On Fri, Feb 5, 2021 at 6:24 AM Josh Poimboeuf <jpoimboe@xxxxxxxxxx> wrote:
>
> KASAN reserves "redzone" areas between stack frames in order to detect
> stack overruns. A read or write to such an area triggers a KASAN
> "stack-out-of-bounds" BUG.
>
> Normally, the ORC unwinder stays in-bounds and doesn't access the
> redzone. But sometimes it can't find ORC metadata for a given
> instruction. This can happen for code which is missing ORC metadata, or
> for generated code. In such cases, the unwinder attempts to fall back
> to frame pointers, as a best-effort type thing.
>
> This fallback often works, but when it doesn't, the unwinder can get
> confused and go off into the weeds into the KASAN redzone, triggering
> the aforementioned KASAN BUG.
>
> But in this case, the unwinder's confusion is actually harmless and
> working as designed. It already has checks in place to prevent
> off-stack accesses, but those checks get short-circuited by the KASAN
> BUG. And a BUG is a lot more disruptive than a harmless unwinder
> warning.
>
> Disable the KASAN checks by using READ_ONCE_NOCHECK() for all stack
> accesses. This finishes the job started by commit 881125bfe65b
> ("x86/unwind: Disable KASAN checking in the ORC unwinder"), which only
> partially fixed the issue.
>
> Fixes: ee9f8fce9964 ("x86/unwind: Add the ORC unwinder")
> Reported-by: Ivan Babrou <ivan@xxxxxxxxxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
I haven't seen any previously observed issues with this after a day of uptime.
Tested-by: Ivan Babrou <ivan@xxxxxxxxxxxxxx>
