Re: orc unwinder: stack-out-of-bounds accesses

From: Josh Poimboeuf
Date: Wed Oct 18 2017 - 13:03:07 EST


On Wed, Oct 18, 2017 at 06:40:46PM +0200, Dmitry Vyukov wrote:
> Hello,
>
> I am seeing lots of KASAN-detected stack-out-of-bounds accesses in the
> new ORC unwinder. Examples of reports below. linux-next on
> a7dd40274d75326ca868479c62090b1198a357ad.
> You can reproduce this by enabling CONFIG_KASAN with gcc7+ (which
> supports stack instrumentation).

Thanks for reporting it.

> apic_timer_interrupt+0x96/0xa0 arch/x86/entry/entry_64.S:770
> </IRQ>
> RIP: 0010:arch_local_save_flags arch/x86/include/asm/paravirt.h:772 [inline]
> RIP: 0010:arch_local_irq_save arch/x86/include/asm/paravirt.h:794 [inline]
> RIP: 0010:lock_is_held_type+0x84/0x200 kernel/locking/lockdep.c:4025

This looks like a known issue:

https://lkml.kernel.org/r/20170728164844.tee7ujqluv2fgarf@sasha-lappy

The bug is mostly harmless because, even though the unwinder is reading
at the wrong stack address, it still has safeguards that will prevent it
from reading outside of the stack area.

I posted a "fix" here:

https://lkml.kernel.org/r/cover.1507128293.git.jpoimboe@xxxxxxxxxx

But it had some issues. There will be a v2, probably after next week's
OSS Europe / Kernel Summit.

--
Josh