* [PATCH] trace, kasan: silence Kasan warning in check_stack
@ 2016-02-08 18:39 Yang Shi
2016-02-09 13:40 ` Andrey Ryabinin
2016-02-12 19:35 ` Steven Rostedt
0 siblings, 2 replies; 5+ messages in thread
From: Yang Shi @ 2016-02-08 18:39 UTC (permalink / raw)
To: aryabinin, rostedt, mingo; +Cc: linux-kernel, linaro-kernel, yang.shi
When enabling stack trace via "echo 1 > /proc/sys/kernel/stack_tracer_enabled",
the below KASAN warning is triggered:
BUG: KASAN: stack-out-of-bounds in check_stack+0x344/0x848 at addr ffffffc0689ebab8
Read of size 8 by task ksoftirqd/4/29
page:ffffffbdc3a27ac0 count:0 mapcount:0 mapping: (null) index:0x0
flags: 0x0()
page dumped because: kasan: bad access detected
CPU: 4 PID: 29 Comm: ksoftirqd/4 Not tainted 4.5.0-rc1 #129
Hardware name: Freescale Layerscape 2085a RDB Board (DT)
Call trace:
[<ffffffc000091300>] dump_backtrace+0x0/0x3a0
[<ffffffc0000916c4>] show_stack+0x24/0x30
[<ffffffc0009bbd78>] dump_stack+0xd8/0x168
[<ffffffc000420bb0>] kasan_report_error+0x6a0/0x920
[<ffffffc000421688>] kasan_report+0x70/0xb8
[<ffffffc00041f7f0>] __asan_load8+0x60/0x78
[<ffffffc0002e05c4>] check_stack+0x344/0x848
[<ffffffc0002e0c8c>] stack_trace_call+0x1c4/0x370
[<ffffffc0002af558>] ftrace_ops_no_ops+0x2c0/0x590
[<ffffffc00009f25c>] ftrace_graph_call+0x0/0x14
[<ffffffc0000881bc>] fpsimd_thread_switch+0x24/0x1e8
[<ffffffc000089864>] __switch_to+0x34/0x218
[<ffffffc0011e089c>] __schedule+0x3ac/0x15b8
[<ffffffc0011e1f6c>] schedule+0x5c/0x178
[<ffffffc0001632a8>] smpboot_thread_fn+0x350/0x960
[<ffffffc00015b518>] kthread+0x1d8/0x2b0
[<ffffffc0000874d0>] ret_from_fork+0x10/0x40
Memory state around the buggy address:
ffffffc0689eb980: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f4 f4 f4
ffffffc0689eba00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
>ffffffc0689eba80: 00 00 f1 f1 f1 f1 00 f4 f4 f4 f3 f3 f3 f3 00 00
^
ffffffc0689ebb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffffc0689ebb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
The stacker tracer traverses the whole kernel stack when saving the max stack
trace. It may touch the stack red zones to cause the warning. So, just disable
the instrumentation to silence the warning.
Signed-off-by: Yang Shi <yang.shi@linaro.org>
---
kernel/trace/trace_stack.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c
index 202df6c..61e5e1e 100644
--- a/kernel/trace/trace_stack.c
+++ b/kernel/trace/trace_stack.c
@@ -156,7 +156,7 @@ check_stack(unsigned long ip, unsigned long *stack)
for (; p < top && i < stack_trace_max.nr_entries; p++) {
if (stack_dump_trace[i] == ULONG_MAX)
break;
- if (*p == stack_dump_trace[i]) {
+ if ((READ_ONCE_NOCHECK(*p)) == stack_dump_trace[i]) {
stack_dump_trace[x] = stack_dump_trace[i++];
this_size = stack_trace_index[x++] =
(top - p) * sizeof(unsigned long);
--
2.0.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] trace, kasan: silence Kasan warning in check_stack
2016-02-08 18:39 [PATCH] trace, kasan: silence Kasan warning in check_stack Yang Shi
@ 2016-02-09 13:40 ` Andrey Ryabinin
2016-02-12 18:50 ` Shi, Yang
2016-02-12 19:35 ` Steven Rostedt
1 sibling, 1 reply; 5+ messages in thread
From: Andrey Ryabinin @ 2016-02-09 13:40 UTC (permalink / raw)
To: Yang Shi, rostedt, mingo; +Cc: linux-kernel, linaro-kernel
On 02/08/2016 09:39 PM, Yang Shi wrote:
> When enabling stack trace via "echo 1 > /proc/sys/kernel/stack_tracer_enabled",
> the below KASAN warning is triggered:
>
> BUG: KASAN: stack-out-of-bounds in check_stack+0x344/0x848 at addr ffffffc0689ebab8
> Read of size 8 by task ksoftirqd/4/29
> page:ffffffbdc3a27ac0 count:0 mapcount:0 mapping: (null) index:0x0
> flags: 0x0()
> page dumped because: kasan: bad access detected
> CPU: 4 PID: 29 Comm: ksoftirqd/4 Not tainted 4.5.0-rc1 #129
> Hardware name: Freescale Layerscape 2085a RDB Board (DT)
> Call trace:
> [<ffffffc000091300>] dump_backtrace+0x0/0x3a0
> [<ffffffc0000916c4>] show_stack+0x24/0x30
> [<ffffffc0009bbd78>] dump_stack+0xd8/0x168
> [<ffffffc000420bb0>] kasan_report_error+0x6a0/0x920
> [<ffffffc000421688>] kasan_report+0x70/0xb8
> [<ffffffc00041f7f0>] __asan_load8+0x60/0x78
> [<ffffffc0002e05c4>] check_stack+0x344/0x848
> [<ffffffc0002e0c8c>] stack_trace_call+0x1c4/0x370
> [<ffffffc0002af558>] ftrace_ops_no_ops+0x2c0/0x590
> [<ffffffc00009f25c>] ftrace_graph_call+0x0/0x14
> [<ffffffc0000881bc>] fpsimd_thread_switch+0x24/0x1e8
> [<ffffffc000089864>] __switch_to+0x34/0x218
> [<ffffffc0011e089c>] __schedule+0x3ac/0x15b8
> [<ffffffc0011e1f6c>] schedule+0x5c/0x178
> [<ffffffc0001632a8>] smpboot_thread_fn+0x350/0x960
> [<ffffffc00015b518>] kthread+0x1d8/0x2b0
> [<ffffffc0000874d0>] ret_from_fork+0x10/0x40
> Memory state around the buggy address:
> ffffffc0689eb980: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f4 f4 f4
> ffffffc0689eba00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
>> ffffffc0689eba80: 00 00 f1 f1 f1 f1 00 f4 f4 f4 f3 f3 f3 f3 00 00
> ^
> ffffffc0689ebb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> ffffffc0689ebb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>
> The stacker tracer traverses the whole kernel stack when saving the max stack
> trace. It may touch the stack red zones to cause the warning. So, just disable
> the instrumentation to silence the warning.
>
> Signed-off-by: Yang Shi <yang.shi@linaro.org>
Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] trace, kasan: silence Kasan warning in check_stack
2016-02-09 13:40 ` Andrey Ryabinin
@ 2016-02-12 18:50 ` Shi, Yang
0 siblings, 0 replies; 5+ messages in thread
From: Shi, Yang @ 2016-02-12 18:50 UTC (permalink / raw)
To: Andrey Ryabinin, rostedt, mingo; +Cc: linux-kernel, linaro-kernel
Hi Steven,
Any comment for this patch?
Thanks,
Yang
On 2/9/2016 5:40 AM, Andrey Ryabinin wrote:
> On 02/08/2016 09:39 PM, Yang Shi wrote:
>> When enabling stack trace via "echo 1 > /proc/sys/kernel/stack_tracer_enabled",
>> the below KASAN warning is triggered:
>>
>> BUG: KASAN: stack-out-of-bounds in check_stack+0x344/0x848 at addr ffffffc0689ebab8
>> Read of size 8 by task ksoftirqd/4/29
>> page:ffffffbdc3a27ac0 count:0 mapcount:0 mapping: (null) index:0x0
>> flags: 0x0()
>> page dumped because: kasan: bad access detected
>> CPU: 4 PID: 29 Comm: ksoftirqd/4 Not tainted 4.5.0-rc1 #129
>> Hardware name: Freescale Layerscape 2085a RDB Board (DT)
>> Call trace:
>> [<ffffffc000091300>] dump_backtrace+0x0/0x3a0
>> [<ffffffc0000916c4>] show_stack+0x24/0x30
>> [<ffffffc0009bbd78>] dump_stack+0xd8/0x168
>> [<ffffffc000420bb0>] kasan_report_error+0x6a0/0x920
>> [<ffffffc000421688>] kasan_report+0x70/0xb8
>> [<ffffffc00041f7f0>] __asan_load8+0x60/0x78
>> [<ffffffc0002e05c4>] check_stack+0x344/0x848
>> [<ffffffc0002e0c8c>] stack_trace_call+0x1c4/0x370
>> [<ffffffc0002af558>] ftrace_ops_no_ops+0x2c0/0x590
>> [<ffffffc00009f25c>] ftrace_graph_call+0x0/0x14
>> [<ffffffc0000881bc>] fpsimd_thread_switch+0x24/0x1e8
>> [<ffffffc000089864>] __switch_to+0x34/0x218
>> [<ffffffc0011e089c>] __schedule+0x3ac/0x15b8
>> [<ffffffc0011e1f6c>] schedule+0x5c/0x178
>> [<ffffffc0001632a8>] smpboot_thread_fn+0x350/0x960
>> [<ffffffc00015b518>] kthread+0x1d8/0x2b0
>> [<ffffffc0000874d0>] ret_from_fork+0x10/0x40
>> Memory state around the buggy address:
>> ffffffc0689eb980: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f4 f4 f4
>> ffffffc0689eba00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
>>> ffffffc0689eba80: 00 00 f1 f1 f1 f1 00 f4 f4 f4 f3 f3 f3 f3 00 00
>> ^
>> ffffffc0689ebb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> ffffffc0689ebb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>>
>> The stacker tracer traverses the whole kernel stack when saving the max stack
>> trace. It may touch the stack red zones to cause the warning. So, just disable
>> the instrumentation to silence the warning.
>>
>> Signed-off-by: Yang Shi <yang.shi@linaro.org>
>
> Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] trace, kasan: silence Kasan warning in check_stack
2016-02-08 18:39 [PATCH] trace, kasan: silence Kasan warning in check_stack Yang Shi
2016-02-09 13:40 ` Andrey Ryabinin
@ 2016-02-12 19:35 ` Steven Rostedt
2016-02-12 19:46 ` Shi, Yang
1 sibling, 1 reply; 5+ messages in thread
From: Steven Rostedt @ 2016-02-12 19:35 UTC (permalink / raw)
To: Yang Shi; +Cc: aryabinin, mingo, linux-kernel, linaro-kernel
On Mon, 8 Feb 2016 10:39:42 -0800
Yang Shi <yang.shi@linaro.org> wrote:
>
> Signed-off-by: Yang Shi <yang.shi@linaro.org>
> ---
> kernel/trace/trace_stack.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c
> index 202df6c..61e5e1e 100644
> --- a/kernel/trace/trace_stack.c
> +++ b/kernel/trace/trace_stack.c
> @@ -156,7 +156,7 @@ check_stack(unsigned long ip, unsigned long *stack)
> for (; p < top && i < stack_trace_max.nr_entries; p++) {
> if (stack_dump_trace[i] == ULONG_MAX)
> break;
> - if (*p == stack_dump_trace[i]) {
Can you add a comment explaining this. Something like:
/*
* The READ_ONCE_NOCHECK() is used to let KASAN know that
* this is not an stack-out-of-bounds error.
*/
Thanks,
-- Steve
> + if ((READ_ONCE_NOCHECK(*p)) == stack_dump_trace[i]) {
> stack_dump_trace[x] = stack_dump_trace[i++];
> this_size = stack_trace_index[x++] =
> (top - p) * sizeof(unsigned long);
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] trace, kasan: silence Kasan warning in check_stack
2016-02-12 19:35 ` Steven Rostedt
@ 2016-02-12 19:46 ` Shi, Yang
0 siblings, 0 replies; 5+ messages in thread
From: Shi, Yang @ 2016-02-12 19:46 UTC (permalink / raw)
To: Steven Rostedt; +Cc: aryabinin, mingo, linux-kernel, linaro-kernel
On 2/12/2016 11:35 AM, Steven Rostedt wrote:
> On Mon, 8 Feb 2016 10:39:42 -0800
> Yang Shi <yang.shi@linaro.org> wrote:
>
>>
>> Signed-off-by: Yang Shi <yang.shi@linaro.org>
>> ---
>> kernel/trace/trace_stack.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c
>> index 202df6c..61e5e1e 100644
>> --- a/kernel/trace/trace_stack.c
>> +++ b/kernel/trace/trace_stack.c
>> @@ -156,7 +156,7 @@ check_stack(unsigned long ip, unsigned long *stack)
>> for (; p < top && i < stack_trace_max.nr_entries; p++) {
>> if (stack_dump_trace[i] == ULONG_MAX)
>> break;
>> - if (*p == stack_dump_trace[i]) {
>
> Can you add a comment explaining this. Something like:
>
> /*
> * The READ_ONCE_NOCHECK() is used to let KASAN know that
> * this is not an stack-out-of-bounds error.
> */
Sure, will add in v2.
Thanks,
Yang
>
> Thanks,
>
> -- Steve
>
>> + if ((READ_ONCE_NOCHECK(*p)) == stack_dump_trace[i]) {
>> stack_dump_trace[x] = stack_dump_trace[i++];
>> this_size = stack_trace_index[x++] =
>> (top - p) * sizeof(unsigned long);
>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-02-12 19:46 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-02-08 18:39 [PATCH] trace, kasan: silence Kasan warning in check_stack Yang Shi
2016-02-09 13:40 ` Andrey Ryabinin
2016-02-12 18:50 ` Shi, Yang
2016-02-12 19:35 ` Steven Rostedt
2016-02-12 19:46 ` Shi, Yang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).