On Mon, Nov 4, 2019 at 4:40 AM Mark Rutland <mark.rutland@xxxxxxx> wrote:
> > +#ifdef CONFIG_DEBUG_STACK_USAGE
> > +static inline unsigned long scs_used(struct task_struct *tsk)
> > +{
> > + unsigned long *p = __scs_base(tsk);
> > + unsigned long *end = scs_magic(tsk);
> > + uintptr_t s = (uintptr_t)p;
>
> As previously, please use unsigned long for consistency.
Ack.
> > + while (p < end && *p)
> > + p++;
>
> I think this is the only place where we legtimately access the shadow
> call stack directly.
There's also scs_corrupted, which checks that the end magic is intact.
> When using SCS and KASAN, are the
> compiler-generated accesses to the SCS instrumented?
>
> If not, it might make sense to make this:
>
> while (p < end && READ_ONCE_NOCKECK(*p))
>
> ... and poison the allocation from KASAN's PoV, so that we can find
> unintentional accesses more easily.
Sure, that makes sense. I can poison the allocation for the
non-vmalloc case, I'll just need to refactor scs_set_magic to happen
before the poisoning.
Sami
