Re: orc unwinder: stack-out-of-bounds accesses

From: Josh Poimboeuf
Date: Wed Oct 18 2017 - 13:03:07 EST

Next message: Andrey Smirnov: "[PATCH v8 1/5] serdev: Make .remove in struct serdev_device_driver optional"
Previous message: Andrey Smirnov: "[PATCH v8 5/5] dt-bindings: watchdog: Add bindings for RAVE SP watchdog driver"
In reply to: Dmitry Vyukov: "orc unwinder: stack-out-of-bounds accesses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Oct 18, 2017 at 06:40:46PM +0200, Dmitry Vyukov wrote:
> Hello,
>
> I am seeing lots of KASAN-detected stack-out-of-bounds accesses in the
> new ORC unwinder. Examples of reports below. linux-next on
> a7dd40274d75326ca868479c62090b1198a357ad.
> You can reproduce this by enabling CONFIG_KASAN with gcc7+ (which
> supports stack instrumentation).

Thanks for reporting it.

> apic_timer_interrupt+0x96/0xa0 arch/x86/entry/entry_64.S:770
> </IRQ>
> RIP: 0010:arch_local_save_flags arch/x86/include/asm/paravirt.h:772 [inline]
> RIP: 0010:arch_local_irq_save arch/x86/include/asm/paravirt.h:794 [inline]
> RIP: 0010:lock_is_held_type+0x84/0x200 kernel/locking/lockdep.c:4025

This looks like a known issue:

https://lkml.kernel.org/r/20170728164844.tee7ujqluv2fgarf@sasha-lappy

The bug is mostly harmless because, even though the unwinder is reading
at the wrong stack address, it still has safeguards that will prevent it
from reading outside of the stack area.

I posted a "fix" here:

https://lkml.kernel.org/r/cover.1507128293.git.jpoimboe@xxxxxxxxxx

But it had some issues. There will be a v2, probably after next week's
OSS Europe / Kernel Summit.

--
Josh

Next message: Andrey Smirnov: "[PATCH v8 1/5] serdev: Make .remove in struct serdev_device_driver optional"
Previous message: Andrey Smirnov: "[PATCH v8 5/5] dt-bindings: watchdog: Add bindings for RAVE SP watchdog driver"
In reply to: Dmitry Vyukov: "orc unwinder: stack-out-of-bounds accesses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]