Re: [PATCH 5/6] objtool: Add UACCESS validation
From: Peter Zijlstra
Date: Thu Feb 28 2019 - 04:40:29 EST
On Wed, Feb 27, 2019 at 06:28:16PM +0100, Peter Zijlstra wrote:
> On Wed, Feb 27, 2019 at 04:40:28PM +0100, Dmitry Vyukov wrote:
> > On Wed, Feb 27, 2019 at 3:33 PM Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
>
> > > Urgh, kasan_report() is definitely unsafe. Now, admitedly we should
> > > 'never' hit that, but it does leave us up a creek without a paddle.
>
> > If SMAP detects additional bugs, then it would be pity to disable it
> > with KASAN (detect bugs in production but not during testing).
> >
> > You mentioned that exception save/restore the UACCESS state. Is it
> > possible to do the same in kasan_report? At the very least we need to
> > survive report printing, what happens after that does not matter much
> > (we've corrupted memory by now anyway).
>
> Ideally we'll put all of kasan_report() in an exception, much like we do
> for WARN. But there's a distinct lack of arch hooks there to play with.
> I suppose I can try and create some.
>
> On top of that we'll have to mark these __asan functions with notrace.
>
> Maybe a little something horrible like so... completely untested.
OK, I got that to compile; the next problem is:
../include/linux/kasan.h:90:1: error: built-in function â__asan_loadN_noabortâ must be directly called
UACCESS_SAFE(__asan_loadN_noabort);
Which doesn't make any sense; since we actually generated that symbol,
it clearly is not built-in. What gives?