From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754374AbcKQRjh (ORCPT <rfc822;w@1wt.eu>);
        Thu, 17 Nov 2016 12:39:37 -0500
Received: from mx1.redhat.com ([209.132.183.28]:55972 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S933271AbcKQRjb (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 17 Nov 2016 12:39:31 -0500
Date: Thu, 17 Nov 2016 08:01:50 -0600
From: Josh Poimboeuf <jpoimboe@redhat.com>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: Peter Zijlstra <peterz@infradead.org>,
        Vince Weaver <vincent.weaver@maine.edu>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Ingo Molnar <mingo@redhat.com>,
        Arnaldo Carvalho de Melo <acme@kernel.org>,
        "davej@codemonkey.org.uk" <davej@codemonkey.org.uk>,
        Stephane Eranian <eranian@gmail.com>
Subject: Re: perf: fuzzer KASAN unwind_get_return_address
Message-ID: <20161117140150.o6vy7bsrbjkg2nzd@treble>
References: <20161115205748.xtroftp55igs55bz@treble>
 <20161116130337.GT3142@twins.programming.kicks-ass.net>
 <20161116143746.zoxdxrfqvmx35wln@treble>
 <20161116144943.GB3117@twins.programming.kicks-ass.net>
 <20161116145849.GR3157@twins.programming.kicks-ass.net>
 <20161117044828.vedc3whqkuki624r@treble>
 <20161117090446.GC3142@twins.programming.kicks-ass.net>
 <20161117091341.GS3157@twins.programming.kicks-ass.net>
 <20161117093028.GT3157@twins.programming.kicks-ass.net>
 <CACT4Y+bg_rDLqx5o17MJSi-5dpgbNanEQNhGPcJGOkhu-xyGww@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <CACT4Y+bg_rDLqx5o17MJSi-5dpgbNanEQNhGPcJGOkhu-xyGww@mail.gmail.com>
User-Agent: Mutt/1.6.0.1 (2016-04-01)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Thu, 17 Nov 2016 14:01:52 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Nov 17, 2016 at 10:48:27AM +0100, Dmitry Vyukov wrote:
> Just in case, there is currently a known KASAN false positive related
> to longjmp's on GPFs. When a syscall hits GPF stack is unwound to
> kernel entry point, this leaves a bunch of stray poisoned redzones on
> the thread stack. They later cause false stack-out-of-bounds reports.
> 
> But this does not seem to be the case here. Kernel is not tainted. And
> shadow at the bottom of the reports looks sane.
> 
> But if that's the case somehow, we will need to add
> kasan_unpoison_remaining_stack() call before a longjmp like we did for
> jprobe_return():
> https://groups.google.com/d/msg/kasan-dev/Hzox58yZ4MU/TOdFoWMuBQAJ

I'm pretty sure this isn't a KASAN false positive.  The unwinder does
actually seem to be accessing a bad area of the stack, in the middle of
a function's stack frame.

-- 
Josh