Re: [PATCH RFC] x86: KASAN: Sanitize unauthorized irq stack access

From: Matthew Wilcox
Date: Thu Feb 08 2018 - 14:00:44 EST

Next message: Mathieu Desnoyers: "Re: linux-next: manual merge of the tip tree with Linus' tree"
Previous message: Matthew Wilcox: "Re: [RFC] Warn the user when they could overflow mapcount"
In reply to: Josh Poimboeuf: "Re: [PATCH RFC] x86: KASAN: Sanitize unauthorized irq stack access"
Next in thread: Kirill Tkhai: "Re: [PATCH RFC] x86: KASAN: Sanitize unauthorized irq stack access"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 08, 2018 at 11:20:26AM -0600, Josh Poimboeuf wrote:
> The patch description is confusing. It talks about "crappy drivers irq
> handlers when they access wrong memory on the stack". But if I
> understand correctly, the patch doesn't actually protect against that
> case, because irq handlers run on the irq stack, and this patch only
> affects code which *isn't* running on the irq stack.

This would catch a crappy driver which allocates some memory on the
irq stack, squirrels the pointer to it away in a data structure, then
returns to process (or softirq) context and dereferences the pointer.

I have no idea if that's the case that Kirill is tracking down, but it's
something I can imagine someone doing.

Next message: Mathieu Desnoyers: "Re: linux-next: manual merge of the tip tree with Linus' tree"
Previous message: Matthew Wilcox: "Re: [RFC] Warn the user when they could overflow mapcount"
In reply to: Josh Poimboeuf: "Re: [PATCH RFC] x86: KASAN: Sanitize unauthorized irq stack access"
Next in thread: Kirill Tkhai: "Re: [PATCH RFC] x86: KASAN: Sanitize unauthorized irq stack access"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]