[PATCH] x86/unwind: Disable KASAN checking in the ORC unwinder

Tue, 07 Nov 2017 18:20:06 -0800 

Fengguang reported a KASAN warning:

  Kprobe smoke test: started
  ==================================================================
  BUG: KASAN: stack-out-of-bounds in deref_stack_reg+0xb5/0x11a
  Read of size 8 at addr ffff8800001c7cd8 by task swapper/1

  CPU: 0 PID: 1 Comm: swapper Not tainted 4.14.0-rc8 #26
  Call Trace:
   <#DB>
   ...
   save_trace+0xd9/0x1d3
   mark_lock+0x5f7/0xdc3
   __lock_acquire+0x6b4/0x38ef
   ? kretprobe_table_lock+0x1a/0x42
   ? debug_show_all_locks+0x222/0x222
   ? get_usage_char+0x36/0x36
   ? lock_acquire+0x1a1/0x2aa
   lock_acquire+0x1a1/0x2aa
   ? kretprobe_table_lock+0x1a/0x42
   _raw_spin_lock_irqsave+0x46/0x55
   ? kretprobe_table_lock+0x1a/0x42
   kretprobe_table_lock+0x1a/0x42
   pre_handler_kretprobe+0x3f5/0x521
   ? __unregister_kprobe_bottom+0x1eb/0x1eb
   ? rcu_nmi_exit+0x70/0x98
   ? paranoid_exit_no_swapgs+0x10/0x10
   ? kprobe_target+0x1/0x11
   kprobe_int3_handler+0x19c/0x25f
   do_int3+0x61/0x142
   int3+0x30/0x60
  RIP: 0010:kprobe_target+0x1/0x11
  RSP: 0000:ffff8800001c7cd0 EFLAGS: 00000246
  RAX: 0000000000000000 RBX: 1ffff10000038f9b RCX: 0000000000000000
  RDX: ffffed0000038f6f RSI: 0000000000000000 RDI: 00000000bd9f051f
  RBP: ffff8800001c7cf8 R08: fffffbffffeaf26e R09: fffffbffffeaf26d
  R10: ffff8800001c7c80 R11: 0000000000000001 R12: ffffffff8208b990
  R13: ffffffff8208b980 R14: 0000000000000001 R15: dffffc0000000000
   </#DB>
   bzImage64_load+0xea5/0xea5
   ? j_kprobe_target+0x33/0x33
   ? up_write+0x1c/0x31
   ? blocking_notifier_chain_register+0x97/0xa1
   ? init_kprobes+0x410/0x43d
   ...

The ORC unwinder got confused by some kprobes changes, which isn't
surprising since the runtime code no longer matches vmlinux and the
stack was modified for kretprobes.

Until we have a way for generated code to register changes with the
unwinder, these types of warnings are inevitable.  So just disable KASAN
checks for stack accesses in the ORC unwinder.

Reported-by: Fengguang Wu <[email protected]>
Signed-off-by: Josh Poimboeuf <[email protected]>
---
 arch/x86/kernel/unwind_orc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kernel/unwind_orc.c b/arch/x86/kernel/unwind_orc.c
index b95007e7c1b3..a3f973b2c97a 100644
--- a/arch/x86/kernel/unwind_orc.c
+++ b/arch/x86/kernel/unwind_orc.c
@@ -279,7 +279,7 @@ static bool deref_stack_reg(struct unwind_state *state, 
unsigned long addr,
        if (!stack_access_ok(state, addr, sizeof(long)))
                return false;
 
-       *val = READ_ONCE_TASK_STACK(state->task, *(unsigned long *)addr);
+       *val = READ_ONCE_NOCHECK(*(unsigned long *)addr);
        return true;
 }
 
-- 
2.13.6

Reply via email to