From: Matthew Wilcox <willy@infradead.org>
To: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Dmitry Vyukov <dvyukov@google.com>,
Kirill Tkhai <ktkhai@virtuozzo.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
Alexander Potapenko <glider@google.com>,
Andy Lutomirski <luto@kernel.org>, Borislav Petkov <bp@alien8.de>,
Juergen Gross <jgross@suse.com>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Kees Cook <keescook@chromium.org>,
Mathias Krause <minipli@googlemail.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Kate Stewart <kstewart@linuxfoundation.org>,
LKML <linux-kernel@vger.kernel.org>,
kasan-dev <kasan-dev@googlegroups.com>,
Linux-MM <linux-mm@kvack.org>
Subject: Re: [PATCH RFC] x86: KASAN: Sanitize unauthorized irq stack access
Date: Thu, 8 Feb 2018 11:00:18 -0800 [thread overview]
Message-ID: <20180208190016.GC9524@bombadil.infradead.org> (raw)
In-Reply-To: <20180208172026.6kqimndwyekyzzvl@treble>
On Thu, Feb 08, 2018 at 11:20:26AM -0600, Josh Poimboeuf wrote:
> The patch description is confusing. It talks about "crappy drivers irq
> handlers when they access wrong memory on the stack". But if I
> understand correctly, the patch doesn't actually protect against that
> case, because irq handlers run on the irq stack, and this patch only
> affects code which *isn't* running on the irq stack.
This would catch a crappy driver which allocates some memory on the
irq stack, squirrels the pointer to it away in a data structure, then
returns to process (or softirq) context and dereferences the pointer.
I have no idea if that's the case that Kirill is tracking down, but it's
something I can imagine someone doing.
WARNING: multiple messages have this Message-ID (diff)
From: Matthew Wilcox <willy@infradead.org>
To: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Dmitry Vyukov <dvyukov@google.com>,
Kirill Tkhai <ktkhai@virtuozzo.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
Alexander Potapenko <glider@google.com>,
Andy Lutomirski <luto@kernel.org>, Borislav Petkov <bp@alien8.de>,
Juergen Gross <jgross@suse.com>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Kees Cook <keescook@chromium.org>,
Mathias Krause <minipli@googlemail.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Kate Stewart <kstewart@linuxfoundation.org>,
LKML <linux-kernel@vger.kernel.org>,
kasan-dev <kasan-dev@googlegroups.com>,
Linux-MM <linux-mm@kvack.org>
Subject: Re: [PATCH RFC] x86: KASAN: Sanitize unauthorized irq stack access
Date: Thu, 8 Feb 2018 11:00:18 -0800 [thread overview]
Message-ID: <20180208190016.GC9524@bombadil.infradead.org> (raw)
In-Reply-To: <20180208172026.6kqimndwyekyzzvl@treble>
On Thu, Feb 08, 2018 at 11:20:26AM -0600, Josh Poimboeuf wrote:
> The patch description is confusing. It talks about "crappy drivers irq
> handlers when they access wrong memory on the stack". But if I
> understand correctly, the patch doesn't actually protect against that
> case, because irq handlers run on the irq stack, and this patch only
> affects code which *isn't* running on the irq stack.
This would catch a crappy driver which allocates some memory on the
irq stack, squirrels the pointer to it away in a data structure, then
returns to process (or softirq) context and dereferences the pointer.
I have no idea if that's the case that Kirill is tracking down, but it's
something I can imagine someone doing.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2018-02-08 19:00 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-07 16:14 [PATCH RFC] x86: KASAN: Sanitize unauthorized irq stack access Kirill Tkhai
2018-02-07 16:14 ` Kirill Tkhai
2018-02-07 18:38 ` Dave Hansen
2018-02-07 18:38 ` Dave Hansen
2018-02-07 19:31 ` Dmitry Vyukov
2018-02-07 19:31 ` Dmitry Vyukov
2018-02-08 10:03 ` Kirill Tkhai
2018-02-08 10:03 ` Kirill Tkhai
2018-02-08 16:30 ` Josh Poimboeuf
2018-02-08 16:30 ` Josh Poimboeuf
2018-02-08 16:41 ` Dmitry Vyukov
2018-02-08 16:41 ` Dmitry Vyukov
2018-02-08 17:20 ` Josh Poimboeuf
2018-02-08 17:20 ` Josh Poimboeuf
2018-02-08 19:00 ` Matthew Wilcox [this message]
2018-02-08 19:00 ` Matthew Wilcox
2018-02-09 8:53 ` Kirill Tkhai
2018-02-09 8:53 ` Kirill Tkhai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180208190016.GC9524@bombadil.infradead.org \
--to=willy@infradead.org \
--cc=aryabinin@virtuozzo.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=jgross@suse.com \
--cc=jpoimboe@redhat.com \
--cc=kasan-dev@googlegroups.com \
--cc=keescook@chromium.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=kstewart@linuxfoundation.org \
--cc=ktkhai@virtuozzo.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=minipli@googlemail.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.