Re: [PATCH v3 5/6] kasan: Unset panic_on_warn before calling panic()
From: Kees Cook
Date: Thu Jan 16 2020 - 18:49:44 EST
On Thu, Jan 16, 2020 at 06:23:01AM +0100, Dmitry Vyukov wrote:
> On Thu, Jan 16, 2020 at 2:24 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> >
> > As done in the full WARN() handler, panic_on_warn needs to be cleared
> > before calling panic() to avoid recursive panics.
> >
> > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
> > ---
> > mm/kasan/report.c | 10 +++++++++-
> > 1 file changed, 9 insertions(+), 1 deletion(-)
> >
> > diff --git a/mm/kasan/report.c b/mm/kasan/report.c
> > index 621782100eaa..844554e78893 100644
> > --- a/mm/kasan/report.c
> > +++ b/mm/kasan/report.c
> > @@ -92,8 +92,16 @@ static void end_report(unsigned long *flags)
> > pr_err("==================================================================\n");
> > add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE);
> > spin_unlock_irqrestore(&report_lock, *flags);
> > - if (panic_on_warn)
> > + if (panic_on_warn) {
> > + /*
> > + * This thread may hit another WARN() in the panic path.
> > + * Resetting this prevents additional WARN() from panicking the
> > + * system on this thread. Other threads are blocked by the
> > + * panic_mutex in panic().
>
> I don't understand part about other threads.
> Other threads are not necessary inside of panic(). And in fact since
> we reset panic_on_warn, they will not get there even if they should.
> If I am reading this correctly, once one thread prints a warning and
> is going to panic, other threads may now print infinite amounts of
> warning and proceed past them freely. Why is this the behavior we
> want?
AIUI, the issue is the current thread hitting another WARN and blocking
on trying to call panic again. WARNs encountered during the execution of
panic() need to not attempt to call panic() again.
-Kees
>
> > + */
> > + panic_on_warn = 0;
> > panic("panic_on_warn set ...\n");
> > + }
> > kasan_enable_current();
> > }
--
Kees Cook