From: Aaron Tomlin <atomlin@redhat.com>
To: peterz@infradead.org
Cc: mingo@redhat.com, dzickus@redhat.com, bmr@redhat.com,
jcastillo@redhat.com, atomlin@redhat.com, oleg@redhat.com,
pzijlstr@redhat.com, riel@redhat.com,
linux-kernel@vger.kernel.org, tglx@linutronix.de, x86@kernel.org,
rostedt@goodmis.org, hannes@cmpxchg.org,
aneesh.kumar@linux.vnet.ibm.com, akpm@linux-foundation.org,
akpm@google.com, linuxppc-dev@lists.ozlabs.org,
minchan@kernel.org
Subject: [PATCH 3/3] sched: BUG when stack end location is over written
Date: Mon, 8 Sep 2014 20:23:17 +0100 [thread overview]
Message-ID: <1410204197-31204-4-git-send-email-atomlin@redhat.com> (raw)
In-Reply-To: <1410204197-31204-1-git-send-email-atomlin@redhat.com>
Currently in the event of a stack overrun a call to schedule()
does not check for this type of corruption. This corruption is
often silent and can go unnoticed. However once the corrupted
region is examined at a later stage, the outcome is undefined
and often results in a sporadic page fault which cannot be
handled.
This patch checks for a stack overrun and takes appropriate
action since the damage is already done, there is no point
in continuing.
Signed-off-by: Aaron Tomlin <atomlin@redhat.com>
---
kernel/sched/core.c | 4 ++++
lib/Kconfig.debug | 12 ++++++++++++
2 files changed, 16 insertions(+)
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index ec1a286..182b2d1 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -2660,6 +2660,10 @@ static noinline void __schedule_bug(struct task_struct *prev)
*/
static inline void schedule_debug(struct task_struct *prev)
{
+#ifdef CONFIG_SCHED_STACK_END_CHECK
+ if (unlikely(task_stack_end_corrupted(prev)))
+ BUG();
+#endif
/*
* Test if we are atomic. Since do_exit() needs to call into
* schedule() atomically, we ignore that path. Otherwise whine
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index a285900..2a8280a 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -824,6 +824,18 @@ config SCHEDSTATS
application, you can say N to avoid the very slight overhead
this adds.
+config SCHED_STACK_END_CHECK
+ bool "Detect stack corruption on calls to schedule()"
+ depends on DEBUG_KERNEL
+ default y
+ help
+ This option checks for a stack overrun on calls to schedule().
+ If the stack end location is found to be over written always panic as
+ the content of the corrupted region can no longer be trusted.
+ This is to ensure no erroneous behaviour occurs which could result in
+ data corruption or a sporadic crash at a later stage once the region
+ is examined. The runtime overhead introduced is minimal.
+
config TIMER_STATS
bool "Collect kernel timers statistics"
depends on DEBUG_KERNEL && PROC_FS
--
1.9.3
next prev parent reply other threads:[~2014-09-08 19:25 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-04 14:50 [PATCH 0/2] sched: Always check the integrity of the canary Aaron Tomlin
2014-09-04 14:50 ` [PATCH 1/2] sched: Add helper for task stack page overrun checking Aaron Tomlin
2014-09-04 15:02 ` Oleg Nesterov
2014-09-04 15:52 ` Aaron Tomlin
2014-09-04 15:30 ` Peter Zijlstra
2014-09-04 14:50 ` [PATCH 2/2] sched: BUG when stack end location is over written Aaron Tomlin
2014-09-04 15:32 ` Peter Zijlstra
2014-09-04 16:11 ` Aaron Tomlin
2014-09-08 19:23 ` [PATCH v2 0/3] sched: Always check the integrity of the canary Aaron Tomlin
2014-09-08 19:23 ` [PATCH 1/3] init/main.c: Give init_task a canary Aaron Tomlin
2014-09-08 19:23 ` [PATCH 2/3] sched: Add helper for task stack page overrun checking Aaron Tomlin
2014-09-08 19:23 ` Aaron Tomlin [this message]
2014-09-09 9:42 ` [PATCH v2 0/3] sched: Always check the integrity of the canary Aaron Tomlin
2014-09-09 9:42 ` [PATCH v2 1/3] init/main.c: Give init_task a canary Aaron Tomlin
2014-09-10 7:26 ` Chuck Ebbert
2014-09-10 13:29 ` Aaron Tomlin
2014-09-11 12:23 ` Chuck Ebbert
2014-09-11 14:47 ` Aaron Tomlin
2014-09-09 9:42 ` [PATCH v2 2/3] sched: Add helper for task stack page overrun checking Aaron Tomlin
2014-09-09 9:42 ` [PATCH v2 3/3] sched: BUG when stack end location is over written Aaron Tomlin
2014-09-11 15:41 ` [PATCH v3 0/3] sched: Always check the integrity of the canary Aaron Tomlin
2014-09-11 15:41 ` [PATCH v3 1/3] init/main.c: Give init_task a canary Aaron Tomlin
2014-09-12 7:28 ` Michael Ellerman
2014-09-11 15:41 ` [PATCH v3 2/3] sched: Add helper for task stack page overrun checking Aaron Tomlin
2014-09-11 15:41 ` [PATCH v3 3/3] sched: BUG when stack end location is over written Aaron Tomlin
2014-09-12 4:06 ` Michael Ellerman
2014-09-12 9:44 ` Aaron Tomlin
2014-09-12 10:58 ` Mike Galbraith
2014-09-15 2:39 ` Michael Ellerman
2014-09-12 6:04 ` Michael Ellerman
2014-09-12 9:50 ` Aaron Tomlin
2014-09-11 15:53 ` [PATCH v3 0/3] sched: Always check the integrity of the canary Peter Zijlstra
2014-09-11 15:59 ` Aaron Tomlin
2014-09-11 16:02 ` David Laight
2014-09-11 17:26 ` Chuck Ebbert
2014-09-12 8:43 ` David Laight
2014-09-11 17:44 ` Aaron Tomlin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1410204197-31204-4-git-send-email-atomlin@redhat.com \
--to=atomlin@redhat.com \
--cc=akpm@google.com \
--cc=akpm@linux-foundation.org \
--cc=aneesh.kumar@linux.vnet.ibm.com \
--cc=bmr@redhat.com \
--cc=dzickus@redhat.com \
--cc=hannes@cmpxchg.org \
--cc=jcastillo@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=minchan@kernel.org \
--cc=mingo@redhat.com \
--cc=oleg@redhat.com \
--cc=peterz@infradead.org \
--cc=pzijlstr@redhat.com \
--cc=riel@redhat.com \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).