Re: fs: proc: gpf in find_entry

From: Sasha Levin
Date: Mon Dec 22 2014 - 13:12:33 EST


On 12/22/2014 12:52 PM, Andrey Ryabinin wrote:
> 2014-12-22 18:51 GMT+03:00 Eric W. Biederman <ebiederm@xxxxxxxxxxxx>:
>> These two instructions:
>>>> 11: 4d 85 ff test %r15,%r15
>>>> 14: 0f 84 de 01 00 00 je 0x1f8
>>
>> Should prevent a NULL %r15 value from ever reaching the trapping
>> instruction.
>
> If they were executed, then yes. But I think there was jump from somewhere
> to the instructions below those two.

There is indeed a jump direct to that point, which avoids the %r15 check.

>> What other horrible things does KASAN do to the machine code?
>>
>
> kasan insert something like following before any memory access:
>
> s8 *shadow_addr = (add >> 3) + shadow_offset;
>
> if (unlikely(*shadow_addr))
> if (unlikely(addr & 7 >= *shadow_addr))
> report_bug(addr);
>
>
> I suspect that Sasha is using kasan along with ubsan.
> In that case generated code much more horrid.

It's not *that* bad :)


Thanks,
Sasha
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/