The patch titled
Subject: kprobes: avoid false KASAN reports during stack copy
has been added to the -mm tree. Its filename is
kprobes-avoid-false-kasan-reports-during-stack-copy.patch
This patch should soon appear at
http://ozlabs.org/~akpm/mmots/broken-out/kprobes-avoid-false-kasan-reports-during-stack-copy.patch
and later at
http://ozlabs.org/~akpm/mmotm/broken-out/kprobes-avoid-false-kasan-reports-during-stack-copy.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/SubmitChecklist when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
Subject: kprobes: avoid false KASAN reports during stack copy
Kprobes saves and restores raw stack chunks with memcpy(). With KASAN
these chunks can contain poisoned stack redzones, as the result memcpy()
interceptor produces false stack out-of-bounds reports.
Use __memcpy() instead of memcpy() for stack copying. __memcpy() is not
instrumented by KASAN and does not lead to the false reports.
Link: http://lkml.kernel.org/r/1476188018-36101-1-git-send-email-dvyukov@xxxxxxxxxx
Signed-off-by: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
Reported-by: CAI Qian <caiqian@xxxxxxxxxx>
Cc: Alexander Potapenko <glider@xxxxxxxxxx>
Cc: Andrey Ryabinin <ryabinin.a.a@xxxxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxxxxx>
Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
Cc: Ananth N Mavinakayanahalli <ananth@xxxxxxxxxxxxxxxxxx>
Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@xxxxxxxxx>
Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>
Cc: Masami Hiramatsu <mhiramat@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
arch/x86/kernel/kprobes/core.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff -puN arch/x86/kernel/kprobes/core.c~kprobes-avoid-false-kasan-reports-during-stack-copy arch/x86/kernel/kprobes/core.c
--- a/arch/x86/kernel/kprobes/core.c~kprobes-avoid-false-kasan-reports-during-stack-copy
+++ a/arch/x86/kernel/kprobes/core.c
@@ -1057,9 +1057,11 @@ int setjmp_pre_handler(struct kprobe *p,
* tailcall optimization. So, to be absolutely safe
* we also save and restore enough stack bytes to cover
* the argument area.
+ * Use __memcpy to avoid KASAN stack out-of-bounds reports as we copy
+ * raw stack chunk with redzones.
*/
- memcpy(kcb->jprobes_stack, (kprobe_opcode_t *)addr,
- MIN_STACK_SIZE(addr));
+ __memcpy(kcb->jprobes_stack, (kprobe_opcode_t *)addr,
+ MIN_STACK_SIZE(addr));
regs->flags &= ~X86_EFLAGS_IF;
trace_hardirqs_off();
regs->ip = (unsigned long)(jp->entry);
@@ -1118,7 +1120,8 @@ int longjmp_break_handler(struct kprobe
/* It's OK to start function graph tracing again */
unpause_graph_tracing();
*regs = kcb->jprobe_saved_regs;
- memcpy(saved_sp, kcb->jprobes_stack, MIN_STACK_SIZE(saved_sp));
+ __memcpy(saved_sp, kcb->jprobes_stack,
+ MIN_STACK_SIZE(saved_sp));
preempt_enable_no_resched();
return 1;
}
_
Patches currently in -mm which might be from dvyukov@xxxxxxxxxx are
kprobes-avoid-false-kasan-reports-during-stack-copy.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
