On Fri, 5 Feb 2021 08:24:02 -0600
Josh Poimboeuf <jpoim...@redhat.com> wrote:
> KASAN reserves "redzone" areas between stack frames in order to detect
> stack overruns. A read or write to such an area triggers a KASAN
> "stack-out-of-bounds" BUG.
>
> Normally, the ORC unwinder stays in-bounds and doesn't access the
> redzone. But sometimes it can't find ORC metadata for a given
> instruction. This can happen for code which is missing ORC metadata, or
> for generated code. In such cases, the unwinder attempts to fall back
> to frame pointers, as a best-effort type thing.
>
> This fallback often works, but when it doesn't, the unwinder can get
> confused and go off into the weeds into the KASAN redzone, triggering
> the aforementioned KASAN BUG.
>
> But in this case, the unwinder's confusion is actually harmless and
> working as designed. It already has checks in place to prevent
> off-stack accesses, but those checks get short-circuited by the KASAN
> BUG. And a BUG is a lot more disruptive than a harmless unwinder
> warning.
>
> Disable the KASAN checks by using READ_ONCE_NOCHECK() for all stack
> accesses. This finishes the job started by commit 881125bfe65b
> ("x86/unwind: Disable KASAN checking in the ORC unwinder"), which only
> partially fixed the issue.
>
> Fixes: ee9f8fce9964 ("x86/unwind: Add the ORC unwinder")
> Reported-by: Ivan Babrou <i...@cloudflare.com>
> Cc: sta...@vger.kernel.org
> Signed-off-by: Josh Poimboeuf <jpoim...@redhat.com>
Reviewed-by: Steven Rostedt (VMware) <rost...@goodmis.org>
-- Steve
