From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753960AbcGKKLO (ORCPT ); Mon, 11 Jul 2016 06:11:14 -0400 Received: from mail-db5eur01on0103.outbound.protection.outlook.com ([104.47.2.103]:60096 "EHLO EUR01-DB5-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752511AbcGKKLM (ORCPT ); Mon, 11 Jul 2016 06:11:12 -0400 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=aryabinin@virtuozzo.com; Subject: Re: KASAN vs vmapped stacks To: Andy Lutomirski , "linux-kernel@vger.kernel.org" , kasan-dev , X86 ML , Alexander Potapenko , Dmitry Vyukov , Kees Cook , Borislav Petkov References: From: Andrey Ryabinin Message-ID: <57836D8F.3020104@virtuozzo.com> Date: Mon, 11 Jul 2016 12:57:35 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [195.214.232.10] X-ClientProxiedBy: HE1PR03CA0011.eurprd03.prod.outlook.com (10.163.170.149) To HE1PR0801MB1307.eurprd08.prod.outlook.com (10.167.247.149) X-MS-Office365-Filtering-Correlation-Id: 4f8869f5-a3ca-446a-2130-08d3a971a329 X-Microsoft-Exchange-Diagnostics: 1;HE1PR0801MB1307;2:giU/q6tRW2vSse9I5fox+1bB8DiZlHXBlMvmV6k3c8Qlq/jQnrBs2DygvV8AQDoHeDCkQrYU66w6tXryrBvpBm2wFSPhHNM6rbrA6rPOP9Bdn5hW+qgGdiUBJKOM8p6l244m2GP2aweKFj7gNFDhCKlF10xAwIHiKS4Ug5c5pK9MxcSLqIUK8MTDsvx0Dyz8;3:kHG3/OOkWOYG12hDauriFGEJA615iXrYP2ILlgDlKQVUjP1pPhEbhpAt8NvjtGiE60F6yhxuaSsZAnGczMkdRKTcbikFx4QquHSjlrXUk3ZmoIp+tvpDuLvY9n3rMCkD X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:HE1PR0801MB1307; X-Microsoft-Exchange-Diagnostics: 1;HE1PR0801MB1307;25:zfpvvj921y6kX+zVR6SU1fldIv4zDLWiKJf0b958VVmqaEcP/brP99at/JpuaL+9lnwRaTPMb7YGoM1myAeSMGp+I4Vg5KvLpAu4/aurXwgRzuYkfkmHa6Vz+wu2o1Z8hyYUJlQkEs5fThmf1QFrJEStF3Xz2B1oWuNk27KA8tNjaDHNkbN4AlE0d5TgvG98nqD0dO087dVMuyuZIHTQ0sRxvQit+6P4HO45Ur6nUicV4QoPTSNqHGbcujJCESI67IT1uPuAC4KWHTvtsnYztx5IPpWuzWAB7Ii81/nV5zhFFUqnPdlHKpWcPAqD2lt/k96rt1oIHblS7Bc/P8xQYynf0Ku5/ifH7WkJIp6G9oAJSCepxevqUTReEvVgXkLuRh09wQvg3XV25Y2CNMwk3mN4gPLZytA7rbryKe3V92651daztxWAvGjnPbwfhUlD1wM592Nsmcy0YPox7Z8uA4/v59yYWC9CPPkmsI9LkhGSpAJGU+LZML9kGgtq1BaM/txzg06NII/6edAIkwRUbw2VxHdQTsC61MzM5GF1/5MqX6vZyLB26pkdl8Rmqv5U27FfKCP0qblOskv7+gkQHaaI8zVBIFIt01FRCbp5gNa/SjT1twrFRrV5qd2iQ2Uako+gsO3HK2LJTijSzRUX/QASoznQpVQ5L1+JOSiiq+mE/K4l7OwosDb6C+4zgKe5Wz5EuhlDBfCFYIIfhdZnJg==;31:zCmCtzj0NkvfsEeRo7orzXqh9FQuezR5gRXkgE3q2202yr+zScYmgXH2ylwuwOx57LEmr0l0ss6AIU2RcCcjx5wD8km9/l/K3ut72hDxLi2lr7jKSkLP7G2Y5ngD7GhKyWnAdZJF25lM76W/65MPg80SItnArJQjxMkunIjnt1qLA6XCDSDyr2ZiKeVVYMAm5UcVR1AyStZzckZ2FFZ+6w== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040130)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6041072)(6043046);SRVR:HE1PR0801MB1307;BCL:0;PCL:0;RULEID:;SRVR:HE1PR0801MB1307; X-Microsoft-Exchange-Diagnostics: 1;HE1PR0801MB1307;4:3BxOsWivZzKROhI4Fptfr8A9CMq/4SEWfNnSALIF4nNfXhJzXof9xf0djGP9kP+Cgly0wDcvS0tjIEJPVHzLxTnBNIvI8KnJRdnrYd4T89xP4GTvWLo8GAEcC4XU06Z3lOZxdXTIrZuvlD6DIYFC3DBm7cdK1RDPStApmslo91xqqyOgU4l/61bdnHxt2aufECRiUlICQwQ+h3jp0AsPW0ueuBH0H+XCHxp/PkukfwP8fKBZcT29YXKOC/5je7K3o8ajPdhpb7q2z0ZBuDXPJVn848plugsPkBU1dIgmRqzGtv+wUgspXI9m6kEl4GAkp+BBbUnIBMgonvJ1gW8uEMFMJ1GWVby0N1Pv8gAc6mVwGleP4yNuGItVSU7Yzz4XuyIEFfPadsZXfwHyXGxnTls18sMLHcT0cPcHT8dv0GM= X-Forefront-PRVS: 00003DBFE7 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(4630300001)(6049001)(6009001)(7916002)(24454002)(189002)(377454003)(31014005)(199003)(53754006)(92566002)(2501003)(59896002)(86362001)(3480700004)(68736007)(23676002)(586003)(54356999)(87266999)(76176999)(50986999)(83506001)(106356001)(105586002)(33656002)(189998001)(4001350100001)(107886002)(97736004)(5001770100001)(42186005)(47776003)(80316001)(65806001)(230700001)(305945005)(64126003)(7846002)(7736002)(99136001)(65956001)(66066001)(81166006)(65816999)(81156014)(8676002)(50466002)(101416001)(36756003)(6116002)(2906002)(77096005)(3846002)(2950100001);DIR:OUT;SFP:1102;SCL:1;SRVR:HE1PR0801MB1307;H:[10.30.19.223];FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtIRTFQUjA4MDFNQjEzMDc7MjM6Mkh2ZWNCdlpuYU1FVndQWWtNSnFZaHdG?= =?utf-8?B?aEdmS3F2dmRPMUlWRS93dGtjRFMyTVNJZDhmZFM2UEwwVEpTU0ZhNGQrMVFl?= =?utf-8?B?QjAxNEhNVFI0d2lPMkRDOFNDdXcvbWVKanVobmJ1d3FvN3l5elFYT0JEUmp3?= =?utf-8?B?YS9yQnQxa1JuZGJWaHJJWXZZNFA0bXNoYS9OYjRKRCtFc1JYcHNBb0dZS2E5?= =?utf-8?B?UGt1MVYzbkVJbzlRUmptQXRRUjJUcDBzSHNibURabER3VkU2cUMrdC8rOUoy?= =?utf-8?B?SDdGQkZOd0JJTU8xdFo5Nlh6d3dWS2w0ZkVxWnZoMER2RkZqY29jMlpQUlc2?= =?utf-8?B?TE1YZkROYmo5RVpPWlJ5Y1NaM2p0SHh3MlMvQ3VTdnMyQ2tBM2Yza0N1d3I3?= =?utf-8?B?NzQwSnhnRHVNMVFrbklBeHlPeHZaZUVSUEVhZkZPNWY4aTVyM21UeUR6RTND?= =?utf-8?B?eXRmOG9abldUclN4Y2hmNFFvRXZ6Y3RDWXE5WmVRV0J0eDZyN0RQc1ZUV3U5?= =?utf-8?B?Z0d5Z2M0NW14WldTTDFpVG0wd0tUOXNacGU5cnlzUmhDQmZBQTVnYU5wdG9k?= =?utf-8?B?a0FlK2xSNkR1QUJxeXBLMDh5cTRtOGFCSE9zTmZnZ0FLRVQ3UUVJd29tYzZo?= =?utf-8?B?bjRMWVY0dWdabjFCZlVrU2xZT2VOL3BKT2tBRTVRaURWTkdkWDZWVXBrZGg1?= =?utf-8?B?NVRGd2MzdkxaeGwzV1A4aU9mVGxwRmxvdFNEZkpEUEIwUjdyNVlLUmwzd2RZ?= =?utf-8?B?Y29MZEZkYUp6NjJvVkNCVUVpUlF0UHF5Mzg1cHlVdnlkc1NhcEhWRG1FS0h4?= =?utf-8?B?c0xodTFrM1RNRW1Na1hNdG5Makp6TDRuZUhkamhwcnNsRVdyY3Vnb3VuVjUv?= =?utf-8?B?TEhDeDBxejRkTG9QdFl1d3N0OTNiekI4UlFKMVFrZWV0bW9JNGFuSmZmNDZj?= =?utf-8?B?ckxuTUhtbnFYT05HclpCYkh2NVlSZ1k4bVNPQ2c4THlYZUVjZzl6cm5Hb3pH?= =?utf-8?B?cTBpbTdtT3VhUTBVdS84Sy8zYzFzcVVwRWszMCtaSFpNN0czU1N2OUR3bUxO?= =?utf-8?B?VGdMeklmcTFQWHdvNnJDRTgvWW1UOE0vc1NHS3Zjbi9uQTVSNlBEQzJ2U1ZU?= =?utf-8?B?enhnckNLaVdaTDRhVWduZmEybzhNT3NLUXBGeXk3aGpVRnB6S0t4dGVUUkdC?= =?utf-8?B?amlJRmdrYU84d3dWbURsTzRqSDRsZklkR2Q3WEptaDZ0b3RvMFVxTmpJdXdL?= =?utf-8?B?cHhBd3gzM1V3TFZFNFNVcWRXWEx6aXRicUM0SkIvVEpLdVJIVGJOTlBOeUkr?= =?utf-8?B?c3lFYTI5ZTc4K1crYXZ3Z24yK0FGaDN6QUR5ZjBtN3ArRFU2cms3U2FWZHht?= =?utf-8?B?ZUtxOU01T1RTNlcyaDNxYTNPUGtiNG05ZEZYOE1yTEs1QVBuMVp5eHU1VzBv?= =?utf-8?B?TTA4Zm5EVFk5V1didWJJbVIxMjJNbk4rK1FsV3JyQ1RpOHV3NDRtUEtmbnV4?= =?utf-8?B?NEpubUNYQm5JanZOK2JqZHpNYU12K2d3MTk1U0tIbkVyYWJaUG5uZmhxZzYw?= =?utf-8?B?WGxoNTlMUmRmcnpXNXU4c2xVTmJFaU5wNkJ6dkVxOER5UVVxOGdMOW5uNHZE?= =?utf-8?B?c25ydTc1b1ZoWHJ3WXN0WFZzODdJZkVrbzNxNGV1by9PblMyZ0VWMk9MWkNm?= =?utf-8?B?N0ZIRW92SDRIbXNlT29aTnAvMmNsMFMrMDBYb05IcTZyMzh3ZG5YLzhWMVJD?= =?utf-8?B?YmwzOEpkN3NNOExjb3U5V3BLK01GbU1FdjVteGpISW8vUEc0U2U5S09YdnRX?= =?utf-8?B?MEJtV2FFR1dpYUJrYmZiM1R2a0ExVWVPTUhIVDlJRkZxNGd5UT09?= X-Microsoft-Exchange-Diagnostics: 1;HE1PR0801MB1307;6:W/pmJK3cnh1PzRu5lAGAQ6goaz1RxIV6c1Y1hhuGnL4Za7PmpDYEbmz4JUbzjX8rjR3bA0SLNXCJY/fD5uAN4NykVyaguv7rn+eJ7URYYpX/cZqOomuhlDv5NeupEpPb6Uhe7DnIbrxR5rLVmqbJNRA9onWGs6MzAFiD+oxwGl1ICXxhaaRlMY5MRqN3GzxXLp34K66mso4yxQaqEPxSCOqYAG9lbHzt1yulNWoo013Hjwxb9wn7JQDWzx8sI2peARz11OIbHG5bGNim2oM+/P5wnO6ydRczMnoVFRW55dnmllE39ZXNshDSzyxZkLw6;5:QFengyhMqcDnhcEBc63gWZGZHScA7JUNgJcih12Eguxu0wyGH5iFpaC09P/AnE0VISdTA7dW/9pqZ/Goqm0w+fzwktUbrWMxrkiN1Gvv0MycLQ2PwFWvZm9dtIRHzafrx/5+WZaE2yut6KtqZjOHTQ==;24:XvzUfIp/WoCtqKGKauNtF5Y1qmDtTPG474ahlkbIxghpC0EVtddGmP/RqdIr/Z7lSMNMSLa3vfoUI+O9sorYWr+y8jIQNRaVI+YfjMhRDHk=;7:d5qPZAz2Gy0ih/CRXXNuWPfidLTGZjEX+SqAgy/NBbsKTjqofTO3jS6fe65jpUuVLbjToSvBOEaQExHTU8NGavCYP6MT9tX5xsoL892/aCJRtw87SKx0tJR50eJGi31pqTm3e0gehRR8VK6mYmf5Mp3x4KOfPgCJtEu9Rj5MuYDjpA95/rwF3QQWTH7F8WUmLLyAKm4hI2qxsRqruh4PDzpfyCen3OaifZJwPy0insYMUzKxHZNp445vor9F05IT SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;HE1PR0801MB1307;20:ln+wPukLpKoqDh8r79iKc8lWcKFoAQOG3tKBepcXlIoPxIEfrEqnHC2oQ7er/nTpTU0IkFed39HE6OE2wQnB2RSDo+u5dCKNv/T9u+88RR9QhtCyceLecHp07nhQoq2/Aa0q77Gp6PeUT1e4NsKm6R3rqGOSf4OCae1Ehc1muTY= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Jul 2016 09:56:31.5405 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0801MB1307 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 07/10/2016 03:47 PM, Andy Lutomirski wrote: > Hi all- > > I found two nasty issues with virtually mapped stacks if KASAN is > enabled. The first issue is a crash: the first non-init stack is > allocated and accessed before KASAN initializes its zero shadow > AFAICT, which means that we switch to that stack and then blow up when > we start recursively faulting on failed accesses to the shadow. > KASAN initialized quite early, before any non-init task exists. The crash happens because non-init task writes to write-protected zero shadow. Currently KASAN doesn't allocate shadow memory for vmalloc addresses, we just map single zero page and write protect it. > The second issue is that, even if we survive (we initialize the zero > shadow on time), KASAN will fail to protect hte stack. > > For now, I just disabled use of virtually mapped stacks if KASAN is > on. Do you have any easy ideas to fix it? > Allocate shadow memory which backs vmalloc/vmap allocations is the only way to fix this. I can do this, and post the patches soon enough. > Thanks, > Andy >