxjVX3iNmPeF-V8-gVBQ+_zQ@mail.gmail.com> <CACT4Y+b0PRoO75bnZR4bU0XMGmbnaf1yLXFS1at8iq-rjQGNiA@mail.gmail.com>
To:     Dmitry Vyukov <dvyukov@google.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



> On Nov 21, 2017, at 2:09 AM, Dmitry Vyukov <dvyukov@google.com> wrote:
>=20
>> On Mon, Nov 20, 2017 at 10:44 PM, Andy Lutomirski <luto@kernel.org> wrote=
:
>>> On Mon, Nov 20, 2017 at 9:07 AM, Andy Lutomirski <luto@kernel.org> wrote=
:
>>> This sets up stack switching, including for SYSCALL.  I think it's
>>> in decent shape.
>>>=20
>>> Known issues:
>>> - KASAN is likely to be busted.  This could be fixed either by teaching
>>>   KASAN that cpu_entry_area contains valid stacks (I have no clue how
>>>   to go about doing this) or by rigging up the IST entry code to switch
>>>   RSP to point to the direct-mapped copy of the stacks before calling
>>>   into non-KASAN-excluded C code.
>>>=20
>>=20
>> I tried to fix the KASAN issue, and I'm doing something wrong.  I'm
>> building this tree:
>>=20
>> https://git.kernel.org/pub/scm/linux/kernel/git/luto/linux.git/commit/?h=3D=
x86/entry_stack&id=3D8319677bd04a1ab291ca71fe1da7aa023306e4a9
>>=20
>> for 64 bits with KASAN on.  The relevant commit is:
>>=20
>> https://git.kernel.org/pub/scm/linux/kernel/git/luto/linux.git/commit/?h=3D=
x86/entry_stack&id=3Da4bdb48c3469708b6b51e5ab90d27bf0c859000c
>>=20
>> If I run tools/testing/selftests/single_step_syscall_32, then the
>> kernel goes into lala land and infinite loops.  The root cause seems
>> to we're hitting do_debug with RSP pointing into the fixmap,
>> specifically in the cpu_entry_area's exception stack, with a value of
>> roughly 0xffffffffff1bd108.  The KASAN instrumentation in do_debug is
>> then getting a page fault.  I think my KASAN setup code should be
>> populating the KASAN data there and, indeed, gdb seems to be able to
>> access the faulting address.  So I'm confused.
>=20
>=20
> Hi,
>=20
> I don't have any great insights.
>=20
> You have stack instrumentation turned on, right? And the fault happens
> on stack instrumentation?
> Stack instrumentation is turned on with gcc7+ I think. And as the
> result compiler adds redzones on stack and poisons/unpoisons shadow
> for them in function prologue/epilogue.

I found the problem.  I goofed in the setup code, so I ended up with a only z=
ero page in the shadow.  Turns out that gdb can happily write to read only m=
emory :(

>=20
> The fact that KASAN instrumentation faults, but gdb can access it
> sounds strange. KASAN instrumentation is no magic, it just does not a
> normal memory load. Please check exact faulting address. KASAN can do
> accesses with large offset from RSP.
>=20
> Does the fault happen before/after kasan_early_init? Before that there
> is a different bootstrap shadow mapped by kasan_map_early_shadow.
>=20
> Does the fault happen on read access or write access? Stack
> instrumentation does write into shadow, but some parts of shadow are
> mapped with a single read-only page. Can gdb write to that address?
>=20
> Is it possible that the stack has overflowed? I see that we increase
> EXCEPTION_STACK_ORDER by order 1 under KASAN (from 4k page to 8k
> pages), but it may be not enough. Normal stacks are increased from 16k
> to 32k.
>=20
> Last stupid question: why is it -1 here:
> FIX_CPU_ENTRY_AREA_BOTTOM =3D FIX_CPU_ENTRY_AREA_TOP +
> (CPU_ENTRY_AREA_PAGES * NR_CPUS) - 1,
> ?
> Say CPU_ENTRY_AREA_PAGES=3D1 (we need only 1 page) and NR_CPUS=3D1, then
> the increment will be 0, which looks wrong for any case (must be at
> least 1, right?).

From 1584666169806737199@xxx Tue Nov 21 09:10:26 +0000 2017
X-GM-THRID: 1584623101343166017
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread