Bug 202009 - KASAN: make compatible with VMAP_STACK
Summary: KASAN: make compatible with VMAP_STACK
Status: NEW
Alias: None
Product: Memory Management
Classification: Unclassified
Component: Sanitizers (show other bugs)
Hardware: All Linux
: P2 enhancement
Assignee: Dmitry Vyukov
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-12-17 15:05 UTC by Dmitry Vyukov
Modified: 2018-12-17 15:06 UTC (History)
1 user (show)

See Also:
Kernel Version: ALL
Tree: Mainline
Regression: No


Attachments

Description Dmitry Vyukov 2018-12-17 15:05:43 UTC
Currently KASAN is incompatible with VMAP_STACK and stack overflows silently smash whatever happens to be after the stack.

For some context see:
https://groups.google.com/d/msg/kasan-dev/6_HoycR3p5Y/lj66K9iRBAAJ

And for actual bug where it happened and caused a WARNING in rcu subsystem:
https://groups.google.com/d/msg/syzkaller-bugs/HoRZMT92WKk/X6ETBRMSEAAJ

We either need to support VMAP_STACK with KASAN, or provide some equivalent detection.
An easy but unreliable option is to poison some region at the end of the stack and hope that some stack accesses will trap on it.
A more reliable option would be to extend compiler instrumentation to probe first/last frame bytes on function entry.
A simpler and equally reliable option would be to mprotect the last stack page, but without moving it to vmap area. Yes, wastes a page, but simple to do.

Note You need to log in before you can comment on or make changes to this bug.