答复: [PATCH] kasan: avoid out-of-bounds in unwind_frame

Tue, 09 Oct 2018 23:46:25 -0700 

Hi Mark,

kasan detect out-of-bounds in stacktrace.c line 70, it's already over 
READ_ONCE_NOCHECK, but still crash
kernel-4.9/arch/arm64/kernel/stacktrace.c
69      frame->sp = fp + 0x10;
70      frame->fp = READ_ONCE_NOCHECK(*(unsigned long *)(fp));

we test on Android platform, kernel-4.9 build with clang 6.0.2, we will do 
experiment to clarify whether compiler related issue.

READ_ONCE_NOCHECK->__read_once_size_nocheck with __no_sanitize_address if 
enable CONFIG_KASAN

kernel-4.9/include/linux/compiler-gcc.h
#define __no_sanitize_address __attribute__((no_sanitize_address))

kernel-4.9/include/linux/compiler-clang.h
#define __no_sanitize_address __attribute__((no_sanitize("address")))

there is patch from internet, avoid kasan by wrapping with 
kasan_disable_current, it seems better.
https://lore.kernel.org/patchwork/patch/644463
such as:
+       kasan_disable_current();
  // access fp
+       kasan_enable_current();

Thanks
Chunhui Li

-----邮件原件-----
发件人: Mark Rutland [mailto:mark.rutl...@arm.com] 
发送时间: 2018年10月9日 18:39
收件人: Chunhui Li (李春辉)
抄送: Catalin Marinas; Will Deacon; Matthias Brugger; Marc Zyngier; Ard 
Biesheuvel; James Morse; Masahiro Yamada; linux-arm-ker...@lists.infradead.org; 
linux-kernel@vger.kernel.org; linux-media...@lists.infradead.org; wsd_upstream
主题: Re: [PATCH] kasan: avoid out-of-bounds in unwind_frame

On Tue, Oct 09, 2018 at 06:11:03PM +0800, Chunhui Li wrote:
> From: "chunhui.li" <chunhui...@mediatek.com>
> 
>    kasan detect unwind_frame out-of-bounds error when one task dump 
> another, log as below
> BUG: KASAN: out-of-bounds in unwind_frame+0x140/0x20c Read of size 8 
> at addr ffffffea1e2378e0 by task AnrMonitorThrea/1111 avoid kasan 
> out-of-bounds error by disable kasan for stacktrace.c

This doesn't look right. Since unwind_frame uses READ_ONCE_NOCHECK(), we should 
never perform an access that KASAN complains about.

I don't think that we should completely disable instrumentation of stacktrace.c.

Can you please figure out precisely which line KASAN is complaining about? i.e. 
use scripts/faddr2line.

Thanks,
Mark.

> 
> Signed-off-by: chunhui.li <chunhui...@mediatek.com>
> ---
>  arch/arm64/kernel/Makefile | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/arch/arm64/kernel/Makefile b/arch/arm64/kernel/Makefile 
> index 95ac737..606d0e2 100644
> --- a/arch/arm64/kernel/Makefile
> +++ b/arch/arm64/kernel/Makefile
> @@ -57,6 +57,8 @@ arm64-obj-$(CONFIG_CRASH_DUMP)              += crash_dump.o
>  arm64-obj-$(CONFIG_ARM_SDE_INTERFACE)        += sdei.o
>  arm64-obj-$(CONFIG_ARM64_SSBD)               += ssbd.o
>  
> +KASAN_SANITIZE_stacktrace.o := n
> +
>  obj-y                                        += $(arm64-obj-y) vdso/ probes/
>  obj-m                                        += $(arm64-obj-m)
>  head-y                                       := head.o
> --
> 1.9.1
>

Reply via email to