Re: [PATCH RFC] x86: KASAN: Sanitize unauthorized irq stack access
From: Matthew Wilcox
Date: Thu Feb 08 2018 - 14:00:44 EST
On Thu, Feb 08, 2018 at 11:20:26AM -0600, Josh Poimboeuf wrote:
> The patch description is confusing. It talks about "crappy drivers irq
> handlers when they access wrong memory on the stack". But if I
> understand correctly, the patch doesn't actually protect against that
> case, because irq handlers run on the irq stack, and this patch only
> affects code which *isn't* running on the irq stack.
This would catch a crappy driver which allocates some memory on the
irq stack, squirrels the pointer to it away in a data structure, then
returns to process (or softirq) context and dereferences the pointer.
I have no idea if that's the case that Kirill is tracking down, but it's
something I can imagine someone doing.